Symantec wants you to know public Wi-Fi is risky — see below. This is not news. But the company says it has your back with an app to keep you safe. Norton WiFi Privacy comes in versions for Android and iOS.
Both are free downloads. You get a one week trial at no charge. After that, it’s NZ$45 for a year’s subscription.
Norton say the app encrypts your data then sends it through a virtual private network or VPN.
Experts agree this combination is a good first-line defence against Wi-Fi dark arts.
Although if you’re worried, you might be better off avoiding free Wi-Fi. After all, it’s not so free if you need to spend $45 a year to use it.
It may not stop determined, expert crooks, or state sponsored agencies, but Norton Wi-Fi Privacy will keep you safe from opportunistic, everyday criminals.
The app also includes links to a free built-in ad blocker and a free password manager. At the time of writing the ad blocker is not available to New Zealanders. Symantec says it may be added later. The password manager is part of the local deal.
Norton’s marketing material promises WiFi Privacy has bank-grade encryption.
We’ll have to take Norton’s word on this. There is no easy way to check the app encrypts data before it leaves the phone.
Whether bank-grade encryption is necessary or valuable to the ordinary user is debatable. It sounds good though.
Another promise that you’ll have to trust Norton on is that your data is not tracked or stored. If it was, it could be a bigger security risk than using public Wi-Fi networks in the first place.
Norton is a well-known brand. Symantec has much to lose if anyone found it was cheating.
If Symantec was cheating, you’d soon know. Security experts pull Norton’s technology apart looking for flaws all the time. They found whoppers earlier this year.
Virtual private network
Running sensitive mobile data through a VPN makes sense.
In simple language a VPN is a secure tunnel through the internet from your device to a server. The tunnel’s other end can be anywhere.
Businesses use VPNs to keep traffic private. It’s not impossible to snoop on VPN traffic, but it’s hard. There’s so much low-hanging fruit that criminals can do better elsewhere.
Consumers use VPNs to hide where they are coming from and what they are up to. So they can watch geo-locked video or browse geo-locked websites. And a VPN means ISPs and others can’t see if you’re downloading pirated material.
Your own internet tunnel
You could, say, set up the VPN tunnel so the other end is in the UK. That way you’ll be able to watch episodes of BBC shows like Doctor Who. Or get the US version of Netflix — although Netflix has recently cracked down on VPN activity.
While VPNs are useful, they come with strings attached. A VPN will slow your connection. There are few, if any, phone apps where this matters. Nevertheless, keep it in mind.
To test how much Norton’s VPN slows traffic I ran Speedtest on my phone with and without the Norton VPN. I did this in a handful of locations on Auckland’s North Shore. The tests used 3G and 4G cellular, home Wi-Fi and a Spark Wi-Fi hotspot.
In each case download speeds are slower with the VPN. Downloads reach 40 to 45 Mbps without the VPN and 25 to 32 Mbps with it on. Upload speeds stay stable.
Norton’s VPN allows you to choose from one of 14 international destinations. There’s an automatic mode as well. In Auckland it chooses the Sydney region by default. If you want another you can pick one using the manual settings.
With a VPN, if you choose, say, the UK region, your tunnel will end at a UK server. The map on the Norton app shows there’s a ‘secure connection’ somewhere in the City of London.
You can check where your VPN connects to the rest of the internet by using ipaddress.com. During the test this confirmed the UK address as being in the City of London and belonging to Digital Ocean.
Norton Wi-Fi Privacy keeps personal or business information safe from prying eyes. It is also a handy way of watching geo-blocked streaming video. During testing I used it to see Euro 2016 football on UK television channels. It worked well and maybe worth buying for this as much as for the privacy.
Do you need Norton WiFi Privacy?
Norton’s app defends you from public Wi-Fi snoops. Unless you use public Wi-Fi often or download large amounts of data, there may be better options.
Post-paid mobile phone contracts in New Zealand include cellular data. It’s harder for criminals to tap into 4G mobile than intercept public Wi-Fi traffic.
So, instead of worrying about Wi-Fi snoops, consider making more use of cellular data. It is simpler and maybe cheaper. You could spend the $45 Norton subscription on buying more mobile data.
If you make regular video calls or run data-heavy apps, Norton WiFi Privacy makes more sense.
There’s not much in Norton WiFi Privacy a medium grade geek couldn’t do themselves. Encryption isn’t hard. Nor is setting up your own VPN.
Yet Norton has packaged this to make it easy for non-experts. The language and jargon of network security is often enough to scare everyday users off.
At NZ$45 a year it is expensive, but then it is less than many commercial VPNs charge for a subscription. Norton’s app is a less trouble and some will feel comforted by the brand name.
Less likeable is Norton’s mean one device licence. If, like me, you run a phone and a tablet, Norton would like you to pay twice for the app. Of course you could tether that second device to your phone, but that’s not the point here.
One extra thing to think about. Norton WiFi Privacy will go a long way to protect you, but don’t fall into the trap of thinking it’s all you need to stay safe on public networks. Whether you have the software installed or not, you need to keep your wits about you when using public services.
While you need to take scary messages from security vendors with a pinch of salt, there is evidence public Wi-Fi is often insecure. Mind you, this activity is still relatively rare in New Zealand. It’s hard to find reported cases of it happening here.
Crooks can sniff traffic on the network. They can intercept email, read direct messages, even listen in on VoIP conversations.
They can steal or copy your cookies then log-in to sites with your identity. If you use unencrypted sites, they can even get your passwords and log-ins. It’s possible to watch your online banking sessions and take your money.
Another threat is the Man-in-the-Middle attack. This can load malicious code on your devices or servers. The crooks might be looking for a way into organisational systems.
This article by Maurits Martijn has more gory detail.
While all this sounds scary, you can cut the risks by using HTTPS instead of HTTP to log-on to sites. If you use encrypted connections and verify sites using certificate, you remove most of the remaining risk.
Keep all of this in mind. Knowing the risks is the first step to staying safe.