16

I day trade cryptocurrency and want to start using coworking spaces for faster internet access.

1.a. Is it safe to log into my exchange account using the coworking space network?

1.b. What questions should I ask them about their network's security [to make sure other people on the network cannot access my data]?

Sometimes I go to a coffee shop but never log into my account because I have read that hackers can intercept my data and can potentially steal login details.

2.a. Can it ever be safe to use a coffee shop, or for that matter hotel and guest house wifi? What if I use a VPN such as Kaspersky's secure connection?

schroeder
  • 125,553
  • 55
  • 289
  • 326
user379548
  • 161
  • 1
  • 3

3 Answers3

25

1.a. No. Any shared network that you do not control exposes risks.

1.b. Practically, I doubt any question will solve the reality of 1.a.

2.a. See 1.a.

VPNs are exactly the tool for this problem. They create a secure tunnel out of and through untrusted networks. We cannot speculate on the security of any one product or service, although paid options are more likely (caveat emptor) to provide you with better security.

schroeder
  • 125,553
  • 55
  • 289
  • 326
  • 21
    As I am new to this community and still learning, this might be a typical pitfall... but isn't TLS solving the problem of an untrusted network? Is there any network in the world you can actually trust? – PhilLab May 25 '18 at 14:26
  • 2
    Yes, TLS does do that, but there are weaknesses, too. For the risk level that you are describing, a VPN puts you into the ISP/backbone networks, and there, you only need to fear law enforcement, but then they can reach your traffic no matter what you do. So, given that your threats are the people around you and the operators of the local wifi, a VPN is better than TLS. – schroeder May 25 '18 at 14:35
  • 1
    As a former day trader in the futures markets, I'm making some assumptions about the threats that you are concerned about, but TLS leaks some data that you may not want leaked, and you are trusting that the exchanges have set up TLS fully securely on their end. A VPN mitigates a lot of those concerns. – schroeder May 25 '18 at 14:38
  • 2
    As an additional bit of info: [Safe to make a VPN connection over coffee shop WIFI?](https://security.stackexchange.com/q/24582/46732). So yes, get a VPN and you'll be fine. I personally use Nord VPN and I am quite happy with the speed (I've had up to 3 MB/s), as well as their no-log policy. – Chris Cirefice May 25 '18 at 14:51
  • Surely, verification that your session key is shared with the genuine VPN peer (rather than some MITM) and subsequent encryption of session traffic involves precisely the same certification reliance and crypto functions as TLS? The only difference is that a VPN will tunnel all traffic including DNS lookups etc, but fundamentally if VPN is assumed secure then TLS must be also (for the different guarantees that they respectively provide)? To that end, why isn’t a TLS session with an Exchange server deemed sufficiently secure for the OP’s purposes? Is his DNS traffic especially sensitive? – eggyal May 25 '18 at 21:02
  • @eggyal VPNs only use TLS for key exchange. After that, they use their own VPN protocol with different crypto. Attacks against TLS thus do not necessarily affect VPNs (and vice versa). TLS is riddled with bugs due to it trying to solve a complex threat model. The VPN protocol does not have this limitation (no need for things like session resumption or tickets, etc). – forest May 26 '18 at 01:32
  • @ChrisCirefice No-log policies are complete BS. Even if the VPN is honest that it doesn't log (most of the time they either do anyway, or don't realize that they are logging at a different point in their infra), their ISP _certainly_ does. The VPN may protect you from a local snoop at the coffee shop, but don't rely on it for anything that requires a lack of logging. – forest May 26 '18 at 01:35
  • Thanks all for the answer/comments so far. To clarify, TLS has weaknesses and bugs and can lead to data leaks. This is unacceptable for my purposes. A VPN uses TLS for key exchange but uses its own cryptography to secure my traffic. Even if the TLS is attacked, the VPN maintains the security of my data. Therefore, so long as both my laptop and the exchange uses TLS and I use a good VPN [Nord VPN?], then my data is protected and I can use coffee shops and coworking spaces. Correct? – user379548 May 26 '18 at 03:31
  • More or less. Obviously there is no absolute "protected", but you can be more safe than not. – forest May 26 '18 at 03:45
1

Security is a very broad topic and nothing is totally safe.

Physically being in a public place adds all kinds of risks, obviously, like a camera capturing you typing a pass phrase or someone stealing your device.

For the technical part of your question, in simple terms, using a wifi on a public place will increase any existing vulnerabilities on your system, or in the way you operate with it, and to a lesser extent also expose some new vulnerabilities which would be hidden if you connected from your home.

So, to asses the risk it is very important to evaluate the specific system are you using: your device, operative system, wallet software and also whether your trading site uses 2-step verification.

Important advice is to reduce the risks by installing only the software you need, or as alternative properly configure a firewall.

Most importantly, your internet browser should be pristine clean without any adds-on installed.

Under this conditions, every time you connect to your trading site, just make sure to enter the URL correctly without any typos. The URL will always start with 'https://' and you should see the green lock icon your browser displays on the left to the URL. This lock icon tells you your browser connection is encrypted and also shows the certificate it uses to make sure you are connecting to the real trading site and not some fake.

With this simple precautions you should be fine: a hacker can never steal your credentials from an https connection assuming your device is totally free of malware. A VPN connection, or your home connection, will not make any difference in this regard.

Your wallet software, if any, should also encrypt any sensitive traffic.

You can ask the network security staff to use a WIFI access point supporting upgrades to the firmware, and staying up-to-date with any patches the manufacturer provides.

This provides an additional layer of security against other people near you by providing an encrypted connection between your device and the wifi hotspot so the people around can not spy on your traffic out of the thin air.

Without wifi encryption, even if the https connection itself is secure, people could still figure out which sites are you connecting to, for example, but they are not able to see the details of your operations or passwords you type, because it is all encrypted by the https connection. The network administrator or internet provider company could still know what sites you connect to, though.

Even then, remember bugs are everywhere, and a hacker will allays have a greater chance of breaking into your device if he is near you.

carloscolombo
  • 111
  • 2
-1

Short answer: Maybe
Long answer: yes, but only if you are using a vpn that you can trust with sending your social security number over the web to your bank's website.
Only a vpn will be safe enough to use anywhere, anytime.

Otherwise, wait untill you are in a network you have sole monitoring and password distribution access to.

Caleb Evans
  • 11
  • 2