The intative promises to be privacy-friendly with no tracking. Stating:
Your privacy is important. The WiFi4EU app ensures a private online experience with no tracking or data collection. Simply connect and enjoy free public Wi-Fi without concerns.
Source: https://digital-strategy.ec.europa.eu/en/policies/wifi4eu-citizens
Will be interesting to see how this spans and plays out in reality. Looks promising too, did a quick scan of their builtin permissions and trackers and looks good too. (Scanning tool is called Exodus)
Not available on F-Droid. 🤔
None of the 30 replies so far mentions source code (except mine, but it’s 7 yo and there’s no builds) 🤷
93k may seem a lot, but I’m on holiday in EU right now and the closest hotspot is 40 minutes away. Still impressive initiative, I hope it gets more coverage.
I just checked the map and it looks like they put these hotspots all around of my city to the countryside, but none inside the city
one of the requirement to get the funding was that there are no comparable hotspots nearby, like a library or city hall providing a hotspot
Ah thats relevant info
To be fair, there are already plenty public hotspots in most cities already, where as in the countryside less so I imagine.
Not only are they monitoring everything you view in their network, but you have to install their app on your device.
Good to see Exodus giving it a pass, but if it’s not open source it’s still something to be wary of. I literally can’t think of any good reason for the app to be required, a splash page that you log in to is more than sufficient.
The app is just a map to see the hotspots, you don’t need it to connect to them.
You’re right, I was just going on the post saying “With the WiFi4EU app, you can access…”, implying that you need the app to access it. But on their webpage it spells it out more clearly:
On connecting to the free Wi-Fi network for the first time, you will be redirected to a secure login page (a captive portal). You will be able to sign in with a simple click-to-connect functionality.
It’s almost like going back in time where there was a Fonera hotspot everywhere.
Locations in Belgium: 3549
Locations in the Netherlands: 102
😳
Local municipalities applied for a voucher worth €15,000, which covers the costs of installation of a Wi-Fi hotspot in the town, functioning for a minimum period of three years. All local residents and visitors of the successful municipalities are now able to access the internet freely.
In America, this means that they would work for 3 years, and then some would start breaking until smaller local governments got more federal money for maintenance. Does Europe operate differently?
The programs of this type are still time limited with plan for extension usually, and programs that work well usually does get that extension. The participating municipalities may need to reapply for more funding but that’s usually not complicated
Why an app at all?
How safe would it be to just provide access points with one password for all?
I’m not a cryptosis but I don’t see a problem there.
Also, where’s the source code? Oh, here but it hasn’t been touched in 7 years and there’s no builds.
Something’s fishy.
The app is just a map, the WiFi connection uses a standard SSID and login portal.
The app is just a map of availability
the github link you attached is to a github user called wifi4eu. Its not related at all to this initative.
I like how they wrote no tracking and then provided tracking link at the end.
I didn’t provide a link with tracking?
Where is there a tracking part in the link provided in the image?
did a quick scan of their builtin permissions and trackers and looks good too
On startup, the app offers a choice of using it with or without geolocation.
Interestingly, Paris, the first tourist destination in Europe, doesn’t have any of those.
I think the city provides a good number of free hotspots disseminated about the place, but I never really looked into it. Hopefully they’re both safe and convenient, but it’s always hard to tell with those things, especially regarding the safe part.
Anyone happens to know if this would be secure? I mean, I’ve heard of being wary connecting to public WiFi. What guarantees someone won’t connect to a WiFi4EU network belonging to Shady McHoodie in the corner of a coffee shop instead of an official network? Do usual security / privacy recommendations apply? Would a VPN be recommended for said network? (I presume VPNs are good for public WiFi. Not sure if that is indeed the case).
Tricky thing is, you may think you’re connecting to a legit network, but anyone can set their network name to a legit-sounding one. Mr. McHoodie could have a WiFi4EU, a Free-Airport-WiFi, a GFOTYBUCKS-WiFi. I assume at least once connected, your device won’t be fooled into auto-connecting to a similarly named network
It’s not really a concern anymore, now that pretty much all a lambda user’s traffic is encrypted. Anyone collecting your wifi traffic only sees garbage.
Websites also can’t be so easily spoofed. The spoofer would need to have a certificate issued by an authority trusted by your device for the spoofed domain, which is highly, highly unlikely to happen as long as your software is up to date, which nowadays is done automatically.
So really, the fear of untrusted public wifi is a thing of the past, and a good marketing lie for VPN companies.
Well, that’s not necessarily true, or else https://mullvad.net/en/blog/introducing-defense-against-ai-guided-traffic-analysis-daita wouldn’t need to be a thing.
I’m not worried about a website watching me as much as a government agency that wants information to use later.
Sure, your traffic itself is encrypted, but your browsing patterns aren’t and it would be wise to think that pretty much any network you connect to, even your home one could be being observed by some party and logged.
IMO it’s beneficial to use a VPN 24/7 on any connection. Mullvad costs 5 euros a month for and honestly I get better speed connecting to their Self hosted Sweden server from the US for most of my internet traffic since my ISP can’t QoS it
Privacy and security are two different things. A public WiFi is safe, I never said it is private. I actually said a VPN helps with the privacy issues in my following replies.
Edit: After re-reading the comment you replied to, I do see that I didn’t specify if I am talking about privacy or security, that is my fault. I was talking about security.
No worries, I appreciate you responding. My comments were purely about privacy
So I don’t need to worry connecting to third-party WiFi, then. Are all WiFi “safe”, then? I mean, besides public WiFi. “Private” WiFi like hotels, houses, etc. Like, could I exploit my own WiFi somehow? Or someone else, with WiFi they set up and control
Do VPNs have any advantage, then, other than location “spoofing”? Or is the sole use to appear to be in a different country? I mean, there is a corporate use of connecting to a company from afar
Once seen a presentation, where I once worked. Feller picked me device on a list on his PC, could see WiFi I had connected to. Presumed, and well, that I took the intercity bus.
No, you don’t really have to worry about connecting to third party WiFi networks anymore. Just make sure that when your browser says “This connection might not be secure” (aka it couldn’t make sure the certificate is legit, or it’s not even encrypted at all), you don’t ignore the warning and click “I dont care, I’ll take the risk”.
Privacy-wise, you can be exposed if the WiFi network is not trusted, as the domains you visit are likely to be visible (DNS resolution encryption is still not widely used). A VPN usually solves that completely.
There is probably other aspects to be wary of that are not on top of my head, but nothing like your credentials being stolen, bank data being stolen, or anything like it, as long as you keep your devices updated (vulnerabilities are still a thing, but are usually fixed quickly enough, and certificate authorities private keys can be leaked/stolen - although that is incredibly rare -, but are also usually removed from the trusted list of browsers quickly enough)
VPNs also encrypt all the non encrypted traffic (so, as I said earlier, DNS resolution, but also potential third party applications that do not encrypt their data, which would be an enormous mistake on their side), but offers no noticeable extra protection when just browsing the web. It basically adds a layer of encryption over already existing encryption, which adds no practical security.
As for the example you gave, I am not familiar anymore with the WiFi protocols, but I wouldn’t be surprised if your device leaks some information about your past connected networks when actively probing for available networks. It is a privacy concern, but not a security one.
This connection might not be secure
Does the average browser say that? Mine does, but I tweak it, so I might have enabled it. It explicitly has that “HTTPS Only” Firefox feature. Just thinking of, like, folks that just use as is. Me mum ain’t tweaking none of that on her own, I don’t think.
So a VPN is good for privacy, then. What about DNS? I use NextDNS, with the relevant option on that system or app. Given DNS over HTTPS (DoH), I presume that’s private as well, innit? Should the average person have a DNS? What about a VPN? Any advantages? E.g., should I get people to use one?
Yeah, I reckon the device could be leaking known WiFi, maybe in an attempt to find and connect to a known one. Funny that my device got picked in the presentation, too. I guess mine was interesting, in that the WiFi name indicated something interesting, rather than just a random name
93k access points run by a government that wants to read all our chats?
Vpns are cheap if that’s an issue
Yeah till they don’t allow VPNs on the network
just like border-free travel
Is this new? If they write this despite recent border checks the analogy has not the intended meaning.
Vpns don’t hide mac addresses from phones that pass the access points.
Vpns don’t hide mac addresses from phones that pass the access points.
Pretty much every phone can use random MAC addresses, so you can’t be tracked that way. Obviously there’s a ton of other ways to achieve that, like via that app.
That tracking is done in a much more effective and capillary way by tracking cell towers. I think MAC tracking is a much better option, assuming there are enough of these APs to track.
you think most people will use a VPN?
It’s amost like the EU isn’t a monolith and has various groups opposing each other.
Can they actually if the chats run via HTTPS? Isn’t the whole point that they can’t read any data that’s going through but instead only what server it’s going through? As long as it goes over an encrypted connection, but I think all of our chats use encrypted connection nowadays
No, they can’t.
What some parties in the EU want is to force chat services provider to give them access to chat messages, which destroys the entire point of encrypted chats and essentially bans E2E chat encryption
