Is Free Public Wi-Fi Worth Sharing Your Personal Data?

LinkNYC public Wi-Fi network

Connecting to free public Wi-Fi networks, like the LinkNYC network, comes with some privacy costs | Source: LinkNYC

Free, public Wi-Fi networks are popping up in cities across the United States and around the world. One of the most visible recent examples is New York City’s free public Wi-Fi project, called LinkNYC. It’s the latest implementation of a model in which large companies — in this case, Google — offer Internet services that are ostensibly free, but ultimately come at a cost.

Benjamin Dean reports for The Conversation that use of these Wi-Fi networks is free on the condition that the companies providing the service can collect, store, and analyze their users’ personal data, their location, and information on their activity. That’s a practice that Dean writes “carries with it poorly appreciated privacy risks and an opaque exchange of valuable data for very little.”

New York City began exploring the idea of a free, public Wi-Fi network in 2012, and issued a call for proposals two years later. CityBridge, a partnership of four companies including advertising firm Titan and designer Control Group, made the winning bid, proposing a network of 10,000 kiosks placed throughout the city and outfitted with high-speed Wi-Fi routers that provide Internet access, free phone calls within the U.S., a phone charging station, and a touchscreen map.

Google subsequently created a company called Sidewalk Labs, which acquired Titan and Control Group and merged them. This resulted in a major tech company — one that Dean notes trades on personal information and has a business model that’s “all about collecting our data” — becoming a key player in a group that will provide New York City with free Wi-Fi. Like many “free” Internet products and services, LinkNYC will be supported by ad revenue, which is expected to generate $500 million in revenue for New York City over the next 12 years.

While the idea is that you give up your personal data to be used to target ads to you, Dean points out that LinkNYC’s privacy policy doesn’t actually use the word “advertising.” The service also doesn’t make clear the extent to which the network could be used to track your location. This may be “standard practice” for Internet-based products and services, but it’s hard not to have misgivings about whether the service is really getting users’ informed consent, or whether it’s actually being transparent about how it uses their data and what the privacy and security implications of those uses are.

Dean notes that people’s widespread use of apps and services with similar “data collection and privacy infringing practices” runs counter to what they say they actually want. In a recent report by the Pew Research Center, 93% of surveyed adults said that it was important to them to be in control of who can get information about them, and 90% said the same about the information that’s collected on them.

And in experiments, people cite the relatively high prices that they would put on a month’s worth of access to their location data, while in reality, they give away their personal data in exchange for very little — as exemplified by the $0.000043 revenue that LinkNYC is expected to generate per person per month. The difference, Dean thinks, can be attributed at least in part to the fact that in experiments, people are usually fully informed about the context of the information that would be collected and how it would be used, while in real life, people don’t read or understand privacy policies or terms of use.

Even though it should make you think twice about giving away your data in exchange for a few minutes of Internet access, the problem is bigger than public Wi-Fi networks. Dean reports that users of many Internet services “end up exchanging their data and their privacy far less than they might in a transparent and open market transaction.” He adds, “The business model of some of the most successful tech companies is built on this opaque exchange between data owner and service provider. The same opaque exchange occurs on social networks like Facebook, online search and online journalism.”

Dean thinks that the tech industry needs to develop a way for people to correctly value their data and their privacy, which would enable them to protect their privacy and retain control over their data. But in the meantime, how can you figure out when it’s safe to use Internet services, like the public Wi-Fi networks that are popping up? As Joanna Stern reports for The Wall Street Journal, you should proceed with caution, even though the promise of free and fast Wi-Fi is especially appealing as wireless carriers charge more and more for slow data.

At the very least, you’ll want to make sure that any websites where you input personal information are using SSL encryption (make sure there’s an HTTPS and a padlock icon in the address bar). If you’re going to make a habit out of using public Wi-Fi networks, you should also use a virtual private network (VPN) service, which you can configure to automatically connect as soon as you join a Wi-Fi network. A VPN will protect you even when the websites you’re using aren’t fully encrypted. Look for a VPN service (not a proxy service, which can disguise your device’s identity but won’t always encrypt your connection), and look for one that offers U.S.-based servers and doesn’t keep logs of your activity.

Additionally, it’s important to prevent your smartphone from remembering or automatically joining public networks, and you should secure all your accounts by setting up a password manager, changing repetitive or insecure passwords, and enabling two-factor authentication on important accounts that support it.

More from Gear & Style Cheat Sheet: