Why Free WiFi Really Isn’t Free

If you live in London and ride the subway, you are probably one of the millions of people who take advantage of the free WiFi offered by Transport for London (Tfl), the UK government agency staffed with the day-to-day operations of the iconic red buses, black cabs, and of course the Tube.

Recently, the Tfl conducted a pilot program in which they tracked the WiFi signals of nearly 6 million phones that accessed WiFi in the London Underground. The Tfl said they were using this information to understand how people used the London Underground in order to “improve the experience for customers.”

This is known as WiFi tracking, and is used by many businesses to track users who login to WiFi networks as they move around a store or mall. Many customers are not fully aware they are being tracked when they log into free WiFi (as this information is buried in the fine print of the Terms and Conditions), nor do they know that the only way to stop this tracking is to turn WiFi (or their phone) off.

How comfortable are you knowing that everything you do online is being tracked when you use free WiFi? Hold that thought, because there’s more you need to know about so-called “free” WiFi.

Wait, it gets worse

There’s another reason Tfl is tracking WiFi users in the London Underground: it turns out the data they are collecting is highly profitable to advertisers, to the tune of $322 million pounds over eight years.

A Tfl spokesperson refused to rule out that they plan to sell this aggregated consumer data to third-parties, but offered the rationale that identifiable user information will be “anonymized”, meaning that no advertisers will be able to link any specific data (or websites you visit) to specific individuals.

The problem is that anonymization of user data is a fiction – it’s possible to link this data back to real individuals, meaning that everything you do on WiFi in the London Underground could be traced back to you and then sold to the highest bidder.

At the recent Def Con Conference this past August, two Internet security researchers were able to obtain the browsing history for three million German citizens from companies that gather “clickstreams” – detailed records of all the websites people visit. These clickstream companies insist that the data is anonymized as well, but the researchers were easily able to tie this data back to individuals, including the porn-watching habits of a judge and medication taken by a German MP.

Spying by another name

Companies want access to your personal information in part because it allows them to enhance your experience, such as by offering you personalized coupons and promotions when you visit their stores. Surely some consumers appreciate this and may even be willing to trade some private information for a better experience.

And using personal information to customize our user experience is nothing new. Amazon and many other retailers install cookies on our computer to (in part) give us suggestions as to what we may want to buy based on past purchases.

But when companies are able to view what we do online and then trace this back to our actual identities, we are giving them access to our private lives. More than that, we lose control over who gets to see and handle our private information. Do we really know what these companies are doing with our private information? The buying and selling of personal information is a huge business. Data brokers make literally billions of dollars a year doing just that.

How to protect yourself on “free” WiFi

Fortunately, there is at least one thing you can do to protect your privacy no matter what WiFi network you connect to. The best way to keep your browsing history and other personal information private when you access free WiFi networks is to install a VPN on all of your devices.

A VPN like Private WiFi encrypts everything: your email, your web browsing history, your IMs, your VOIP, everything. Even if your data is intercepted and collected, it’s impossible to trace this back to you, since a VPN masks your IP address.

Your private information is just that: private. So the next time you log into the supposedly “free” WiFi network as you commute to work on the subway, keep in mind that just as there is no such thing as a free lunch, there is no such thing as “free” WiFi.