AVG warns against free WiFi when shopping these holidays

Free wireless networks are everywhere these days, and many stores have actually gone out of their way to offer free WiFi so shoppers can stay online while they search for the perfect item, but all may not be good with these freebies.

If you don’t like being tracked, listen up, because the free WiFi access offered at shopping malls may actually be letting those centres do exactly that, tracking a code unique to your phone and where it goes.

The code these free WiFi systems can track is the MAC address code, and every networkable device has one, with it comprising of a series of characters that is unique to one device. When a smartphone or tablet connects to a wireless network, the MAC address is sent out, and if you’re not in control of that wireless network, it’s possible that your MAC will be watched and tracked, with the location able to be used to determine physical location.

AVG has chimed in this week with a new addition to its free “PrivacyFix” application for Android which enables you to stop others from peeking in on what you’re doing. The newly added “WiFi DNT” (or Do Not Track) stops you from connecting to WiFi when you’re shopping or anywhere where the network isn’t recognised, using 3G or 4G instead so you’re not tracked at all, trusting only WiFi locations you’ve visited and trusted before.

“Using WiFi technology to capture our location data in stores provides retailers with analytics,” said Michael McKinnon, Security Advisor at AVG Technologies in Australia.

“The problem is that consumers have limited notice of these activities, often no opportunity to opt-out, and many may not realise they are even being observed in this way. My view is that trust is at the heart of all successful transactions. Take that away, and you devalue technology’s significant potential.”

But not everyone worries about being tracked, and some may wonder what happens to other details when they’re surfing the web using someone else’s open network.

For instance, you’re probably not just going onto Facebook or Twitter when you’re taking advantage of in-store or in-mall free WiFi, and there’s always a possibility that a wireless network you don’t know much about could be learning more about you than you like.

“Connecting to a public wireless network and then checking your email and accessing websites can result in private information being intercepted in a number of ways, and it can occur on different layers of the technology,” continued McKinnon.

Some of this can happen from the network being setup to send the traffic details served by its users to a different locations, which you won’t necessarily know about as a customer of the service.

Others can happen with disguised network connections, such as a similarly named free wireless network offered by someone attempting to deceive you, scanning the traffic passing through their wireless network, and taking advantage of it.

But it goes beyond this, with McKinnon saying that email used on both POP and IMAP is relatively insecure and that people can intercept these easily, and that quite a few mobile apps lack encryption and yet can send sensitive information, resulting in a dangerous packet on a wireless network you don’t really know.

Worse is that passwords in web forms don’t always rely on SSL, the Internet’s security layer, and as such can also be intercepted on wireless networks where the security hasn’t necessarily been confirmed.

In fact, any place where SSL isn’t engaged — look for the lock icon in the URL bar when it is — may be trouble, as the page lacks solid security and could end up taking information from you.