Beware the Siren Call of Hotel WiFi

By Robert McGarvey




What part of hotel WiFi is dangerous to your data don’t you understand?

I ask because, according to a new report from the Global Business Travel Association (GBTA), 64 to 69% of you say you would book a room directly with a hotel for free WiFi.

That stuns me.

I get why 35% of business travelers in that survey say they want more outlets in rooms – I certainly do and I find it mind boggling that it is 20 years now that I have had to rearrange hotel room furniture on check in just to find enough outlets. At least nowadays I don’t carry a powerbar with me, something I routinely packed in the 1990s. Hotels have made progress but not nearly enough

But color me also curious why 32% of business travelers want inroom chargers for phones and laptops – I suppose they have never heard of “juice jacking.”  Read about it and you will never again use those charging kiosks at airports (I never have, never will) and I doubt you will use such tools even in a hotel room.  The risks are too high.

Which brings us back to the siren call of free hotel WiFi.

You’ll recall that in the Odyssey, Odysseus had his crew tie him to the mast so that he could safely ignore the call of the Sirens – who enticed sailors into shipwrecks and drowning.  Odysseus steeled himself to sail right by.

Do likewise my friends, when it comes to hotel WiFi.

If you absorb nothing else from me, remember these two realities:  Never, ever use a credit card at a hotel restaurant, bar or gift shop is number one and that is because a month does not go by when there isn’t another reported hotel data breach and the real question is how many are ongoing but have yet to be discovered by the hoteliers?

It just is dangerous to use plastic at hotels – although, so far, reservation systems appear not to have been compromised.

Hotels have however had epidemic issues with compromise of their loyalty programs and also their restaurants, bars and gift shops.

If you must use the latter, pay with cash, or sign the purchases over to your room. You’ll probably be safe. Just don’t use a credit and definitely not a debit card because – these days – you have to assume there’s a good chance the system has already been breached.

Hotels just don’t put enough – or the right – emphasis on data security.

Which brings us back to the second lesson and that is the pervasive dangers of hotel WiFi. For at last a decade, information security experts have warned that public WiFi in general and hotel WiFi in particular are playgrounds for hackers.  Packet sniffing technologies make it easy – even for the technically unsophisticated – to scoop up posts on public WiFi networks.

Don’t think it doesn’t happen. It definitely does.

The cure? Do as I do and – whenever doing anything remotely sensitive in a hotel room (banking, for instance) – I create a hotspot with my cellphone and use it to power the connection. There’s a reason I am paying for 6GB of data on T-Mobile and the same amount on Project Fi and it’s not because I stream college football games on ESPN.

It’s because I prefer the safety in creating my own hotspot.

Should you never use inroom WiFi? Sure, use it to stream that ESPN game, to watch YouTube Ted Talks, to play blackjack – however you fill down time on the road.  Read newspapers online too. Just avoid sites where you sign in with a username and password – because you don’t want a hacker to grab those credentials and work mischief with them.

Another option: use a VPN when on hotel WiFi.  That will probably cost you a few shekels and it may slow your connections – VPNs usually do – but a VPN encrypts data and that probably will be enough to thwart hackers and data sniffers. This way, you get the free WiFi access but the VPN gives you a measure of protection.

Bottomline: assume hotel WiFi is hacked.  

Is it always? Of course not.  

But it’s porous enough of the time that the security savvy know to avoid it.

Do likewise.

Or at least take steps – such as VPN – to protect yourself.


The Best Cell Carrier for International Travelers



By Robert McGarvey


Stop the debate. There really shouldn’t be any.  When it comes to picking a cellular carrier for frequent international travelers the best by far is Project Fi from Google.

Second best is TMobile – but it’s a distant second.  Subscribe to T-Mobile’s “Simple Choice” and what you get is calls at 20 cents a minute, unlimited texting, and unlimited data. But the hitch with the data is that the first 2GB are high speed. Then it slows to 2G.  If you want higher speed, T-Mo upsells you into a week pass with 200MB of data for $25.

The problem: 200 MB of data is almost nothing.  It’s fine for email, checking social sites, posting a handful of pix but don’t go crazy. Photos can really eat through data.  Be very careful with mapping. Be very careful with everything in fact.

Right now, many pundits are busily crowning T-Mo as the best carrier for international travelers. But they are mistaken.

Enter Project Fi.  It offers high speed data access in 135 countries (just about any place you want to go) at a flat $10 per GB – which is the same rate you pay in the US. With Project Fi you pay for what you use, in 1 GB tranches.  Sign up for a 3GB per month plan, only use 1, and you pay $10, not $30.

The Fi Basic plan is $20 per month for unlimited domestic talk and text.

Internationally, calls are 20 cents per minute.  Texting is free. Data is the same price in 135+ countries.

The Project Fi goal is simple but bold. It wants to make the whole world safe for one phone, from one carrier.  No horrifying high roaming charges.  No need to swap SIM cards.  The single Project Fi phone will do you.

What’s the hitch?  The only hitch is that Fi works only on a couple of phones.  The 6P is $349.  The 5X is $199.  Google sells both.

As for the network, domestically, Google uses T-Mobile, Sprint, and US Cellular and it hops among them and latches onto the strongest signal.

In Europe it uses Three and probably other carriers.  

Elsewhere, Google is not especially transparent about who is carrying its calls and data but why should it be? It probably swaps carrier partners as business needs dictate and certainly as they change.

Where it can, Project Fi seeks to use WiFi – it almost certainly will in your home and office – for calling. How good is that? In my tests – I have had Project Fi for about a year – WiFi calling has erratic quality. Sometimes it is good, sometimes no and my home WiFi has a generally strong signal.  So I’m not sure why it sometimes is poor quality. (Note: you can turn off WiFi calling as an option. I don’t advise it. But if you wish, you may.)

Use WiFi when abroad to make international calls and rates tumble to far below 20 cents per minute. A call from the UK to India is 1 cent per minute. Most calls to the US are free. Those low rates are not atypical.  All WiFi calls are processed via Google’s Hangout app.

Walking around downtown Phoenix and using cellular networks, Project Fi on average is a stronger signal, less likely to drop than the T-Mo signal I have on an iPhone.  I have experienced similar in Las Vegas.  

I detected no differences between them in New York and that’s true in much of the country.

How can Google make money on international calling and data? Probably it does not.  Google is reticent about divulging data on particular lines of business, and does not breakout Project Fi’s financials, but the general belief is that Google runs Fi as a kind of cudgel to goad cellular carriers into offering technologically better and more consumer friendly plans.

Back to T-Mo which apparently is not willing to surrender.  Through August T-Mobile now promises unlimited 4G LTE data in much of Europe and, honestly, that puts it ahead of Fi – assuming it extends that deal beyond this summer.  Right now there is no indication T-Mo will, or won’t.  We just don’t know.

Until we know, I’d go with Fi,

Oh, there is no contract with Project Fi.  Sign up for it and if you don’t like it, quit. The phone – unlocked – will happily accommodate a T-Mobile SIM, probably also AT&T.  
Once you needed an invitation to sign up for Project Fi. No more. Just visit the website.