Is Shopping over Wi-Fi Safe?

It's very commonplace to see Wi-Fi hot spots in airports and coffee shops throughout North America, but it's even more common to see them in our homes. Many Internet providers are now bundling wireless access points with their service. The broadening availability of wireless internet access raises a very good question: Just how safe is it to surf wirelessly?

As you might have guessed, the answer is "it depends". You'll need to understand a little bit more about Wi-Fi to determine when it's safe to make those Paypal purchases over Wi-Fi.

Wi-Fi is intended to be a cordless substitute connection for computer networks to replace physical network cables. But in order to be a good substitute, Wi-Fi needs to provide the same functionality as a regular network cable. You may find some of these functions rather trivial but they cannot be overlooked. The assumption is that if you trust using physical network cables for your online shopping, then if Wi-Fi can provide all of the same functionality, you should be able to trust it as well.

Here are the functions that a regular network cable provides:

• Signal Connectivity - when you plug a copper wire between computers, you establish an electrical conductive path between them. This path allows the computers to send signals back and forth in the form of electric pulses. Wi-Fi accomplishes this by sending radio waves. Computers can signal to each other using radio signals as a substitute for electric pulses over a wire.
• Point-to-Point Connectivity - a cable has the property of having 2 ends. That means that signals sent at one end of the cable has only one intended recipient - the other end of the cable. The signal is not easily tapped by a 3rd party because of this property. Radio signals, however, do not have this characteristic. When a machine sends out a radio signal, every other machine within an "ear shot" can "hear" that signal. This is what we call a broadcasting signal. Wi-Fi gets around this by employing an addressing system. Many machines may "hear" the signals, but only one machine that recognizes the destination address as its own identifier will "receive" the signal. The other machines are supposed to ignore the signal based on an honour system.
• Cross Signal Protection - if you have 2 separate networks, A and B that are connected internally by wires but are not connected to each other, then the communications within network A will never be heard by network B and vice-versa. In Wi-Fi though, this is a problem. Network A and Network B can hear each others conversations as long as they are within "ear-shot". Wi-Fi implements a network identifier called SSID to get around this. In this example, machines in Network A are configured to listen to the SSID of Network A, while Network B machines are configured to listen to the SSID of Network B. Even though machines in Network B may hear signals from machines in Network A, it will ignore them since they are not configured to listen to that SSID. Once again, this is based on an honour system. SSIDs are mandatory for Wi-Fi access points.
  
• Access Security - when you plug a wire into a computer, you're only able to do it if you have physical access to the computer and the wire. If you don't have physical access, you won't be able to plug it. In Wi-Fi, access security is implemented using some kind of a password (you'll see it as WEP, PSK, etc. on your wireless access point). This feature is optional in Wi-Fi.
  
• Data Transfer Security - To tap the signal from a cable, a deviant literally has to gain physical access to it to make a fork in the cable. Then he/she has to connect the forked cable to a tapping device which can't be too easily done given that you can just follow the wire to find the crook. In Wi-Fi however, tapping is easily done and since addressing is generally done based on an honour system, another mechanism needs to be put in place to ensure that even if the signal is tapped, it is indecipherable. To accomplish this, Wi-Fi employs an encryption mechanism for all transferred data. The password that was used for access security is re-used for this purpose and acts as an encryption key. Encryption works based on probability. The stronger the encryption, the less probable it is for an intruder to decrypt the signals. This feature is optional in Wi-Fi.
  

So "it depends". As you can see, a couple of the security functions of a physical network cable is only optionally available in Wi-Fi. Unless the password and encryption features are used, Wi-Fi is not a good substitute for physical cables. But if they are used, then Wi-Fi is a decent substitute for physical cables.

Two final caveats...

I mentioned earlier that encryption is based on probability. You may have seen things like 64, 128, or 256 bit encryption. This is a measure of the encryption strength. The higher that number, the less likely it is for anyone to decrypt an encrypted message in their lifetime. That's also the reason why websites ask you to have long passwords. The longer the password, the harder it is to guess.

Lastly, encryption comes with a price. There is a processing overhead with having to encrypt and decrypt signals flying back and forth. So, you will notice that your internet connection runs slower over Wi-Fi when you turn on WEP or PSK. That's a trade-off worth taking.