Confidentiality when using apps on wifi

wifi
#1

Are username and password hidden (confidential) from others when using email app over my employer’s wifi?
Similarly, if I login using https on my RW phone’s (Firefox) web browser, are username and password hidden from others?

#2

What username and password? for what site/service?
How secure a site or service sends their log in info varies.
You would need to ask site/service you are using about that.
Typically, https means it is a secure connection, but how that site is sending / storing your info is not something we could tell you.

If you are using open free wifi, like at a coffee shop then there is NO security. Anyone can very easy snoop your traffic.

Your work wifi is most likely secure much more than free hot spot else where. And is probably monitored by your employer. If you wish to know how secure it is, then contact your works IT dept.

#3

Hi @debrah.pgozvk,

If your employer’s network is properly secured, then chances are these things are safe from third party snooping. If you’re asking if your employer might be able to gain access, it’s possible. The general rule of thumb if one doesn’t want their employer monitoring their activity; don’t use their network.

1 Like
#4

SpeedingCheetah, the username and password I would like to keep confidential from my employer is for webmail. It is my personal email account provided by the telecom for my home landline and DSL internet access. I access it with Firefox on my smart phone. I don’t know if the telecom has an app for webmail. If they do, I was wondering if that would be more secure and not display my username and password to anyone but me. I guess I would like to keep my username and password for Republic Wireless confidential too!

I briefly spoke to a friend who said connections using https should be secure unless I receive a notification that the credentials are not valid. Would I like to proceed anyway. If I accept the substitute credentials, the substitute will always be used from then on and I will not be warned after the first warning. His company does or did replace credentials with their own so they could monitor traffic. We contract out with an offsite IT company, so if they substitute credentials, it probably is for the entire network and all connected devices. I do not recall ever seeing a warning about valid credentials.

Since credentials and SSL certificates are among things, like quantum mechanics and string theory, that I do not understand well, my discussion about them could be total nonsense. Please forgive my ignorance.

The company wifi is password protected. I’m as confident as one can be that traffic using the company wifi is secure from third parties.

I am aware that my ISP and wifi at any company could be monitored for websites I visit and probably other connection data. However, I thought that login and other content was secure if I used https.

I’m hoping to answer my questions without asking my employer or offsite IT company. I’m not doing anything illegal and nothing about my life is out of the ordinary, but I would like to keep personal email private.

Roland, the problem with your recommendation that I not using the company wifi, is that I sometimes forget to turn off wifi access. My smart phone is off most of the time during work hours. I turn it on occasionally to check voicemail and texts. I might also check webmail. Since the phone resets to reconnect to the wifi when it is turned on, I might be routing traffic over the wifi instead of cell data.

So if webmail accessed using https might not be secure over the company wifi, then are my texts which route over the wifi also not secure? Ditto for open free wifi. Are texts secure over public wifi?

Thank you for your answers.

#5

Any properly setup Cooperate network will be able to see everything you do.
Some take it a step further and and monitor their actual computer workstations.
I would think that company policy would forbid use of personal email or non work related website use while at work.

For home or public wifi, only use of a good encrypted VPN service, like PIA or NORD where is full encrypts all your traffic, is how to protect your self. However, those VPN service are most likely blocked on corporate networks, and would trigger an alert should you try to use them or bypass their security.

Other issue with VPN services on your phone, they tend to interfere or even block RW’s wifi calling ability.

#6

By design, all that need be done to prevent your phone from connecting to your employer’s network is to forget the connection and not manually reestablish that connection going forward. You would then be relying on a cellular connection for talk, text and data (Internet access). Republic phones are no different in this respect. It’s the inherent design of Android (and all smartphones). If details on how are desired, please share the brand, model and generation of the phone in question.

It’s highly unlikely your employer has any motivation to sniff your email credentials regardless of the method you use to access personal email and doing so would arguably be an invasion of privacy. That said, your employer most certainly sees that you are using company resources for personal use and may or may not tolerate that. That’s between you and your employer.

I’ll reiterate if you don’t trust your employer (which from the nature of the questions it seems you don’t) the solutions are to not use the company network or find another employer.

In theory, nothing is fully secure on open WiFi. That said, one should keep the risk in perspective. Any telephone call (WiFi or cellular) can be tapped and not just at your end but at the far end and points in between. The same is true for text messaging. I can’t speak for others, however, in general, my conversations aren’t sufficiently interesting to warrant someone listening in (doing so isn’t particularly trivial) and were they to do so they’d likely be very bored.

If I were concerned about someone eavesdropping on a specific conversation, I’d arrange a secure method of communication with the other parties to that conversation. Signal is one such option. Keep in mind for solutions like Signal to be effective all parties to the conversation must be using them.

A VPN as mentioned in another post is also an option if one feels compelled to conduct secure transactions (banking for example) using a public WiFi hotspot. Generally, I simply wait to do so until I’m connected to a network I trust.

2 Likes
#7

My conclusions from your comments are the following.

Assume any and all web browser activity and all text messages using my Republic smart phone routed over my company wifi or a public wifi can be seen. Web browser activity can be seen regardless of whether the connection is https or not.

Voice and text on my Republic smart phone is relatively secure using the cell connection rather than a wifi connection.

I have removed (forgotten) the connection to the company wifi. I was trying to be a good Republic customer and connect to my company wifi. That was a small amount of my Republic use. Most of my use is long distance calls on my home wifi. Is that secure?

SpeedingCheetah, the following comment of yours brings up another question for me.

I had assumed that my web browser connection with my bank and mutual funds using https over my home wifi was secure. My router has a strong password. I realize anything on the internet can be hacked eventually, but the probability is relatively low, I thought, if I keep the PC operating system and software up to date, keep router software up to date, use good virus and malware software, don’t click on suspicious attachments from anyone (including family and friends), and avoid disreputable web sites. Are you saying that everyone should be using VPN on their home wifi?

BTW, I work for a small company. There are no rules against using the office email address for personal use and no rules against web surfing except for the precautions mentioned above to prevent viruses, malware, ransomware, etc. Also, just be reasonable and don’t abuse it. I simply don’t want my boss to have access to outside job offers I receive (which I am almost certainly not going to pursue), my family’s health issues, or personal finances. It sounds like many companies have draconian policies because they have bad employees and/or bad bosses.

Again, thank you for your help.

#8

Here is link to additional information that may interest you:
Tips for Using Public Wi-Fi Networks from FTC.gov

#9

I’ve had Nord VPN for about a month. I haven’t had any problems making or receiving calls on wifi with RW. I’m using U.S. servers, if that makes a difference. Not sure why it should though.

#10

In a word, latency. I’m happy to hear of a third party VPN apparently getting along with Republic’s WiFi calling. No doubt, that knowledge will help other Community members.

Message an
Expert customer