Londoners Agree to Hand Over Their First Born For Internet Access

Paul Hackett/Reuters

Do you read the terms and conditions before agreeing to connect to public Wi-Fi? If not, you are not alone. But here is a reason to start:

As part of an experiment in June, Europol and a Finnish security firm called F-Secure set up an insecure Internet hotspot in some of London's busiest areas. They wanted to see how much members of the public know about hotspot security, whether or not they take precautions when connecting and how much of their data they leak when doing so.

First, Europol and F-Secure wanted to highlight how rarely people read terms and conditions pages, which are often long and difficult to understand. In the experiment, the hotspot's terms and conditions page promised free Wi-Fi if "the recipient agreed to assign their first born child to us for the duration of eternity." Six people agreed.

But the experiment didn't stop there. Within 30 minutes of security researchers removing the terms and conditions, 250 devices automatically connected to the hotspot and more than 30 devices opted to connect. By doing so, unsuspecting users exposed their personal data to the hotspot operators—in many cases researchers could even read the texts, emails, addresses and passwords of those connected. Had the researchers been people with ill intentions, they would have all the information necessary to hack into users' accounts.

While Europol and F-Secure have no intention of keeping parents' first born or doing something malicious with the data they collected, criminals aren't as kind. The hotspot device used in the experiment was built for about £200 with little technical know-how, showing how easy this crime is to commit. Additionally, the device is small and can be available for public access in seconds.

According to Europol assistant director Troels Oerting, not only have insecure hotspots already been set up throughout Europe, but criminals also prey upon legitimate hotspots that happen to have low security.

The solution? F-Secure says either avoid using public Wi-Fi completely, or run a Virtual Private Network—which they sell—so the data being sent to and from a device will be encrypted.