The Free Internet Access Law

When President Duterte signed Republic Act 10929 which is “an act of establishing the free internet access program in public places in the Philippines”, a lot of people celebrate and eagerly anticipating this so-called “awesome” free service from the government. Right now, the “Implementing Rules and Regulations” for this law is not yet released for the implementation of this act and I am hoping that the guys behind the drafting of the IRR will include guidelines regarding cyber security and information drive to educate the public regarding the proper use of the public internet with internet safety considerations. You can read this law here.

Issues

Here are some of the problems and security threats that I fear that the public might face after the implementation of this project:

  • Fake Public Wi-fi. Hackers might setup a fake open wi-fi  hotspot that might lure users to use in public place for the purpose of intercepting your access, watching your activity and stealing information from you.  This gives them the ability to redirect you to a fake site (launch man-in-the-middle MitM attacks) to commence a phishing attack that can steal your credit card numbers, passwords, images, etc.  For example, you thought that you placing an order at Lazada’s website but actually you are using the hacker’s fake site that is designed to capture your password, credit card details or your Paypal access.
  • Snooping and Sniffing. In this potential risks of public wifi, hackers can eavesdrop or listen to your information even they are not connected over the access point by “snooping and sniffing” or monitoring all the data packets in the air. This let them seer your internet activity and access your data without you knowing.
  • Malware / Virus Infection. This is a common issue specially if the user doesn’t care if what ads or file to open over the internet. Another problem is that there are strain of malicious programs that can sniff to a vast network and check for vulnerabilities that they can exploit such as unprotected shared resources (files/folders) to spread themselves to other users. They can also spread themselves by sending “themselves” over messaging system .
  • Identity Theft. When they steal  your data, they intend to steal your identity too.

Here’s a video from Android Authority explaining the  issues and potential risks of public Wifi access.

My Advice

  • Define the Access Point or Hotspot clearly and inform the public the official access point or hotspot for the public internet access.
  • Use HTTPS or secure sites. Data in secure sites are encrypted and its difficult for hackers to read them this way. Today, a lot of sites are using HTTPS/SSL and try to use those type of sites. The problem is the app on your smart phones that can’t identify secure connection.
  • Avoid using your credit card, Paypal, online banking and accessing your data that uses user and password on public internet.
  • Use a VPN software to make your connection safe and secure over unsecure public internet by encrypting your connection. There are a lot of free and paid VPN services out there. You can try the freeware VPN Gate client  or the built-in VPN feature of Opera browser for this purpose. This will give you a layer of protection against snooping or sniffing of your data.
  • Install an antivirus program and/or internet security programs to protect your device from malware or virus infections when you browse the internet in untrusted network.
  • Don’t use the public internet access if you think that you’ll be using it to access sensitive information.

The intention of this law is good but there are some bad elements out there that might take this as an opportunity for them to bring harm to the Filipinos and the government should place a mechanism that can protect everyone from this kind of threats.

If you have any advice to help us “public internet” users to be safe and secure against cyber security threats, please feel free to give it by leaving your comments below.

Leave a Reply

Your email address will not be published. Required fields are marked *