Safe Wi-Fi-ing

by Colin Berkshire

Colin Here. Hopefully you are aware that if you connect to a WiFi hotspot that doesn’t use a password you are basically sharing all of your data with the world. It is super trivial to grab all of your passwords and monitor your data with a non-password hotspot. Really, you just shouldn’t use non-password protected WiFi.

A new hack that is increasingly widely being used circumvents the encryption of password protected WPA2 hotspots as well. Basically, your smartphone is tricked into thinking it has disconnected from the WiFi and it re-initiates a new session. A sniffer can then pick up the encryption keys being exchanged on the new connection. So you can’t even trust WPA2 anymore.

A reliable way of securing your data on WiFi is to use an encrypted VPN connection. This is secure. You can use any VPN provider. Use L2TP protocol rather than PPTP.

The problem with a VPN connection is that on the iPhone the VPN will drop when your phone goes to sleep. While it is asleep it is still checking email and doing things, and these communications are exposed and non-secure. Plus, you must manually remember to reconnect to your VPN each and every time you do something. The bottom line is that VPN is not a great answer.

Apple has a solution to this in their enterprise VPN for the iPhone. Unfortunately, this is only available to enterprise customers and it is hideously complicated to set up. (Like, nearly impossible.) Plus it requires IPSec, which your VPN provider probably doesn’t support.) They call this “VPN on Demand”. It forces traffic through the VPN and guarantees a secure connection, even when the phone is sleeping.

I don’t normally pitch specific products, but there is one that. I can’t avoid informing you of. It is “Cloak.” (

Basically, this is enterprise-class VPN on Demand for individuals and small companies. It’s super simple to set up and trivial to use (you do nothing.) it’s one of those products that “Just Works.”

Every time you do anything on your smartphone Cloak checks to see if the data is going over WiFi. If so, it silently initiates a VPN connection to encrypt the data. When you leave the office and are back on cellular they drop the VPN connection. You never think about it, you need to do nothing, and you can see it working by the [VPN] indicator on the phone status bar.

But as they say in those infomercials “That’s not all!” You can specify any WiFi as a trusted network (like your home or office) and Cloak won’t route you through their VPN. That’s good because VPN will slightly decrease your speeds. It’s also good because your company data will never leave your company network. If you are traveling to a country whee you don’t trust the cell phone company you can also specify that all cellular data connections should be secured.

Cloak does one other trick. I am not certain of the value of it, but it is kinda cool. Cloak has servers in half a dozen countries and you can specify which one you want your traffic routed through. When I’m in Asia I can route traffic through Japan and avoid the big back-haul to the States. They have servers in Japan, Netherlands, Australia, Canada, the UK, Germany and France. Because this gives you an IP address in the transporting country you can often use services only available in that country [Cough] Netflix [Cough].

To give you an idea of how important I think Cloak is consider this: I have never promoted any other product in my blog. Ever. Until now. I feel that strongly about it.

Save yourself. Get Cloak. It’s simple. The cost is $100 a year or $10 a month as an in-App purchase. That may seem like a lot…until you have your passwords and credit card numbers stolen on an open WiFi.