Not sure if I used the correct terms but what is the difference in security and privacy between downloading from a public wifi (or a closed wifi; with password) and mobile hotspot (sharing 4G/5G data from your phone to your computer)? Which one is recommended or does it not matter?

  • BakedCatboy@lemmy.ml
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    2 months ago

    To add to the other reply, client isolation is about controlling whether an ap, switch, or router willingly sends traffic between clients. Because of that, it doesn’t kick in if you listen to packets over the air before they’ve been received by an AP. For that kind of security you need a wifi specific security measure - which I think “enhanced open” is what you’d be interested in. It allows you to have an open passwordless wifi but it generates temporary encryption keys for each connected client, then the rest is as if it was using WPA, so that you don’t need to enter a password but your traffic gets encrypted and protected from anyone else listening in on the WiFi.

    If you combine both then you should have a network where each device is isolated both over the air and from a routing perspective so that each device only sees an Internet connection and no other devices.

    • Petter1@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      Is this similar to vLAN that could be configured in my router but I never bothered since it was overkill for me?

      • BakedCatboy@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 months ago

        You can achieve a similar thing using vlans - usually by default they’re isolated but you may add specific rules that allow traffic between vlans if it meets certain criteria (specific ports, specific types of traffic, traffic to or from specific hosts, any combination of those). So yeah you can imagine client isolation being like having each client on their own vlan - except without needing a different subnet for each client.

    • Tetsuo@jlai.lu
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      Thanks ! That’s exactly how I think it could be implemented but that confirms that this is certainly not something you can find commonly where I live.

      That confirms the fact that if you use the same wifi and everyone has entered the same encryption key then there is no real client isolation…

      It’s cool that wifi keeps evolving. It comes a long way from the WEP beginnings.