- TLS only protects application-layer data (Q1) - doesn't cover layers 2-6
- Client isolation cannot be verified before joining (Q2)
- ARP spoofing, DNS manipulation, port scanning, certificate solicitation, MAC collection, and traffic analysis are all possible attacks (Q6)
- Personal computers lack defense-in-depth (Q8)
But then concluded: "Public WiFi is safe for everyone" (Q10).
Your HN comment says "there's nothing preventing me from securely using public wifi" - but you haven't explained how. This is the
issue: vague, hand-wavey claims without materialistic explanation(s).
What specific protections are you using?
You acknowledged these malicious behaviours in Q6:
- ARP spoofing
- DNS manipulation
- Port scanning
- Certificate solicitation
- MAC collection
- Traffic analysis
You claim HTTPS makes it safe, but you didn't explain:
- How HTTPS prevents ARP poisoning (it doesn't - this happens at Layer 2)
- How HTTPS prevents port scanning of your device (it doesn't - attackers scan your listening services directly)
- How HTTPS prevents DNS manipulation when 80% of users don't use DoH/DoT
- How HTTPS prevents SNI leakage when ECH adoption is <5%
- What specific mitigations you've deployed against the network service exploitation you acknowledged
TLS operates at layers 5-7. The attacks you listed in Q6 happen at layers 2-4. Your HTTPS traffic is irrelevant to these attacks.
The quiz asked about everyone, not just you:
This isn't about how well you've personally secured your device. It's about whether the general public should be told "public WiFi is safe because HTTPS."
Most people:
- Don't know what services are listening on their network interfaces
- Are running unpatched software (Q8: personal computers lack defense-in-depth)
- Aren't using DoH/DoT
- Aren't aware SNI is unencrypted
- and the rest
If you're going to have a good conversation about this you need to provide better, more specific explanations - not just "HTTPS makes it safe." What exact technical controls are you deploying? What does the average person need to configure to achieve your level of protection?
Without specifics,it's all a bit hand-wavey. The /quiz version tracks contradictions in responses (surprisingly common, even among technical users). The /conversation format
is for people who just want the technical explanation without the assessment.
Happy to discuss specific scenarios or threat models, but there are some principles that just wont change, do you know what they are ?