Why do people use unsecure public wi-fi?: an investigation of behaviour and factors driving decisions

Public Wi-Fi networks are now widely available in many countries. Though undoubtedly convenient, such networks have potential security and privacy risks. The aim of this study was to understand if people are aware of those risks, and - if so - why they decide to take them. We set up an experimental free Wi-Fi network at 14 locations in central London, UK, for a period of 150 hours, and people connected most often to use instant messaging, search engines, and social networks, and sensitive data (such as name, date of birth, and sexual orientation) were transmitted. We subsequently investigated people's risk awareness and risk behaviour through semi-structured interviews with 14 participants, and an online scenario-based survey with 102 participants. The majority of participants said they would use public Wi-Fi under circumstances where the risks taken are not consistent with maximising utility. Female participants rated the risks associated with public Wi-Fi use, more highly - and yet more females than males said they would use them to save their data plans. These findings align with insights from behavioural economics, specifically the insight that people can misjudge risky situations and do not make decisions consistent with expected utility theory.

[1]  E. Rowland Theory of Games and Economic Behavior , 1946, Nature.

[2]  A. Tversky,et al.  Judgment under Uncertainty: Heuristics and Biases , 1974, Science.

[3]  P. Schoemaker The Expected Utility Model: Its Variants, Purposes, Evidence and Limitations , 1982 .

[4]  Wiktor L. Adamowicz,et al.  Experiments on the Difference between Willingness to Pay and Willingness to Accept , 1990 .

[5]  William S. Neilson An Expected Utility-User's Guide to Nonexpected Utility Experiments , 1993 .

[6]  R. Thaler Irving Fisher: Modern Behavioral Economist , 1997 .

[7]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[8]  William D. Schafer,et al.  Gender differences in risk taking: A meta-analysis. , 1999 .

[9]  Paramvir Bahl,et al.  Characterizing user behavior and network performance in a public wireless LAN , 2002, SIGMETRICS '02.

[10]  Benjamin D. Kern Whacking, Joyriding and War-Driving: Roaming Use of Wi-Fi and the Law , 2004 .

[11]  Christine R. Harris,et al.  Gender Differences in Risk Assessment: Why do Women Take Fewer Risks than Men? , 2006, Judgment and Decision Making.

[12]  Leslie Regan Shade,et al.  Going Wi-Fi in Canada: Municipal and community initiatives , 2006, Gov. Inf. Q..

[13]  Antonio Lioy,et al.  Dependability in Wireless Networks: Can We Rely on WiFi? , 2007, IEEE Security & Privacy.

[14]  Cormac Herley,et al.  Do Strong Web Passwords Accomplish Anything? , 2007, HotSec.

[15]  Paul C. van Oorschot,et al.  Security and usability: the gap in real-world online banking , 2008, NSPW '07.

[16]  Keith N. Hampton,et al.  Community and social interaction in the wireless city: wi-fi use in public and semi-public spaces , 2008 .

[17]  Cormac Herley,et al.  So long, and no thanks for the externalities: the rational rejection of security advice by users , 2009, NSPW '09.

[18]  Predrag V. Klasnja,et al.  "When I am on Wi-Fi, I am fearless": privacy concerns & practices in eeryday Wi-Fi use , 2009, CHI.

[19]  Ruth Urner,et al.  Naïve Security in a Wi-Fi World , 2010, IFIPTM.

[20]  Sunny Consolvo,et al.  The Wi-Fi privacy ticker: improving awareness & control of personal information exposure on Wi-Fi , 2010, UbiComp.

[21]  Rui Wang,et al.  Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow , 2010, 2010 IEEE Symposium on Security and Privacy.

[22]  M. Angela Sasse,et al.  Security Education against Phishing: A Modest Proposal for a Major Rethink , 2012, IEEE Security & Privacy.

[23]  G. Charness,et al.  Strong Evidence for Gender Differences in Risk Taking , 2012 .

[24]  Suman Banerjee,et al.  Beyond deployments and testbeds: experiences with public usage on vehicular WiFi hotspots , 2012, MobiSys '12.

[25]  Wei Cheng,et al.  Characterizing privacy leakage of public WiFi networks for users on travel , 2013, 2013 Proceedings IEEE INFOCOM.

[26]  Wan Haslina Hassan,et al.  Current threats of wireless networks , 2013 .

[27]  Ana Ferreira,et al.  Socio-Technical Study on the Effect of Trust and Context When Choosing WiFi Names , 2013, STM.

[28]  Tarek S. Sobh Wi-Fi Networks Security and Accessing Control , 2013 .

[29]  Scott McQuire,et al.  Public Wi-fi: Space, sociality and the social good , 2014 .

[30]  Rachael Briggs,et al.  Normative Theories of Rational Choice: Expected Utility , 2014 .

[31]  Lynne M. Coventry,et al.  Decision Justifications for Wireless Network Selection , 2014, 2014 Workshop on Socio-Technical Aspects in Security and Trust.

[32]  Ana Ferreira,et al.  Socio-technical Security Analysis of Wireless Hotspots , 2014, HCI.

[33]  A. Lambert,et al.  Public Wi-Fi , 2014 .

[34]  Charles Morisset,et al.  A Decision Making Model of Influencing Behavior in Information Security , 2014, EPEW.

[35]  Milena Radenkovic,et al.  A Feasibility Study of an In-the-Wild Experimental Public Access WiFi Network , 2014, ACM DEV-5 '14.

[36]  Matthew Smith,et al.  METDS - A Self-contained, Context-Based Detection System for Evil Twin Access Points , 2015, Financial Cryptography.

[37]  Ana Ferreira,et al.  Do Graphical Cues Effectively Inform Users? - A Socio-Technical Security Study in Accessing Wifi Networks , 2015, HCI.

[38]  Ana Ferreira,et al.  Do Graphical Cues Effectively Inform Users? , 2015 .

[39]  R. Thaler Misbehaving: The Making of Behavioral Economics , 2015 .

[40]  Michelle Baddeley,et al.  Behavioural Economics and Finance , 2012, Routledge advanced texts in economics and finance.