Even public/unsecured Wifi is relatively safe - essentially all websites these days only support secure HTTP (HTTPS), so all traffic to/from a website is encrypted through the Wifi even if the Wifi itself is unencrypted. A potential attacker would be able to notice that you went to ask.metafilter.com, for instance, but not which webpages you went to. Similarly, such an attacker would be able to detect you accessed your bank, but not what you did there. That said, not all websites support HTTPS.

For reading your emails/taking control of your laptop/phone, you're getting into password attacks (where an attacker attempts to figure out your password) and malware attacks (where an attacker attempts to install unsafe software on your computer). Both of those are possible with or without secure Wifi. Although VPN mildly makes both of those harder for the attacker, the real solution is to keep secure passwords, use two factor authentication if your bank/sensitive websites support it, and use an anti-virus program. Windows comes with Microsoft Defender, which I consider good enough for the vast majority of people.

A VPN is a decent option here to cover the case of websites that don't support HTTPS. I have heard TunnelBear recommended by people I trust, although I have no experience with it myself. You may find that video content does not work well with a VPN, so you may have to be selective of when you enable the VPN.
posted by saeculorum at 5:46 PM on February 6 [8 favorites]

If you want a little more peace of mind you can use Cloudflare's free 1.1.1.1 service to protect your DNS queries. Otherwise I wouldn't worry.
posted by JoeZydeco at 7:19 PM on February 6 [2 favorites]

Ever since Snowden (or even before), the vast majority of Internet services assume the communication channel is insecure and act accordingly. Encryption is the norm.

One (imo tiny) risk is someone on the "local" wifi network probing your PC for vulnerabilities or open services. Assuming you're running Windows though, it's pretty well locked down unless you've been running a server of some sort (for example Windows File Sharing). Setting the wifi network settings to "Public" (that is, untrusted) should mitigate this and block any services you might inadvertently have running. (I don't think a VPN would protect you from this.)
posted by neckro23 at 8:50 PM on February 6 [2 favorites]

Mullvad is like €5 for a month and solid. Possibly worth it for peace of mind.

A cheaper middle ground is a configuration option that enforces HTTPS only. Most websites do support HTTPS, but smaller self-hosted blogs and older sites may not.
posted by BungaDunga at 9:05 PM on February 6 [1 favorite]

That bold statement was just incorrect when it was made. There's no risk to using public wifi that isn't shared with using your own private wifi. Do you know who is on your private wifi network? You either don't, in which case, it's public, or you do, in which case you are a very security-conscious person who is fine on public wifi.

Go ahead and use public wifi without worrying too much about it.
posted by bowbeacon at 8:26 AM on February 7 [2 favorites]

Strong agree with bowbeacon. I'd say the statements in the article you linked are not factually incorrect, insofar as there are vulnerabilities that can be used to exploit public wifi. However, if you're a random person without a reason you'd be specifically targeted (say, you're a notable journalist who's drawn the ire of a three letter agency or something), the odds of running into someone exploiting MAC spoofing for nefarious ends in your random neighborhood while you're using xfinity wifi for a month are close to nonexistent. And even if you had someone after your personal data in particular, there are probably easier ways to go after you that involve less physical proximity than mac spoofing your wifi.

If you're really dead-set on avoiding public wifi, you could use your mobile phone as a hotspot if your carrier allows it, and you can afford it.
posted by Alterscape at 8:39 AM on February 7 [2 favorites]

In case you need more convincing, I would present the logic problem: Would a multi-billion dollar monopoly build out an enormous infrastructure project, encourage all of their customers to use it, encourage all their customers to PROVIDE INFRASTRUCTURE FOR IT, and have that system in actuality be a giant honeypot for exploitation by Russian identity thieves?

No. The only risk is that Comcast is pocketing extra advertising money or subscription money by offering this.
posted by bowbeacon at 9:10 AM on February 7 [1 favorite]

In case you need more convincing, I would present the logic problem: Would a multi-billion dollar monopoly build out an enormous infrastructure project, encourage all of their customers to use it, encourage all their customers to PROVIDE INFRASTRUCTURE FOR IT, and have that system in actuality be a giant honeypot for exploitation by Russian identity thieves?

Sure. In a hot minute if they thought the benefit to *them* outweighed the cost to *them*. I assume they have an expensive shrine in the board room dedicated to the great god “externally-paid costs” on which they sacrifice regularly.

I’m not arguing Comcast’s “free” Wi-Fi (this is the one that runs on the wireless routers customers are paying monthly rent for, right?) is dangerous, just that that arguments about their high motives don’t seem a slam-dunk.
posted by Gilgamesh's Chauffeur at 6:59 AM on February 8 [1 favorite]

I am no fan of big business, and in fact think that big business is generally evil and bad for the world. But one thing large government regulated monopolies rarely do is actively avoid accepted security rules to benefit foreign organized crime. It's just not a thing you have to worry about big business doing to you. They'll sell your info to advertisers! For sure. But not like, actual no-doubt-about-it crime gangs.
posted by bowbeacon at 9:53 AM on February 8