Using public PCs in Libraries, Internet Cafés, Airports, Hotels etc.
Summary, including brief conclusions
Public access PCs are generally NOT suitable for anything more than surfing!
i.e. no keyboard input whatsoever and ideally no use of sites that would in
any way recognise you or let you identify yourself even if not by keyboard.
Scope and justification of the summary
This page solely covers the use of any PC which is used by multiple users
of which you have no control of knowledge of what they might do or have done
with the PC before you use it.
If you have a Laptop and are concerned about using it outside of your work
and/or home then see Keep safe in Wireless HotSpots.
Can you trust the management and all of their staff in terms of competence, integrity etc.
The first concern for any such usage is the competence
(management and technical - both local and centralised aspects of both!)
and integrity of the provider of the service.
If ANY of those are in doubt then you should not be taking
any risks whatsoever when using their PC.
Does the facility attract users who would provide good material for identity theft etc.?
Even if the establishment is solid in all the above respects bear in mind
that all sort of deviant people will be trying to exploit those PCs as
devices to gather information from or about the people that use them.
The only slight saving-grace is that whereas the users of hotspots
(see Keep safe in Wireless HotSpots) are typically business laptop users and therefore
very, very attractive targets.
With apologies to them for generalisations, the users of public PCs are not
likely to be as attractive when used as an alternative to having a PC and
Broadband access at home. But we all travel and often we:
- need a 'fix' - check e-mail or other correspondence or access some
'special' site for information
- can use web-based facilities such as Web-mail but they need to
identify themselves to the relevant web site(s) - obviously this is a
significant new service(/technology) where problems often start!
- don't want the risk and hassle of taking our own (PC or?) device(s)
with us when travelling - especially on vacation
- think that the chances of 'getting caught' are low with little regard for
the potential pain and cost of the consequences
so whether in the UK or Abroad you MIGHT be tempted to use a public PC!
to check your bank balance, flight itineray etc..
Please read the rest of this page before considering doing-so...
The most likely issues EVEN if the facility provider is known, trusted, competent etc.
If it isn't obvious - the first of these is an order of magnitude or more
serious than even the second which in turn is an order of magnitude more
dangerous than the rest.
- Key loggers may be installed - they could be hardware or software -
the choice would depend on the weakest aspect of the public facility's security
and the opportunities available to the hacker.
Every keystroke you make may be recorded
- comprising all information keyed, including login information - even
for 'secure'! VPN connections.
- If another user of the network you are using is able to install
software on the PC that THEY are using then they can do all of the
packet-sniffing tactics used on Wireless hotspots - rather than repeat
those issues - see Keep safe in Wireless HotSpots, also see Note¹.
- Information entered on web forms - INCLUDING LOGIN information
can easily be cached as it is by default in Windows.
Any saved login information - such as from
clicking the 'Remember Me' option when logging into a site
just may allow others to access your account(s).
The next user of your PC could be a low-level hacker who might find
that information of interest/value... just as in the next two items...
- Your browsing history may be cached. People can see what Web sites
you've visited, and they may be able to view these cached sites, which
may invade your privacy, especially if you...
- Cookies from your web sessions may not be discarded and they could
contain almost any type or amount of personally identifiable information
including usernames, passwords and the sites at which they were used.
- As (web) developers find different ways to use technology to make their
sites more interactive, visual, exciting etc. you can be sure that there will
be a constant flow of additions that could be made to this list but it is
simpler to assume their prescence as a generic threat to which the response
should be a disciplined regard to the use of these (public PC) facilities.
In addition to the above there are all the risks that one associates with
public networks anyway - even if the hacker might need to be (or HAVE BEEN!)
connected to the network of the (public PC) facility
- please read Keep safe in Wireless HotSpots for a summary.
Appendix and Notes to the information above
- In a well managed public hotspot the state of a PC would be reset
to 'safe' after every change of user - if that is the case then you would
only have to worry about current users...
This is fairly common (50%?) in good pay-as-you-go facilities but rare in
almost all low-cost, small-scale and non-commercial organisations.
HOWEVER - if the PCs are not reset back into a safe condition after each
user then their whole network and the PCs on it could be compromised and
possibly remotely managed for
several days or even weeks after the hacker has left!
The situation is even worse on the PCs that the hacker uses because a software
key logger (see above) may be installed and can do so much more than a
Managers of public PC facilities should always be wary of visitors who
often use their facility just after a reset of their PCs if that is done
daily, weekly or even ad-hoc - especially if they appear to spend a very
similar amount of time each visit and appear to be doing 'repetitive' tasks.
This page © Business before Technology 2006 - see the respective sites of the owners for their copyright as well as terms and conditions
General information about this page and request for feedback
Links and other information last validated on 8th June 2008.
Please use the Contact us page to suggest any additions or revisions.