Last week, New York City started rolling out what is expected to be the largest public Wi-Fi project in the world: new Wi-Fi hubs placed in the antiquated telephone booths scattered around the city.
The breadth of the program is impressive: It spans all five boroughs and will bring to the city a total of 7,500 Wi-Fi hotspots, the majority of which will be deployed by 2020. The network's speed is enviable; at over 200 Mbps, the download and upload speeds blow your standard Time Warner Cable package out of the water. But the most exciting aspect of the new network isn't its power or accessibility — it's the security. You'll have the option to browse the web safely, with end-to-end encryption.
Though connecting to wireless internet at a Starbucks may seem innocuous, it's anything but. That's because most Wi-Fi implementations are open networks. When connecting to the internet through a cafe network, on a bus or in a train, there are no barriers preventing someone from viewing your computer.
How? Public Wi-Fi is prime environment for hackers to weasel in between you and the website you're sending information to, allowing them to see all your traffic before it arrives at its intended destination.
While websites that use encryption protocols like HTTPS (signified by that lock image in your browser bar) provide some protection against threats, there's plenty of opportunity for human error. Simply navigating to your bank's website could inadvertently expose you to a hacker threat. Seemingly legitimate websites can be frauds luring users to enter their login information and effectively hand over their personal data to hackers.
Outside of what's called a man-in-the-middle attack, there are more nefarious forms of hacking, like malware. For instance, a hacker can launch a pop-up window at the start of a session, invite you to click and then download software automatically onto your computer without you being the wiser.
"The interesting thing is, when you do go through these devices, you assume they are secure," Paul Nicholson, product marketing director of security firm A10 Networks, told Mic. "But there's always the worry that there's something intercepting in the middle."
This is why encryption matters: Given that most public Wi-Fi is unsafe, it's particularly interesting that LinkNYC is offering users the opportunity to encrypt sessions end-to-end. End-to-end encryption means that communications can only be decrypted by the person receiving the message using a system of private keys.
"On a public network, we treat everyone as their own network. No device can see any other device and nothing is shared between devices," Colin O'Donnell, chief technology officer of CityBridge, the consortium running LinkNYC, told Mic.
The feature is opt-in, so users have to choose to use it. This is so LinkNYC can download a device-specific key to the phone requesting encryption. That provides a small hurdle for those who may not know what encryption is. But, O'Donnell told Mic, CityBridge will also be deploying street teams near LinkNYC hotspots tasked with teaching the general public how to safely use public Wi-Fi and how to activate encryption.
Safety tips include making sure you're actually connecting to LinkNYC and not a spoofed version of the network, avoiding sites that aren't secured with HTTPS, and refraining from downloading files from unknown third parties.
O'Donnell also says that CityBridge has a team monitoring the network around the clock for potential threats and abnormal activity. Given that one of the members of CityBridge is telecommunications giant Qualcomm, the security team is likely fairly robust.
Your data: LinkNYC's Wi-Fi system is free, but there is a hidden cost. In order to fund this project, LinkNYC needs to make money. Like many tech platforms, it can do that through ads.
For now, each station will feature a physical advertisement. LinkNYC will also serve patrons an ad when they first connect to the network. To serve up these ads to the right audience at the right time, the network relies heavily on anonymized user data. But rather than track web behavior, O'Donnell told Mic, LinkNYC uses outside information to know who you are and what you like.
Using a device's unique ID, LinkNYC can collect physical data about you that isn't tethered to your name, but rather a tokenized number. "We have points all across the city for lengths, and we know which lengths are near Barclays Center and we know when the Nets are playing versus when a Justin Bieber concert is," O'Donnell said. "So you can start to build profiles about a place and specific time that's really valuable to advertisers."
LinkNYC does not directly share data with advertisers, O'Donnell said; it uses the data internally to help brands place ads. However, it will be sharing aggregated and anonymized user data it collects with the city's Open Data Platform.
It also plans on expanding the kind of data it collects from users. The consortium is partnering with the U.S. Department of Energy, Argonne National Laboratory and New York City to develop new ways of using smartphone sensors to collect information. For example, vibration detectors can sense how often buses are rumbling by a given location, while cameras can see how many bicycles are on a street or determine the speed of traffic.
"We think we can do something really special here by creating a really powerful network that generates insights and making those available to the public so that we can have researchers think about how to correlate air quality and populations and how people flow through the city," O'Donnell told Mic. "A lot of them, frankly, could be about equity and connectivity in the city and where we need to plan future deployments or address digital-divide issues."
In taking advantage of these sensors, the CityBridge (and by extension the city) will have to navigate how to access these sensors in a way that doesn't violate user privacy. However, if LinkNYC can find a way to gain the public's trust in an appropriate way, the payoff could be crucial urban innovation.