Using public PCs in Libraries, Internet Cafés, Airports, Hotels etc.

Summary, including brief conclusions

Public access PCs are generally NOT suitable for anything more than surfing! i.e. no keyboard input whatsoever and ideally no use of sites that would in any way recognise you or let you identify yourself even if not by keyboard.

Scope and justification of the summary

This page solely covers the use of any PC which is used by multiple users of which you have no control of knowledge of what they might do or have done with the PC before you use it. If you have a Laptop and are concerned about using it outside of your work and/or home then see Keep safe in Wireless HotSpots.

Can you trust the management and all of their staff in terms of competence, integrity etc.

The first concern for any such usage is the competence (management and technical - both local and centralised aspects of both!) and integrity of the provider of the service. If ANY of those are in doubt then you should not be taking any risks whatsoever when using their PC.

Does the facility attract users who would provide good material for identity theft etc.?

Even if the establishment is solid in all the above respects bear in mind that all sort of deviant people will be trying to exploit those PCs as devices to gather information from or about the people that use them. The only slight saving-grace is that whereas the users of hotspots (see Keep safe in Wireless HotSpots) are typically business laptop users and therefore very, very attractive targets.

With apologies to them for generalisations, the users of public PCs are not likely to be as attractive when used as an alternative to having a PC and Broadband access at home. But we all travel and often we:

• need a 'fix' - check e-mail or other correspondence or access some 'special' site for information
• can use web-based facilities such as Web-mail but they need to identify themselves to the relevant web site(s) - obviously this is a significant new service(/technology) where problems often start!
• don't want the risk and hassle of taking our own (PC or?) device(s) with us when travelling - especially on vacation
• think that the chances of 'getting caught' are low with little regard for the potential pain and cost of the consequences

so whether in the UK or Abroad you MIGHT be tempted to use a public PC! to check your bank balance, flight itineray etc.. Please read the rest of this page before considering doing-so...

The most likely issues EVEN if the facility provider is known, trusted, competent etc.

If it isn't obvious - the first of these is an order of magnitude or more serious than even the second which in turn is an order of magnitude more dangerous than the rest.

1. Key loggers may be installed - they could be hardware or software - the choice would depend on the weakest aspect of the public facility's security and the opportunities available to the hacker. Every keystroke you make may be recorded - comprising all information keyed, including login information - even for 'secure'! VPN connections.
2. If another user of the network you are using is able to install software on the PC that THEY are using then they can do all of the packet-sniffing tactics used on Wireless hotspots - rather than repeat those issues - see Keep safe in Wireless HotSpots, also see Note¹.
3. Information entered on web forms - INCLUDING LOGIN information can easily be cached as it is by default in Windows. Any saved login information - such as from clicking the 'Remember Me' option when logging into a site just may allow others to access your account(s). The next user of your PC could be a low-level hacker who might find that information of interest/value... just as in the next two items...
4. Your browsing history may be cached. People can see what Web sites you've visited, and they may be able to view these cached sites, which may invade your privacy, especially if you...
5. Cookies from your web sessions may not be discarded and they could contain almost any type or amount of personally identifiable information including usernames, passwords and the sites at which they were used.
6. As (web) developers find different ways to use technology to make their sites more interactive, visual, exciting etc. you can be sure that there will be a constant flow of additions that could be made to this list but it is simpler to assume their prescence as a generic threat to which the response should be a disciplined regard to the use of these (public PC) facilities.

In addition to the above there are all the risks that one associates with public networks anyway - even if the hacker might need to be (or HAVE BEEN!) connected to the network of the (public PC) facility - please read Keep safe in Wireless HotSpots for a summary.

Appendix and Notes to the information above

1. In a well managed public hotspot the state of a PC would be reset to 'safe' after every change of user - if that is the case then you would only have to worry about current users... This is fairly common (50%?) in good pay-as-you-go facilities but rare in almost all low-cost, small-scale and non-commercial organisations.

   HOWEVER - if the PCs are not reset back into a safe condition after each user then their whole network and the PCs on it could be compromised and possibly remotely managed for several days or even weeks after the hacker has left! The situation is even worse on the PCs that the hacker uses because a software key logger (see above) may be installed and can do so much more than a network sniffer.

   Managers of public PC facilities should always be wary of visitors who often use their facility just after a reset of their PCs if that is done daily, weekly or even ad-hoc - especially if they appear to spend a very similar amount of time each visit and appear to be doing 'repetitive' tasks.

This page © Business before Technology 2006 - see the respective sites of the owners for their copyright as well as terms and conditions

General information about this page and request for feedback

Links and other information last validated on 8th June 2008. Please use the Contact us page to suggest any additions or revisions.