Hiddien WiFi Network and security

They are only talking about the SSID name. The name is not being protected and is easily available to others. Some people may think they can use personal information for the name of the networks or even think they don't need to password protect the network since they believe it is hidden, and the truth of the matter is it is not. They are more concerned that people will have a false sense of security thinking no one will be able to guess the name of your network.

Use a password on your network and you are good. Your choice on whether you want to hide the network, it makes no difference.

Scott Kopp wrote:

In other words, is this saying that hiding the network makes it vulnerable? Or is it simply saying hiding a network is not a security feature?

It's a little bit of both. Hiding the WiFi network doesn't improve its security. But any device that normally connects to that hidden WiFi network will be trying to connect, and broadcasting that hidden name, wherever it goes.

Hidden Wi-Fi networks causes all configured Wi-Fi clients to blather about the hidden Wi-Fi network name (SSID) everywhere they go, which is wonderful for identifying clients.

Hidden networks are also trivial to spot in most any Wi-Fi network scanner. They stick out.

WPA2 and WPA3 are recent and common means of Wi-Fi connection security, and are entirely independent of hidden and non-hidden Wi-Fi network setting.

A hidden network can be wide open with no connection security too, if you prefer. As can be a non-hidden network.

Hiding the SSID name is "Security through Obscurity". Which just means the people that know where to look, can find it. And the people you DO NOT want to find it, DO know where to look.

As long as you DO NOT depend on hiding the SSID as part of your securing your network, then in some situations it can be a useful tool, such as you have a gazillion access points that are mostly machine accessed (some algorithm is used to select the access point; and not a human), and you do not want to flood the human GUI interface with a ton of access point names that they are not allowed to directly use anyway.

But hiding the SSID as a way to improve your home WiFi security just makes it a pain in the 🫏 for you and anyone in your family to use the WiFi.

If you hide the network name, people who just ordinary users and not interested in doing you any harm will not see your network. But they don't care and aren't a threat to you anyway.

The savvy people who are interested in doing you harm will have tools that can easily detect your network so hiding it doesn't protect you from the people who could pose a threat.

Meanwhile the name will be broadcasted by other devices, as others have pointed out.

Servant of Cats wrote:

Note that any form of Wi-Fi security can only protect the "first hop" from your computer to your Wi-Fi router.

Once information leaves your Wi-Fi router en route to the larger Internet, there is no WPA2, WPA3, etc. protection on it. In some cases, it might be protected by other means (e.g., https connections to Web sites). In others, any person who can sniff the packets would be able to see and expose the information inside.

Pretty much everything in the Apple app store is required to use TLS, which provides end-to-end security. Exceptions to that requirement are rare.

The widely hyped first-few-hops VPNs don’t appreciably add to security given widely-known credentials, but they are ideal for personally-identified data and metadata collection.

This is one reason why banks and health care providers will not send you certain types of information using e-mail, but will instead send you "notification" e-mails saying that there's something (bank statement, lab results, etc.) you can see by logging into their secure portals.

In the US, HIPAA gets involved in that particular discussion, and lawyers get involved. That written, email is permissible. The usual issue for healthcare providers is that email requires the sender provide some form of authentication, and that email itself is typically unencrypted, and major providers are snoop-happy.

Basically, it’s that email is a quagmire, and encrypted email is a bigger mess, even when it is working all “right”.

The most common means to try to resolve this email mess is PGP, and that itself is a mess. (Things haven’t appreciably improved here with encrypted email since 2014, either. Nor, pragmatically, can they be.)

And many if not most folks using email use Google Gmail or similar providers, which explicitly access and read your email. And providers get breached. Yahoo has been catastrophically breached twice, IIRC.

But this thread is about hidden network SSIDs, associated with networks which can be wide open, or can be secured with WPA2 AES, or WPA3, or better as available, and with TLS and (for privacy) Private Relay.

Note that any form of Wi-Fi security can only protect the "first hop" from your computer to your Wi-Fi router.

Once information leaves your Wi-Fi router en route to the larger Internet, there is no WPA2, WPA3, etc. protection on it. In some cases, it might be protected by other means (e.g., https connections to Web sites). In others, any person who can sniff the packets would be able to see and expose the information inside.

This is one reason why banks and health care providers will not send you certain types of information using e-mail, but will instead send you "notification" e-mails saying that there's something (bank statement, lab results, etc.) you can see by logging into their secure portals.