This is why it's important to always use a VPN when connecting to an untrusted wifi, such as a coffee shop or airport wifi. Either pay $3 /month to a provider or setup your own with something like pivpn.
One problem I have with that is: by the time I’m conected to WiFi, I don’t know how much traffic has already passed through before I could active the VPN. How many background tabs suddenly realized that they had internet again and started sending information (and how many of those used insecure, third party scripts?). Many apps/programs also seem to happily start phoning home as soon as they got WiFi.
I used to have little snitch[1] set up custom rules depending on where I’m connected (allow only local network on unknown WiFi’s until connected to a VPN) but that never really worked well because some WiFi’s allowed third party IP addresses (to tracking scripts or their home page) which meant I got to tracking down this IP and adding a temporary rule for that. Suddenly quickly connecting to hotspots often became a tedious 10 minute process. This also had the positive side effect that I could prevent A LOT of apps from phoning home but at the end it was not worth all the hassle (because almost nothing just worked) and I decided not to install little snitch for my current installation. The only thing I really miss it is when I connect to my phone hotspots because I’m always afraid application XYZ decides to download an update and eat my (very limited) mobile bandwidth.
Furthermore there is no way to do that on my mobile phone where I have even less control over. My current solution is to never connect to free WiFi networks in the first play and in the few cases I need to, just hope that the provider is not evil. This sucks when I’m on vacation, though, because I’m at their mercy.
I used to have little snitch[1] set up custom rules depending on where I’m connected (allow only local network on unknown WiFi’s until connected to a VPN) but that never really worked well because some WiFi’s allowed third party IP addresses (to tracking scripts or their home page) which meant I got to tracking down this IP and adding a temporary rule for that. Suddenly quickly connecting to hotspots often became a tedious 10 minute process. This also had the positive side effect that I could prevent A LOT of apps from phoning home but at the end it was not worth all the hassle (because almost nothing just worked) and I decided not to install little snitch for my current installation. The only thing I really miss it is when I connect to my phone hotspots because I’m always afraid application XYZ decides to download an update and eat my (very limited) mobile bandwidth.
Furthermore there is no way to do that on my mobile phone where I have even less control over. My current solution is to never connect to free WiFi networks in the first play and in the few cases I need to, just hope that the provider is not evil. This sucks when I’m on vacation, though, because I’m at their mercy.
[1]: a very flexible application based firewall which allows you to set which app is allowed to connect to with ip/dnsName:port https://www.obdev.at/products/littlesnitch/index-en.html