PyCon’s Ethical Misstep: Why You Need VPN/DoH for All Public Wi-fi
Introduction
Attendees at a recent PyCon APAC 2023 event found themselves part of an experiment — or perhaps a demonstration — that has raised questions about ethics and cybersecurity. The domains accessed by the participants using the conference’s free Wi-Fi were intentionally exposed and broadcasted on a large screen and a public internet site.
The organizers’ intentions behind this move are still unclear because the organizer has not made a public statement yet. However, the lack of transparency and violation of privacy warrant discussion, not just about the ethics of the organizers but also about the precautions one should take when using public Wi-Fi.
The Incident: What Happened?
Attendees at the PyCon event were offered free Wi-Fi, which many naturally took advantage of. However, to the shock of the participants, the domains they accessed — potentially exposing sensitive information — were displayed on a large screen for everyone to see. These domains were also published on a public website. The blatant lack of privacy and consent raised immediate concerns, leading to a post on social media that went viral, sharply criticizing the organizers for the breach of trust and ethics. It was only after this viral SNS post that the organizers stopped exposing the accessed domains.
Ethical Concerns
Wi-Fi at events like PyCon is often seen as a convenience or perk, and attendees trust that their usage will be kept private. Even if the organizers intended this as an eye-opening demonstration about the risks of public Wi-Fi, the lack of transparency and consent casts a shadow over their judgment.
Furthermore, broadcasting this data publicly magnifies the risk. The domains accessed could reveal personal or sensitive information about an attendee’s interests, professional activities, or even health status. This has real-world implications; it isn’t merely an issue of virtual ethics.
The Importance of Cybersecurity Measures
The incident serves as a crucial reminder of the security risks associated with public Wi-Fi and the importance of taking personal cybersecurity measures. Below are technologies you should consider using:
Virtual Private Networks (VPNs)
A VPN routes your internet connection through a secure server, effectively masking your IP address and encrypting the data sent or received. This makes it considerably more difficult for anyone — including conference organizers — to monitor your activity.
DNS over HTTPS (DoH)
DoH encrypts DNS queries, which could otherwise be exploited to reveal which websites a user is visiting. While a VPN encrypts all data sent or received, DoH specifically aims to encrypt the domain name system queries, providing an additional layer of security.
Conclusion
While the organizers eventually stopped exposing domains following the viral SNS post, the incident has served as a wake-up call for attendees and organizers alike. For attendees, it underscores the importance of taking personal security measures like using VPNs and DoH while on public Wi-Fi. For organizers, it should act as a lesson in ethics and the importance of transparency, especially in a space like a technology conference where many assume a baseline level of security and privacy.
