MONTREAL -- The convenience of free Wi-Fi hotspots in Montreal's cafes, gyms, and malls may cost your privacy and security.

A Concordia Unversity study looked at 67 open-access Wi-Fi hotspots to investigate web tracking and data collection behaviours.

The study found that 40 per cent of the hotspots "perform unnecessary collection of sensitive data via social media, registration or surveys, then share it with several third parties."

"There's a cost," said master's student Suzan Ali, who studies at the Concordia Institute for Information Systems Engineering at the Gina Cody School of Engineering and Computer Science. "If you value privacy and security, you need to stay as anonymous as possible."

The study was funded by the Office of the Privacy Commissioner of Canada and revealed that all but three of the hotspots studied use user-tracking technologies on their portals, and more than half create persistent third-party tracking cookies that are designed to stay active for up to two decades.

"Surprisingly, 39 per cent of hotspots create persistent cookies even before the user accepts the privacy terms and services policy," said study supervisor professor Mohammad Mannan.

In addition, the study found internet providers "fingerprint" users' devices by noting model, version of Chrome in use and plugins creating a type of profile even when cookies have been cleared.

The study found Android phones are better at protecting privacy.

Mannan said users should not be comfortable with the findings.

"You should care on principle, but also because your private information is monetized," he said. "Someone's making money off it, and someone could learn something about you from your Facebook profile and use it to launch a targeted phishing attack against you."

The researchers gave four tips for those concerned with public Wi-Fi hotspots:

  • Don't register
  • Don't use social media to register
  • Always clear your browser of cookies
  • Use anti-tracking browser add-ons