(Replying to PARENT post)
Only use secure transports over wireless connections. Which many including myself have been recommending for years anyway.
Properly configured HTTPS (i.e. servers with good protocol/cypher/key options preferably with HSTS too) should be sufficient so as a user you can make sure you limit what you access over wireless. Luckily HTTPS is becoming very common both for actual web-sites/-applications and other services that use it as a transport (TFS for instance). As a service admin, protect your users by mandating HTTPS.
Similarly, SSH and protocols wrapped in it are safe. RDP should be good too if correctly configured.
If you are using "plain" or broken protocols over wireless (for example, file access via SMB/samba): stop unless the content being accessed is public anyway. This may affect many in office environments. If you are responsible for running a network make sure no traffic via unprotected protocols goes over network legs with wireless access points.
DNS is generally not secure which could a concern for this if spoofing attacks are successful (so far only inspection/eavesdropping attacks have been proven?) as that would allow DNS poisoning. HTTPS and friends still protect your content here if your users use them properly (i.e. they never ignore certificate warnings), though if you are paranoid about privacy (which some people need to be) an outsider knowing what DNS lookups you make could be enough of a concern.
(Replying to PARENT post)
(Replying to PARENT post)
You can host your own internal VPN, it's just to ensure the traffic over wifi is secure. If you are a corporation you probably have a VPN already, for people outside the office to access the internal network. Then just setup rules so wifi clients can only access the VPN server (however yes, it is easier said that done for most home users).
(Replying to PARENT post)
Luckily most major websites/applications you'll use will have HTTPS and HSTS enabled.
(Replying to PARENT post)
(Replying to PARENT post)
Source: https://www.krackattacks.com/
(Replying to PARENT post)
I can recommend Mullvad[1] which takes none of your information for registration, and which ticks all the right boxes on That One Privacy Site's VPN comparison chart[2].
(Replying to PARENT post)
From the earlier thread [1] I gleamed that maybe a MAC filter could help, but it sounds like that's not going to help much because MAC addresses can be easily spoofed.
The article here recommends sticking to sites with HTTPS, which isn't really something we always have control over, and isn't something we can realistically expect our non-technical WiFi users to be able to strictly adhere to.
VPNs were also suggested, but again, mandating that everybody on our WiFi must connect through a VPN is rather impractical, and I'm personally not sure which VPN providers are supposed to be trustworthy to begin with.
If people here have other suggestions, I'd love to hear them.
[1] https://news.ycombinator.com/item?id=15478750