Is Public Wi-Fi Safe? Real Risks and How to Protect Yourself
Coffee-shop Wi-Fi has a scary reputation earned in an earlier era โ when most websites were unencrypted and anyone with free software could read a room's traffic. The web has since armoured itself with HTTPS, so how dangerous is public Wi-Fi today? Less than the folklore says, more than zero.
What HTTPS already protects
Nearly all significant sites now encrypt end-to-end. On hotel Wi-Fi, a snooper can see which sites you visit (domains still leak via DNS and connection metadata) but not what you do there โ passwords, messages and card numbers travel encrypted. The classic "hacker reads your login at the airport" mostly died with HTTP.
The risks that remain real
- Evil twin hotspots โ anyone can broadcast a network named "Airport_Free_WiFi." Join it and the attacker owns your gateway: they can watch metadata, poison DNS answers, and serve convincing phishing pages. This is the top modern public-Wi-Fi threat.
- Metadata harvesting โ even honest networks (and their advertising partners) log the domains you visit, tied to your device.
- ARP spoofing on the local network โ a hostile device can insert itself as middleman; encryption limits the damage but metadata and stripping tricks remain.
- Exposed device services โ on an open network, other patrons can probe your laptop directly: file shares, development servers bound to all interfaces (see why binding to localhost matters).
- Captive-portal oddities โ login portals occasionally probe or misdirect; mostly annoyance, occasionally worse.
The protection playbook
- Use a VPN โ the single measure that answers nearly everything above: all traffic (including DNS) travels encrypted to the VPN server, so evil twins and snoopers see only ciphertext, and the network learns nothing but "this device uses a VPN." Verify it's active by checking your IP shows the VPN, not the cafรฉ's ISP.
- Mark the network as public โ your OS then disables file sharing and tightens its firewall (Windows asks; choose "Public").
- Verify the network name with staff โ defeats casual evil twins.
- Keep the OS updated and avoid installing anything a portal "requires."
- Prefer your phone's hotspot for genuinely sensitive work โ cellular data is harder to intercept than open Wi-Fi.
- Forget the network afterwards so your device won't auto-rejoin lookalikes broadcasting the same name.
Frequently asked questions
Is banking on public Wi-Fi safe?
Banking apps and sites use strong encryption, so the transaction itself is protected even on hostile networks. The residual risk is phishing via fake portals/DNS โ a VPN and typing the address yourself close that gap.
Does public Wi-Fi see my browsing history?
The network operator sees the domains you contact and when โ not page contents. A VPN hides even the domains from the local network.