Worth the Risk? How To Stay Safe on Free Wi-Fi

How safe is free Wi-Fi, really?

Free Wi-Fi is somewhat safe, but it’s much more vulnerable to security flaws than your home internet network.

To be sure, public Wi-Fi networks are a lot safer than they used to be. Thanks to the proliferation of HTTPS encryption and WPA3 security standards—the latter of which was rolled out as a mandatory feature on all Wi-Fi-certified devices beginning in 2018—most public networks have safeguards in place to ward off common attacks.

But a free public Wi-Fi network is still an unknown quantity. You don’t know who set up the network, who the other users are, or what may be happening with your data while you’re connected. All that increases the chance of you being at risk.

Use trusted networks only

One easy way to mitigate risk is by using only familiar Wi-Fi networks. You aren’t 100% secure just signing onto the public Wi-Fi at a large corporate chain like McDonald’s or Starbucks—a few of the many businesses that offer free internet to customers. But in that case, you at least should know where the internet is coming from and what the agenda is for those who set it up.

On the other hand, you really don’t know who you’re dealing with when you sign onto an unknown Wi-Fi network at a mall, park, or other public place. The network could be perfectly safe, or it could be harvesting and selling some of your data.

Hackers can also use special networking equipment to spoof legit networks (an approach once memorialized in an episode of Silicon Valley). If you’re unsure of what Wi-Fi network to pick, ask an employee to confirm the business’ network name so you’re not led astray.

Only visit HTTPS websites

When you visit HTTP websites, a hacker can easily insert themself as a link in the chain of communication between your computer and a server, essentially creating a window into your online activity. This is what’s known as a “man in the middle” attack, and it’s obviously not good for your network security. But you can stave off these attacks simply by avoiding HTTP websites altogether and visiting HTTPS websites instead.

• Good URL—https://
• Bad URL—http://

HTTPS websites use a security protocol called Transport Layer Security/Secure Sockets Layer (TLS/SSL) to set up authenticated certificates to verify a server’s identity, thereby doing away with the glaring vulnerabilities of HTTP.

Most websites use HTTPS at this point, and many web browsers let you know if you try to access a site that doesn’t have a TLS/SSL certificate. You get a glaring “not secure” warning in your window or a red exclamation point in your browser bar. You may even be blocked outright from visiting the site. Do yourself a favor and take those warnings seriously.

Avoid sharing personal info

In an age when every business wants you to download its app or sign up for an email list, it’s no surprise that some public networks want your personal information in exchange for a bit of free Wi-Fi. Airports especially adopt this approach, with many across the United States offering free airport Wi-Fi only after you fill out an online confirmation form that asks for your name, email, or phone number.

Next time you get one of these prompts, feel free to leave the form blank or input phony information—it saves you from getting signed up to a bunch of spam lists or having your data mined for other reasons. The good news is that it’s likely you can still get free Wi-Fi regardless, since many of these attempts are mere marketing ploys and don’t actually require an email or text confirmation.

If you do need a confirmation email to get the gratis Wi-Fi gravy flowing, consider setting up a backup email address that you can use for just these occasions.

Stay away from sensitive accounts

Of course, there are always times when you have to log into a personal account while you’re traveling. But you want to be extra-careful when doing so to keep your most sensitive information secure. Never go onto a public Wi-Fi network to log into sensitive accounts, like your bank’s website. Instead, use your cellphone’s data or a hotspot. And sign into a VPN (see below) to add another layer of protection.

Also, don’t use a public browser (like a desktop computer in a hotel’s business center) to sign into your bank or email address. The computer may keep you logged on even after you’ve closed out of the browser, or it could have a keylogging program installed to keep track of what you type.

Use a VPN

A VPN (virtual private network) gives you an encrypted internet connection through a separate server that’s located out of state or even out of the country, masking your IP address, hiding your location, and shielding you from potential prying eyes.

Why use a VPN with free Wi-Fi?

• Hides your location
• Anonymizes your web traffic
• Increases your online privacy

Although you can use a VPN anywhere (including at the home or office), it’s especially useful for logging into free public Wi-Fi networks. When you’re logged into a VPN, you get an extra-strong layer of privacy to protect you against the network host as well as other users who may be in your vicinity.

In some cases, a VPN is crucial: for example, you should always sign in to a credible, subscription-based VPN if you’re using a public Wi-Fi hotspot to handle sensitive data, like bank or tax information.

Turn off file sharing and AirDrop

Bluetooth-based file sharing services like Apple’s AirDrop offer a convenient way to swap photos, MP3s, and other files between friends or coworkers. But if you’re not careful, they can also leave your phone or laptop wide open for someone who wants to take your files or send you malware.

Here’s how to turn off sharing/AirDrop:

On Windows 11: Open Control Panel and click Network and Internet, then Network and Sharing Center. Go to Change advanced sharing settings, and click on the network that ends with “(current profile).” Click the button next to “Turn off file and printer sharing.” If you want, you can also prevent other devices from seeing your computer by clicking Turn off network discovery.

On a Mac: Click Control Center in the menu bar, then turn AirDrop off. You can also click the AirDrop icon and choose who can send items to you. Click the arrow next to AirDrop and click Contacts Only or Everyone.

On iOS: Swipe down from the upper right-hand corner of your iPhone or iPad to access the Control Center. Press firmly on the network settings card in the upper-left corner, and tap the AirDrop icon to choose between Receiving Off, Contacts Only, or Everyone for 10 Minutes.

Switch off Wi-Fi when you’re not using it

It’s common to keep the Wi-Fi switched on by default to make it easier to get online whenever you whip out your device. But if you use public networks, you might want to manually switch off your Wi-Fi access whenever you’re not using it. You don’t want to worry about getting signed back on without realizing, or about downloads, updates, or other processes that may be happening on your phone when you’ve got it in your back pocket.