Protect

Free Wi-Fi in a cafe, airport or hotel is one of those conveniences most of us use without thinking. But the nagging question never quite goes away: is public Wi-Fi actually safe, or are you one click away from being hacked? The honest answer is in the middle — public Wi-Fi is far safer than it used to be, but a few real risks remain, and one simple tool closes almost all of them.

Why public Wi-Fi got safer

The fear comes from how open Wi-Fi works. On an unencrypted public network, every device shares the same airspace, and in principle other people on it can try to watch the traffic passing by. A decade ago that made open Wi-Fi genuinely dangerous: tools existed to grab login sessions straight out of the air. That specific threat is largely gone — but understanding why explains what is and isn't still risky.

The thing that changed everything is HTTPS. The padlock in your address bar means the connection between your device and that website is encrypted end to end. On today's web the vast majority of sites use HTTPS, so even on completely open Wi-Fi, the actual data you exchange with your bank, your email or a shop is scrambled. Someone watching the network sees encrypted noise, not your password.

The risks that remain

So what is still a risk? A few things. Any site or app that does not use HTTPS sends data in the clear, where it can be read. Whatever the encryption, the network can still see which sites you connect to (the domain names), which is a privacy leak even when the contents are hidden. And the network operator — or anyone who has set up the hotspot — sits in the middle of everything you do.

• Use a VPN — it encrypts all your traffic on any network
• Stick to HTTPS sites; distrust a missing padlock
• Never enter passwords or payment details into a network's pop-up page
• Avoid banking and sensitive logins on public Wi-Fi without a VPN
• Turn off auto-connect and 'forget' public networks after use
• For anything important, use your phone's mobile data instead

That last point is the real modern danger: the rogue hotspot, or 'evil twin'. An attacker sets up a network with a friendly name like 'Cafe_Free_WiFi' or 'Airport_Guest', and devices happily connect. Now the attacker controls the network: they can run a fake login page, try to push you to insecure versions of sites, or harvest anything not protected by HTTPS. The Wi-Fi being 'free' tells you nothing about who is running it.

Captive portals — those 'agree to the terms' pages — are another weak point. A malicious one can imitate a real login screen to phish your details, or nudge you into installing something. The rule is simple: never enter passwords, payment details or personal data into a page that a public network pops up, and never install software it asks you to.

How to stay safe

The single most effective protection is a VPN. A VPN wraps all of your device's traffic — every site, every app, HTTPS or not, plus the domain names — in one encrypted tunnel to a server you trust. On a hostile network, the operator and any eavesdropper see only that encrypted tunnel, not what is inside. It turns an untrusted public network into something you can use as safely as your own.

Beyond a VPN, a handful of habits cover the rest. Stick to HTTPS sites, and be suspicious if a normally-secure site suddenly loads without the padlock. Avoid doing genuinely sensitive things — moving money, logging into important accounts — on public Wi-Fi unless you are on a VPN. Turn off auto-connect so your phone does not silently join networks it does not know, and tell it to 'forget' public networks when you leave.

There is also a simpler option many people forget: your phone's own mobile data. A cellular connection is private to you and far harder to intercept than open Wi-Fi, so for anything important, switching off Wi-Fi and using mobile data — or tethering your laptop to your phone — sidesteps the public network entirely.

So, is public Wi-Fi safe?

So, is public Wi-Fi safe? For ordinary browsing on a modern, HTTPS-protected web, it is mostly fine, and the apocalyptic warnings are out of date. But 'mostly fine' is not the same as private or risk-free: rogue hotspots, non-HTTPS traffic and the network watching where you go are real. If you use public Wi-Fi regularly, a VPN is the one upgrade that closes those gaps — cheap insurance for the convenience of connecting anywhere.