user@s3-3:~/s3-3/tools/how-to-tell-if-public-wifi-is-safe $ cat index.md
S3-3 Tech Guides & Tools
~/tools/how-to-tell-if-public-wifi-is-safe
Privacy & Security · Jul 2026

How to Tell If a Public Wi-Fi Network Is Safe to Use

"Free Wi-Fi" networks in coffee shops, airports, and hotels range from reasonably well-run to actively hostile, and there's no reliable way to tell which is which just by looking at the connection screen. The padlock icon next to the network name in your Wi-Fi list only means the connection between your device and the router is encrypted — it says nothing about who runs that router, what they can see, or whether someone else on the same network is trying to intercept your traffic.

What the Network Owner Can Actually See

Whoever controls the router — the venue, or in some cases a third-party company they've contracted to run their Wi-Fi — can see which sites you connect to and roughly how much data you send, even on networks that use HTTPS everywhere. What HTTPS hides is the content of that traffic: your login details, what you typed, what you read on a page. It does not hide the domain name of the site itself in every case, since that information can leak through DNS lookups even when the page content is encrypted.

Signs a Network Deserves More Caution

  • No password at all, on a network with a generic name like "Free_WiFi" or "Airport_Guest" with slight misspellings — these are sometimes set up specifically to catch people who don't check carefully, mimicking a venue's real network name.
  • A captive portal asking for more than it needs — a login page requesting your full name and email to "verify" you before granting access is common and mostly harmless, but one asking for a password you reuse elsewhere is not.
  • Multiple networks with nearly identical names broadcasting in the same location — if you see both "CoffeeShop_WiFi" and "CoffeeShop-WiFi" ask staff which one is theirs rather than guessing.

What Actually Protects You

Sticking to sites that use HTTPS (the padlock in your browser's address bar, not the Wi-Fi one) covers the majority of real-world risk — your bank, email, and most modern sites default to this now, and browsers actively warn you when a site doesn't. Beyond that:

  • A VPN encrypts all your traffic between your device and the VPN provider's server, hiding it from anyone else on the local network, including the venue's own router. It does not make you anonymous online and does not protect you from a website that's malicious on its own — see our full breakdown in what a VPN actually does and doesn't do.
  • Turning off file sharing and AirDrop/Nearby Share while on public networks prevents other devices on the same Wi-Fi from discovering your machine as a shared resource.
  • Avoiding sensitive logins entirely on networks you don't trust — waiting until you're on cellular data or a known network for banking is still the simplest and most reliable option.

Public vs. Private: What That Prompt Actually Changes

Both Windows and Mac ask, the first time you join a new network, whether it's a public or private (trusted) network — a question most people click through without reading. Choosing "Public" on Windows tightens firewall rules automatically, blocking incoming connections and hiding your PC from network discovery, file sharing, and printer sharing on that network. Choosing "Private" opens those up, which is fine at home but leaves you more exposed on a coffee shop network. If you've ever accidentally marked a public network as private, it's not too late to fix — on Windows, go to Settings → Network & Internet → Wi-Fi → click the network → change the network profile type; on Mac, the equivalent is toggling firewall stealth mode under System Settings → Network → Firewall.

Mobile Hotspot as the Simpler Alternative

If your phone plan includes a reasonable data allowance, tethering to your phone's hotspot instead of joining venue Wi-Fi sidesteps the entire problem — you control the network, and no one else is on it. This is often faster than public Wi-Fi too, especially in crowded venues where dozens of people are sharing the same router's bandwidth.

How to Check What HTTPS Is Actually Protecting

Click the padlock icon in your browser's address bar on any site to see its certificate details — who issued it and for which domain. This confirms the connection to that specific site is encrypted; it doesn't confirm anything about the network you're connected to more broadly. For the full mechanics of how this encryption works, see our guide to SSL, TLS, and HTTPS.

The Realistic Bottom Line

Most people use public Wi-Fi thousands of times without incident, because most attacks require either a determined attacker specifically targeting that network or a genuinely malicious hotspot operator — both less common than the anxiety around "hackers on airport Wi-Fi" suggests. That said, the cost of caution is low: stick to HTTPS sites, avoid sensitive logins when you can wait, and treat any network asking for unusual information at the login portal with suspicion. The U.S. Federal Trade Commission maintains a plain-language rundown of public Wi-Fi risks and precautions at consumer.ftc.gov.