Stay Private on Public Wi-Fi

Coffee shop, airport, hotel — what actually matters and what is just paranoia. The 2026 honest version.

1. STEP 1

   First: HTTPS does most of the work

   In 2026, ~98% of web traffic is HTTPS. The hotel network can see what domains you visit (via DNS and SNI), but cannot read content. The 'public Wi-Fi will steal your bank password' threat is a 2010 story. Modern threats are subtler.

2. STEP 2

   Block DNS leaks

   Set NextDNS or 1.1.1.1 with DNS-over-HTTPS in your OS settings. The hotel router can't intercept what it can't see. This single change covers the bulk of what people imagine VPNs do.

3. STEP 3

   Use a VPN for actual privacy reasons

   Not 'because public Wi-Fi.' Use a VPN when you don't want the network owner to know which sites you visit at all (DNS would still leak that), or when you need to appear to be in a different country. Mullvad or Proton VPN.

4. STEP 4

   Turn off Bluetooth and AirDrop in crowded places

   Bluetooth probes leak your device name. AirDrop set to 'Everyone' broadcasts your contact information. Both are easy to mitigate — set Bluetooth to off when you don't need it, AirDrop to 'Contacts Only' or off.

5. STEP 5

   Avoid captive portals when you can

   Hotel and airport portals often require a click-through that injects tracking. Use a personal hotspot or your phone's mobile data instead when the work is sensitive. The convenience trade-off is real but small.

6. STEP 6

   Don't sign into anything sensitive on hotel computers

   This is the actually scary one. The hardware is owned by the hotel; keyloggers and screen capture are trivial to install. If you must, change your password from your own device immediately after.