Can hotels see what you are browsing?
Hotels can see what you’re browsing online. That’s the short of it. The long answer is that they can’t necessarily see everything you do online, but they can see enough for it to be a legitimate concern. With just a little bad intent and technical know-how, there’s very little limit to what’s possible.
Luckily, it’s easy enough to protect your personal and sensitive information when traveling, even if you don’t have mobile data to spare. Read on to learn more about exactly how connecting to public WiFi can put you in danger as well as what you can do to protect yourself without giving up too much convenience.
The dangers of using hotel WiFi
You get to your hotel room, drop your bags, and look around before grabbing your phone to connect to the hotel’s WiFi. The first way this can all go wrong is that you might not be connecting to the hotel WiFi network at all. All it takes is a well-placed pineapple and you’ve just been pwned.
A pineapple is a device used by hackers to imitate a WiFi network, in this case a hotel WiFi network. It shows up on your device just like any other WiFi hotspot that’s within range. Once you connect to it, all your internet traffic goes through the hacker’s device. This is called a man-in-the-middle attack.
Even if you use the actual hotel’s WiFi connection, all of your internet usage and much of your browsing history will be logged on the hotel’s router (or the hotel servers, if it has them). Hotel staff might not be able to see what you searched for or the exact pages you visited, but they can see what domains you visited, when, and for how long.
This isn’t true of every member of hotel staff, but it certainly is true of the hotel network admin and anyone with whom they’ve shared their login credentials. Hotel WiFi security measures are famously lax, so bored hotel guests with some technical know-how as well as outright hackers can gain access to these logs or even your devices.
Naively making use of a hotel WiFi connection can lead to all kinds of data theft and worse. Your personal details, internet history, and kinds of private data and sensitive information are all up for grabs to anyone with some basic knowledge and readily available software and hardware.
How to protect your online privacy while traveling
If you’re starting to think that using hotel WiFi—or any free or public WiFi hotspot—is not worth the risk, you’re not wrong. There is a lot you can do to safely stay connected when traveling, though, even on hotel WiFi. There are some things you’ll have to do without and some habits you’ll need to change, but you’ve got options.
Here’s how to make the most of that hotel WiFi connection without putting yourself at risk:
Use your own mobile hotspot
Although clearly not a way to use hotel WiFi safely, it’s always going to be better if you can use a trusted mobile hotspot instead of connecting to public WiFi. You can use a dedicated WiFi hotspot with its own SIM card or simply use your smartphone as a hotspot. Keep an eye on mobile data limits and roaming charges.
Use a trusted VPN
Using a trusted Virtual Private Network (VPN) is the single most effective way to safely connect to hotel WiFi networks. A free VPN isn’t going to do the trick here: free VPN providers have to cover their costs somehow, and your data is a revenue stream on a silver platter. Go with a VPN like Surfshark and connect to the VPN before you connect to the hotel’s WiFi network.
Connecting to a virtual private network will protect your sensitive data and privacy by funneling your internet traffic through an encrypted connection. It’s this data encryption that’s key to any VPN service. Network administrators and hotel management can see that you’re connected to a VPN, but they can’t see what you’re doing online.
Keep your system up to date
Whatever your device, keeping the operating system up to date will protect you from known, patched vulnerabilities. This can be particularly painful on a Windows system, but it’s all the more important given how vulnerable Windows is to cyberattacks and malware. Even Linux systems should be kept updated, especially while traveling.
Use a firewall and antivirus software
If you’re using a computer, whether running Windows, Linux, or macOS, it probably already has a firewall installed. Make sure your firewall is turned on and that you know the basics of how to use it. Windows and macOS users should also use an up-to-date version of a trusted antivirus program.
Turn off network discovery
Unsecured public WiFi like what you’ll find in most hotels is a playground for hackers, tech enthusiasts with a bit of a wonky moral compass, and so-called script kiddies—unskilled troublemakers who download ready-made scripts and programs to try their hand at breaking into systems and data theft.
Turn off network sharing and network discovery on your devices before connecting to hotel WiFi. This will make it more difficult for hackers and cybercriminals to find your devices on the network. Doing so will immediately protect you from most low-skill and low-commitment cyber attacks.
Know what is and isn’t safe to do on the hotel WiFi network
If you’re using your own internet connection in your hotel room or you’ve checked off all the other things on this list, then you can probably relax and enjoy internet freedom just like you would at home. Be aware, though, that no system is completely safe and if you’re dealing with extremely sensitive information or valuable data, then using an unaudited internet connection is a no-go.
Ultimately, you’re the one who’s responsible for your personal security, especially online. Avoid doing any online banking or engaging in other sensitive online activities if you have any doubts at all about the internet access in your hotel. There are systems that are close to unbreakable (like Whonix), but they require some specialist knowledge to set up properly.
Can hotels monitor your internet activity?
Yes, hotels monitor your internet activity. This isn’t (in most cases) as sinister as it may sound. They need to monitor your internet traffic to make sure you’re not abusing download or bandwidth quotas, for example. But they can also see what websites you visit and how long you spend on each one.
Can hotel WiFi see private browsing?
Yes, hotel WiFi can absolutely see your private browsing sessions. Private browsing—also known as incognito—mode only hides your browsing history from other users of your browser, it does nothing to hide your online activity from the router/modem switch that resolves connection requests.
Can hotels see what websites you visit?
Yes, hotels can see what websites you visit. At least, they can see what top-level domains you visit and how much time you spend on each one. So, for example, the hotel’s management can see that you spent some time on YouTube, but they’re not likely to be able to figure out what videos you watched.
Can hotels see what you’re watching on TV?
If you use the hotel’s pay-per-view (PPV) TV, then yes, the hotel can see exactly what you watched and when. This is less likely with free-to-air or standard cable channels. The hotel can see if you watched things on Netflix (if you use the hotel’s WiFi), but in that case it can’t see what you watched.
Am I safe on hotel WiFi?
As long as you’ve put adequate security measures in place, then yes, you’re relatively safe on hotel WiFi. These measures would have to include an up-to-date operating system running a trusted antivirus with a properly set-up firewall, and—most importantly—a trusted virtual private network (VPN).
Can hotel WiFi see what you do on apps?
Yes, to some extent hotel WiFi can see what you do on apps. Someone with the admin credentials for the WiFi router can watch your internet traffic and potentially identify what app you’re using. Depending on the app, they may also be able to intercept data in flight and see what you’re doing.
Is hotel WiFi safe for iPhones?
No, if you don’t take any of the precautions listed above, then hotel WiFi won’t be safe for iPhones. Apple’s marketing might make its iPhones seem impenetrable to hackers, but that’s simply not the case. Your online activity is certainly just as vulnerable to exposure on public WiFi as anybody else’s.
Who can view incognito history?
Anyone with administrative rights to the modem/router switch (commonly just called a router) can view your incognito history. Incognito mode—also known as private browsing mode—only hides your online activity from other users of the same browser. Everything is logged by the router regardless.
Is it safe to log into Netflix at a hotel?
It can be safe to log into Netflix at a hotel, as long as you’ve taken the steps above to protect your data and privacy first. Some hotels will block Netflix to save on bandwidth and “encourage” guests to use the hotel’s PPV TV. A happy side effect of using a VPN is that you can get around such blocks.
Is there privacy in hotel rooms?
Yes, there’s generally privacy in hotel rooms. But, like with any space to which other people have access, the chances that someone left a camera, microphone, or other surveillance device are much higher than in your home. The same is true when it comes to your online privacy: you have to be more careful than at home.