For some reason, people still treat public Wi-Fi like a lifesaver. In reality, it’s more like handing your phone to a room full of strangers. Your passwords, personal data, banking info—it’s all in there. And on an open network, it can be exposed in seconds. You don’t need a whole team of hackers either—just one is enough.
What Public Wi-Fi Actually Is
Here’s the thing about public Wi-Fi: it’s designed for convenience, not security. These networks exist to get people online quickly and with as little friction as possible—and that’s exactly what makes them risky.
Compare that to your home network. Even if you don’t think about it much, there’s real protection in place—your router, firewall, WPA2 or WPA3 encryption, strong passwords. And most importantly, you know who has access. On public Wi-Fi, none of that really applies.
Free hotspots are usually configured with the business in mind, not your privacy. They just want you to hit “Connect” and get online, no questions asked.
To make things seamless, these networks often run on wide-open settings—no device isolation, weak or minimal firewall protection, and hardware that may never have been properly updated. The easier it is for you to connect, the easier it is for someone else to slip in unnoticed.
And here’s the worst part: you have no idea who else is on that same network. In a café, it might be 15 people. At a train station, 200. At an airport, easily hundreds. Any one of them could be running a tool in the background that quietly monitors network traffic. They don’t have to target you specifically—they just collect whatever data happens to pass by.
The 4 Real Risks of Public Wi-Fi
When you connect to public Wi-Fi, the main issue isn’t just that “someone might be watching.” The real problem is that your connection is exposed to a handful of very specific attacks—simple, common, and around for decades. Let’s break them down.
1. Man-in-the-Middle (MiTM)
What’s going on:
Someone on the same network positions themselves between your device and the router, quietly monitoring the traffic going back and forth. They usually can’t read encrypted content, but they can still see enough to piece together what you’re doing.
What they can see:
- The websites (domains) you visit
- Which apps are sending data
- Metadata like timing, frequency, and destination IPs
- And if something isn’t properly secured with HTTPS, even actual data
How it happens:
It doesn’t take anything advanced—there are free tools for this. The attacker just listens to the network traffic. They’re not necessarily targeting you—they’re collecting whatever passes by.
2. Fake Wi-Fi / Evil Twin
What it is:
An attacker sets up a fake Wi-Fi network with a name that looks almost identical to the real one. For example: Airport_Free_WiFi → Airport-Free-WiFi.
At a glance, it’s almost impossible to tell the difference—so you connect to the wrong network without realizing it.
What they can do:
- Monitor all the traffic passing through the fake network
- Redirect you to malicious pages (like fake login screens)
- Attempt to downgrade HTTPS connections on older or misconfigured browsers
- Capture credentials from apps that aren’t properly secured
Why it’s so common:
It’s literally the easiest trick in the book. Most users don’t pay close attention to the network name. If they see something that looks like free Wi-Fi, they’ll connect without a second thought.
3. DNS Spoofing / DNS Hijacking
What’s going on:
DNS works like a translator between website names and IP addresses. When you type in a site like “google.com,” your device asks a DNS server where to find it.
On public Wi-Fi, that process can be tampered with. An attacker can send back fake DNS responses or quietly reroute your traffic through their own server without you noticing.
Why that’s dangerous:
Imagine typing in your bank’s address, thinking you’re going to the real site. Instead, you land on a perfect-looking copy controlled by the attacker.
Everything seems normal—until you enter your login details. At that point, your credentials are already gone.
The attacker never touches the bank itself—they just intercept you along the way.
4. Local network attacks (scanning, probing, vulnerabilities)
What it is:
On many public Wi-Fi networks, devices aren’t properly isolated from each other. That means anyone on the same network can see that your device is there—and start scanning it.
What can happen:
- Open ports on your phone or laptop can be discovered
- Your device can be probed for known vulnerabilities
- Attempts can be made to access shared folders
- Local services running on your device can be identified
And again, you don’t have to be specifically targeted. If your device isn’t properly secured, it’s just another result in the scan.
HTTPS
"Okay, but there’s a lock icon on the site—doesn’t that mean I’m safe?”
That little padlock (HTTPS) gives a lot of people a sense of security. It feels like everything is protected just because it’s there. And yes, HTTPS is a big deal—but it’s not a complete solution, especially on public Wi-Fi.
It encrypts the actual content of your connection. So if you’re logging into your bank, no one nearby can read your password or see your account details. That’s the good news.
The catch? That’s only part of the picture.
It doesn’t protect everything else happening around that connection—and that “extra” data can be more revealing than you think..
1) HTTPS doesn’t hide your activity.
Even if a site uses HTTPS, people on the same network can still see quite a bit:
- The services you’re using (email, social media, banking)
- How often you access them
- How much data is moving back and forth
- Which apps are active in the background
They can’t read your data—but they can see the patterns. And those patterns can say more than you’d expect.
2) HTTPS doesn’t stop DNS spoofing
If you’re redirected to a fake version of a website, HTTPS can’t protect you.
At that point, you’re not talking to the real site anymore—you’re already on the attacker’s page.
3) HTTPS isn’t always implemented correctly
Not every app uses HTTPS the way it should. This is especially common with smaller apps or unofficial third-party installs.
And on public Wi-Fi, those weak points are much easier to take advantage of.
What a VPN Actually Does (and What It Doesn’t)
So what can you actually do about all this? The safest option is simple: avoid public Wi-Fi altogether.
But let’s be realistic—that’s not always possible. A better approach is to use a trustworthy VPN. For a couple of dollars a month, you can significantly reduce your risk and use public networks more safely.
One thing to keep in mind: not all VPNs are equal. Free ones, especially, can introduce more problems than they solve.
What Does a VPN Actually Do?
A VPN does three very specific things.
1) It encrypts your entire connection before it leaves your device
This is the most important part. With a VPN active, no one on the same network can see:
- Which websites you’re visiting
- What data you’re sending or receiving
- What your apps are doing in the background
Everything leaving your phone or laptop is encrypted. Even if someone tries ARP spoofing, DHCP spoofing, packet sniffing, or a man-in-the-middle attack, all they see is encrypted traffic—with no way to understand it.
In practice, this neutralizes the #1 and #2 types of attacks we covered earlier on public Wi-Fi.
2) It bypasses the local network’s DNS
With a VPN, you’re not using the DNS servers of the café, airport, or hotel network.
All your DNS requests go through the VPN provider’s own servers instead.
That means:
- No one can intercept your DNS queries with fake responses
- You won’t be redirected to the wrong IP address
- DNS spoofing attacks are effectively blocked
3) It limits your exposure on the local network
With a VPN active, your device is much harder to detect and interact with on the same network.
- It won’t respond in the same way to local scans
- Open ports are far less exposed
- Other users on the network can’t easily probe or interact with your device
What a VPN Can’t Do
A VPN isn’t a silver bullet. It won’t protect you from phishing if you hand over your information yourself. If you end up on a fake website and enter your login details, the VPN can’t step in and stop it. It protects your connection—not your decisions.
And this isn’t just a public Wi-Fi issue. The same thing can happen from your home network.
It also doesn’t make you invisible online. If you sign into apps like Instagram or YouTube, they still know exactly who you are. A VPN won’t hide you from platforms where you already have an account, and it won’t stop their built-in tracking.
And no, a VPN isn’t antivirus. It doesn’t scan for or remove malware.
That said, some providers—like Surfshark—bundle in extra protection features, such as malware and phishing blocking, which can add another layer of safety.
What to Look for in a VPN
So what actually matters when choosing a VPN?
A good place to start is the kill switch. It’s the feature that instantly cuts your internet connection if the VPN drops—even briefly.
Because if your VPN disconnects and your device keeps using the internet normally, your data is suddenly exposed—and that defeats the whole purpose.
That’s why a reliable kill switch isn’t optional—it’s essential.
Some providers go a step further and offer more advanced protection beyond the standard kill switch. For example, Surfshark includes additional features designed to keep your connection protected at all times.
Another key thing to look for is proper DNS protection. A good VPN should route all DNS requests through its own servers—not rely on the network you’re connected to.
And of course, DNS leaks are a dealbreaker. If your DNS traffic is exposed, your activity can still be tracked, even with a VPN on.
That’s where providers like Surfshark stand out. It uses its own DNS infrastructure, follows a verified no-logs policy, and has been audited by third parties. The apps are consistent across devices, performance is stable, and it supports unlimited connections.
So with a relatively low monthly cost (around €1.99), you can cover all your devices with one account.
How to Use It (and What to Watch For)
Using a VPN is simple, but a few details make a big difference:
- Ideally, turn on your VPN before connecting to public Wi-Fi.
- The exception is captive portals (common in airports and hotels). If a network asks you to log in or accept terms first, do that step before enabling the VPN—otherwise the login page might not load properly.
- Take a second to check that the kill switch is turned on.
- For better performance, connect to a server near your current location. Choosing a far-away server can increase delay and slow things down
Surfshark VPN from Only €1.78/Month + Extra Months Included
Surfshark isn’t just one of the top VPNs on the market – it’s also one of the most affordable. On top of that, it’s one of the few providers that does not log your activity. This has been independently verified by Deloitte, one of the largest and most reputable auditing firms in the world.
You can also use Surfshark on as many devices as you like. Unlike most VPN providers, there’s no device limit.
Surfshark offers several subscription plans and payment options. More specifically, the VPN service comes in four packages across three billing periods (1 month, 12 months, 24 months), with increasing features and pricing.
It’s worth noting that on the 24‑month plans, Surfshark gives you three extra months for free. In practice, that means you can get 27 months of access from €1.78 per month.
- Starter: The most affordable plan at €1.78/month including Alternative ID (24 months plus three extra months free).
- One: Includes everything in Starter, plus extra security tools and Surfshark Antivirus. The lowest price is the 24‑month plan at €2.08/month, plus three extra months free.
- One+: Includes all the features of One, plus data removal from data broker sites and people‑search engines. The cheapest option is the 24‑month plan at €4.18/month, plus three extra months for free.
Support PCsteps
Do you want to support PCsteps, so we can post high quality articles throughout the week?
You can like our Facebook page, share this post with your friends, and select our affiliate links for your purchases on Amazon.com or Newegg.
If you prefer your purchases from China, we are affiliated with the largest international e-shops:
