Public WiFi while travelling: the real risks, and how to protect yourself
You land after a long flight, you spot the « Free Airport WiFi » sign, and your thumb is already tapping « connect ». We've all done it. Public WiFi is one of the small reflexes of travel — and most of the time, nothing bad happens. So let's be honest from the start: the goal here isn't to scare you off every café network on the planet. It's to explain what the real risks are, why they're usually smaller than the internet would have you believe, and the handful of habits that make them smaller still.
The short version: an open, password-free hotspot is the one worth treating with a little caution. And the simplest way to need it less often is to arrive with data of your own.
What can actually go wrong on an open network
The risks are real but specific. The classic one is the « evil twin »: someone sets up a hotspot named « Airport_Free_WiFi » or « Hotel_Guest », you connect because the name looks right, and now your traffic passes through their equipment. On an open network — no password, no encryption between your phone and the access point — nearby traffic is, in principle, easier to observe than on a network you trust. There are also booby-trapped captive portals (those « accept and connect » login pages) that try to push a fake update or harvest a login, and the old classic of file sharing left switched on, quietly visible to the whole café.
Now the reassuring part, because it matters: the modern web is mostly encrypted. The little padlock and the « https:// » in front of a site address mean the connection between you and that site is scrambled end to end — even on a sketchy network, an onlooker sees that you're talking to your bank, not what you're saying. That single fact defuses a huge share of the old « someone reads everything on public WiFi » fear. It doesn't make open networks magically safe, but it's why naïve panic is as unhelpful as naïve trust.
« An open network isn't a trap. It's just a room where it's worth lowering your voice. »
This is where having your own connection quietly changes the maths. When you arrive with a working data plan — your own line, or a travel eSIM you set up before leaving — your phone isn't desperate for the nearest open hotspot. Mobile data goes through your operator's network with its own encryption, which sidesteps the open-WiFi questions entirely. We're not saying cellular is unhackable or that WiFi is doom; we're saying that not depending on a stranger's hotspot for the sensitive stuff is the easy win. You use the café WiFi for what it's good at, and keep the bank app on your own data.
The habits that do the heavy lifting
None of this needs to be complicated. A few settings, done once, cover most of it. Prefer your own mobile data for anything that matters — banking, payments, logging into important accounts — and treat open WiFi as fine for browsing, maps and messaging. Look for the padlock and « https » before you type a password anywhere. Turn off « connect to networks automatically » so your phone stops silently joining any « Free WiFi » it has seen before, and « forget » a public network after you've used it. Switch off file and printer sharing when you're out and about. If you want a belt-and-braces layer on truly sensitive tasks, a reputable VPN encrypts your whole connection regardless of the network — useful, though for most travellers HTTPS already does the bulk of the work.
And be a little sceptical of the network name itself. If two hotspots are called almost the same thing, or a portal asks for far more than it should, that's your cue to wait and use your own data instead. The « evil twin » trick relies entirely on you not looking twice.
Where the eSIM fits, honestly
Here's the part we'll say plainly, without overselling it: an eSIM doesn't « protect » you the way an antivirus claims to. What it does is remove the dependency. The reason people end up on dodgy open networks is rarely recklessness — it's that they have no signal and need to check a booking, call an apartment host, or pay for a taxi right now. Arrive with your own data and that pressure simply isn't there. You're choosing the café WiFi because it's convenient, not because it's your only lifeline — and choice is exactly what good security is made of.
The practical bonus is that an eSIM lets you set this up before you fly. You buy the plan at home, scan a QR code, and your phone has a second line ready to wake up the moment you land — no airport queue, no « surely the hotel has WiFi » gamble. Your physical SIM stays in place for calls and texts; the eSIM just carries the data. It's the quiet, boring kind of preparation that means you're never forced into a network you'd rather not trust.
📶 The AEY team's tip
Keep anything sensitive — banking, payments, important logins — on your own mobile data, and let public WiFi handle the casual stuff. The easiest way to always have that option is to land already connected. Check your phone's compatibility in 30 seconds here and find your plan on the destinations page (in the EU/EEA, roam-like-at-home applies; elsewhere an EU/EEA plan or a local eSIM is the move).
What to remember
Public WiFi isn't the villain it's sometimes painted as — HTTPS already shields most of what you do, and a few one-time settings handle the rest. The real risk is being so cut off that any open network looks like a good idea. Keep the sensitive stuff on your own data, stay mildly sceptical of network names, and you've covered the realistic threats without the paranoia. Arriving connected is what turns « I have to use this hotspot » into « I'll use it if I feel like it » — and that small shift is the whole game.
— The AEY team, lower your voice on open networks, keep your data your own.