It’s as bad as open Wi-Fi.

Yes.
Hotel internet security is one of the most overlooked risks travelers face. And I’m talking about any internet connection provided by your hotel, not just wireless.
In fact, I’m writing this in a hotel room, and yes, I have taken a few precautions.

Hotel network sniffing
Any internet connection provided by a hotel or other business or public place is as untrustworthy as an open Wi-Fi hotspot, and you should treat it as such. That means making sure all connections are encrypted, using a VPN, or using some alternate internet connection, such as your mobile data plan.
It’s as bad as open Wi-fi
I’ll put it as bluntly as I can: hotel internet connections are just as unsafe as an unsecured “open” wireless hotspot.
Any hotel internet connection, wired or not.
There are two basic issues: the hotel and your neighbors.
1: Your ISP can see everything you do
When you’re in a hotel, the hotel is your ISP, your Internet Service Provider. It provides your connectivity to the internet. Thus, like a traditional ISP, it has the ability to monitor all traffic on its network.
You are using their network. They own it, control it, and have the right to monitor its usage.
Unfortunately, it also means employees can abuse their power to go snooping.
2: Your neighbors might be able to see everything you do
This is less common. Depending on how the network is configured, you and the rooms around you may be connected through a hub. The problem with a hub is that it’s a dumb device; it sends everything it gets to everything connected to it.
When you send data through the hub, not only does the upstream internet connection get the data, as you want, but it’s also sent down the wires to neighboring rooms. Computers there should ignore it, but it’s there for the taking.
This is exactly like connecting to an open Wi-Fi connection; anyone in range can “sniff” your internet traffic.
Help keep it going by becoming a Patron.
Staying safe while at a hotel
So, what do you do?
Follow all the steps one should take to stay safe using an open Wi-Fi hotspot.
- Use a firewall. Make sure your Windows firewall is enabled. The good news is that this is typically on by default.
- Use HTTPS. Only access sensitive websites using an HTTPS connection. This includes sensitive sites like banking as well as common things like email. Typically, HTTPS is the default these days.
- Encrypt your email connection. If you’re using a desktop email program that downloads email via POP3 or IMAP or sends email via SMTP, make sure those connections are encrypted. Check with your email provider for the appropriate settings, typically labeled SSL, SSL/TLS, or similar. The good news is that most email services provide them.
- Consider a VPN. A Virtual Private Network encrypts all of your communications through the hotel’s network. This is an additional service you sign up for.
- Consider not using the hotel’s network. If your smartphone can be used as a Wi-Fi hotspot, or if you can do all of your tasks on your mobile device using your data plan, bypass the hotel’s connection completely.
What I do
When I run an email program (such as Thunderbird), I configure mail server connections to use an SSL-encrypted connection. My mail is secure.
For encrypted websites (those using HTTPS), I do nothing other than make sure the connection remains “HTTPS” as I navigate from page to page.
For unencrypted websites (HTTP without the s), I do one of three things:
- Avoid anything sensitive.
- Use a VPN.
- Use my mobile data connection instead.
It’s more than just hotels
I’ve been talking about security in the context of hotels, since it’s common to rely on the internet provided by the facility in which you’re staying.
All of this applies to any internet connection provided by anyone. Coffee shops, airport Wi-Fi, convention centers, libraries — everywhere there’s an IT department in the background able to examine your unencrypted internet traffic.
Whether they would take the time to do so is unknown, but as our original questioner found out, sometimes they do.
Do this
This is all about awareness. Understand that when someone provides you with an internet connection, they have the ability to peek into things they shouldn’t. It pays to make conscious, secure decisions regarding your security wherever you connect.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.


“For encrypted websites (those using https) I do nothing, other than make sure the connection remains ‘https’ as I navigate from page to page.”
This is getting harder. Chrome now hides the https: or http: prefix from the address bar at the top of the window. (Current as of February 2021.) What is your current advice for easily monitoring whether a webpage is https or http?
I believe you need only pay attention to the padlock.
Thanks! May I (humbly) suggest updating the article to reflect this new advice.
What if you pack your own HUAWEI B331 3G/4G router and HUAWEI B331 3G/4G antenna and associated Wallwort and use that for all internet would that be better than using the Hotel Internet.
That’s the same as Leo’s last bullet point under:
If you’re using a mobile connection, then yes, better.
Here are a few things I use.
Firewalla device in my home office, which allows me to VPN back to my personal home/office network/router, then I can remote to my office pc or use my email app & browse the internet as if I were sitting in my office, securely.
I also use Windscribe, which offers a free VPN connection, upto 10GB.
And finally, Tor Browser, which does private browsing (it may require a bit of adjustments, initially I was going through a lot of European Connections, so not in English, a lot of times!). With Tor you would need to do webmail to get the security.
I bring a travel router with me when I travel so I connect the router to the hotel network and my devices connect to the router. Would this give me the security I need?
I believe this will only help as a more robust firewall than the software firewall your computer likely already has–using default settings, it would block incoming connections to your computer. But the router between your computer and the hotel’s network would not prevent any unencrypted network data you send/receive from being intercepted and sniffed, as your traffic would still be flowing right through the hotel’s system.
Nope. Your data is still traveling over the hotel network as if you had connected to it directly.
I carry a small travel router that I use between my laptop and the hotel. I use the wired connection to the hotel when available and wired from the laptop and my router. Before traveling, I check for any updates for the router.
Ditto to what I wrote on the comment above–this does not prevent sniffing of unencrypted data.
That wouldn’t prevent your data from sniffing. A VPN encrypts everything between your computer and the VPN hiding it from the hotel. The travel router encrypts traffic between itself and your computer. After the data leaves the portable router, everything going across the hotel’s network would appear the same as if the computer were plugged directly into the network via Ethernet cable. The main uses for a portable WiFI router are to use your computer wirelessly where only a wired connection is available and hid your computer behind a firewall.
Nowadays, many, if not most, laptops are coming without Ethernet ports and most Hotels have ditched wired network for wireless.
Something I’ve encountered that I didn’t see addressed in these comments or anywhere else I’ve looked: I’m running into more frequent attempts to enter websites that are blocking me BECAUSE I’m using a VPN. If I close the VPN I get in with no problem.
A support rep at one bank I use told me they do it to prevent traffic coming in from outside the United States. But I’ve had a few merchant websites doing the same thing.
Is there any way other than using my phone data plan to deal with this? I’m assuming VPN blocking is simply going to become more prevalent over time.
I’m not aware of any simple solution. If your VPN allows you to choose different locations to appear as, you might do that. (Mine, for example, allows me to “look like” I’m in any of several different countries.) But some VPNs are simply blocked no matter where they are. All you can do is try a different VPN to see if it’s also blocked or not, or use your mobile data.
Another concern is ‘free USB Charging Points’. USB connections are 4 wire being +, -, Data+ & Data- BUT only the + & – wires are required for charging BUT the charger port owner also has direct access to your laptop through the 2 x Data wires and do what they like.
Simple solution in these untrusted site use a modified USB Male to Female cable with only the + & – wires connected and the 2 data wires cut.
Regards all
my aunt went to washintongh dc a few days ago for a anime event and she slept in a hotel, I dont know if she used the network or used cellular but ill tell her if she wants to use the hotel’s network, use s free vpn like protonvpn