If they’re techie enough, maybe.
When you’re using someone else’s WiFi — or even their wired connection — they’re providing you with internet service.
They’ve become your internet service provider, or ISP.
And ISPs are special.
Watching what you download
Any internet connection provided by a third party can be monitored by that third party. They are your internet service provider in that situation and can watch your data as it passes through their equipment. Even HTTPS, while it protects the data, does not hide which sites you’re connecting to. A VPN is the only real protection, but even then, the provider can see when you’re transferring “a lot” of data. Do they watch? It’s unlikely, but there’s no way to tell for sure.
Open WiFi
We talk a lot about staying safe when using an open WiFi hotspot. Those are the free WiFi connections available at many coffee shops, airports, and other public places.
The concern here is that an open WiFi hotspot — one that requires no password for an initial connection — doesn’t add any security, and anyone within range can monitor your traffic.
Fortunately, a WiFi connection that is not “open” — meaning it’s secured and encrypted using a WPA2 password or the hardwired connection that they provide — doesn’t suffer from this risk.
But that doesn’t mean that there isn’t still a significant risk.
Help keep it going by becoming a Patron.
Related
How Do I Use an Open Wi-Fi Hotspot Safely?
Open Wi-Fi hotspots at coffee shops and other public places are opportunities for hackers. I'll review how to stay safe.#4790
Your ISP
Your ISP can see everything you do.
If you’re not taking additional steps to encrypt or otherwise hide what you are doing, your ISP can see that you are downloading, say, a specific file from a specific location.
ISP stands for Internet Service Provider. The coffee shop or other location is providing you with internet service. In this situation, they’re your ISP. The administrator of a publicly available internet connection, such as an open WiFi hotspot, can monitor all unencrypted traffic and see exactly what you’re doing.
Do hotspot owners watch?
Whether or not they watch is a completely different subject.
My guess is that the local coffee shop manager not only doesn’t care what you are doing with the internet, but also doesn’t have the time or expertise to know what to look for. Perhaps someone upstream can look — perhaps there’s technology in place that’s looking for certain types of activity — we just don’t know for sure.
What we do know is that they can look.
The only way to truly protect yourself from that level of intrusion is to use a Virtual Private Network, or VPN. My article How Do I Use an Open WiFi Hotspot Safely? discusses this in a little more detail.
Ultimately, a VPN is the only way to hide what you’re doing from the coffee shop owner, administrator, or your ISP.
Using bandwidth
But we’re not quite done.
When you’re using a VPN, an ISP may not see what you’re downloading, but they can see that you’re downloading a lot. They can probably figure out which computer connected to their network is the guilty party.
They can identify you as being a bandwidth hog; they just can’t tell what file you’re downloading.
What about HTTPS?
Given that we talk a lot about using HTTPS to remain secure, it’s worth exploring why I’ve not mentioned it here.
HTTPS encrypts the connection between your computer and the service you’re using. That’s important for things like banking, as one example — your conversation with the bank can’t be listened in on by anyone.
But your ISP can still see that you’re talking to your bank. And if it’s an open WiFi hotspot, so can that creepy guy with a laptop over in the corner.
If you’re downloading something over HTTPS, the ISP can’t see what you’re downloading, but they can absolutely see the site you’re downloading it from. Sometimes that — coupled with the fact you’re downloading something large — is enough to question what you’re up to.
A VPN won’t change the size of the download, but it will hide the site you’re connecting to.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
The only real caution I would make to WiFi users is never use your computer for banking or any other monetary transaction whether encrypted or not. As for business users they will have been warned by their respective companies.
Hi,
Since my wifi router password is stolen I think my private has been violated. I even think that my activities at my private is being monitored. If this is tru what to do. I have also an Xbox 360 connected to the Internet. My router model is a DIR-825 D-link. Canada doesn’t support it anymore and 1 question just costs the whole price of my router.
Does it help if I connect my MacBook just with cable to the router, or well I need to buy another router?
Thank you for your help
Azin Deravi from Montreal, Canada
You should be able to change the password for your router. The documentation which comes with the router should explain how to do that. If you don’t have the documentation, the router manufacturer’s website should have instructions.
Change the router password.
I know this was 2 years ago, but I would suggest getting a new router if you haven’t already. Depending on how they hacked you they may have the WPS PIN which stays they same even when you change your password.
Wired connections are always more secure but may be less convenient.
Hi, my doubt is if I’ve uploaded /downloaded a file to /from net using WiFi, can someone access the details at a later date what I’ve uploaded/downloaded?
Possibly, but highly unlikely. They’d be able to see that the file was downloaded, and they could see the MAC address of the device that downloaded it. You MAC address is unique to your device, but it would be like finding a needle in a haystack.
While technically possible that those kinds of records could be kept, I would say that typically, no, they are not.
Would the same apply if I connect to a Wifi hotspot using my smartphone or tablet?
Yes. A smartphone or a tablet is essentially a computer and connects to a network in the same way a normal computer does.
Can people see what videos I watch on youtube? And what sites are encrypted and safe to use?
It is not fair for someone to see what files i am downloading because i think it is my privacy
If you use a VPN, your internet activity is encrypted between your computer and the VPN which protects against snooping on your side of the VPN. This would protect you from the owners of the hotspot and anybody on that LAN.
https://askleo.com/does-a-vpn-give-me-complete-security/
https://askleo.com/how-does-website-or-vpn-encryption-work/
Hello,
What had happened to me was the roommate got the number on the back of my router. I keep replacing it with a new one until I researched why he always got back on and took over my internet. Don’t ever. Give out your passwords or call, send, pictures on your cell phone. It will only give you nightmares you’ll never get over. You think someone can be trusted, think again it’s probably how your passwords are hacked. Well I hope this is of some benefit.
can the owner of the wifi see what ive downloaded even if I have my VPN on?
If you are using a VPN, everything to and from your computer is encrypted between you and the VPN server, so the WiFi owner would only be able to see the encrypted stream which would appear to them as garbage.
If you tried to access a blocked site, does it notify the network administrator? Even if u didn’t enter the site, but tried and the message about the site being blocked due to content filtering or inappropriate content comes up, does it notify someone who will check on what website you tried to access?
There’s no way to know. It depends on the blocking technology or tool being used and how it’s configured. Maybe yes. Maybe no.
Hi,
If I create a hotspot on my WorkStation desktop, will the network Administrator be able to figure it out??
A network administrator can see everything you do on your computer.
I have a company issued wifi hotspot (cell carrier). If I use it with a personal computer can they see what sites I have visited?
It’s unlikely, but if it matters you must assume they can.
They can if your using their network for internet
Hello sir,
How can i know which site is open by my hotspot user or which data he is download ????
Depends on the hotspot technology, but in general it requires network sniffing software and tools.
If your in a private window, will they still see what you browsed
They can. In private does NOTHING relating to data transferred over the network.
HI, I am not a computer/ tech savvy person. I have comcast hi speed Web and wifi, I run a galaxy tab off the WiFi, works great. However, I got a free home computer from someone..and it worked great for quite a while, using the xfinity provided 802.11 gateway modem. All9f the sudden I can’t get on the Internet with the home computer, every attempt comes up that’s it’s not a secure site . It’s an older company presario with Windows installed. Mozilla Firefox was the browser, I can’t figure out what the problem is, the firewall safety features thing is turned on…any ideas? I’d appreciate it.
Have you tried a different browser like Chrome or Opera?
Can the wifi owner sees what videos I watched on youtube?
If they are sophisticated in the use of computers, then yes. It’s not easy, but it’s possible.
Question i have is if i sign in to my company guest wifi can they see that william signed in with his phone and is connected to the wifi so he had his phone at work. I’m not down loading anything but connected to ave my data.
They can see anything you do on their network. They would get the MAC address of your phone, but they wouldn’t be able to identify you directly from that. They would be able to identify you if you logged on a non-https site. They can see which sites you visit, but https would protect your login credentials. They could probably narrow down the information and figure out where the internet access was coming from, but unless you went to questionable sites or spent too much time using their WiFi, I don’t believe they would take the time to investigate.
Hi
I am using Guest Wi-Fi of a Airbnb family. Can the host see what sites did I visit?
Maybe. Depends on if they know how to look, and if they know how to look.
They definitely can, but it’s rare that they would. To be safe use a VPN. The Opera browser comes with a built in VPN.
Opera protects you on any sites you visit with their browser.(Added after Leo’s comment)
To be clear, as I understand it, Opera’s “VPN” isn’t a true VPN in that it only proxies web browsing within Opera. The rest of your online connections are direct. If you need a VPN get a VPN. 🙂
I know that and use a real VPN, but since the question was about visiting websites, wouldn’t Opera do the job?
So google’s incognito; does it supply any kind of protection ?
See this recently published article
What Good is Incognito Mode?
I was attending an Online meeting session using my cell phone,…and my hotspot was on,….suddenly I found , its showing 2 devices connected instead of 1, though I am very sure only 1 device should be connected, and suddenly some vulgar videos started getting downloaded in my cell phone. And it downloaded completely, but I couldn’t find those files anywhere in my phone.
I am afraid something wrong is happening with my phone, can anyone identify what can it be?
I understand that a VPN will prevent an ISP from seeing most of what is going on. But I also enable DNS over HTTPS in my browsers. Assuming you were not using a VPN, but you were using DNS over HTTPS, what could the ISP see?
That’s a great question. However, encryption aside.
Whatever DNS server you talk to, that DNS server knows you asked about a particular site. Most apps ask and then immediately (a split second later) travel to that site.
There’s a service known as Reverse Address Resolution Protocol. So if you have encrypted DNS services, but not VPN then the ISP can just reverse discover what you asked about. (in most cases)
And if the DNS server is owned by your ISP. . . you just encrypted the address for no reason. Now, I’m sure they thought of that and you get DNS server with encryption outside of your ISP. Let me point out though — what if they’re asking your ISP for that address, it could be a giant backbone provider that everyone and their grandma uses. The ISP knows you asked an encrypted DNS server for an address then within 0.05 seconds it asked them for the address to “google.com” .. there wasn’t another one for 20 seconds before that or 10 seconds after. Guess what? Your ISP knows that you probably (high probability) just asked that “encrypted dns server” the address for google.com. And they don’t need seconds to figure this out, they can figure out the usual timings between you and them and them and the ISP.
What VPN does is you send to google.com, but before you send it, a piece of software in what’s called your “network stack” takes your packet that says something like “to: google.com, from: me here, this is my data: pre-vpn-encrypted data” and it encrypts that packet, then puts “to: my_vpn, from mehere, this is my data: the entire encrypted packet”. Then your TCP/IP protocol at the bottom of the stack sends it to the vpn, which decrypts it, sees the real destination, sends it in encrypted form through the VPN network, then the exit point of the VPN network decrypts it then puts on “to: google.com, from: return_vpn server, this is my data: the pre-vpn-encryption data”. The vpn remembers the return address “.. from: mehere..” for when google replies, it sticks that in, changing it to “to: me here” … etc.. you get the idea. One thing is different, the final VPN node before returning to your computer does re-encrypt before sending to you, with “to: me here, from: my vpn, this is my data: vpn-encrypted data”. So that way your local ISP doesn’t know where you sent to, nor does anyone else except potentially a bunch of VPN nodes.
And you can see the source ISP doesn’t know where the ultimate destination was, it only knows it was sending to a VPN. The services outside of google.com do not know where it originated, they only know it’s going to google.com. Then the whole thing in reverse. Now, google may or may not have VPN for the return trip (probably not), but if it’s a web-page encrypted with HTTPS (probably…) then intervening servers only know “google is sending a packet to this VPN node…” and may be able to determine that it’s encrypted in HTTPS, but not much else. Then the VPN would re-encapsulate the packet as appropriate and address it back.
Now some of the details here are probably off, however… this gives you the gist of it.
At this point in 2025, almost every web site on the web has HTTPS. So almost none of your information is being sent clear-text across the Internet, to web services.
I myself have never bothered with VPN. I don’t care if my ISP knows I’m playing a game, reading mail, watching youtube videos, or accessing my Banking information. They don’t know what is going on in the game, they don’t know what videos I’m watching, they can’t see my banking data.
I use Duckduckgo and the search engine “duckduckgo.com”, which doesn’t track what you’re doing and resell it with identifiable information. Brave does something similar. The AI’s in both of those don’t recompile ( … record identifiable info …) with info and topics that you discussed with them.
The local AI’s in MS Windows are more of a concern to me than all of this. They supposedly watch what you do to record information and “help you” accomplish things, and the data they record is encrypted. All of which is wonderful and sounds above-board. However, what if an outside app talks to the AI and says “give me all of your data”. (or even just prompts for specific tid-bits). The AI obviously has access to the encrypted data without asking your permission and what’s to stop it from immediately providing that info? In order for me to have trust in the AI’s that they’re harmless and not spying on me, I would need to know that they cannot and will not ever reply to an outside request under any circumstances. I don’t see that, I just see “oh you can trust ME…”
What can or do the local AI’s collect? Everything.
Yah… the political environment having been the way that they have been lately… and law related activities being very long and drawn out activities… No .. I want my data to stay in my possession and NOT MicroSoft’s (or google or apple..).