When you’re using someone else’s Wi-Fi — or even their wired connection — they’re providing you with internet service.
And ISPs are special.
Become a Patron of Ask Leo! and go ad-free!
We talk a lot about staying safe when using an open Wi-Fi hotspot. Those are the free Wi-Fi connections available at many coffee shops, airports, and other public places.
The concern here is that an open Wi-Fi hotspot — one that requires no password for even an initial connection — doesn’t add any security, and anyone within range can monitor your traffic.
Fortunately, someone else’s Wi-Fi that is not “open” — meaning it’s secured and encrypted using a WPA2 password or the hardwired connection that they might provide — doesn’t suffer from this risk.
But that doesn’t mean that there isn’t still significant risk.
If you’re not taking additional steps to encrypt or otherwise hide what you are doing, your ISP can see you are downloading, say, a specific file from a specific location.
The letters ISP stand for Internet Service Provider. The coffee shop or other location is providing you with internet service. In this situation, they’re your ISP. The administrator of publicly available internet such as an open Wi-Fi hotspot can monitor all unencrypted traffic and see exactly what you’re doing.
Do hotspot owners watch?
Whether or not they actually watch is a completely different subject.
My guess is the local coffee shop manager not only doesn’t care what you are doing with the internet, he doesn’t have the time or the expertise to know what to look for. Depending on how they get the internet to provide to you, perhaps someone upstream can look — perhaps there’s technology in place that’s looking for certain types of activity — we just don’t know for sure.
What we do know is that they can look.
The only way to truly protect yourself from that level of intrusion is to use a Virtual Private Network, or VPN. My article How Do I Use an Open Wi-Fi Hotspot Safely? discusses this in a little more detail.
Ultimately, a VPN is the only way to hide what you’re doing from the coffee shop owner, administrator, or your ISP, whomever that might be.
But we’re not quite done.
When you’re using a VPN, an ISP may not see what it is you’re downloading, but they can still see that you’re downloading a lot. They can probably figure out which computer connected to their network is the guilty party.
They can still identify you as being a bandwidth hog; they just can’t tell why, or what file you’re downloading.
What about https?
Given that we talk a lot about using https to remain secure, it’s worth exploring why I’ve not mentioned it here.
Https encrypts the connection between your computer and the service you’re using. That’s important for things like banking, as one example — your conversation with the bank can’t be listened in on by anyone.
But your ISP can still see that you’re talking to your bank. And if it’s an open Wi-Fi hotspot, so can that creepy guy with a laptop over in the corner.
So if you’re downloading something over https, the ISP can’t see what you’re downloading, but they can absolutely see where you’re downloading it from. Sometimes that — coupled with the fact you’re downloading something large — is enough to question what you’re up to.
A VPN won’t change the size of the download, but it will hide what site you’re connecting to.