Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can the Owner of an Open WiFi Hotspot See What Files I’m Downloading?

If they’re techie enough, maybe.

Downloading
(Image: canva.com)
Open WiFi hotspot downloads are available for the internet cafe owner to see. Whether or not they take the time to do it is another story!
Question: Just wondering if others can see what I’m downloading, say in a coffee shop or some other public place, like the administrator there? Or can they just tell that something is being downloaded? It’s a local place so I assume they have some local provider like Comcast. I imagine it just takes up their bandwidth and they don’t like that because it makes the connection slow for others in the establishment. Please let me know.

When you’re using someone else’s Wi-Fi — or even their wired connection — they’re providing you with internet service.

In a very real sense, they’ve become your internet service provider, or ISP.

And ISPs are special.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Any internet connection provided by a third party can be monitored by that third party. They are your internet service provider in that situation and can watch your data as it passes through their equipment. Even https, while it protects the data, does not hide which sites you’re connecting to. A VPN is the only real protection, but even there the provider can see when you’re transferring “a lot” of data. Do they actually watch? It’s unlikely, but there’s also no way to tell for sure.

Open Wi-Fi

We talk a lot about staying safe when using an open Wi-Fi hotspot. Those are the free Wi-Fi connections available at many coffee shops, airports, and other public places.

The concern here is that an open Wi-Fi hotspot — one that requires no password for even an initial connection — doesn’t add any security, and anyone within range can monitor your traffic.

Fortunately, someone else’s Wi-Fi that is not “open” — meaning it’s secured and encrypted using a WPA2 password or the hardwired connection that they might provide — doesn’t suffer from this risk.

But that doesn’t mean that there isn’t still significant risk.

Your ISP

Your ISP can see everything you do.

If you’re not taking additional steps to encrypt or otherwise hide what you are doing, your ISP can see you are downloading, say, a specific file from a specific location.

The letters ISP stand for Internet Service Provider. The coffee shop or other location is providing you with internet service. In this situation, they’re your ISP. The administrator of publicly available internet such as an open Wi-Fi hotspot can monitor all unencrypted traffic and see exactly what you’re doing.

Do hotspot owners watch?

Whether or not they actually watch is a completely different subject.

My guess is the local coffee shop manager not only doesn’t care what you are doing with the internet, he doesn’t have the time or the expertise to know what to look for. Depending on how they get the internet to provide to you, perhaps someone upstream can look — perhaps there’s technology in place that’s looking for certain types of activity — we just don’t know for sure.

What we do know is that they can look.

The only way to truly protect yourself from that level of intrusion is to use a Virtual Private Network, or VPN. My article How Do I Use an Open Wi-Fi Hotspot Safely? discusses this in a little more detail.

Ultimately, a VPN is the only way to hide what you’re doing from the coffee shop owner, administrator, or your ISP, whomever that might be.

Using bandwidth

But we’re not quite done.

When you’re using a VPN, an ISP may not see what it is you’re downloading, but they can still see that you’re downloading a lot. They can probably figure out which computer connected to their network is the guilty party.

They can still identify you as being a bandwidth hog; they just can’t tell why, or what file you’re downloading.

What about https?

Given that we talk a lot about using https to remain secure, it’s worth exploring why I’ve not mentioned it here.

Https encrypts the connection between your computer and the service you’re using. That’s important for things like banking, as one example — your conversation with the bank can’t be listened in on by anyone.

But your ISP can still see that you’re talking to your bank. And if it’s an open Wi-Fi hotspot, so can that creepy guy with a laptop over in the corner.

So if you’re downloading something over https, the ISP can’t see what you’re downloading, but they can absolutely see where you’re downloading it from. Sometimes that — coupled with the fact you’re downloading something large — is enough to question what you’re up to.

A VPN won’t change the size of the download, but it will hide what site you’re connecting to.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio

Play

42 comments on “Can the Owner of an Open WiFi Hotspot See What Files I’m Downloading?”

  1. The only real caution I would make to WiFi users is never use your computer for banking or any other monetary transaction whether encrypted or not. As for business users they will have been warned by their respective companies.

    Reply
  2. Hi,
    Since my wifi router password is stolen I think my private has been violated. I even think that my activities at my private is being monitored. If this is tru what to do. I have also an Xbox 360 connected to the Internet. My router model is a DIR-825 D-link. Canada doesn’t support it anymore and 1 question just costs the whole price of my router.
    Does it help if I connect my MacBook just with cable to the router, or well I need to buy another router?
    Thank you for your help
    Azin Deravi from Montreal, Canada

    Reply
    • You should be able to change the password for your router. The documentation which comes with the router should explain how to do that. If you don’t have the documentation, the router manufacturer’s website should have instructions.

      Reply
    • I know this was 2 years ago, but I would suggest getting a new router if you haven’t already. Depending on how they hacked you they may have the WPS PIN which stays they same even when you change your password.

      Wired connections are always more secure but may be less convenient.

      Reply
  3. Hi, my doubt is if I’ve uploaded /downloaded a file to /from net using WiFi, can someone access the details at a later date what I’ve uploaded/downloaded?

    Reply
    • Possibly, but highly unlikely. They’d be able to see that the file was downloaded, and they could see the MAC address of the device that downloaded it. You MAC address is unique to your device, but it would be like finding a needle in a haystack.

      Reply
    • If you are using a VPN, everything to and from your computer is encrypted between you and the VPN server, so the WiFi owner would only be able to see the encrypted stream which would appear to them as garbage.

      Reply
  4. If you tried to access a blocked site, does it notify the network administrator? Even if u didn’t enter the site, but tried and the message about the site being blocked due to content filtering or inappropriate content comes up, does it notify someone who will check on what website you tried to access?

    Reply
  5. HI, I am not a computer/ tech savvy person. I have comcast hi speed Web and wifi, I run a galaxy tab off the WiFi, works great. However, I got a free home computer from someone..and it worked great for quite a while, using the xfinity provided 802.11 gateway modem. All9f the sudden I can’t get on the Internet with the home computer, every attempt comes up that’s it’s not a secure site . It’s an older company presario with Windows installed. Mozilla Firefox was the browser, I can’t figure out what the problem is, the firewall safety features thing is turned on…any ideas? I’d appreciate it.

    Reply
  6. Question i have is if i sign in to my company guest wifi can they see that william signed in with his phone and is connected to the wifi so he had his phone at work. I’m not down loading anything but connected to ave my data.

    Reply
    • They can see anything you do on their network. They would get the MAC address of your phone, but they wouldn’t be able to identify you directly from that. They would be able to identify you if you logged on a non-https site. They can see which sites you visit, but https would protect your login credentials. They could probably narrow down the information and figure out where the internet access was coming from, but unless you went to questionable sites or spent too much time using their WiFi, I don’t believe they would take the time to investigate.

      Reply
    • They definitely can, but it’s rare that they would. To be safe use a VPN. The Opera browser comes with a built in VPN.

      Opera protects you on any sites you visit with their browser.(Added after Leo’s comment)

      Reply
      • To be clear, as I understand it, Opera’s “VPN” isn’t a true VPN in that it only proxies web browsing within Opera. The rest of your online connections are direct. If you need a VPN get a VPN. :-)

        Reply
  7. I was attending an Online meeting session using my cell phone,…and my hotspot was on,….suddenly I found , its showing 2 devices connected instead of 1, though I am very sure only 1 device should be connected, and suddenly some vulgar videos started getting downloaded in my cell phone. And it downloaded completely, but I couldn’t find those files anywhere in my phone.

    I am afraid something wrong is happening with my phone, can anyone identify what can it be?

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.