Yes, you should use a VPN while connecting to hotel WiFi because these types of networks have a tendency to not be very well protected and this puts your personal data at a higher risk of being intercepted by a cybercriminal when compared to using WiFi in your home.
Using a VPN service will help to protect you from several cyberattacks – such as man-in-the-middle or WiFi sniffing attacks – that hackers may use to infiltrate a weak hotel network.
With limited protection and many users connecting to the same network, your information can be vulnerable (and easily intercepted) to anyone within range of the network.
Hackers even have programs that search for unprotected wireless networks and access points, which allow them to further infiltrate a network if they find an opening.
And hotel WiFi networks often have more of an issue with hackers trying to steal data off of guests’ devices than your average coffee shop hotspot.
Cybercriminals know that people traveling and staying at hotels are more likely to be using credit cards and logging into their bank account.
For the most part, websites secured with HTTPS will protect your data.
However, metadata is visible over HTTPS on hotel WiFi networks.
HTTPS will encrypt your activity while on a given website but metadata will allow anyone snooping to see what web services you use and the websites you are connecting to, such as your bank, and this can make you of further interest to a potential cyber-criminal.
A VPN will encrypt everything and show only one connection to your VPN server.
So, instead of a hacker seeing that you are connecting to your bank, they will only see that you are connecting to a VPN service.
A VPN will also improve your security by obscuring your IP address, which will further protect you from hackers.
Table of Contents
Do Hotels Block VPNs?
A hotel will be aware of when you are connecting to a VPN, but they will usually not block you from doing so.
Most larger hotel chains will not block VPNs, but some smaller family-run hotels may block VPNs so that they can throttle content-rich websites like Netflix and YouTube for the purpose of saving bandwidth.
They might also want to block entertainment sites so that you will be more likely to use their own in-room pay-per-view service.
Oftentimes, a hotel may not necessarily be trying to block your VPN connection but you may have trouble connecting to your VPN because of the way things are set up.
For example, You might not be able to access your VPN service until it has been authenticated through the hotel’s portal page first.
And If your device happens to require a VPN connection before it reaches the internet, you may not be able to connect to your VPN without contacting hotel support to solve the issue first.
If you think that the hotel is blocking your VPN on purpose, use port 80 and it should almost always get around it.
Can Hotels See What You Are Browsing?
Yes, the administrator of a hotel’s WiFi network could see the different websites that you are browsing.
ISPs record basic statistics about the data that uses its lines.
These basic stats usually include data about the date and time, server and or domain name, and your IP address.
Access to this information is enough for a network administrator to track your activity online, including all the websites that you visited.
Pushing all of the internet-bound traffic through a proxy device will also allow an administrator to monitor the source and destination of a user’s internet requests.
However, most hotels will not monitor the use of the Internet and will not take responsibility for data or content that users send, receive or store while using their WiFi.
And it’s worth remembering that the hotel does not act as your internet service provider (ISP).
They simply allow you access to their internet connection that is provided to them by their own ISP.
You Might Also Like: Are VPNs Good For Gaming? (Answered)
What Types Of Cyber Attacks Am I Susceptible To When Using Hotel WiFi?
The two main types of cyber-attacks you are most at risk of when using hotel WiFi are man-in-the-middle and session hijacking attacks.
Man-In-The-Middle Attacks
A man-in-the-middle attack is an attack on a computer system, mobile device, network, or service (such as online banking) that involves redirecting communication between two parties.
One example of this type of attack is intercepting messages sent during an SSL/TLS transaction via what is known as a “downgrade” attack where the attacker tricks the client into connecting to an unsecured version of a website instead of an encrypted one in order to compromise the data that’s being sent to and from during transactions.
Session Hijacking
Session Hijacking is a cyber threat that allows an attacker to hijack and steal a user’s session cookies in order to gain unauthorized access into the victim’s network.
Most modern websites use encrypted communication protocols such as SSL/TLS, which require that all messages from client and server must be cryptographically signed with a secret cryptographic key.
In practice, the secret key is a password that is shared by the server and client.
This means that when you connect to a secure site like Facebook, for example, your browser will send the site a message saying “Hello, I am [Username].”
The server then says “Okay. And I believe that you are [Username].”
The entire point of this protocol is that you cannot fake it – you have no idea what the secret key is,
So your browser just says “Okay. And I believe that you are [Username].
If an attacker intercepts one of these messages, he can not only read the message but also change it to say “Hello, I am [Attackers_Username].”
The server will say “Okay. And I believe that you are [Attacker’s Username.]”
And now the attacker knows everything new that you know!
A hacker can continue to steal your data until the secret key no longer works – at which point money may have already been transferred from your bank account.
How To Stay Safe Using Hotel WiFi?
Hackers can intercept data being sent over wireless networks, including passwords and credit card numbers.
This information is very valuable to criminals or identity thieves who may use this information in order to empty your bank account or run up fraudulent credit card charges.
Unauthorized users can also intercept data and eavesdrop on communication on hotel WiFi networks, meaning if you use your computer to check your bank account or log into a site like Facebook, someone else could be reading over your shoulder and getting access to all of that same information as well.
Hotel WiFi hotspots can be dangerous places to input sensitive information, but they can be less risky if you take some precautions.
If you use your smartphone or tablet on a public network, there are some additional steps to make your device safer.
Don’t Put Your Information Out There
If you’re using hotel WiFi, do not type anything online that you would not be happy for the world to know about.
Don’t physically type in passwords or financial information anywhere online when you’re connected to hotel WiFi unless connected through a trusted VPN service.
If at all possible, avoid accessing financial information or entering passwords into websites while connected to hotel WiFi networks.
Only Access Websites That Are Secured With HTTPS
Look for HTTPS or the padlock symbol at the beginning of the URL of the website you are about to access.
This means that the connection between your browser and the website you are connecting to is encrypted and can’t be viewed by a third party.
Watch Out For Anyone Looking Over Your Shoulder
You should also watch out for “shoulder-surfing” while on your device.
This means you should be careful about checking your cell phone if you’re in a public part of the hotel, like the lobby or bar.
If someone is trying to look over your shoulder at the screen, they could access private information without you even knowing about it.
Because there isn’t really an easy way to tell who’s on your WiFi network just by looking at who’s around you, you should avoid using the WiFi network in public places you don’t know.
Have The Latest Antivirus Installed On Your Device And Use A VPN
Also, be sure to connect to a VPN and install and run antivirus software on your device before connecting it to any hotel WiFi networks.
This will scan for malware and help you to quickly isolate any threats.
A solid anti-virus program will protect you from malware and block viruses in web pages that may attempt to compromise the security of your device when browsing the web at a hotel.
When Should You Not Use A VPN At A Hotel?
While using a VPN at a hotel is generally something you should do, there are times when you probably just don’t need to.
Most websites nowadays are secured with HTTPS.
This means that once you are accessing that website, all communications taking place between your device and that website will be encrypted the safe from prying eyes.
So, if you’re doing a bit of browsing on a trusted site like YouTube, that you are already logged into and you are not typing any passwords or other sensitive information into web pages, then you’ll probably be fine connecting to hotel WiFi without having to use a VPN.
Don’t Use A VPN That You Don’t Trust At A Hotel (Or Anywhere Else)
If you’re thinking about using a VPN that you don’t know you can trust then you’ll be better off using no VPN at all.
Untrustworthy VPNs may collect and sell your data, which is what you want to avoid in the first place by using a VPN.
If you have any reason to believe the VPN does not use industry-standard 256-bit AES encryption, then it is best to stay away from that service completely.
Any VPN service with less than 256-bit AES encryption may be subject to security exploits and access by third parties.
The Best VPN Services For Connecting To Hotel WiFi?
The best VPNs for when you have to use hotel WiFi are ExpressVPN, NordVPN, and CyberGhost.
These VPNs have some of the best combinations of ease-of-use, high security, and fast speeds.
They all have a large number of servers across a wide range of countries.
They offer specialized servers for certain use cases, such as accessing region-restricted websites with NordVPN’s “specialty” servers designed to obfuscate your traffic from ISPs.
They all have the ability to unlock content from streaming services with their servers optimized for video streaming.
ExpressVPN is consistently voted one of the best VPN services because it has fast speeds, easy-to-use software for all major platforms, allows up to 5 connected devices per user (at a time), offers 24/7 live chat support, and has a 30-day money-back guarantee.
NordVPN is another great choice because it also allows 6 connections at once, its software is easy to use on all major platforms, it supports Tor over VPN servers, there are 24/7 live chat support agents, and it has a 30-day money-back guarantee.
CyberGhost allows 7 devices connected at once, has easy-to-use software, its servers are optimized for streaming video, and there’s a 45-day money-back guarantee.
The Best Free VPN For Hotel WiFi
OpenVPN is an open-source program that offers “full-featured” encryption using 256bit AES encryption.
It runs on most platforms and has good firewall compatibility.
Final Thoughts
While I’m not trying to scare or discourage you from using hotel wifi, I do want you to use it safely.
That’s why I would recommend using a VPN to protect yourself while you’re browsing the internet at hotels.
Just do it before you log in to your online accounts, like email, social media, or anything else that contains sensitive information.
Anyone who manages to hack your device will only be able to see random gibberish instead of important info like your credit card number or your phone number.
