
Public Wi-Fi in cafés, airports, and hotels is convenient — and untrusted. On an open network, you don’t control who else is connected or who runs the hotspot. A VPN encrypts your connection so that even on a hostile network, your traffic stays private. Here’s exactly what it protects against, and the honest answer to whether you still need one in 2026.
Reviewed and kept current by the Coppers.io editorial team — see how we research .
The risks of public Wi-Fi
Open networks expose you to a few real threats:
- Snooping by the network or other users — whoever runs the hotspot (or anyone on it) can potentially observe your traffic, including which sites you visit.
- Evil-twin hotspots — attackers set up a fake network named like the real one (“Airport_WiFi”) so your device connects to them, routing your traffic through their equipment.
- Man-in-the-middle attacks — an attacker positions themselves between you and a site to intercept or alter data.
- Captive-portal and downgrade tricks — manipulating the login page or pushing you to insecure connections.
The US Federal Trade Commission covers these risks in its public Wi-Fi guidance — a good, vendor-neutral reference.
How a VPN protects you
A VPN wraps all your device’s traffic in an encrypted tunnel to a remote server. On public Wi-Fi that means:
- The network operator and other users see only encrypted data, not the sites you visit or what you send.
- An evil-twin hotspot can carry your traffic but can’t read it.
- Your real IP and location are masked.
In short, it turns a network you can’t trust into one you don’t need to trust. (For the mechanics, see how a VPN works .) For full protection, use one with a kill switch so nothing leaks if the tunnel drops.
“But isn’t everything HTTPS now?” — the honest answer
It’s a fair question. Most websites use HTTPS, which already encrypts the content of your traffic — so public Wi-Fi is less dangerous than it was a decade ago. But a VPN still adds meaningful protection:
- HTTPS hides the page content, but the domains you visit can still be visible to the network; a VPN hides those too.
- It protects any traffic that isn’t properly secured (older apps, misconfigured sites).
- It defends against evil-twin and downgrade tricks that try to strip HTTPS.
So HTTPS and a VPN are complementary layers, not either/or. On untrusted networks, the VPN is the layer that doesn’t depend on every app and site doing the right thing.
Smart habits on public Wi-Fi
A VPN is the core defence, but pair it with good practice:
- Turn the VPN on before you browse — connect to it the moment you join the network.
- Verify the network name with staff to avoid evil twins, and disable auto-connect to open networks.
- Use HTTPS sites and keep your OS, browser, and apps updated.
- Protect your accounts with a password manager and two-factor authentication, so an intercepted password isn’t enough on its own.
- Avoid sensitive tasks on networks you can’t verify if you don’t have a VPN running.
What to look for in a VPN
Choose on substance, not brand names: strong encryption (AES-256), modern protocols (WireGuard/IKEv2 — see VPN protocols ), an audited no-logs policy, a reliable kill switch, and apps for all your devices. You can check the speed impact with our free VPN speed test . (We’re building a fully independent “Best VPN” comparison; until it’s live, score providers against these criteria.)
The bottom line
On public Wi-Fi, a VPN is one of the simplest, most effective protections you can use. HTTPS helps, but a VPN covers the gaps — hiding the networks you visit, defending against fake hotspots, and keeping your data private on networks you can’t control. Turn it on before you connect, and browse with confidence.
FAQs
- It's safer than it used to be thanks to HTTPS, but still risky: the network operator can see the sites you visit, attackers can set up fake hotspots, and not all traffic is properly encrypted. On untrusted networks, a VPN closes those gaps.
- HTTPS encrypts a site's content but not always the domains you visit, and it doesn't protect poorly secured apps or defend against evil-twin hotspots. A VPN adds a layer that doesn't rely on every site and app being configured correctly.
- It's a fake Wi-Fi network an attacker sets up with a name that mimics a legitimate one, so your device connects to them. A VPN protects you because your traffic stays encrypted even if it passes through the attacker's network.
- Connect to the Wi-Fi, then turn the VPN on before you do anything sensitive. A kill switch helps by blocking traffic until the VPN tunnel is active, preventing any brief exposure.
- A VPN plus your bank's own HTTPS encryption makes it much safer. For extra safety, use a no-logs VPN with a kill switch, or use mobile data for highly sensitive transactions if you're unsure about the network.
