A survival kit for public Wi-Fi
Hotel networks. Airport lounges. The cafe with the cute logo. Six concrete habits that take ten seconds and stop 95% of network-level attacks against you.
GuidesYou don't need a paranoid setup to use public Wi-Fi safely. You need six small habits. None of them are difficult; most of them are one-time setup. Together they neutralize the majority of attacks a stranger on the same Wi-Fi can run against you.
The threat model, quickly
On a shared Wi-Fi network, anyone in radio range can capture packets. If those packets are unencrypted, they can read your traffic. If your device responds to network-level probes (file shares, AirDrop, printer discovery), they can interact with you. If they spin up a fake "free wifi" hotspot, your device may auto-connect.
These three vectors — passive sniffing, active probing, and rogue access points — cover almost every public-Wi-Fi attack you'll see in 2026.
Six habits
1. Turn on your VPN before you connect
A VPN encrypts everything coming off your device, even DNS lookups. The Wi-Fi network sees only an encrypted tunnel to our server. Set your VPN to "Trusted Wi-Fi only" mode at home, and "Always-on" everywhere else.
2. Forget the network when you leave
Devices auto-connect to networks they remember. If you connected to "Free_Airport_WiFi" last March, your phone will rejoin any SSID with the same name forever. Forget the network on your way out.
3. Disable file/printer/AirDrop discovery on public networks
On macOS, set Sharing → off, AirDrop → "Contacts Only". On Windows 11, mark the network as "Public" when prompted. On phones, this is usually automatic but verify under Settings → Wi-Fi → (network) → Private Address.
4. Update before you travel, not at the airport
A pending OS update is your phone's most exposed surface. Ship updates from your trusted home network — never download a 4 GB iOS update over hotel Wi-Fi.
5. Prefer cellular for sensitive things
Banking? Tax filing? Two-factor codes for important accounts? Tether off your phone's LTE/5G instead of using public Wi-Fi. Carrier networks are imperfect but they don't share radio space with strangers.
6. Tap the lock
Most browsers no longer warn loudly about HTTP-only sites; they just show "Not secure" in small text. Get in the habit of glancing at the address bar before submitting any form. If it doesn't say https://, don't.
What about USB-C charging stations?
Briefly: data transfer over USB charging is real (called "juice jacking") but rare in 2026 — most devices ship with USB Restricted Mode on by default. If you're extra cautious, use a USB-A data blocker or carry your own wall adapter.
Run PlanetProxy for seven days, on us.
Same purple tile cards you see on this page, plus the green lock and a 50 ms hop to wherever you want to be.
Start the trial →More from the dispatch
GuidesPP · DispatchSplit tunneling: when it's a feature, when it's a foot-gunGuides · 5 minSplit tunneling: when it's a feature, when it's a foot-gun
Letting some apps skip the VPN sounds great until you discover your banking app went out the back door. Here's a clean rule for when to use split tunneling.
GuidesPP · DispatchWhy your VPN keeps getting blocked by streaming services (and the fix)Guides · 7 minWhy your VPN keeps getting blocked by streaming services (and the fix)
Netflix says "you appear to be using a proxy." Disney+ shows the wrong library. Here is what is actually happening on the back end and how we route around it.
- GuidesPP · DispatchSetting up your home network for privacy in 90 minutesGuides · 8 min
Setting up your home network for privacy in 90 minutes
A Saturday-morning checklist that hardens your router, fixes your DNS, segments your IoT junk, and (optionally) puts a VPN on the gateway. No paranoia, no rack of servers — just the settings most people skipped.