Is your hotel decrypting your encrypted data?

Being the CEO of Private WiFi means I’m on the road a lot, which also means that I’m constantly staying in hotels as I travel. As you might guess, I’m always logging onto the Internet when I stay at these hotels using the hotel WiFi network.

Before I get into the reason why I’m writing this blog post, it’s good to do a quick refresher on the dangers of hotel WiFi in general.

Hotel WiFi is almost always unsecure

The simple truth is that most hotel WiFi networks are totally unsecured. In fact, the risks associated with using a hotel network are much greater than using a wireless network at your home or office. Hotel networks make up a huge percentage of security breaches.

Most hotel WiFi networks are just like any other public WiFi network, which means that anyone with the right equipment who logs into the network can see what anyone else on the network is doing.

Some hotel networks, though, have wired connections that seem much more secure, since data travels via an Internet cable, rather than through WiFi networks. These are known as Ethernet connections, which connect a bunch of computers to form a LAN (local area network). Nearly 90% of all LANs use Ethernet, which is over 30 years old.

Nearly 20% of hotels in the United States use a hub configuration LAN, where all network data is sent to every computer connected to the network. However, anyone connected to the network can simply switch their laptop’s network card to “promiscuous mode” and view all the information sent over the entire network — unless that information is encrypted.

So in a nutshell, hotel WiFi is incredibly insecure, and yet few of us are taking steps to protect ourselves.

Some hotels may even by decrypting data from encrypted websites

Recently, I was traveling in Eastern Europe and logged into the network at a hotel at the end of a long day. Suddenly, the following message popped up:

“The firewall managing this network decrypts and scans encrypted content to prevent delivery of harmful content….By accessing websites from this network via secure HTTPS session, you agree to such decryption and scanning.”

What does this mean? When you visit a website that begins with “https”, the s at the end of http means the website is secure.  Whether it’s totally secure or not is a topic for another day, but what this message is saying is that the hotel network is decrypting whatever you on supposedly secure websites and scanning it for “harmful content.”

Are you really willing to let a hotel decrypt and scan your secure connections for vague reasons of “security”? Sounds a little troubling to me.

Steps you can take to protect yourself

While it’s important to understand the dangers inherent to all hotel networks, it’s more important to know what you can do about them. Below are some steps you can take to minimize these risks:

  • Disable or block file sharing
  • Enable a firewall and have up to date virus software
  • Use a VPN like Private WiFi

A VPN like Private WiFi encrypts all your Internet communication from being intercepted by others, whether on WiFi or Ethernet networks, and protects your data on secure websites from being unencrypted.

So here’s another travel rule to live by: don’t rely on hotels (or any other WiFi provider) to protect you. You need to protect yourself.