Can someone see my internet history if we use the same WiFi?

Posted on September 1st, 2023 by in Privacy basics.

 

Before WiFi, you had to connect your internet-capable device to a router via an Ethernet cable. The router then connected to a modem, which connected your device to the internet. Routers and modems are so often housed in the same device, that the term “router” usually refers to a combined router and modem. 

These cables have been largely replaced by WiFi, a family of protocols that allow you to connect to a router wirelessly over certain radio frequencies (the 2.4 GHz, 5 GHz, and now 6GHz bands). When you connect to a router over WiFi, it’s still useful to think of your connection as being like a wired Ethernet connection — discrete and completely separate from the connections of everyone else who is connecting to the router… until all connections converge on the router.  

How WiFi works

This means that ordinary users who share the same WiFi cannot see what anyone else is doing on that WiFi network. However, whoever controls the router can see a great deal.

What can a WiFi owner see?

Anyone with direct access to a router — usually its owner (or manager in commercial or educational contexts), but potentially also a hacker who has managed to compromise the router in some way — can see and log:

  • Your entire browsing history while connected to the router
  • How long you spend on each website
  • The exact time you connect to a website
  • The total time you are online
  • Your device’s MAC address

The widespread adoption of HTTPS over the last few years means that a WiFi owner can see which websites you visit, but can’t see what individual pages you browse or any sensitive data you enter on that website — such as web forms and payment details.

However, in (thankfully now rare) cases where HTTPS isn’t used, a WiFi owner can see everything you do on a website. 

Learn more about HTTPS

The WiFi owner can also see the MAC addresses of all devices connected to the router, which they could potentially use to physically track you as you move between WiFi networks.

Learn more about what a MAC address is and what it can reveal about you

Can WiFi owners see my search history?

Search engines such as Google, Bing, and DuckDuckGo are secured with HTTPS, so while a WiFi owner can see that you’ve visited the search engine, they can’t see what you searched for once there.

But (and this a big but), as soon as you actually click on a link that takes you away from the search engine (like a website that’s listed in the search results), the WiFi owner can see that you’ve visited that site. 

Can public WiFi owners see my internet history?

Yes, and many sell this data to advertising and analytics companies, who use it to target you with ever more personalized ads. The reason you’re often required to sign in to “free” public WiFi networks using your email address and other personal details is so that your browsing can be tied to your real identity. 

You’re also likely to be required to agree to an opaquely long terms and conditions contract that allows the WiFi provider to do what it wants with your personal browsing data. This practice is especially common with commercial public WiFi providers who supply their third-party WiFi services to other businesses. 

Even when businesses don’t log or exploit your browsing history, they’ll often monitor and filter the websites you visit in real time so they can block access to illegal or inappropriate content.  

Can parents see my internet history? 

Yes, and it’s common practice to market routers with parental controls that allow parents to monitor their children’s browsing histories and block access to content they deem inappropriate for them to see. 

These logs and filters can usually be configured per device (based on the device’s IP address or MAC address), allowing parents, for example, to target different children with different levels of logging and filtering based on their age. 

Can my office, school, or college see my internet history?

Yes, and many organizations will use filters that actively flag and identify users who try to access content that is illegal, immoral, or which may otherwise be of concern. For example, many schools and universities will alert administrators if a student attempts to access websites relating to suicide or drug use. 

Can a WiFi owner see what sites I visit on my phone?

If your device connects to the internet via WiFi, then yes, a phone in this context is no different than any other device. 

However, with a phone, you can connect to the internet using your phone’s mobile (cellular) data connection, bypassing the need to use a WiFi network. Please be aware, though, that your mobile provider will be able to see your browsing history instead.

What can WiFi hackers see?

On almost all modern private WiFi networks, data traveling between your device and the router will be encrypted using the WPA (WiFi Protected Access), WPA2, or the new WPA3 wireless security protocols. These will prevent hackers from using packet sniffing tools to intercept your data as it is transmitted between your device and the router.

In theory, this is also true for public WiFi networks. But these can sometimes be misconfigured, use the old (and insecure) WEP (Wired Equivalent Privacy) wireless security protocol, or even not use any wireless security at all.

In these cases, a WiFi hacker might be able to intercept your data. However, the widespread use of HTTPS means that your data (what you actually do on a website) will probably be encrypted anyway and cannot be accessed by a hacker.

Similarly, if a hacker controls the router you connect to (either by hacking a public WiFi router or by tricking you into connecting to an evil twin hotspot), HTTPS will prevent them from being able to access your data. In this case, the hacker will be able to see your browsing history while connected to the router, but this is of little interest to most hackers.

Although once a problem, the widespread adoption of HTTPS means modern criminal hackers rarely target WiFi networks.

How to protect your internet history when using WiFi

 A virtual private network (VPN) encrypts all your data (including DNS queries) between your device and a VPN server run by a VPN service such as Proton VPN.

This prevents WiFi owners, hackers, internet service providers (ISPs), mobile internet providers, or anyone else sitting between your device and the VPN server from being able to access your data (in the unlikely event it’s not protected by HTTPS) or your browsing history.

Of course, if your parents see that you only connect to a single IP address (that of the VPN server) for hours at a time, they might ask some questions.

Proton VPN is an independently audited no-logs VPN service based in Switzerland, which has some of the strongest privacy laws in the world. 

Final thoughts

While other users on the same WiFi can’t see your internet history, the WiFi owner (or whoever has access to the WiFi router) can. However, it’s easy to protect your privacy from WiFi owners (and their ISPs) — just use a VPN!

Starting with ProPrivacy and now Proton, Douglas has worked for many years as a technology writer. During this time, he has established himself as a thought leader specializing in online privacy. He has been quoted by the BBC News, national newspapers such as The Independent, The Telegraph, and The Daily Mail, and by international technology publications such as Ars Technica, CNET, and LinuxInsider. Douglas was invited by the EFF to help host a livestream session in support of net neutrality. At Proton, Douglas continues to explore his passion for privacy and all things VPN.

Secure
your internet

Get Proton VPN
Get Proton VPN