What hotel wifi can actually see

Every wifi network has a router that handles traffic. That router keeps logs. When you connect to a hotel network, the following information is visible to whoever manages that network:

What they can see Without VPN With VPN
Which websites you visit Visible Hidden
When you visited them Visible Hidden
How long you spent on each site Visible Hidden
Content of HTTPS pages Encrypted Encrypted
Content of HTTP pages Visible Hidden
Passwords on HTTPS sites Encrypted Encrypted
Your device identifier (MAC address) Visible Partial
DNS queries (domain lookups) Visible Hidden

The key distinction is between which sites you visit and what you do there. Modern HTTPS encryption means that even though the hotel can see you connected to, say, your bank's website, they can't see your account number, balance, or what you did.

DNS queries — the thing most people miss

Even when you're on HTTPS sites, your device first has to look up the IP address for every domain you visit. These DNS queries are usually unencrypted — meaning the hotel's router can see every domain name you look up, in real time.

This is more revealing than it sounds. A log of DNS queries from a hotel room is essentially a list of every website that person visited during their stay. Not what they did there — but where they went.

⚠ What the logs actually look like

A hotel IT admin can pull a log that shows: Device [your phone's MAC address], Room 204, visited these domains on these dates at these times. It's not a recording of what you did — it's a detailed itinerary of where you went online.

Does the hotel actually look at this data?

Almost certainly not, in any proactive way. Most hotel IT systems log traffic automatically but no one is sitting there reading it. The data is retained for legal compliance purposes — if law enforcement requests it, it can be produced.

The more realistic concern isn't a nosy hotel employee. It's other guests on the same network. Hotel wifi is typically a shared network with minimal security between devices. Someone on the same network with the right tools can potentially monitor unencrypted traffic from other guests — this is how "evil twin" attacks work.

What about private browsing / incognito mode?

This is a widespread misconception worth clearing up. Incognito mode does not hide your traffic from the network. It only prevents your browser from saving history locally on your device. The hotel's router still sees every domain you visit. Your ISP still sees it. Anyone monitoring the network still sees it.

✓ What incognito actually does

Prevents Chrome/Safari/Firefox from saving your browsing history locally. Doesn't delete cookies created during the session until you close it. Has zero effect on network-level visibility. It's a local privacy tool, not a network privacy tool.

How a VPN changes everything

A VPN encrypts all traffic between your device and a VPN server before it touches the hotel's network. From the hotel router's perspective, you're connected to one IP address — the VPN server — and everything else is encrypted noise. They can't see which sites you visited, your DNS queries, or anything you did online.

This is why we recommend enabling a VPN automatically on all untrusted networks — it's not about paranoia, it's about a simple technical reality of how shared networks work.

Free Download

The Traveler's Digital Security Checklist

7 things to set up before you leave home — including the exact VPN settings that protect you on hotel wifi.

No spam. Unsubscribe anytime.

Frequently asked questions

Google.com uses HTTPS, so the content of your searches is encrypted. The hotel can see that you connected to google.com but not what you searched for. Without a VPN, they can see the DNS query for google.com and the IP address. With a VPN, even that is hidden.

On HTTPS sites — which is almost everything today — no. Passwords are encrypted before they leave your device. On HTTP sites (no padlock), passwords are transmitted in plain text and can be intercepted. Always check for HTTPS before entering any sensitive information.

This varies by country and hotel policy. In the EU, data retention rules apply. In many countries, there are no strict requirements. In practice, most hotel networks retain logs for 30-90 days. Some retain them longer for legal compliance. A VPN means there's nothing in those logs worth reading.

Slightly — there's encryption overhead and your traffic routes through an extra server. With a good VPN like NordVPN on a nearby server, the difference is typically 10-20% in speed. For streaming, browsing, and video calls, you won't notice. Hotel wifi is often the bottleneck anyway.

The VPN we travel with

NordVPN — auto-connects on untrusted networks

Set it once and it activates automatically on hotel wifi. No-logs policy audited by PwC. Works in China and UAE.

Get NordVPN — Save up to 69% →

* Affiliate link — we earn a commission at no cost to you.