That “free” hotel Wi-Fi is watching everything you do. Here’s what it’s collecting.

April 29, 2026

By Kim Komando

What’s the first thing I do in a hotel room? Check the closets and under the bed. Don’t judge me.

Then I jump on the free Wi-Fi. Terms and conditions pop up, and I do what you do. Scroll, scroll, scroll, agree. Because who has time for that wall of legal fine print? Nobody. That’s exactly what they’re counting on.

Here’s what you need to know. That login page isn’t for access. It’s enrollment. 

Companies like Nomadix and Eleven Software power hotel Wi-Fi specifically to help properties track browsing patterns, app behavior and social activity. They log every site you visit, package it up and sell it. Free? You pay with your privacy.

🏨 Hotels are data brokers

It’s not only your data. It’s you, physically.

Your phone broadcasts a unique ID called a MAC address. Hotels use it to track your movements through the building. They know when you left your room, how long you camped out at the bar and whether you actually made it to the gym. (Spoiler: They know you didn’t.) A digital fingerprint follows you from check-in to checkout.

And that Sign in with Google button on the Wi-Fi login screen? Don’t touch it. That’s not a convenience feature. That’s a data handoff to a third-party broker. Use your room number or a burner email instead. Easy swap, big difference.

One more thing. The second you connect, your phone should hit an official Terms and Conditions page. If it doesn’t? Disconnect immediately. Hackers plant fake networks named things like “High_Speed_Guest_Access” or “Free_Public_WiFi” right next to the real one. One wrong tap and you’re on their network. You’d never know until it’s too late.

🛡️ Lock it down

  1. Use your phone’s hotspot for anything sensitive. iPhone: Settings > Personal Hotspot > Allow Others to Join. Android: Settings > Connections > Mobile Hotspot.
  2. Turn on MAC address randomization. iPhone: Settings > Wi-Fi > tap the network > Private Wi-Fi Address > ON. Android: Settings > Wi-Fi > tap the network > Randomized MAC.
  3. Change your Domain Name System to 1.1.1.1 (Cloudflare’s free private DNS). Think of it as switching to a private phone book the hotel can’t read. iPhone: Settings > Wi-Fi > tap the ⓘ > Configure DNS > Manual > 1.1.1.1. Android: Settings > Connections > More Connection Settings > Private DNS > enter one.one.one.one.

And if you must use hotel Wi-Fi for anything personal and private, use ExpressVPN like I do. It encrypts the info leaving your device before the hotel ever sees it.* 

Next time you check in, remember: The free Wi-Fi is how the hotel checks you out.

📩 Send this to someone who is traveling and hops on hotel Wi-Fi without a second thought.

https://www.komando.com/tips/cybersecurity/that-free-hotel-wi-fi-is-watching-everything-you-do-heres-what-its-collecting/