Public Wi-Fi is not automatically dangerous
Modern websites use HTTPS, which encrypts the connection between your browser and the site. That is a major improvement over the early public Wi-Fi era. Still, a café network is managed by someone else and shared with strangers, so it deserves less trust than your own home connection.
The safest connection order
- Confirm the network name with store signage or an employee.
- Connect and allow the café sign-in or terms page to load.
- Turn on a trusted VPN after the portal grants internet access.
- Verify that websites show HTTPS before entering credentials.
- Disable automatic Wi-Fi joining when you finish.
What a VPN adds
A VPN encrypts traffic between your device and the VPN provider's server. This makes the local hotspot less important to the privacy of your traffic and helps prevent casual observation by other devices on the same network.
Our public Wi-Fi pick: Proton VPN
Proton offers open-source apps, a usable free plan, and premium options for people who need more locations and connections.
See Proton VPN →What a VPN does not solve
A VPN cannot tell whether a link is a phishing attempt, stop you from installing malicious software, or repair a weak password. Keep multi-factor authentication enabled and do not ignore browser or operating-system warnings.
Watch for look-alike hotspot names
A network name can be copied. A hotspot called “Coffee Guest WiFi” is not necessarily operated by the café. When the exact name is unclear, ask an employee rather than guessing.
Bottom line
You can use Starbucks Wi-Fi sensibly. Confirm the network, complete its captive portal, connect a reputable VPN, and reserve your most sensitive activity for a network you control whenever practical.