Staying in a good hotel comes with certain expectations. Comfort, rest, and the privacy to do what you need to do. It’s your base of operations and you need to feel confident that, whether traveling for leisure or work, your stay will be productive and without risk.
This is why we have implicit trust in hotels the moment we walk through the door. Paying for a service, you expect things to be taken care of. This is also true for web connectivity provided by hotels. Using hotel wifi means you are voluntarily handing over your information to a network without understanding how trustworthy it may be, and since most major hotels use a third-party network provider to cater to guests’ wifi needs, this can mean that those networks are not thoroughly checked to ensure they meet digital privacy and security standards.
So, what are the issues involved and what are the best alternatives to ensure your digital privacy while staying in hotels?
When you make an assumption of security on a hotel network, two things can happen.
Firstly, there is none: most hotel networks do not require a password for ‘guest convenience’ so the link is unencrypted, leaving it open to hackers.
Secondly, you jump on the network with your device and you see a hotel-related pop-up for a software install that is necessary to keep using the wifi. You click ‘Accept’ and download the patch, of course, because you’re safely behind closed doors. Right?
Downloading means willingly giving access to your computer because you may have unwittingly accepted a piece of malicious software designed specifically to hitch a ride on your system. It’s like a parasite, and hackers can then see your personal information, login and password credentials when you use them.
An equally simple hacker strategy is to set up a separate network masquerading as the legitimate hotel network. Many guests assume the correct network name and click to join. It’s a terrifyingly low-tech method to gain quick access to your digital life. For example, if you open your device in your room and see a generic “Hotel Guest WiFi” network, would you click to join?
Certain legitimate equipment that hotels use may also be suspect. The ANTlabs InGate device, for example, is a widely adopted technology that allows hotels to streamline setting up their WiFi networks. However, since the manufacturer failed to understand that their product had a vulnerability easily exploited by hackers, they were unaware that their clients’ hotel networks were easily compromised in 277 hotel locations globally.
The adoption of the General Data Protection Regulation (GDPR) within the European Union (EU) since May 2018 has also meant significant changes to data protection standards throughout the EU, together with matching penalties for non-compliancy. Hotels, by their nature, are open targets for data attacks due to a large number of daily guest transactions and turnover. Under GDPR, hotels are obligated to report network security breaches within 72 hours to the authorities, and many hotels are inadequately prepared in terms of on-site network quality and staff training to deal with such threats. Education for new regulations is an additional financial investment for hotel owners, so there is still uncertainty surrounding effective adaptation to the new laws.
Given the general concern surrounding the viability of hotel guest networks, and how these may affect both smaller hotels and the larger worldwide chains, the most pragmatic consumer advice is simply not to rely on hotel WiFi.
So, what are your options?
Virtual Private Networks (VPNs) encrypt your digital activity and mask your location by creating a discreet ‘tunnel’ from your system to the required remote site. Your data flow through a ‘tunnel’ on a public network, the difference is that you share that tunnel with everyone else.
On a VPN, this means you cannot be targeted specifically based on wherever you log on, and also that if hackers even gain access to your system, all they will see is an encrypted and illegible data stream. You generally understand that your data is going where it needs to and that nobody can access it en route.
However, there are a huge number of VPN providers and this is where some of the problems begin. It can be challenging to understand which services to trust and whether paying for a VPN subscription will guarantee your privacy when there are free providers promoting the same service. Some may display issues such as vulnerabilities while handling cookies, the tiny bits of data sent from a website and stored on your system while you are browsing that site. These vulnerabilities may be circumvented by changing your device settings from a plain HTTP connection to HTTPS, but many users find such operational complexity unacceptable when paying for a VPN.
You are still placing your personal details in the hands of another service, so ultimately a VPN’s success is dependent upon a thorough examination of that provider’s credentials, service quality and reputation.
Personal Mobile Data
Another option while staying in hotels is, of course, to simply continue using your existing mobile data plan. This makes sense. By staying with your regular data provider you are decreasing the potential for new network adoption and opening entry points for attackers.
However, traveling often means jumping outside of your mobile provider’s territory, incurring widely differing roaming fee structures, depending on the reach and consistency of your plan. These can sometimes feel more like penalties, for example receiving a text advising ‘100MB data per day’ effectively means a few minutes of map navigation, extremely light browsing, and minimal communications. Feeling hampered by data limits is stressful, whereas navigating new cities or surroundings with ample connectivity means you can actually enjoy and optimize the technology you carry with you.
Besides, contacting your provider prior to traveling simply to check how your costs will be impacted is arduous, and you also need to ensure you cancel any activated international roaming service once you return home.
There are more creative options to explore though. Many hoteliers are beginning to understand the fundamental need for offering a seamless, secure, and resilient data connectivity experience for their guests.
One approach spearheaded by Manet has been to place free 4G connectivity and free international calls within the guests’ hands. By providing high-end Samsung smartphones in rooms, guests have a user-friendly, customizable device that operates on Android, the world’s most widely adopted system. The phone functions with all the convenience expected, without limits, works as a mobile wifi hotspot allowing hotel guests to stay connected on the web inside and outside their hotel and is fully integrated with the hotel systems for simplified access to hotel services and guest room linked device control.
Such solutions provide an effective remedy to guest concerns about using foreign WiFi networks susceptible to breach, or relying on personal expense to operate online when data should be part of a hotel’s service offering.
For the hotel, this approach also creates an opportunity for increased, simplified guest connection and service, while multiplying channels for revenue generation possibilities.