Searching on public Wi-Fi at a cafe, airport, hotel, or library exposes you to a different set of privacy risks than searching at home. The public network is shared with strangers, operated by an unknown entity, and frequently unencrypted at the infrastructure level. This guide explains what the actual risks are β precisely and without exaggeration β and the specific steps that protect your search privacy on any public Wi-Fi network.
What Public Wi-Fi Actually Exposes
The threat landscape on public Wi-Fi has three distinct layers.DNS queries:By default, DNS lookups go to the routerβs DNS server. The network operator β the cafe, hotel, or airport β can see every domain name you visit in their DNS logs. This does not reveal the page content or search query, but it does reveal which search engine you used and which sites you visited.Unencrypted traffic:Any HTTP (non-HTTPS) site you visit sends traffic in plain text across the network β readable by anyone using a packet sniffer on the same Wi-Fi. In 2026, the majority of sites use HTTPS, so this is less common but not eliminated.Man-in-the-middle attacks:On poorly configured public networks, a malicious actor can set up an access point with the same name as the legitimate one β called an evil twin attack β intercepting your traffic before forwarding it. This is rare in practice but is a documented threat on public networks.
Step 1 β Use Flaru as Your Search Engine
Switching toFlarueliminates search query logging at the engine level. Even if your DNS traffic is visible to the network operator showing that you visited flaru.com, the query itself is never logged by Flaru β meaning there is no database entry associating your device with your search terms. Additionally, all Flaru connections occur over HTTPS, meaning the content of your search and results is encrypted in transit. See our guide onsetting Flaru as your defaulton any browser.
Step 2 β Connect a VPN Before Using Public Wi-Fi
A VPN is the single most effective tool for public Wi-Fi privacy. When you connect a VPN before joining a public network, all traffic from your device is encrypted before it reaches the Wi-Fi router. The network operator sees only encrypted data flowing to your VPN server β not DNS queries, not domains visited, and not search content. Furthermore, other users on the same network cannot intercept your readable traffic because it is all encrypted at the device level before transmission. Connect the VPN first, then join the Wi-Fi network. Use ourVPN leak testto confirm your VPN is not leaking your real IP through WebRTC.
For a reliable no-log VPN,NordVPN offers independently audited privacy, 6,000+ servers worldwide, and works on all devices including Android and iOS.
Step 3 β Enable DNS-over-HTTPS
If you cannot use a VPN, enabling DNS-over-HTTPS as a minimum measure encrypts your DNS queries so the public Wi-Fi network cannot see which domains you are visiting. In Chrome or Brave: Settings β Privacy and Security β Security β Use secure DNS β select Cloudflare. In Firefox: Settings β Privacy and Security β DNS over HTTPS β enable and select a provider. DNS-over-HTTPS alone does not encrypt your actual browsing traffic, but it removes the domain-visibility layer from the public networkβs logs.
Step 4 β Use HTTPS-Only Mode
Enable HTTPS-Only mode in your browser to prevent any accidental connection to unencrypted HTTP sites. In Firefox: Settings β Privacy and Security β HTTPS-Only Mode β enable in all windows. In Chrome: Settings β Privacy and Security β Security β Always use secure connections. Brave enables this by default. HTTPS-Only mode ensures that if a site tries to load over HTTP, the browser either upgrades it to HTTPS or shows a warning before connecting.
Public Wi-Fi Risk Summary
| Risk | Flaru Only | VPN Only | Flaru + VPN + DoH |
|---|---|---|---|
| Search query logged | β Protected | β οΈ If using Google | β Protected |
| DNS queries visible to network | β οΈ Still visible | β Protected | β Protected |
| Traffic readable by others on Wi-Fi | β οΈ HTTPS only | β Protected | β Protected |
| Real IP visible to sites visited | β οΈ Visible | β Protected | β Protected |
Check your full exposure score with ourprivacy leak testand verify your VPN is functioning correctly with ourVPN leak test. Read our completeanonymous search guidefor the full privacy setup across all environments.
Frequently Asked Questions
Is it safe to search on public Wi-Fi?
Risky without protection. DNS queries reveal domains visited. A VPN + Flaru + DNS-over-HTTPS addresses the main exposure vectors on any public network.
Can someone on the same Wi-Fi see my searches?
HTTPS content is encrypted and not readable. DNS queries are visible unless DNS-over-HTTPS is on. A VPN encrypts all of this before it reaches the shared network.
Is incognito mode safer on public Wi-Fi?
No. Incognito mode only prevents local history saving. Network visibility of DNS queries and traffic metadata is completely unchanged in incognito mode.
