Can someone see my internet history if we use the same WiFi?

Before WiFi, you had to connect your internet-capable device to a router via an Ethernet cable. The router then connected to a modem, which connected your device to the internet. Routers and modems are so often housed in the same device, that the term “router” usually refers to a combined router and modem. 

These cables have been largely replaced by WiFi, a family of protocols that allow you to connect to a router wirelessly over certain radio frequencies (the 2.4 GHz, 5 GHz, and now 6GHz bands). When you connect to a router over WiFi, it’s still useful to think of your connection as being like a wired Ethernet connection — discrete and completely separate from the connections of everyone else who is connecting to the router… until all connections converge on the router.  

How WiFi works

This means that ordinary users who share the same WiFi cannot see what anyone else is doing on that WiFi network. However, whoever controls the router can see a great deal.

What can a WiFi owner see?

Anyone with direct access to a router — usually its owner (or manager in commercial or educational contexts), but potentially also a hacker who has managed to compromise the router in some way — can see and log:

  • Your entire browsing history while connected to the router
  • How long you spend on each website
  • The exact time you connect to a website
  • The total time you are online
  • Your device’s MAC address

The widespread adoption of HTTPS over the last few years means that a WiFi owner can see which websites you visit, but can’t see what individual pages you browse or any sensitive data you enter on that website — such as web forms and payment details.

However, in (thankfully now rare) cases where HTTPS isn’t used, a WiFi owner can see everything you do on a website. 

Learn more about HTTPS(new window)

The WiFi owner can also see the MAC addresses of all devices connected to the router, which they could potentially use to physically track you as you move between WiFi networks.

Learn more about what a MAC address is and what it can reveal about you

Can WiFi owners see my search history?

Search engines such as Google, Bing, and DuckDuckGo are secured with HTTPS, so while a WiFi owner can see that you’ve visited the search engine, they can’t see what you searched for once there.

But (and this a big but), as soon as you actually click on a link that takes you away from the search engine (like a website that’s listed in the search results), the WiFi owner can see that you’ve visited that site. 

Can public WiFi owners see my internet history?

Yes, and many sell this data to advertising and analytics companies, who use it to target you with ever more personalized ads. The reason you’re often required to sign in to “free” public WiFi networks using your email address and other personal details is so that your browsing can be tied to your real identity. 

You’re also likely to be required to agree to an opaquely long terms and conditions contract that allows the WiFi provider to do what it wants with your personal browsing data. This practice is especially common with commercial public WiFi providers who supply their third-party WiFi services to other businesses. 

Even when businesses don’t log or exploit your browsing history, they’ll often monitor and filter the websites you visit in real time so they can block access to illegal or inappropriate content.  

Can parents see my internet history? 

Yes, and it’s common practice to market routers with parental controls that allow parents to monitor their children’s browsing histories and block access to content they deem inappropriate for them to see. 

These logs and filters can usually be configured per device (based on the device’s IP address or MAC address), allowing parents, for example, to target different children with different levels of logging and filtering based on their age. 

Can my office, school, or college see my internet history?

Yes, and many organizations will use filters that actively flag and identify users who try to access content that is illegal, immoral, or which may otherwise be of concern. For example, many schools and universities will alert administrators if a student attempts to access websites relating to suicide or drug use. 

Can a WiFi owner see what sites I visit on my phone?

If your device connects to the internet via WiFi, then yes, a phone in this context is no different than any other device. 

However, with a phone, you can connect to the internet using your phone’s mobile (cellular) data connection, bypassing the need to use a WiFi network. Please be aware, though, that your mobile provider will be able to see your browsing history instead.

What can WiFi hackers see?

On almost all modern private WiFi networks, data traveling between your device and the router will be encrypted using the WPA (WiFi Protected Access), WPA2, or the new WPA3(new window) wireless security protocols. These will prevent hackers from using packet sniffing tools(new window) to intercept your data as it is transmitted between your device and the router.

In theory, this is also true for public WiFi networks. But these can sometimes be misconfigured, use the old (and insecure(new window)) WEP (Wired Equivalent Privacy)(new window) wireless security protocol, or even not use any wireless security at all.

In these cases, a WiFi hacker might be able to intercept your data. However, the widespread use of HTTPS means that your data (what you actually do on a website) will probably be encrypted anyway and cannot be accessed by a hacker.

Similarly, if a hacker controls the router you connect to (either by hacking a public WiFi router or by tricking you into connecting to an evil twin(new window) hotspot), HTTPS will prevent them from being able to access your data. In this case, the hacker will be able to see your browsing history while connected to the router, but this is of little interest to most hackers.

Although once a problem, the widespread adoption of HTTPS means modern criminal hackers rarely target WiFi networks.

How to protect your internet history when using WiFi

 A virtual private network (VPN) encrypts all your data (including DNS queries) between your device and a VPN server run by a VPN service such as Proton VPN.

This prevents WiFi owners, hackers, internet service providers (ISPs), mobile internet providers, or anyone else sitting between your device and the VPN server from being able to access your data (in the unlikely event it’s not protected by HTTPS) or your browsing history.

Of course, if your parents see that you only connect to a single IP address (that of the VPN server) for hours at a time, they might ask some questions.

Proton VPN is an independently audited no-logs VPN service based in Switzerland, which has some of the strongest privacy laws in the world.

Final thoughts

While other users on the same WiFi can’t see your internet history, the WiFi owner (or whoever has access to the WiFi router) can. However, it’s easy to protect your privacy from WiFi owners (and their ISPs) — just use a VPN!

Protect your privacy and security online
Get Proton VPN free

Related articles

What is AirTag stalking?
In an era of “smart devices” that often double as spy devices, AirTags are tracking tools that are open about their function and can be vital in helping locate lost items (as anyone who has lost their car keys can attest to). However, as a recent cla
How to fix a "Your connection is not safe" error
As you surf the web using your browser, you’ll no doubt encounter websites that your browser will refuse to load, instead showing some variation of an error message, such as Your connection is not private or Warning: Potential Security Risk Ahead. 
Your search history is a window into your inner life. Anyone with access to it knows what your hobbies and interests are, your sexual orientation and preferences, the things that worry you (for example your medical concerns), your political affiliati
how to flush dns blog
  • Privacy deep dives
A DNS cache is a record of all the websites you’ve visited over a set amount of time. Simply put, your DNS cache is a list of websites you visited in the past that’s stored on your device. Your computer uses it to speed up visits to those same websit
Is Temu legit?
  • Privacy basics
Temu has become an unavoidable brand. Unknown to most up to a year ago, the online retailer exploded onto the digital scene in the United States with lavish ads and a riveting social media campaign, and has started its takeover in Europe now, too. As
We examIne whether the controversial Chinese video platform is safe to use
  • Privacy basics
In this article, we take an in-depth look at whether the wildly popular social media platform TikTok is safe to use. Several countries recently banned government officials from using TikTok, and now the US House of Representatives has passed the Pro