What Can Public Wi-Fi See on Your Phone During the World Cup?

Public Wi-Fi can expose more than you think during the World Cup. Here’s what networks can see, what they shouldn’t, and how to stay safer.

You’re at a bar, airport, or hotel watching the World Cup. Your mobile data starts acting up, a free public Wi-Fi network pops up, and the temptation is to connect without thinking twice.

The problem is not just “using the internet away from home.” The real question is who manages that network, how protected it is, and whether your activity is moving through secure connections.

According to the FTC, many websites today use encryption, which makes public networks safer than they used to be. Still, the agency recommends visiting only secure pages, marked by “https” or a lock icon in the browser.

What Public Wi-Fi Can Actually See

A Wi-Fi network can identify basic connection details, such as the device connected, access times, the amount of data being used, and the addresses of websites or services visited.

That does not automatically mean someone can see your messages, passwords, or private conversations. When a website or app uses encryption, the content is generally protected while it is being transmitted.

Still, metadata can reveal a lot. The network may not read your conversation, but it may see that your phone accessed a bank, a social media platform, or a shopping site.

What Public Wi-Fi Should Not Be Able to See

On secure connections, passwords, private messages, credit card details, and access codes should not appear in plain text to whoever controls the network.

The risk goes up when a page does not use HTTPS, when an app is poorly configured, or when you ignore browser security warnings.

This is where many people get confused: the Wi-Fi network does not need to “hack” your phone to create risk. Sometimes, all it takes is pushing you toward a fake page, getting you to accept a suspicious certificate, or convincing you to enter data in the wrong place.

Why Public Networks Get Riskier During the World Cup

Big events make people rush. You want to check the score, call a ride, pay the tab, post a photo, or reply to messages while you’re distracted.

Criminals can take advantage of that moment by creating networks with names that look similar to real locations. This type of attack is known as an “evil twin,” when a fake network imitates a legitimate one to attract connections.

Before connecting, check at least three signs: whether the network has a password, whether the name was confirmed by the business, and whether your phone shows the connection as protected. As part of that check, the Wi-Fi Checker in dfndr security can help as an extra layer by showing information about the connected network, such as download speed, whether DNS is secure, and the password protection level.

What to Avoid When Using Public Wi-Fi

Avoid accessing bank accounts, sending money through Zelle, entering new passwords, or typing in credit card details on open networks, especially when you do not know who controls the connection.

Also be suspicious of pages that open automatically and ask for too much information. Name and email may be common on access portals, but an SSN, bank password, text message code, or credit card number makes no sense just to unlock Wi-Fi.

Another smart move: do not accept strange browser alerts just to “make it work.” If you see a warning about an invalid certificate, unsafe page, or non-private connection, stop before continuing.

How to Protect Yourself on Public Wi-Fi During the World Cup

For sensitive actions — banking, shopping, or signing in to accounts — use mobile data whenever possible. If you need to use the venue’s Wi-Fi, confirm the network name before connecting and keep your phone updated.

Before the next game, do a quick check: open your settings and see how many unknown networks your phone would connect to automatically. Most people are surprised by the number — and turning that option off takes less than a minute.