Edinburgh is full of free Wi-Fi. You'll find it in the cafés along George Street, in hotels around the Old Town, on ScotRail trains heading to Waverley, in the libraries, and across busy hubs like Princes Street, Leith and Stockbridge. It's convenient, it saves your mobile data, and most of the time nothing goes wrong — but "most of the time" isn't the same as "safe".
Public Wi-Fi is one of the most common attack surfaces in everyday computing. As Edinburgh's local PC and laptop repair specialists, we regularly see customers whose accounts were compromised after using a hotel or café network. Here's what's actually going on, and the small habits that keep you out of trouble.
Why Public Wi-Fi Isn't Inherently Safe
A public network is a network you don't control. The router could be running outdated firmware, the password is shared with everyone in the building, and the people connected to it are strangers. That combination opens up a few realistic risks:
- Evil twin hotspots — an attacker sets up a network with the same name as the café's, and your device connects to theirs by mistake. Anything you send passes through their hardware first.
- Packet sniffing — older or misconfigured networks let other users on the same Wi-Fi see unencrypted traffic. Most websites now use HTTPS, but not everything on your laptop does.
- Man-in-the-middle attacks — the attacker positions themselves between you and the website you're visiting, intercepting login pages or injecting fake ones.
- Captive portal phishing — the "Sign in to Wi-Fi" page is a known weak spot, sometimes used to push fake login forms or browser extensions.
- Drive-by malware — if your operating system or browser is out of date, a malicious network can serve content that exploits known vulnerabilities.
How to Spot a Suspicious Network
You can rule out a lot of risk just by paying attention to which network you join. A few things to check before you click "Connect":
- Ask staff for the exact network name. Don't assume that "Free_Costa_WiFi" is the real one — cafés don't always use obvious names. If two networks have similar names, that's a red flag.
- Avoid open networks with no password where possible. Even a shared password (printed on a receipt or wall) is better than no encryption at all.
- Be wary of "Free Wi-Fi" with no branding on trains, buses or in busy public spaces. If nothing on the wall or your ticket mentions it, it's probably not from the venue.
- Watch for a captive portal that asks for too much information. A sign-in page that wants your full address, ID number, or social media password is not a normal Wi-Fi gate.
Seven Habits That Keep You Safe on Public Wi-Fi
You don't need to give up free Wi-Fi to stay secure. You just need a small set of routines.
1. Keep Your Operating System and Browser Up to Date
Most "drive-by" attacks rely on patched vulnerabilities. Running the latest Windows and browser updates closes most of them before you even sit down. Our guide on updating drivers on Windows 11 walks through the process if you've fallen behind.
2. Use a Reputable VPN
A VPN encrypts everything leaving your laptop or phone, so even if the café network is compromised, your traffic looks like noise. Stick to well-known paid providers — "free" VPNs often log and sell your data, which defeats the point.
3. Turn Off File Sharing and AirDrop in Public
Windows has a "Public network" profile for a reason. When you join a new network, choose "Public", which automatically disables network discovery and file sharing. On Mac, set AirDrop to "Contacts Only" or off entirely.
4. Stick to HTTPS — and Watch the Padlock
Modern browsers warn you about insecure pages, but it's still worth checking the padlock icon before you log in to anything. If your browser shows a certificate warning on a site you trust, don't click through — that's exactly how a man-in-the-middle attack looks from your side.
5. Don't Log In to Anything Sensitive on a Network You Don't Know
Online banking, work email, password managers, NHS portals — if it matters, save it for your home network or your phone's mobile data. The convenience of doing it now isn't worth the worst-case scenario.
6. Use Two-Factor Authentication on Everything
If a password is captured, 2FA is what stops it from becoming a full account takeover. Our step-by-step 2FA guide covers email, banking and social accounts in plain English.
7. Forget the Network When You Leave
Saved networks auto-reconnect — including in places where an attacker has spun up a fake hotspot with the same name. After you're done, tell Windows or your phone to forget the network. It takes ten seconds and removes a real risk.
What to Do If You Think You've Been Compromised
If you used a sketchy public network and now your laptop is behaving oddly — pop-ups, browser redirects, unfamiliar logins, sluggish performance — don't panic, but don't ignore it either. Disconnect from the internet, change passwords from a different device, and have the system properly checked. Our virus and malware removal service deep-cleans the OS and removes any persistence the attacker may have left behind.
Businesses around Bruntsfield, Morningside, Leith and the city centre often ask us to audit their networks after a staff member's account was hit on public Wi-Fi. We can also set up a properly segmented network at your office through our business IT support, so guest devices never touch your real systems.
The Bottom Line
Public Wi-Fi in Edinburgh is fine for casual browsing, reading news, or watching videos. It's not the place to do your banking, log in to your work email, or hand over passwords. Keep your software updated, use a VPN when you can, switch on 2FA everywhere, and trust your instincts about networks that look off.
If something has already gone wrong — or you'd just like a tune-up before your next trip — book a repair online or get in touch through our contact page. We cover Edinburgh and the Lothians, in-shop or at your home or office.