I’m under the impression https can be defeated by a man-in-the-middle attack if you’re not paying attention. Haven’t looked into it recently to be sure if that’s still the case or a solved issue, though. But that was one reason to use a VPN while on untrusted wifi, supposedly.
if you are using http yes, any modern website uses https, in most cases vpn will at least prevent dns hijacking (since unecrypted dns is still the default)
I think I was thinking of situations where the wifi owner redirects you to their impersonation site with their own cert, but a normal browser will pop up a big warning about that. Also if the site properly uses HSTS and you’ve been there on that machine before, then you’re protected from being directed to a http impersonation site. A VPN will protect you from both (assuming the VPN us trustworthy), but if you’re savvy you don’t need it. But then the type of person who needs the kind of simplified explanation for “why VPN” that you get in ads is not savvy.
I’m under the impression https can be defeated by a man-in-the-middle attack if you’re not paying attention. Haven’t looked into it recently to be sure if that’s still the case or a solved issue, though. But that was one reason to use a VPN while on untrusted wifi, supposedly.
if you are using http yes, any modern website uses https, in most cases vpn will at least prevent dns hijacking (since unecrypted dns is still the default)
No, I’m definitely talking about https. Could be this is no longer a thing tho, I need to look it up.
afaik there is some metadata leak with https unless you use ECH which most websites do not support
I think I was thinking of situations where the wifi owner redirects you to their impersonation site with their own cert, but a normal browser will pop up a big warning about that. Also if the site properly uses HSTS and you’ve been there on that machine before, then you’re protected from being directed to a http impersonation site. A VPN will protect you from both (assuming the VPN us trustworthy), but if you’re savvy you don’t need it. But then the type of person who needs the kind of simplified explanation for “why VPN” that you get in ads is not savvy.