My question points to the fact that all websites have standardized to https and apps use encryption in their communication too.
Assuming I also use any of the public secure DNS servers, what extra protection do I get from a VPN in a public network?
Why are VPNs needed on public WiFi networks
They aren’t unless you are really against people knowing what sites you visit. Most connections through a browser are encrypted with HTTPS which only allows for someone snooping a public WIFI to see the domain of the sites you visit. That is all they can see. Obviously, by just analyzing the domain of the sites you visit, you can extract information of what you are generally doing (Googling, Watching YouTube, Downloading Torrents, etc). However, no one is going to be able to extract your bank details or password you enter in a browser. Neither will they know what you were doing inside the site.
Also, Man-in-the-middle attacks are not a real threat in public WIFI. HTTPS makes it very unlikely to happen. I have said this previously, but it is like worrying about stepping on pee inside your home when you have no pets. Is it technically possible? Yes, but a lot of things need to happen in order for it to be possible.
A public network has many unknown users, some may be intercepting traffic. You don’t actually need a VPN, but at least HTTPS, never login to unsecured protocols using a public network, such as http, ftp, smtp, pop3, imap (these 4 without TLS) and so on.
Its not needed, mostly marketing by the VPN companies. Almost all apps use HTTPS since 2015.
They can see where you are going and what type of traffic it is. If they block DNS over HTTPS then all your domain lookups up are the in the clear as it generally falls back to post 53. If you’re downloading torrents; while they often cannot see what you are downloading they can see you’re downloading it. As someone who manages a guest network, you may find it surprising on how much we can see. VPNs on Guest networks really are a must.
My question points to the fact that all websites have standardized to https and apps use encryption in their communication too.
officially yes.
unofficially… uhhh… do you really trust the apps and websites?
Unless your WiFI provider does some very fancy networking, WiFI is one big Ethernet LAN, and everything you do is visible to anyone sniffing the traffic. Sure, some of it is encrypted, but not everything.
Also, your WiFI provider can inject traffic if they can see it – things like ads.
The purpose of VPN is to hide from the public Wi-Fi network owner of what you are doing.
In short, so that other people on the same WiFi cannot read your data.
Not to be crude, but I compare joining insecure public WiFi networks without a VPN like having unprotected sex with the person you just met in the bar. Will you get an STD? Maybe not every time, but the more you act in that behavior you are going to come across that one person who messes up your world. Cover your *ahem* Internet Connection if you are going to be willy-nilly. People that tell you that you don’t need it don’t care about your welfare and their advice taken with a grain of salt.
recently had an argument with a middleaged crypto bro on tiktok about this, he was so unbelievably convinced that you need a constant vpn to be “secure”, even in ur home network…
Thank you. That’s what I suspected
You can see in this thread that they’ve convinced a lot of people that the threats are around every corner. Stranger danger for computer dweebs.
Reality is less exciting. There are few people out there trying to steal your stuff through public wifi, and given HTTPS etc, very little harm that can come to you even if they did.
However, if you were in a repressive country and were using the internet to do things the authorities might not approve of, you’d want to be more careful than the Average Joe US using a public McDonald’s wifi to check his email.
even with a VPN, you still have to trust apps and websites. the communication is encrypted only beetween you and the vpn server, which then has to decryot It and route it to the destination. Now you have to trust apps, websites AND the vpn. Very well done, marketing zombie society!
The only thing that a commercial vpn Is useful Is to bypass geoblocking and your ISP. but hey, you’re only shifting your trust beetween your ISP and a polynesian? based vpn
I thought you couldn’t sniff other computers’ traffic in a LAN since HUBs were replaced by switches which make it physically impossible.
Also, WiFi provider can’t see any traffic these days because it’s all encrypted, no? Or am I getting something wrong?
But your analogy doesn’t prove anything.
Do you have any evidence to say this?
what I mean is, with a VPN, “your” ISP can’t intercept your data.
if your ISP is trustworthy then it’s not a big deal, but when connecting to public wifi, you may well be connecting to someone who is after your bank info. especially if said public wifi is a random one you find, and not, say, the free wifi at mcdonalds.
Wireless is still a broadcast medium.
Switches do not prevent sniffing by a network admin. You just have to put the switch port in promiscuous mode and then capture the traffic with a tool like Wireshark.
Gladly (and happily) I do not. Unprotected promiscuity in both human relationships and unsecured wireless access points always seemed a foolish and dangerous thing to do.