You disable the VPN, they show “unprotected”, come on, I’m not really unprotected, why such a dramatic word, I just disabled the thing a little, I’m “disconnected” but it doesn’t mean I’m actually unprotected, the same way it doesn’t mean I’m actually protected if I’m using a VPN.


You don’t need a vpn to protect yourself over a public wifi network. All modern website have HTTPS with certificates so the website can’t get spoofed and no one knows what your doing on that website. Modern browsers will warn you before entering a website without https or a certificate. Using an encrypted DNS like nextdns further protects you so no one even knows what websites your visiting.
Ok I’m not 100% sure if using an encrypted DNS does fully protect you from outsiders finding out which website your visiting, hopefully someone can correct me if I’m wrong.
The only problem I see with public wifi is the peer-to-peer nature of it. You no longer have the protection of a gateway if somebody is trying to be nefarious. They won’t sniff https traffic, but might attempt to connect to open services like an unsecured listener for the cat feeder.
In that instance, locking down the internet connection with a VPN would prevent an attack.
I’ve actually never really considered that. I guess all other apps also need to be secure or sandboxed or lack permissions to do anything although even then it seems like apps can just escalate permissions on there own without you doing anything.
It is not peer to peer. You are connecting to somebody else’s Wi-Fi router to get to the internet and you go through their ISP.
So, a very simple man in the middle of attack would to be put up other Wi-Fi connections that look legitimate but are in fact somebody’s laptop hanging out in your location and now your communication is entirely visible, unless you’re using a vpn.
Hackers are quite skilled at finding ways to get around TLS, and it is only a site specific interaction that is protected. Everything else is transparent.
https://www.cyberly.org/en/how-do-vpns-work-over-public-networks/index.html
TLS is e2e encrypted, can you please show how a hacker could get around that?
No, do your own work. I will give you a hint though. Look up session attacks and certificate hijacking.