I keep hearing on VPN ads that you have to use a VPN to not have your login information stolen. So far I have been using Cloudflare WARP to be safe enough. However, if I am using an HTTPS website, do I really need a VPN or WARP? Will an attacker on the same network as me be able to access passwords transmitted over HTTPS?
You might not know if an app on your computer uses encryption when it communicates. And you dont know if a ssl cert has been exposed but not revoked yet. So no, you cant trust https alone.
And I’ve seen just how easy it is to setup a fake wifi and have peoples phones be autoconnected to it because the victims have an old public network in the “remembered networks” list. On a dev conference.
So i use either use vpn or a private mobile network. Well, honestly I actually don’t. I suck at practicing what I preach. Convenience versus risk.