I keep hearing on VPN ads that you have to use a VPN to not have your login information stolen. So far I have been using Cloudflare WARP to be safe enough. However, if I am using an HTTPS website, do I really need a VPN or WARP? Will an attacker on the same network as me be able to access passwords transmitted over HTTPS?

  • EndOfLine@lemm.ee
    link
    fedilink
    English
    arrow-up
    35
    ·
    1 year ago

    Think of it like this

    • HTTPS hides what you are saying.
    • VPN hides who you are saying it to.
      • jsdz@lemmy.ml
        link
        fedilink
        arrow-up
        10
        ·
        edit-2
        1 year ago

        It’s not particularly easy to find a trustworthy VPN, but it’s not particularly hard to find one you’d trust more than whatever random public wi-fi you’ve found while on the road. Your stock reminder that we can never trust anyone is not really useful here.

        Using a good VPN is one way to sanitize the whole network environment when you have no reason to trust even the router you’re connecting to, avoiding quite a few risks besides that of someone passively analyzing your traffic.

        • Starbuck@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          He’s not suing trust nobody. He’s saying apply the same scrutiny to your VPN provider as you would any other vendor who you only hear about in online ads.

        • Possibly linux@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          For what reason? If your doing something scketchy the VPN company is going to know about it.

          If you want your DNS encrypted use encrypted DNS. If you want to be really hidden use Tor