I don’t use a VPN, even on public WiFi, because I don’t use any unsecured protocols (except for occasional public HTTP). Am I being naïve?
17
1
2
Some open WiFi system inject JS Content into your HTTPS via MITM. This is a „service“ to show time left in free WiFi... and obvious not safe
1
Any resources how that works? To my understanding, this shouldn't be possible.
1
1
Private selfsigned wildcard cert on router, router is man in the middle, a lot of browser show cert error, but most people I saw don‘t care
1
Understood. I *do* care very much :)
1
2
And are you sure your e-mail clients and other apps/programs care as much as you do (cert pinning, no non SSL fallback...)?
1
Replying to @koepalex @jensschauder
I’m not, that’s why I’m asking :) My OS, messenger, mail, and browser are all mainstream and running the latest version.

Oct 16, 2017 · 6:15 AM UTC

2
Replying to @stilkov @jensschauder
Good, if you look a list of CVE, you will see errors in all SW. So there maybe still problems left, using VPN is risk mitigation, of loosing
Replying to @stilkov @jensschauder
Data... it this risk is ok (because you’ve 2factor auth, back ups, no personal/customer data) relax ;) if risk is nok setup VPN :)