I keep hearing on VPN ads that you have to use a VPN to not have your login information stolen. So far I have been using Cloudflare WARP to be safe enough. However, if I am using an HTTPS website, do I really need a VPN or WARP? Will an attacker on the same network as me be able to access passwords transmitted over HTTPS?

  • emptyother@programming.dev
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    You might not know if an app on your computer uses encryption when it communicates. And you dont know if a ssl cert has been exposed but not revoked yet. So no, you cant trust https alone.

    And I’ve seen just how easy it is to setup a fake wifi and have peoples phones be autoconnected to it because the victims have an old public network in the “remembered networks” list. On a dev conference.

    So i use either use vpn or a private mobile network. Well, honestly I actually don’t. I suck at practicing what I preach. Convenience versus risk.