Comment on My new and improved privacy stack
Heavybell@lemmy.world 4 days agoI’m under the impression https can be defeated by a man-in-the-middle attack if you’re not paying attention. Haven’t looked into it recently to be sure if that’s still the case or a solved issue, though. But that was one reason to use a VPN while on untrusted wifi, supposedly.
protogen420@lemmy.blahaj.zone 4 days ago
if you are using http yes, any modern website uses https, in most cases vpn will at least prevent dns hijacking (since unecrypted dns is still the default)
Heavybell@lemmy.world 3 days ago
No, I’m definitely talking about https. Could be this is no longer a thing tho, I need to look it up.
protogen420@lemmy.blahaj.zone 3 days ago
afaik there is some metadata leak with https unless you use ECH which most websites do not support
Heavybell@lemmy.world 3 days ago
I think I was thinking of situations where the wifi owner redirects you to their impersonation site with their own cert, but a normal browser will pop up a big warning about that. Also if the site properly uses HSTS and you’ve been there on that machine before, then you’re protected from being directed to a http impersonation site. A VPN will protect you from both (assuming the VPN us trustworthy), but if you’re savvy you don’t need it. But then the type of person who needs the kind of simplified explanation for “why VPN” that you get in ads is not savvy.