10 sats \ 1 reply \ @ek OP 23 Dec 2022 \ parent \ on: Why Public Wi-Fi is a Lot Safer Than You Think bitcoin
if you don't know what you're doing you can be attacked easily
That's the point of the article: With widespread HTTPs adoption, it cannot be done easily.
Please help me to understand why you think so:
What are these easy attack vectors where a VPN helps and which are explicitly about public Wi-Fi usage?
write
preview
7 sats \ 0 replies \ @gandlaf21 24 Dec 2022
Example: Evil-twin Attack to be launched on unsuspecting victim on a public network:
  1. Attacker sets up Network with the same ssid as you want to connect to.
  2. You are now connected tho the bad actor, and he is routing your traffic. He can spoof your DNS, unless you have taken precautions.
  3. you look up 'facebook.com' he reroutes you to 'faƧebook.com'. He also got his tls certificate for his domain to look legit.
  4. He serves you a login screen that looks just like the original one. you type in your credentials.
  5. he redirects your request to Facebook, logs you in, and steals your PW in the process
  6. you never know what hit you
There are more attacks, Man in the middle, DNS spoofing etc.
By using a vpn, the encrypted is connection made from your device to a secure network, and the requests are made from there, and sent back to you through a secure channel.
Https might encrypt the content, but it won't save you from spoofed DNS and the like
it cannot be done easily
it is definitely harder due to https, but I'd say it is still pretty easy
I'm hating on the article a little bit, because people are already lazy about security, and things like this give an even more false sense of safety. It's still good that https is used as much as it is now, but it's not a silver bullet.
Also: see the link @cryprocoin posted
reply