pull down to refresh

To clarify what I mean by this - the data encryption is redundant and unnecessary, and it implies that the data wasn’t already encrypted to begin with.
The encryption VPNs do is not redundant because you cannot assume all data is encrypted. Furthermore, it is not unnecessary because it has the effect of obfuscating data from your ISP.
reply
What’s an example of non encrypted data you’re thinking of?
reply
reply
Yeah, some websites don't automatically redirect to HTTPS when you intentionally go out of your way to use HTTP. By default, they're either HTTPS, or they're static and not accepting data in the first place.
FWIW, this list is pretty out of date, you can check it out for yourself.
If your website doesn't automatically redirect to HTTPS, the worst thing that can happen is, you're on a network with an evesdropper, they send you a phishing link that's HTTP, you click on it, and type in a password that they can see. Maybe there's a reason you're being targeted, but in that case, a) you probably know how to look out for phishing, and b) there are more effective attacks you can attempt to steal someone's password besides trying to spy on unencrypted traffic.
Also, if your website doesn't automatically redirect to HTTP, I can guarantee you're getting 2-3 emails every month from some bug bounty researcher about it.
reply