I keep hearing on VPN ads that you have to use a VPN to not have your login information stolen. So far I have been using Cloudflare WARP to be safe enough. However, if I am using an HTTPS website, do I really need a VPN or WARP? Will an attacker on the same network as me be able to access passwords transmitted over HTTPS?

    • Swiggles@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      5
      arrow-down
      1
      ·
      1 year ago

      Resolve the content of the SSL cert? Sounds like something the CSI writers would say…

      No, SSL is actually very good in preventing MITM attacks. That’s what alle the CAs are for you trust on your device.

    • ranok@sopuli.xyzM
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      This is pretty misleading due to its brevity, an attacker on the same network can determine what website you’re going to but not the content being exchanged. A VPN moves the threat of having your browsing destination determined to the VPN provider from the local network.

      That said, modern WiFi encryption does prevent other devices on the network from eavesdropping, so the attacker would have to employ a more involved attack (e.g. ARP spoofing) in order to even see the destinations.

    • Possibly linux
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      That’s not really the case unless you add cert authorities to your device.