(no title)

It's less of an issue when every site you connect to uses https, and every app you use employs ssl/tls for its connections. That is common practice these days. Getting man-in-the-middle'd on airport Wi-Fi is less feasible these days than it was 10 years ago. The attacker would have to also install a certificate on the user's device. I welcome corrections if I'm wrong.

VPNs aren't obligated to tell you the truth. They don't have to have good security or even honor what they say on the front page. People trust marketing, not actual policy or actions - just look at Apple. Still waiting on "HMA" VPN to go out of business because they handed over users to the FBI. They're still around and claim No Logs just like everyone else, just like ProtonMail did until this month.

https://arstechnica.com/information-technology/2021/09/priva... https://hacker10.com/internet-anonymity/hma-vpn-user-arreste... https://www.theregister.com/2011/09/26/hidemyass_lulzsec_con...