The latest SN (Episode #891 | 04 Oct 2022) has a mention of some assessment of what a "public" Wifi network could present as a risk to someone using it.
Given the prevalence of TLS connectivity, I do agree that a random, boring nobody like you or me is unlikely to be at risk of some attacker observing our mundane lives on the Internet. TLS is everyone's friend. Besides that, 99.8% of people don't care - especially if they are roaming and free networks are their friends.
I think the poisoned Wifi as you might see at Defcon or Black Hat are the interesting scenarios; it's the provisioning of a Wifi network somewhere for free where you might get people using it to your advantage would be something to think about. It could be that an attacker elsewhere in the world compromises some public Wifi, poisons DNS and bring their own EvilProxy to hook credentials to use is something to consider a real-world scenario.
I don't use a VPN when I am abroad but then again, I don't go banking. I think that's my Crown Jewel and to be protected. Would you log into your bank on some random Wifi?
Given the prevalence of TLS connectivity, I do agree that a random, boring nobody like you or me is unlikely to be at risk of some attacker observing our mundane lives on the Internet. TLS is everyone's friend. Besides that, 99.8% of people don't care - especially if they are roaming and free networks are their friends.
I think the poisoned Wifi as you might see at Defcon or Black Hat are the interesting scenarios; it's the provisioning of a Wifi network somewhere for free where you might get people using it to your advantage would be something to think about. It could be that an attacker elsewhere in the world compromises some public Wifi, poisons DNS and bring their own EvilProxy to hook credentials to use is something to consider a real-world scenario.
I don't use a VPN when I am abroad but then again, I don't go banking. I think that's my Crown Jewel and to be protected. Would you log into your bank on some random Wifi?