The intative promises to be privacy-friendly with no tracking. Stating:
Your privacy is important. The WiFi4EU app ensures a private online experience with no tracking or data collection. Simply connect and enjoy free public Wi-Fi without concerns.
Source: https://digital-strategy.ec.europa.eu/en/policies/wifi4eu-citizens
Will be interesting to see how this spans and plays out in reality. Looks promising too, did a quick scan of their builtin permissions and trackers and looks good too. (Scanning tool is called Exodus)
It’s not really a concern anymore, now that pretty much all a lambda user’s traffic is encrypted. Anyone collecting your wifi traffic only sees garbage.
Websites also can’t be so easily spoofed. The spoofer would need to have a certificate issued by an authority trusted by your device for the spoofed domain, which is highly, highly unlikely to happen as long as your software is up to date, which nowadays is done automatically.
So really, the fear of untrusted public wifi is a thing of the past, and a good marketing lie for VPN companies.
So I don’t need to worry connecting to third-party WiFi, then. Are all WiFi “safe”, then? I mean, besides public WiFi. “Private” WiFi like hotels, houses, etc. Like, could I exploit my own WiFi somehow? Or someone else, with WiFi they set up and control
Do VPNs have any advantage, then, other than location “spoofing”? Or is the sole use to appear to be in a different country? I mean, there is a corporate use of connecting to a company from afar
Once seen a presentation, where I once worked. Feller picked me device on a list on his PC, could see WiFi I had connected to. Presumed, and well, that I took the intercity bus.
No, you don’t really have to worry about connecting to third party WiFi networks anymore. Just make sure that when your browser says “This connection might not be secure” (aka it couldn’t make sure the certificate is legit, or it’s not even encrypted at all), you don’t ignore the warning and click “I dont care, I’ll take the risk”.
Privacy-wise, you can be exposed if the WiFi network is not trusted, as the domains you visit are likely to be visible (DNS resolution encryption is still not widely used). A VPN usually solves that completely.
There is probably other aspects to be wary of that are not on top of my head, but nothing like your credentials being stolen, bank data being stolen, or anything like it, as long as you keep your devices updated (vulnerabilities are still a thing, but are usually fixed quickly enough, and certificate authorities private keys can be leaked/stolen - although that is incredibly rare -, but are also usually removed from the trusted list of browsers quickly enough)
VPNs also encrypt all the non encrypted traffic (so, as I said earlier, DNS resolution, but also potential third party applications that do not encrypt their data, which would be an enormous mistake on their side), but offers no noticeable extra protection when just browsing the web. It basically adds a layer of encryption over already existing encryption, which adds no practical security.
As for the example you gave, I am not familiar anymore with the WiFi protocols, but I wouldn’t be surprised if your device leaks some information about your past connected networks when actively probing for available networks. It is a privacy concern, but not a security one.
Does the average browser say that? Mine does, but I tweak it, so I might have enabled it. It explicitly has that “HTTPS Only” Firefox feature. Just thinking of, like, folks that just use as is. Me mum ain’t tweaking none of that on her own, I don’t think.
So a VPN is good for privacy, then. What about DNS? I use NextDNS, with the relevant option on that system or app. Given DNS over HTTPS (DoH), I presume that’s private as well, innit? Should the average person have a DNS? What about a VPN? Any advantages? E.g., should I get people to use one?
Yeah, I reckon the device could be leaking known WiFi, maybe in an attempt to find and connect to a known one. Funny that my device got picked in the presentation, too. I guess mine was interesting, in that the WiFi name indicated something interesting, rather than just a random name