The intative promises to be privacy-friendly with no tracking. Stating:
Your privacy is important. The WiFi4EU app ensures a private online experience with no tracking or data collection. Simply connect and enjoy free public Wi-Fi without concerns.
Source: https://digital-strategy.ec.europa.eu/en/policies/wifi4eu-citizens
Will be interesting to see how this spans and plays out in reality. Looks promising too, did a quick scan of their builtin permissions and trackers and looks good too. (Scanning tool is called Exodus)
No, you don’t really have to worry about connecting to third party WiFi networks anymore. Just make sure that when your browser says “This connection might not be secure” (aka it couldn’t make sure the certificate is legit, or it’s not even encrypted at all), you don’t ignore the warning and click “I dont care, I’ll take the risk”.
Privacy-wise, you can be exposed if the WiFi network is not trusted, as the domains you visit are likely to be visible (DNS resolution encryption is still not widely used). A VPN usually solves that completely.
There is probably other aspects to be wary of that are not on top of my head, but nothing like your credentials being stolen, bank data being stolen, or anything like it, as long as you keep your devices updated (vulnerabilities are still a thing, but are usually fixed quickly enough, and certificate authorities private keys can be leaked/stolen - although that is incredibly rare -, but are also usually removed from the trusted list of browsers quickly enough)
VPNs also encrypt all the non encrypted traffic (so, as I said earlier, DNS resolution, but also potential third party applications that do not encrypt their data, which would be an enormous mistake on their side), but offers no noticeable extra protection when just browsing the web. It basically adds a layer of encryption over already existing encryption, which adds no practical security.
As for the example you gave, I am not familiar anymore with the WiFi protocols, but I wouldn’t be surprised if your device leaks some information about your past connected networks when actively probing for available networks. It is a privacy concern, but not a security one.
Does the average browser say that? Mine does, but I tweak it, so I might have enabled it. It explicitly has that “HTTPS Only” Firefox feature. Just thinking of, like, folks that just use as is. Me mum ain’t tweaking none of that on her own, I don’t think.
So a VPN is good for privacy, then. What about DNS? I use NextDNS, with the relevant option on that system or app. Given DNS over HTTPS (DoH), I presume that’s private as well, innit? Should the average person have a DNS? What about a VPN? Any advantages? E.g., should I get people to use one?
Yeah, I reckon the device could be leaking known WiFi, maybe in an attempt to find and connect to a known one. Funny that my device got picked in the presentation, too. I guess mine was interesting, in that the WiFi name indicated something interesting, rather than just a random name