You disable the VPN, they show “unprotected”, come on, I’m not really unprotected, why such a dramatic word, I just disabled the thing a little, I’m “disconnected” but it doesn’t mean I’m actually unprotected, the same way it doesn’t mean I’m actually protected if I’m using a VPN.
You are right to push back on that guys comment, but I want to offer some more insight on this for you.
Https doesn’t necessarily encrypt your entire connection. While the traffic to that site is encrypted not everything is. I really wish more people were aware of DNScrypt. Which is a method for encrypting your DNS connection.
These things all have their uses.
HTTPS: Encrypts traffic to and from a given websites servers.
DNScrypt: Encrypts DNS queries between your device and the recursive resolver, so your ISP can no longer see those DNS lookups. However, the ISP can still see the IP addresses you connect to.
VPN: Routes your traffic through ANOTHER server adding a layer between your IP and the destination.
The guy you replied to said VPNs encrypt your internet connection. Some VPNs do use end to end encryption, but that’s not like a thing VPNs invented. Not sure why people think it is. VPNs can be unencrypted too. The main use case of a VPN is to act like you’re on another network. This is useful for torrenting to hide your IP, or for pretending to be in a different location. Also VPNs that are encrypted (which most are these days) only encrypt the connection from your computer to the actual VPN server. So if you aren’t using HTTPS then anything after the VPN server is unencrypted.
If the ONLY use case you have is encryption HTTPS + DNScrypt is all you need.
One note though is VPNs can actually protect against man in the middle attacks on public wifi. Where someone tricks you into connecting to their fake wifi pineapple and then shows you common sites as if they’re real, but typically this is not a threat on home wifi or a cellular network. Not a reasonable one anyway. At that point your dealing with state level actors and a VPN aint gonna do shit anyway.
DNScrypt can be subbed for DNS over TLS or DNS over HTTPS. Some browsers even have a DNS over HTTPS option in their settings. This is easier than setting DNScrypt up yourself, but you are also kind of relying on the browser to do a good job in this case. Plus any lookups outside the browser like for other apps or system updates are then not encrypted and would go to whatever the DNS is for your full system.
Even without DNScrypt or one of the alternatives one of the best things you can do is to simply manually choose a different DNS provider. Most ISPs will send you to their DNS provider and can see everything. You can manually select a different one. There are lots of options, Mullvad, Quad9, Cloudflare, Adguard Public DNS, etc. Some will even block ads for you. It’s super easy to do you just go into network settings and put in the IP to your chosen provider. You can look them up online to find a good one.