• calcopiritus@lemmy.world
      link
      fedilink
      arrow-up
      40
      ·
      4 months ago

      HTTPS solved much of the security issues of untrusted networks. As long as you’re not doing banking or whatever, you should be fine without a VPN.

      • WIPocket@lemmy.world
        link
        fedilink
        arrow-up
        39
        ·
        4 months ago

        Why would banking be an issue? I get that its a target, but I really would expect a bank to take care of their TLS.

        • Tryptaminev@lemm.ee
          link
          fedilink
          arrow-up
          16
          ·
          4 months ago

          Also i would expect banks to use some sort of 2FA where you have to manually confirm any transaction on your mobile device, or enter a code generated from there into your computer.

        • calcopiritus@lemmy.world
          link
          fedilink
          arrow-up
          4
          ·
          4 months ago

          No security measure is perfect. When doing security-sensitive things, it’s better to wait when you’re home on an uncompromised network.

          But yes, the chances of something happening is very small, even when using an unknown network.

      • Cornelius_Wangenheim@lemmy.world
        link
        fedilink
        arrow-up
        17
        ·
        4 months ago

        It should be fine as long you don’t click through any SSL errors. And something like a bank should have HSTS enabled, meaning your browser will refuse to load the site if there’s an SSL error.

        • calcopiritus@lemmy.world
          link
          fedilink
          arrow-up
          5
          ·
          4 months ago

          They don’t let me choose a password longer than 6 characters. I don’t assume anything about my bank’s security.

      • Trainguyrom@reddthat.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Personally I do a Tailscale tunnel to my home network, if nothing else but so that services don’t log a hotel IP