I think I was thinking of situations where the wifi owner redirects you to their impersonation site with their own cert, but a normal browser will pop up a big warning about that. Also if the site properly uses HSTS and you’ve been there on that machine before, then you’re protected from being directed to a http impersonation site. A VPN will protect you from both (assuming the VPN us trustworthy), but if you’re savvy you don’t need it. But then the type of person who needs the kind of simplified explanation for “why VPN” that you get in ads is not savvy.
I think I was thinking of situations where the wifi owner redirects you to their impersonation site with their own cert, but a normal browser will pop up a big warning about that. Also if the site properly uses HSTS and you’ve been there on that machine before, then you’re protected from being directed to a http impersonation site. A VPN will protect you from both (assuming the VPN us trustworthy), but if you’re savvy you don’t need it. But then the type of person who needs the kind of simplified explanation for “why VPN” that you get in ads is not savvy.