How is it a false sense of security if it's actually securing their traffic? Or do you mean it risks getting people to trust an entity that might not be worthy of their trust? I'd say that risk already exists with the hotel WiFi.
You didn't solve anything, you just moved some bits around. Do not say "what about warning fatigue", when a VPN does not solve warning fatigue.
-
-
The threat model I'd assume for an average user is "dumb attacker with a wifi pineapple or equivalent". That's easy for someone in a coffee shop. I don't expect a low-resource attacker to have the capability to MITM traffic out of a VPN server.
-
Your threat model is very confused, a physically nearby attacker willing to break the law who can only MITM one protocol (TLS) but not another (IPSEC, whatever). So you send all your bits to shady middleman instead?
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.