In such scenarios, you don’t need a beastly VPN provider with massive bandwidth to secure your email, Facebook, and web browsing activities. In fact, the same home VPN server model we highlighted in the previous section will serve you just as well as a paid solutions. The only time you might consider a paid solution is if you have high-bandwidth needs that your home connection can’t keep up with (like watching large volumes of streaming video through your VPN connection).
If HTTP browsing is a postcard that anyone can read as it travels along, HTTPS (HTTP Secure) is a sealed letter that gives up only where it’s going. For example, before Wirecutter implemented HTTPS, your traffic could reveal the exact page you visited (such as and its content to the owner of the Wi-Fi network, your network administrator, or your ISP. But if you visit that same page today—our website now uses HTTPS—those parties would see only the domain ( The downside is that HTTPS has to be implemented by the website operator. Sites that deal with banking or shopping have been using these types of secure connections for a long time to protect financial data, and in the past few years, many major news and information sites, including Wirecutter and the site of our parent company, The New York Times, have implemented it as well.
That attitude to the safety and privacy of personal data creates an enormous online security risk. Public Wi-Fi networks, which are ubiquitous and convenient, are unfortunately also highly convenient for attackers looking to compromise your personal information. How do you know, for example, that "starbucks_wifi_real" is actually the Wi-Fi network for the coffee shop? Anyone could have created that network, and they may have done so in order to lure victims into disclosing personal information over it. In fact, a popular security researcher prank is to create a network with the same name as a free, popular service and see how many devices will automatically connect because it appears safe.