I keep hearing on VPN ads that you have to use a VPN to not have your login information stolen. So far I have been using Cloudflare WARP to be safe enough. However, if I am using an HTTPS website, do I really need a VPN or WARP? Will an attacker on the same network as me be able to access passwords transmitted over HTTPS?
Bruh
a vpn can totally MiM if they force you to use their cert.
upstream server ssl <-> vpn client ssl <-> vpn MiM <-> vpn server ssl <-> you
Even with no MiM, VPN is going to know where you are going and how long you are there, and any unencrypted comms (UDP / torrent, funky http URL) are just … there.
I would assume consumer “privacy” VPN traffic is easily monitored by state agencies since there are fixed points of entry & egress?
Any corporate VPN worth its salt is totally MiM all traffic; usually spells it out in the sales brochure.