Also, you are just switching up the "unprotected stretch" between your local wifi, and, say, Google's servers, whereas now that "unprotected stretch" lies between the VPN provider servers in Latvia or British Virgin Islands or Panama, or whatever dubious jurisdiction, and, say, Google. Sure, you added a layer of protection against the random hacker sitting in your Starbucks, but you have added many more vectors.

It becomes the poison because the solution you are introducing brings more issues. And it's schizophrenic because the issue to begin with, was minuscule (a hacker stepping into MacDonalds, breaking the network encryption and then also the application encryption.

Maybe if this were 2010 and websites still used HTTP, or you are using a local email client without TLS configured. But it's 2025, everything has HTTPs and you are using an HTTPs email client.

VPNs to protect corporate networks is sensible. Consumer VPNs are a different thing entirely and they do not provide increased security at best, decrease security at worst, and usually cater to schizoid threat models, where the threat actor is the state, rather than more realistic threat scenarios.

As long as the VPN is up, the worst the wifi can do is cut you off. It can't alter your connections.

It's far fewer trust points.

> Also, you are just switching up the "unprotected stretch" between your local wifi, and, say, Google's servers, whereas now that "unprotected stretch" lies between the VPN provider servers in Latvia or British Virgin Islands or Panama, or whatever dubious jurisdiction, and, say, Google. Sure, you added a layer of protection against the random hacker sitting in your Starbucks, but you have added many more vectors.

When I use a VPN for protection, the server is in the US too.

And if it's for netflix I'm going to some major country, not dubious-land.

(Also I'd say datacenter and internet core routers are less likely to attack some random person's traffic, but that's not core to my argument.)

> It becomes the poison because the solution you are introducing brings more issues. And it's schizophrenic because the issue to begin with, was minuscule (a hacker stepping into MacDonalds, breaking the network encryption and then also the application encryption.

For most wifi networks, there is no encryption between users. And it's quite likely that the neglected router got hacked over the internet and is part of a botnet.

> Maybe if this were 2010 and websites still used HTTP, or you are using a local email client without TLS configured. But it's 2025, everything has HTTPs and you are using an HTTPs email client.

Until you type in a URL and HSTS isn't set.

WPA2? Sure it can be broken, but you still would have to break HTTPS on top of that.

I don't deny that a third layer adds security in that scenario, as 3 layers is more than 2 layers. But you necessarily weaken some other stretch in a zero-sum fashion, as mentioned. I'll concede that the server can be in your own country if you so choose to. But these datacenters are not necessarily controlled by the VPN provider, and they may be highly heterogeneous, in addition there will be many routers in the VPN DC to destination stretch that can still be hacked. Although again I'll grant that endpoint routers are probably weaker targets than ISP routers.

If you're on a WPA2 network you just have to observe a device connecting and you can crack their session key. It's very easy. Not that you need to do that, you could ARP spoof. Or the router could be hacked.

And you don't have to break HTTPS to have a good chance of attacking someone. There's enough HTTP around.

So it's easy to fall through both of those layers.

Is it that easy? I'm not sure if you are a genius hacker or just somewhat misinformed.

My understanding was that observing the initial connection is a requirement for the typical exploit. The attack itself is considerably more complex. Additionally WPA2 is a sort of envelope protocol, the actual encryption cipher can vary and so will the attacks.

I'm not an expert, but I looked into this stuff 7 years ago when I was broke, and I apt installed aircrack-ng from a starbucks so I could try siphoning off my neighbour's wifi, I wasn't able to. Skill Issue sure, but it wasn't as trivial as "just observing a device connecting".

I personally don't see much HTTP, I think a more reasonable attack would be hoping that the user clicks on "continue anyway" whenever a TLS error pops up.

On another note, this would relate to local attackers only right? If a router has been pwned remotely, it wouldn't matter whether the last mile is a twisted pair or air.

> In the WPA2 handshake, everything except the GTK is sent unencrypted. Recall that the PTK is derived with the two nonces, the PSK, and the MAC addresses of both the access point and the client. This means that an on-path attacker who eavesdrops on the entire handshake can learn the nonces and the MAC addresses. If the attacker is part of the WiFi network (i.e. they know the WiFi password and generated the PSK), then they know everything necessary to derive the PTK. This attacker can decrypt all messages and eavesdrop on communications, and encrypt and inject messages.

No genius hacker, no misinformation. WPA2 in the normal password mode does not protect clients from each other. It's not part of the design.

https://wiki.wireshark.org/HowToDecrypt802.11

Here's a page about how you can use wireshark to decrypt WPA2 if you capture the handshake, but you can't do it on WPA3. (Also it's not hard to force new handshakes.)

> I'm not an expert, but I looked into this stuff 7 years ago when I was broke, and I apt installed aircrack-ng from a starbucks so I could try siphoning off my neighbour's wifi, I wasn't able to. Skill Issue sure, but it wasn't as trivial as "just observing a device connecting".

Trying to get a password is a completely different thing from trying to attack someone else on the same network as you. You did not fulfill the "If you're on a WPA2 network" part of the sentence.

There was a password-finding attack called KRACK that came out in 2017 but it's fussy and there are ways to defend against it. And you can still brute force WPS sometimes but I guess their device didn't allow it.

> On another note, this would relate to local attackers only right? If a router has been pwned remotely, it wouldn't matter whether the last mile is a twisted pair or air.

Yes, "someone sharing the network" and "hacked router" are two different ways you could be attacked.

Oh yes, of course, this is not unlike the capacity of computers in my LAN being able to see my packets, for example if my roommate was a hacker, they would be able to intercept packets while on their way to the router.

Now an interesting thing I've seen in public networks like say Starbucks or McDonalds, they usually don't rely on WPA2 password default security mechanism. I'm not sure what mechanism they use, but they have me log through a browser first.

WPA3 uses a better calculation where listening in doesn't tell you the key.

At least from a blue team perspective that's what I assume can happen. The power lines outside my home have the network cables all spliced together anyways, it's not like you'd have to make a new connection.