Free Wi-Fi in cafés, airports, hotels, trains — the norm. You connect with no password or with "cafe123", open email, log into your bank. Convenient. But these are exactly the networks the consumer VPN was invented for.
In this article we'll break down which public-Wi-Fi risks are real (and which are inflated media fear), and what a VPN actually does.
What's wrong with public Wi-Fi in general
The core difference: you don't know who set this network up or what's happening on it. Even if the café manager is honest, the network may host:
- Other connected users. Dozens of people may share the network with you, and any of them could in theory analyze the shared traffic.
- The network owner. All your unencrypted activity is visible to the access point owner. What they do with it — unknown.
- A fake access point. One of the old, still-working scenarios — an attacker creates a network called "Airport_Free_WiFi", people connect.
- MitM attacks. Traffic interception at the network level.
What HTTPS protects — and what it doesn't
Important nuance: the modern internet runs mostly on HTTPS — that's already encryption. When you visit a bank or email, no one on the network sees the contents (passwords, message text), thanks to HTTPS.
But HTTPS doesn't protect:
- Site names. Through DNS queries and SNI, the network owner sees you visited bank.com, mail.com, etc. Specific pages — no, but "where you went" — yes.
- Requests to old non-HTTPS sites. Still occur.
- Some phone apps. Not all mobile apps encrypt traffic correctly. Sometimes certificate validation is disabled, opening up interception.
- Metadata. Traffic volume, session times, behavior patterns remain visible.
What a VPN adds
A VPN closes the remaining gaps:
- Site names. DNS queries go through the VPN provider's server, not the local network. The Wi-Fi owner only sees the VPN connection.
- Protection of unencrypted traffic. If an app or site doesn't encrypt itself — the VPN encrypts on its behalf.
- Tampering protection. If an attacker tries to swap a page or server response — it's harder, because all traffic goes through the VPN tunnel.
- Hiding the activity itself. The network owner sees neither sites nor apps — only a connection to a VPN server.
Real risks vs media panic
Public Wi-Fi articles often scare with specific attacks. Not all are equally real:
- Banking password interception. Very unlikely — banks run on HTTPS, which can't be broken without a substituted certificate (which requires access to your device).
- Session cookie theft. Real, but mostly on non-HTTPS sites — rare these days.
- DNS spoofing. Real, especially via fake networks. A VPN closes this.
- Activity tracking. Fully real and routine. A VPN closes this.
- Hidden device tracking via Wi-Fi trackers. Real and widespread in malls, airports. A VPN doesn't help here (it's a radio-signal attack, not network) — separate defense.
When a public-Wi-Fi VPN is critical
Stay safe on public networks
8 hours free, no card required. Full access to every server.
Start for freeSpecific scenarios where without a VPN there's a notable vulnerability:
- Connecting in an unfamiliar country. Especially in surveillance-heavy countries. Any open network is a potential risk.
- When the connection is for sensitive data. Work documents, banking, client communication.
- In hotels with known leaks. Several hotel chains have been caught injecting malicious code into HTTP pages (banners with infected links).
- In airports. High flow of random users, ideal attack environment.
- In chain cafes. The more "branded" the network, the more attractive a target.
When you can skip the VPN
A few situations where a VPN on public Wi-Fi is overkill:
- At a trusted friend's home, where you know there are no strange devices on the network.
- On the office network, where IT handles security.
- On 4G/5G mobile — traffic is protected by carrier encryption (a VPN doesn't hurt though).
Otherwise the rule is simple: on any unverified network — VPN on.
How to set it up so you don't forget
The universal answer is auto-connect. All decent VPN apps can:
- Turn on the VPN automatically when joining any Wi-Fi network except trusted ones.
- You define the trusted list yourself: home network, work, parents'.
- When the phone joins an unknown network — the VPN turns on before any app can send traffic.
In VolnaLink it's a single "Auto-protect" toggle. Set once — forget. No need to remember.
What else to do on public networks
A VPN is the main measure, but not the only one. Additional steps:
- Don't leave your device unattended in public.
- Disable auto-connect to open networks in phone settings — decide each time manually.
- Don't do important operations (payments, password resets) on public Wi-Fi, even with a VPN — better at home.
- Enable 2FA on all important accounts. If something does leak, a password without a second factor is useless.
Bottom line
Public Wi-Fi is the main scenario where a VPN is genuinely needed for a regular person. Not for "complete anonymity", but for normal protection from surveillance and traffic tampering. Enable auto-connect and forget — the VPN will do its job.
VolnaLink VPN turns on automatically on untrusted networks and runs on all popular devices.