For years, tech advice blogs and security gurus have hammered home one warning: “Never use public Wi-Fi without a VPN!”

That advice made sense back in the early 2010s when coffee shop hotspots were the Wild West of open, unencrypted traffic. But times have changed. Thanks to widespread encryption and better default security, the average person no longer needs a VPN just to check email at Starbucks.

Here’s why.

1. HTTPS Is Now Everywhere

In the past, most websites didn’t encrypt your connection. That meant someone on the same Wi-Fi network could “sniff” your traffic and read everything passwords, messages, you name it.

Today, over 95% of web traffic uses HTTPS by default. This encryption happens end-to-end between your browser and the website, even over open Wi-Fi. Your data is scrambled before it ever leaves your device, making it unreadable to anyone nearby.

2. Wi-Fi Encryption Itself Has Improved

Most modern public hotspots (including those in cafes, airports, and hotels) use WPA2 or WPA3 encryption, even if they don’t require a password. This prevents casual eavesdropping and makes it much harder for attackers to spy on your traffic without already compromising the network.

3. The “Evil Twin” Risk Is Overblown

Yes, a determined attacker could set up a fake hotspot with the same name as a legitimate one. But in practice, this is rare and your device will usually warn you if a network’s encryption or certificate doesn’t match expectations. Using HTTPS also prevents fake hotspots from stealing sensitive info, since they can’t decrypt secure traffic.

4. VPNs Can Actually Make You Less Secure

Not all VPNs are trustworthy. Many “free” VPNs log your browsing activity or sell your data. Even some paid VPNs have been caught storing logs despite promising not to. If you route all your traffic through an untrustworthy VPN provider, you’re just trading one potential eavesdropper (the coffee shop) for another (the VPN company).

5. Your Biggest Risks Aren’t From the Wi-Fi Itself

Most modern attacks target your device directly through phishing links, malicious downloads, or compromised apps not by passively sniffing your connection. A VPN won’t protect you from those. Good password hygiene, software updates, and cautious clicking will.

So When Is a VPN Worth It?

Bypassing censorship (e.g., in restrictive countries) Accessing region-locked services Hiding your IP address from the sites you visit

If those aren’t your goals, you can probably skip the VPN for everyday café browsing.

The Bottom Line

A few years ago, using a VPN on public Wi-Fi was basic survival. Today, it’s more of a niche tool. With HTTPS, WPA2/3, and better OS-level protections, your data is already encrypted by default. Focus on real security basics strong passwords, multi-factor authentication, and staying alert to scams and you can sip that latte in peace.