OK, so…. (Apologies for being so sporadic in replying! This is important to me, but life has been a whirlwind of new job + moving + life and other distracting whatnots.)
As long as I’m connected via TLS (https), I do NOT need a VPN? I thought even using https:// was vulnerable…before the connection was made…? That unless you were to secure to start with, you were vulnerable to “a man in the middle” (?), someone who intercepted the signal and could see everything even post log in completion?
Apparently that’s wrong? I can go to a cafe and read with impunity because who cares if someone sees me reading a news site or my favorite automation blogger across the pond. Then, reading said blogger, I discover an awesome app or shortcut I simply must have, so I click on the link to the site, see “https://” in the Smart Search Field, and know that it’s safe to give them my credit card without going through a VPN first?
And, if the site does NOT have https://, then I can open the site on my phone and just go through cellular?
No need ever again for a VPN?
I confess that idea freaks me out. Possibly from years of working at IBM and other companies where before we connected, we had to sign in to a VPN. Up above, someone (ACautionaryTale) said “None of this applies to corporate/organization VPNs.” Which makes me ask “why”? If not using a VPN is so “safe,” why is it OK for corporations to use them? Shouldn’t they just forego them as unnecessary too?
I also wonder now about rolling my own VPN. I think I read we could do something like that using macOS Server, but I don’t see installing that anymore (I wanted to, but it looks like the writing is on the wall for it).
Thanks, All, for putting up with my ramblings! My subscription to TunnelBear ends in a few days, and I want to do the safe and responsible thing without throwing away money on something I don’t actually need.