There is a need for a VPN. Most public access points perform some traffic manipulation and I absolutely believe that some intentionally block and/or modify data to obscure some data from people who are in-store. In fact, I believe Best Buy was already caught doing this with their own site; in-store APs wouldn't reflect the price that was really shown on bestbuy.com. ...
Ah, it seems that Best Buy did this but only on internal workstations, so that when the employee would access bestbuy.com, the discounted price online wouldn't show up: https://consumerist.com/2007/03/02/best-buy-confirms-the-exi... . However, they could trivially do this via wifi.
While searching for this, I also found this: http://adage.com/article/digital/retailer-jo-ann-aims-retarg... , which registers the device MAC on the backend and uses it to track how many times a user has entered the store (that is, connected to the store's wifi). Even VPN wouldn't stop this from happening, you'd need to randomize your phone's MAC address.
Public wifi is convenient but we shouldn't be naive about it. Companies are using it for their own purposes.
HTTPS wouldn't prevent this, just harvest the CN and SNI names from the presented cert and use those to match. And as far as changing DNS servers, those can easily be MITMd, or they could just ignore DNS altogether and use a transparent proxy to block/redirect traffic.
Ah, it seems that Best Buy did this but only on internal workstations, so that when the employee would access bestbuy.com, the discounted price online wouldn't show up: https://consumerist.com/2007/03/02/best-buy-confirms-the-exi... . However, they could trivially do this via wifi.
While searching for this, I also found this: http://adage.com/article/digital/retailer-jo-ann-aims-retarg... , which registers the device MAC on the backend and uses it to track how many times a user has entered the store (that is, connected to the store's wifi). Even VPN wouldn't stop this from happening, you'd need to randomize your phone's MAC address.
Public wifi is convenient but we shouldn't be naive about it. Companies are using it for their own purposes.