Indeed. Instead it falsely implies that you don’t need to, by glossing over the limits of what HTTPS encrypts and what it doesn’t. And it encourages users to avoid VPNs, making them subject to data collection by their ISP whether they know it or not.