[alasdair_]

>Seems like a contradictory message. He just got through telling us how most of the web is now end-to-end encrypted with HTTPS. So why does he need a VPN at the airport? Is he checking his email? I can't imagine that he's using an email service that doesn't use HTTPS.

Because the Internet is more than the stuff that lives on port 443?

What does the author do about UDP packets?

It’s interesting that you mention email. SMTP can use TLS of course but I know of plenty of POP3 email providers that still send unencrypted and even if it were, it’s not using HTTPS.

What about DNS requests too? Those are still often sent in cleartext.

Even with actual HTTPS with a browser, the domain itself is visible.

In short - the Internet is not just the web.

[viraptor]

That would imply the author cares enough about privacy / security to use VPN to hide for example POP3, but not enough to immediately drop an email provider which uses unencrypted POP3 service. And that's a strange argument.

[michaelmrose]

Probably because a person can more trivially be taught vpn = privacy than understanding ANY of the details and be legitimately better off especially if they are doing other stupid things like using unencrypted pop3 or use the same password at random http site as they use on their bank.