[tomas789]

I wouldn’t want to relay on random caffee’s router to do this for me. I would still end up running firewall more carefully on my end devices. Which for my iPhone I’m not even sure if I can. So probably a personal VPN would be a must.

[averageRoyalty]

Sure... But wouldn't you want to treat this random network as hostile anyway? The router might already have port forwarding to the IP you grab from DHCP, not to mention other clients on the network. I'm also unsure how a VPN would help against inbound traffic regardless?

[lmm]

> I wouldn’t want to relay on random caffee’s router to do this for me. I would still end up running firewall more carefully on my end devices.

Are you not doing that already? If you trust whoever else happens to be on the same wifi in the cafe you're a braver man than I.

[yjftsjthsd-h]

Does a VPN prevent inbound traffic on other IPs? If I put my laptop on a VPN, I can still SSH to it on its RFC 1918 address.

[icedchai]

It depends on the VPN and its policies. Some deny all local traffic when active, routing everything through the VPN, and only leave a IPv4 /32 route for the default gateway. Some are more permissive.

[throwaway173738]

A VPN can’t prevent inbound traffic but if the VPN alters the routing table it can prevent the return leg from working. This probably isn’t enough to prevent compromise.