Hacker News new | past | comments | ask | show | jobs | submit login

Haha thats terrifying! I was just trying to point out that assuming that apps do this correctly is a bad idea; but my experience echoes yours, its a common mistake - even just browsing stack overflow people give some pretty gnarly advice.

Unless I’ve looked at the app myself i wouldnt touch public wifi - even then there are other risks to consider




Would you do it with a VPN? (I would, just checking)


A vpn (that you trust) would certainly help a little, but in the above case the connection can still be mitmed from the vpn server to the application backend

Edit: I would for my personal devices, unless I knew the app did something horrendous in advance- but I guess the core problem is you really have no way of knowing unless you check the app yourself or there is a known and reported vulnerability.


I wouldn't, especially not having looked at the VPN at first. It might expose you to even more attackers than could fit in your Starbucks


VPNs have a bad reputation, but I trust Mullvad (have used and paid them often), and Proton (currently paying them).


I trust Mullvad more than others, because IIRC they were one of the few that actually had RAM only infrastructure when they were audited




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: