We're veering off topic here. The question the OP asked was, "if I use only https connections at a coffee shop or other public wifi, can I be assured of those communications being secure?"
We got a bunch of initial "NO!" answers with no commentary or explanation. I asked for an explanation.
As has been explained, https verifies the server certificate to ensure it's communicating with whom it thinks it is.
I understand that someone like Gogo can use a self-signed certificate that says it's for Google but the browser won't trust it, since it's not signed by a trusted authority. A user who isn't paying attention would probably not see what's happening.
This is what Gogo was doing.
Originally Posted by
Server
Trusting any connection that is not secured with a password or some sort of VPN is a huge no no in the corporate world. Assume any input connections are unsanitary and need protection. Someone could log your credit card or other personal information from the network (man in the middle, etc). Or they could also send a malicious packet to the whole network.
Right - and the whole point of https is that it verifies the server identity and encrypts communications so you can use things securely over untrusted networks.