Originally Posted by
ElCaminoReal
HTTPS is secure, but susceptible to man-in-the-middle attacks which is exactly how an attacker would compromise a public hotspot (or a bad actor establish one with this sole intent) and obviously there are plenty of places on the internet that do not use HTTPS.
I'm curious about MITM attacks over HTTPS when one is using one's own client system and not downloading certificates from the hotspot since I thought that was not possible or at least only possible by nation state actors. Has something changed?
Thanks.