The intative promises to be privacy-friendly with no tracking. Stating:
Your privacy is important. The WiFi4EU app ensures a private online experience with no tracking or data collection. Simply connect and enjoy free public Wi-Fi without concerns.
Source: https://digital-strategy.ec.europa.eu/en/policies/wifi4eu-citizens
Will be interesting to see how this spans and plays out in reality. Looks promising too, did a quick scan of their builtin permissions and trackers and looks good too. (Scanning tool is called Exodus)
No, you don’t really have to worry about connecting to third party WiFi networks anymore. Just make sure that when your browser says “This connection might not be secure” (aka it couldn’t make sure the certificate is legit, or it’s not even encrypted at all), you don’t ignore the warning and click “I dont care, I’ll take the risk”.
Privacy-wise, you can be exposed if the WiFi network is not trusted, as the domains you visit are likely to be visible (DNS resolution encryption is still not widely used). A VPN usually solves that completely.
There is probably other aspects to be wary of that are not on top of my head, but nothing like your credentials being stolen, bank data being stolen, or anything like it, as long as you keep your devices updated (vulnerabilities are still a thing, but are usually fixed quickly enough, and certificate authorities private keys can be leaked/stolen - although that is incredibly rare -, but are also usually removed from the trusted list of browsers quickly enough)
VPNs also encrypt all the non encrypted traffic (so, as I said earlier, DNS resolution, but also potential third party applications that do not encrypt their data, which would be an enormous mistake on their side), but offers no noticeable extra protection when just browsing the web. It basically adds a layer of encryption over already existing encryption, which adds no practical security.
As for the example you gave, I am not familiar anymore with the WiFi protocols, but I wouldn’t be surprised if your device leaks some information about your past connected networks when actively probing for available networks. It is a privacy concern, but not a security one.
Does the average browser say that? Mine does, but I tweak it, so I might have enabled it. It explicitly has that “HTTPS Only” Firefox feature. Just thinking of, like, folks that just use as is. Me mum ain’t tweaking none of that on her own, I don’t think.
So a VPN is good for privacy, then. What about DNS? I use NextDNS, with the relevant option on that system or app. Given DNS over HTTPS (DoH), I presume that’s private as well, innit? Should the average person have a DNS? What about a VPN? Any advantages? E.g., should I get people to use one?
Yeah, I reckon the device could be leaking known WiFi, maybe in an attempt to find and connect to a known one. Funny that my device got picked in the presentation, too. I guess mine was interesting, in that the WiFi name indicated something interesting, rather than just a random name
Yes, every modern browser warns by default when using an insecure website (unencrypted, encrypted with an unknown certificate, and other reasons). The point is to make it as difficult as possible for people who don’t know what they’re doing to access insecure websites. Usually the option to ignore the warning is hidden behind small “Learn more” or “More options” clickable text, which then reveal the button to ignore the warning.
If you use any of the big browsers, you’d need to have a very outdated version to not have that by default.
A VPN does help with privacy, yes. A different DNS than the default one can help with privacy as well, considering that the default one is usually your ISP’s own DNS, and the DNS you setup can see the domains you visit.
DNS over HTTPS is the encrypted alternative I was referring to, yes. Having it configured is best, but it is rarely the case by default. Most VPNs automatically setup their own DNS, usually over HTTPS, when they’re on, which is why I said it usually completely fixes the issue.
I don’t think anyone who is not particularly worried about privacy should worry about having custom DNS setups or VPNs for anything other than spoofing your location (or eventually some side features like blockers, but that’s not really part of the VPN). Changing the DNS configuration is an easy and free step though, so if you want to worry about the privacy of people around you, setting up a more private DNS, and over HTTPS, is not a bad idea.