The decade-old warning to stay off public WIFI systems is no longer valid.
There are still a few small information leaks: HTTPS protects the content of your communications, but not the metadata. So when you visit HTTPS sites, anyone along the communication path—from your ISP to the Internet backbone provider to the site’s hosting provider—can see their domain names (e.g. wikipedia.org) and when you visit them. But these parties can’t see the pages you visit on those sites (e.g. wikipedia.org/controversial-topic), your login name, or messages you send. They can see the sizes of pages you visit and the sizes of files you download or upload. When you use a public Wi-Fi network, people within range of it could choose to listen in. They’d be able to see that metadata, just as your ISP could see when you browse at home. If this is an acceptable risk for you, then you shouldn’t worry about using public Wi-Fi.
Similarly, if there is software with known security bugs on your computer or phone, and those bugs are specifically exploitable only on the local network, you might be at somewhat increased risk. The best defense is to always keep your software up-to-date so it has the latest bug fixes.
What about the risk of governments scooping up signals from “open” public Wi-Fi that has no password? Governments that surveill people on the Internet often do it by listening in on upstream data, at the core routers of broadband providers and mobile phone companies. If that’s the case, it means the same information is commonly visible to the government whether they sniff it from the air or from the wires.
In general, using public Wi-Fi is a lot safer than it was in the early days of the Internet. With the widespread adoption of HTTPS, most major websites will be protected by the same encryption regardless of how you connect to them.
There are plenty of things in life to worry about. You can cross “public Wi-Fi” off your list.
I still run my VPN in and out of the house.
Why Public Wi-Fi is a Lot Safer Than You Think by Jacob Hoffman-Andrews/EFF Deeplinks