I agree in some ways ! But I think my problem with the claim is that the majority of users aren't going to sites that aren't HTTPS.

I mean, even if you're at home visiting a site without HTTPS still presents problems. I think if people are browsing a lot of non-secure websites _they probably have a lot larger concerns than packet sniffing_.

Part of my explanation certainly hinges on the expectation that the average user isn't going to be browsing sites that aren't secure. But I think in 2024, that expectation is likely accurate. Seems like a pretty limited case; though yes, I would argue there is a case for them -- including for security on public networks at some level (DNS and the aforementioned HTTP) -- just that there really isn't for the average person... It's a pretty limited scope of things that aren't already protected before a VPN arrives. Computers and servers have much more robust security systems these days. And it certainly isn't a metaphorical 'condom for the internet' that people often advertise it as. My point isn't that the protection doesn't exist in an edge case, my point is that the average person isn't any more protected by a VPN over LAN than they would be if they just used their computer normally.

Personally, Idk why you would ever be on an HTTP website. Most modern browsers will make you proceed past a " danger" screen to visit them. The average user probably isn't going to do that. Especially on public wifi