I keep hearing on VPN ads that you have to use a VPN to not have your login information stolen. So far I have been using Cloudflare WARP to be safe enough. However, if I am using an HTTPS website, do I really need a VPN or WARP? Will an attacker on the same network as me be able to access passwords transmitted over HTTPS?
You know that VPN traffic is encrypted, right?
But encrypting already encrypted HTTPS data is largely irrelevant (for that simplified analogy) unless you don’t trust the encryption in the first place. So the relevant part is hiding the HTTPS headers (your addresses from above) from your the network providing your connection (and the receiving end) by encrypting them.
Unless of course you want to point out that a VPN also encrypts HTTP… which most people have probably not used for years, in fact depending on browser HTTP will get refused by default nowadays.