To me, the price paid to a cellular provider is actually preferable to relying on other people's WiFi networks.
Using someone else's WiFi isn't a security advantage, it's the opposite. You're bumming off of someone's network and not even paying them - so who knows what their motivations might be. Who knows if the network that the SSID claims to be is actually that network.
Is Starbucks Free WiFi actually run by Starbucks or is it a malicious router placed in the same vicinity? I don't actually know until I connect.
I would suggest the alternative of using a pay-as-you-go plan on a SIM card, something that doesn't cost a lot with low usage. If you want to be more disconnected you can simply turn on airplane mode. In almost any country in the world you can pay less than $10/month to maintain a phone line and SIM card.
>> Is Starbucks Free WiFi actually run by Starbucks or is it a malicious router placed in the same vicinity?
Both. The Starbuck Free WiFi is also a malicious router. All routers should be seen as malicious. That threat model is why we have secure websites. That's why VPNs are always a good idea, or Tor if you are really worried. But even then, those routers too must be deemed untrustworthy. At no point should one ever trust middlemen, be them routers or used car salesmen.
The entire Internet is based on routers aka middlemen. Even your VPN provider is a middleman.
If I had to choose, I'd trust a known compromised access point that doesn't know my identity over Yet Another VPN provider to whom I paid money and gave valid billing details.
Both are shady, at least the first only gets small bits of traffic that happen to be unencrypted here and there and doesn't have my identity and can only snoop when I'm at the location of the AP, the other one has my valid identity and billing details, e-mail address and happens to snoop on me all the time I have the VPN on regardless of my physical location.
VPN services such as Mullvad (and I believe Nord as well) accept cash and crypto in exchange for their service. And both allow WireGuard, which is coming to the 5.6 Linux Kernel. Additionally, Mullvad has no referral model in place to attempt to track individuals via social graphs.
> Is Starbucks Free WiFi actually run by Starbucks or is it a malicious router placed in the same vicinity?
Isn't Starbucks "Free" WiFi a joint venture between Starbucks and Google where you have to agree to them collecting your browsing data in order to use their "free" service?
The only reason public Wi-Fi is a thing in this day and age is marketing & advertising tracking. Venues don't deploy it out of the goodness of their hearts, they do so because the data they collect from it exceeds the cost of deploying and operating it.
Another issue is that most public Wi-Fi is provided by a few companies offering it "as a service" to the venue so these companies can track you across different venues by your MAC address.
Trading off mobile data for public Wi-Fi for "privacy" is stupid and counter-productive. You're trading off a company that might occasionally be nasty (depends on the region - carriers selling granular location data like in the US wouldn't fly in Europe for example) to companies whose entire businesses is to be nasty.
Using someone else's WiFi isn't a security advantage, it's the opposite. You're bumming off of someone's network and not even paying them - so who knows what their motivations might be. Who knows if the network that the SSID claims to be is actually that network.
Is Starbucks Free WiFi actually run by Starbucks or is it a malicious router placed in the same vicinity? I don't actually know until I connect.
I would suggest the alternative of using a pay-as-you-go plan on a SIM card, something that doesn't cost a lot with low usage. If you want to be more disconnected you can simply turn on airplane mode. In almost any country in the world you can pay less than $10/month to maintain a phone line and SIM card.