Is using a VPN on public Wi-Fi absolutely safe?

VPNs encrypt traffic to prevent eavesdropping but cannot defend against all attacks, such as DNS spoofing or fake certificates. Combine with HTTPS and certificate validation.

How can I detect DNS leaks in my VPN?

Use online DNS leak test tools (e.g., ipleak.net). After connecting to the VPN, check if the displayed DNS server belongs to the VPN provider.

Are free VPNs reliable on public Wi-Fi?

Most free VPNs have weak encryption or log data, posing privacy risks. Choose reputable paid VPNs or self-host WireGuard.

VPN Protection on Public Wi-Fi: Real-World Encryption Strength and MITM Risk Assessment

5/27/2026 · 3 min

Security Risks of Public Wi-Fi

Public Wi-Fi networks (e.g., in cafes, airports, hotels) often lack encryption or use weak protocols like WEP, allowing attackers to easily intercept unencrypted traffic. Man-in-the-middle (MITM) attacks are a common threat: attackers can eavesdrop or tamper with communication by spoofing access points or performing ARP spoofing.

Real-World VPN Encryption Strength

We tested five popular VPNs (ExpressVPN, NordVPN, Surfshark, ProtonVPN, and a self-hosted WireGuard) in a controlled public Wi-Fi environment to evaluate encryption strength.

Testing Methodology

Captured VPN tunnel traffic using Wireshark and analyzed encryption protocols and key lengths.
Deployed MITM proxies (e.g., mitmproxy) to attempt decryption of VPN traffic.
Measured handshake latency and throughput.

Results

| VPN Product | Encryption Protocol | Key Length | Decryptable by MITM? | |-------------|---------------------|------------|----------------------| | ExpressVPN | AES-256-GCM | 256-bit | No | | NordVPN | AES-256-CBC | 256-bit | No | | Surfshark | AES-256-GCM | 256-bit | No | | ProtonVPN | AES-256-GCM | 256-bit | No | | WireGuard | ChaCha20-Poly1305 | 256-bit | No |

All VPNs used strong encryption, and MITM proxies could not decrypt tunnel content. However, some VPNs (e.g., NordVPN) used weaker DH keys (2048-bit) during handshake, theoretically exposing downgrade attack risks.

MITM Attack Protection Assessment

We simulated three MITM scenarios:

Fake Certificate Attack: Intercepted HTTPS traffic using self-signed certificates.
DNS Spoofing: Tampered with DNS responses to redirect to phishing sites.
ARP Spoofing: Hijacked traffic within the local network.

Protection Performance

Fake Certificate: All VPNs failed to block, but browsers warned about invalid certificates. VPNs do not provide certificate validation; users must check manually.
DNS Spoofing: VPN DNS leak protection (e.g., NordVPN's CyberSec) blocked some malicious domains but could not prevent DNS redirection.
ARP Spoofing: Once the VPN tunnel was established, ARP spoofing only affected pre-tunnel traffic; attackers could not decrypt tunneled data.

Key Findings

VPN encryption effectively prevents traffic content leakage but cannot defend against DNS or certificate-based MITM attacks.
Some VPNs (e.g., ProtonVPN) include DNS leak protection but it is not enabled by default.
Self-hosted WireGuard performed best in MITM protection due to its decentralized certificate system.

Selection and Configuration Recommendations

Prioritize VPNs supporting AES-256-GCM or ChaCha20; avoid CBC mode (vulnerable to Padding Oracle attacks).
Enable DNS leak protection: Force the VPN's DNS server in settings.
Use HTTPS Everywhere: Even with VPN encryption, HTTPS provides end-to-end security.
Avoid free VPNs: Some inject ads or log user data.
Regularly update VPN clients: Fix known vulnerabilities.

Conclusion

On public Wi-Fi, VPNs provide strong encryption but are not a silver bullet. Users must combine HTTPS, certificate validation, and other layered security measures. Our tests show that mainstream VPNs offer encryption strength sufficient to withstand most MITM attacks, but risks at the DNS and certificate levels remain.