Every article (and post on this website) I find on public Wi-Fi safety is mostly concerned with other people connected to the same network snooping on our communications. As far as I understand it, were mostly secure as long as were connecting through HTTPS. Mostly because there could be flaws in the encryption software or the bad actor could redirect us to a fake page.
But what about the provider? I sometimes connect to free Wi-Fi hotspots (bus, hospital) that require me to accept an agreement before connecting. Sometimes that agreement says they can monitor my communications.
So, assuming I connect to such a Wi-Fi network and only do HTTPS-related connections, could they:
Generally speaking†, one cannot intercept HTTPS communications.
However, a hot-spot provider can do the following:
http://yourbank.com, hoping for a redirect to
https://yourbank.com, the hot-spot owner can intercept that and redirect you or serve you their own content. This is one reason why HSTS exists. If the site uses HSTS or you type in
https://yourbank.comor you use a VPN you are fine.
† With the following assumptions:
External links referenced by this document: