This is an old revision of the document!
Because nomads, by definition, don't stay in one place their internet connection is usually wireless (ie, radio based). Wifi and mobile data both use radios to transmit data back and forth. This can present a security issue if:
Short version: if you are using a secured website (banking, finance, medical, email, etc) it doesn't matter how you get there. The transmitted data is encrypted end-to-end:
You could have an airplane write the transmitted data in the sky and it would still be safe. You could tattoo it on your face and it would be safe. You could paint it on the side of the empire state building and it would be safe. – secessus
Longer version follows.
Websites are either secure (https:) or unsecure (http:). Traditionally, the browser indicates with a padlock icon when sites are secure. You can also click on that area to get security details such as the certifying authority, encryption type and number of bits, etc.
If the website is secure the information is fully encrypted between your browser and the website. There is no reason to worry about that communication being intercepted or “sniffed” as it passes through.
If the site is insecure, refrain from posting sensitive data. If the site requires a login, ensure you are using a unique password and preferably username. 1) It won't increase security at that site but it will help confine the damage to that site.
You will have to verify the encryption of app connections on an app-by-app basis.
Connecting to the net over wifi or mobile data is the “first hop” along the route to the server.
If the website is secured it doesn't matter if the wifi is open or the mobile data has been compromised (stingrayed) by law enforcement or others.
If the website is not secured then password protected wifi or mobile data may protect you from casual onlookers at that first hop.2) The rest of the journey is not affected by what happens in the first hop and you shouldn't be transmitting sensitive data to unsecured websites anyhow.
It is a fallacy to think open wifi connections present any threat to connections to secured websites.
It is a fallacy to think mobile data increases security on connections to secured websites.
A vpn encrypts one or more of the first hops. After the VPN exit the traffic is just as it was: either secured or unsecured.
The real value of a VPN is to hide one's IP from the world or hide traffic from an employer, ISP, or someone else in the first few hops. It does not increase security for people already using secured websites.
Q. Wait. Can't [insert favorite agency here] intercept my transmissions and try to crack them?
A. Theoretically yes, and they might crack one secured connection before the heat death of the universe. They won't, because it's easier to watch over your shoulder, trick you over the phone, plant a keylogger, or implement rubber hose cryptography.3)