I keep hearing on VPN ads that you have to use a VPN to not have your login information stolen. So far I have been using Cloudflare WARP to be safe enough. However, if I am using an HTTPS website, do I really need a VPN or WARP? Will an attacker on the same network as me be able to access passwords transmitted over HTTPS?
Yes, given OPs question (triggered by VPN Ads even) and way of asking there is no reason to believe in any scenario where a state-sponsored actor “on the same network” is intercepting data (like “transmitted passwords”) because it’s only secured by https. That’s “can I login safely from a public wifi?”-level.
As you seem to be passionate about these security issues I’m sure that you are familiar with the concept of threat assesment first. Do you believe that a random user asking publically about information seen in advertising is the target of government-level actors wanting to steal his login passwords used on https sites and that breaking the encryption is the easiest measure here?
As I read this question “high-layer sifting by ISPs” (and providers of open wifi) is exactly the threat scenario here.