* Is using HTTPS enough on an insecure network? Should one also be using a VPN?

* Would end-users see a benefit from HTTPS on simple/plaintext sites?

> HTTP/HTTPS is likely only part of the information your computer is providing to said hostile networks.

What other non-encrypted information might a normal person's computer be communicating?

I understand that VPNs do improve privacy. Privacy is moderately important to me, but I don't think it's important enough for me to use a VPN.

There are also occasional vulnerabilities in TLS/SSL/HTTPS but... what can I really do about that? Even a VPN might establish its session with those technologies.

> wouldn't you L2VPN your traffic back to a trusted exit point regardless?

It's reasonable to expect someone technical like myself to do this, and maybe I am really just playing loose with my security. But, nobody outside of the tech community is even thinking about this. 99% of people are happy using whatever WiFi is free and aren't going to question its security.

So, using HTTPS for "simple" sites is still beneficial since you will be making your content more secure for less technical users who might be on insecure networks.