>"This person does not do online banking, does not have a webcam or mic installed device such as a laptop, and does not have an email account."
I don't know a ton about networking (probably not too much in fact) but doesn't HTTPS fix most of this? And if your laptop grants access to its mic/webcam to any packet that manages to make it past your router, I think you have a bigger problem.
Most devices trust their router a lot. HTTPS on its own doesn't protect you from a malicious router. Strict Transport Security and Certificate Pinning are also necessary for HTTPS to protect you against an evil router, and even then it does nothing about all the unsecured and weakly secured traffic and devices on your LAN and all the opportunities that come from being able to lie about DNS records. If you can't trust your router, you really just have to initiate a secure VPN connection to a network that isn't out to get you.
Yeah. With the right security software on your device and the right options on the server you could theoretically initiate a properly secured connection with some web sites, requiring DNSSEC, STS, etc., but for general purpose use you need the VPN.
