Even without a VPN, networks cannot read the data you send- as long as the connection to the website is “HTTPS” rather than “HTTP”.

Put really simply, when you connect to an HTTPS website, the first thing your browser and the websites server do is setup an encryption scheme. Together, they agree on an encryption key. All the data you send is encrypted so that no eavesdropper can listen in.

Here’s the really cool part. Even if the eavesdropper listens in as you decide the encryption key, they *still* won’t know what the encryption key is!

Math is involved. Some very clever math. Google “Diffie Helman Key Exchange” to learn more about how.