gSTrS8XRwqIV5AUh4hwI

PC mag has it tied for 1st with 3 others.

Which means nothing as those tests never test anything of practical relevance, and often very much to the contrary.

As long as you make sure that you visit the respective website through https (that is, you enter the https URI into the address bar yourself or you use a bookmark where you entered the https URI yourself) and your browser doesn't give you any certificate or "mixed content" warnings, there is no reason why you should avoid "dodgy WiFis".

And if you don't do that, then you should do that anyway, because lots of ISPs' infrastructure and especially the home routers provided by ISPs tend to be dodgy as hell security wise, so it's good security practice anyway. The network is not to be trusted, and there is no need to.

Please, stop using the term "identity theft". There is no such thing. The term is a propaganda term that attempts to shift the responsibility for carelessness of corporations to people who have done nothing to cause the problem.

An identity, i.e., who you are, can not be stolen, that's just plain nonsense. What actually happens is that some scammer goes to a corporation and makes the unsubstantiated claim that they are you. The corporation doesn't care to check that it is indeed you (usually by performing some nonsensical ritual that is useless for determining your identity, like asking for information about you that isn't secret), and then claims that you are liable for whatever the scammer did to them because the scammer said they were you.

Now, there might still be a legal responsibility, but the point is that that needs to change - and you don't change that by using a propaganda term of the enemy.

There is also a brilliant sketch my Mitchell and Webb on the topic:

https://www.youtube.com/watch?v=-c57WKxeELY