This website contains age-restricted materials including nudity and explicit depictions of sexual activity.
By entering, you affirm that you are at least 18 years of age or the age of majority in the jurisdiction you are accessing the website from and you consent to viewing sexually explicit content.
The problem isn’t necessarily “stuff not sent over vpn isn’t encrypted”. Everyone uses TLS. It’s more that you are no longer NATed behind the VPN egress IP. When governments want to assassinate anyone who touches a destination IP, having the true source IP instead of a VPN source IP is pretty helpful. For this to be practical you first need a botnet of compromised home routers… which they already have.
In a corporate environment, traffic that is VPN’d typically also undergoes better logging and deep packet inspection.
Never said it was. It’s a noteworthy detail, since some (rare) HTTP unencrypted traffic as well as LAN traffic in general is a bit more concerning than your standard SSL traffic contentwise, apart from the IP.
This is more of a Café/Hotel Wi-Fi thing IMO. While it may take some kind of effort to get control over some shitty IoT device in your typical home environment, pretty much every script kiddie can at least force spoof the DHCP server in an open network.