[rocker]

1.    If I'm using a secure sites & https, why does the vpn is important here if I'm just using browsing & I don't have nothing to hide. Only my email & accounts related to it(& its already ssl). So, why do I have to use it?

2.    How can I know if the app is using secure connection or not? I'm talking about the app in ios & Android. Like mobilerss, twitter, plume, Google reader. Etc

3.    What will happen if I'm using the Internet in the public wifi without vpn, because I'm really confused about it. & I'm thinking that the vpn is really useful in cases where I don't want my isp to track me . So, this is why I don't get the idea in public wifi & I hope to know it better.

[timallen]

The short answer is "no, but ideally you should use a VPN if anyway.".

The longer version

1) If you are using secure sites and https, your communications are encrypted. That said, your security could fall due to a man-in-the-middle attack or XSS attack if you are not vigilant. (You will probably get warnings, but there are some very clever tricks to subvert this process to some degree). If you use a VPN, you have a greater degree of certainty the communications are not intercepted, and that less traffic is leaked in the clear.

2) While its possible, I don't know an easy way. One way would be to use it on a network you control and sniff the traffic on the way out the network to see if its encrypted. I'd wager that in many/most cases its not - some of these providers have vested interests against your use of ssl, and SSL slows down performance (provider caching) of their sites - so they are less likely to pay for something which does not benefit them.

3) VPN is not only about your ISP tracking you, its about your private information being leaked or given away. And its not only your ISP thats tracking you - depending on where you are in the world, and where you are going to, there are governments and your ISP's ISP possibly looking at and probably mining your data. (Certainly the governments of the USA and China have demonstrated an interest in whole country/world data - just look up "Great Firewall of China" and "Echylon" as a starting point)

Let me close off by providing a single plausible attack which can be done against you on a public network - there are no doubt many others -

   1. You jump onto a public network.

    2. Someone intercepts your communications stream. (While this could be the network provider or any ISP between you and where you are communicating, it could be another Wireless user if they are smart, depending on the setup)

    3. You decide to purchase something online, and want to pay by Paypal.

    4. You log into the site, put the item into your cart (unsecure), then hop over to paypals secure server to pay.

    5. At this point you could be stuffed. Someone could rewrite the websites on the way to you so as to not send you to either an http link or a very similar looking https link - with valid cert and all, and then man-in-the-middle your attack and you pay with Paypal thinking you are secure, but your details have been compromised. (There are known in the wild attacks that do this - "Moxie Marlinspike" has written well known tools [eg sslstrip] and produced talks on doing this ). Its quite a long talk, but if you want your eyes opened on security, look at http://www.thoughtcrime.org/software/sslstrip/

[Mandee]

1.    Anything you enter before and after HTTPS can be snooped by anyone. "secure sites" is vague, and VPN just provides an additional layer of security that can extend from your device all the way to the other side.
2.    If it's not HTTPS, you'd have to do some snooping yourself to find their encryption levels and authentication protocols. VPN is much easier - catch-all.
3.    Public Wifi is not encrypted at all, so any info outside of the encrypted website is up for grabs. Malware can be istalled or a keylogger which has nothing to do with HTTPS and your password will be scraped from that. VPN is an all-around solution basically for security.
But choose a truly secure one. SSL based OpenVPN is my choice. I only know one, ExpressVPN. Here's the site if you want to check it out:  https://expressvpn.biz .