If you are truly paranoid you shouldn't be using Windows in the first place. And after you pick a secure OS (such as Linux) use Tor instead of rogue VPNs. But hey, there is already a live distro that comes pre-configured for tor use, its called
Tails.
And if you carry an usb thumb with it installed, you could even boot it from public computers without worries. Of course you could install it in your laptop, and you should...
But to each their own. Many public wi-fis have captive portals. What stops those from being infected or the owner to add malicious code so you get infected even before you start doing anything?
If you just use a VPN, you are just putting yourself in the hands of that VPN provider. Tor is a whole different league, have it already pre-configured with obfs4 bridges, even if they don't seem to be needed where you are at this moment...
Lol you can also just boot up any Linux pretty much and install tor on Linux and set up tor as your VPN provider and add it to startup or just write the startup command every time you reboot, but yeah tails can be pretty conveniant
but i wrote this thread with the security of the average pc user which is windows.
but now i am thinking about writing another thread that will focus on heavier security
Unfortunately there is no such thing. Windows is much much harder to "secure", and even if you go out of your way and spend countless hours "securing it", it will remain unsafe next to an average Linux install. Of course you could also harden Linux, use openbsd, etc.
But think how much effort a typical user needs to use to boot a live iso rather than trying to secure windows. Next is installing Linux, which is still easier and faster.
I mean, on one side you have your typical windows user which, in a desperate attempt to make its windows "secure", all he/she has to do is follow this (long) list of steps, involving several config changes, including messing with the registry, install/remove programs, configure them, has an army of any malware, firewalls, browser with their add ons, etc. On the other hand, put that usb stick and reboot from it.
Which is the most user friendly and faster way to be safe? It is also about honesty. Tell people up front: use windows and your battle is already lost.
It is the most correct answer to "How to stay safe when browsing on hotspots or public wifi":
Just boot Tails, or, spend countless hours in an uphill battle trying to secure the most insecure OS on earth.
Microsoft has 30+ years of malware-prone history, and they haven't changed their malpractices (some say intentional). It is the ethical thing to warn people about it.
If you really really really want to stay safe, start with the easiest part: Use a
secure OS. You don't even need to install it, just carry it with you in your usb thumb-drive and boot from only when the situation calls for it.
BTW: In most Linux distros you just install Tor and it will already be loaded every-time you boot. At most you should modify
/etc/tor/torrc but it will most likely be there up and running. One reason where you would need to modify
torrc, is for example when you need to use obfs4 bridges, which is a must in some countries or else it doesn't work at all.
Tor is not a VPN, but its better than one. A VPN has a completely different reason to exist, but it wasn't privacy focused like Tor.