VPNs aren't as much of a pain as you might think. I like Cloak on OS X and iOS (https://www.getcloak.com/). Or some home routers even come with VPN servers built in.

Short of a VPN, HTTPS Everywhere (https://www.eff.org/https-everywhere) and maybe something like Little Snitch (http://www.obdev.at/products/littlesnitch/index.html) so you can tell when non-browsers are attempting to connect to non-HTTPS sites.

Use a VPN? They're really not that difficult to setup, here's an extremely simple to use tutorial from OpenVPN.net.

https://docs.openvpn.net/how-to-tutorialsguides/virtual-plat...

Sure, it's a paid product, but you get to run 2 concurrent users for free and you can use any of the Amazon datacentres and any of the instance types… t2.micro's are just fine for quite a large number of users.

Technically, Tor, but at that point you are just moving your mis-placed trust from one (local WiFi) entity to another (exit node).

For the tech-savvy, use VPN, it's free[1]. And there's pre-built images[2].

[1] http://www.reddit.com/r/VPN/comments/11vmnf/how_to_use_a_fre...

[2] http://openvpn.net/index.php/access-server/cloudmachines/513...

And in practice, exit nodes are extremely untrustworthy. I just recently had one providing self-signed certificates for HTTPS. Someone was up to no good.

Self-signed certs for itself or for the endpoint site you were connecting to?

The endpoint site. Then I hit reload and it was gone. SSLStrip probably would have been more effective. But, yeah, I think the people using Tor to provide "security" for an insecure wifi are making a huge mistake.

HTTPS, of course, but that puts you at the mercy of the site operators.