I didnt answer at first because I wasnt sure if setting up a VPN would be the right way to go ahead with things.. and the sort of VPN that watchdog meant is mostly used for businesses and to me it seemed to be a bit overkill for what the watchdog programme was on about.
What they failed to actually mention was that the lack of security in that particular instance related to the webmail client - gmail + hotmail. Instead they decided to scare monger people telling them they need to connect via a VPN... but telling the viewers nothing about what a VPN was or what it does.. nevermind how to set one up which is very likely beyond the scope of most people.
Basically you would have to set up a secure connection using VPN software at your home so that everytime you connected in a wifi hotspot cafe, then your connection would say be tunnelled to your home and on to your LAN. Traffic between your home and the internet cafe is then encrypted, and you can then say pick up mail via your home network, just as if you were at home.
This sort of thing wouldnt work for your daughter at uni, because to access certain things at uni (say some course lectures), then you may not be able to get access from an external source (which is what you would in effect be doing) and she needs to connect via the uni LAN... so theres no point tunnelling that sort of traffic.
Its not actually about protecting your own wireless network.
IMHO that watchdog program will have misled so many people.. basically what they should have said is make sure if you are collecting your mail... or anything else which has sensitive data.. make sure you use https/SSL.
When you login to your bank account, then by default all bank sites use https, as do most reputable sites where money transactions occur.
The problem in this particular case is that by default, both gmail & hotmail have https off, and use plain old http when viewing mail.... but both of them do allow you to switch it on in your user settings.
If the users who got caught out on that program had been using https when viewing their mail, then the hacker wouldnt have been able to do what he did. Far easier.. damn simple infact... but then again makes less interesting journalism.
I think the only time Id consider setting up a VPN is if I was often away from home and I wanted to securely transfer data between my laptop at the remote location... and my home.
We used to use VPN at work a lot... for example if I had just sold someone a large investment from a customers home, then I would then take my laptop and connect via VPN to head office from anywhere to upload details of the customer transaction without having to go back into work.
It also allowed things such as customer details to be sent to and from my laptop at home to Head Office. The VPN connection only allowed me to remotely connect to the Head Office Intranet and I couldnt get out on to the actual internet via it.
The VPN is basically a secure tunnel through/over an internet connection between point A (home) and point B (where you happen to be).