Britons will be familiar with NordVPN's recent ad spot, which featured some credulous loon in a railway carriage handing out his credit card, phone, passwords and so on to random strangers.
The Advertising Standards Authority, a private company based in central London that is funded by a levy on the advertising industry, has now told NordVPN not to repeat the advert's claims that public Wi-Fi is so insecure that it amounts to handing out your personal details to everyone around you.
Nine people complained about the advert, which was broadcast in the first quarter of this year.
Justifying its claims, NordVPN told the ASA that HTTPS encryption of webpages "did not mean the site was legitimate, nor was it any proof that the site had been security-hardened against intrusion from hackers".
It added that "most public Wi-Fi hotspots were considered insecure since the majority had very primitive security parameters and non-existent or very weak passwords available to everyone."
Disagreeing, the ASA acknowledged in a public ruling that while "such data threats could exist", it "considered the overwhelming impression created by the ad was that public networks were inherently insecure and that access to them was akin to handing out security information voluntarily."