You disable the VPN, they show “unprotected”, come on, I’m not really unprotected, why such a dramatic word, I just disabled the thing a little, I’m “disconnected” but it doesn’t mean I’m actually unprotected, the same way it doesn’t mean I’m actually protected if I’m using a VPN.
Hackers are quite skilled at finding ways to get around TLS, and it is only a site specific interaction that is protected. Everything else is transparent.
https://www.cyberly.org/en/how-do-vpns-work-over-public-networks/index.html
TLS is e2e encrypted, can you please show how a hacker could get around that?