My college uses eduroam for WiFi. When setting it up, I am advised to install the college's own CA certificate. I am dubious about this as I have heard that it would allow them to perform a MITM attack and read the contents of my HTTPS traffic, which I am naturally uncomfortable about.
I am using an Android phone and a Windows laptop on the WiFi, neither of which are from the college.
The WiFi also works if I choose the "Don't validate" option under the CA certificate section when setting it up. With this method, I can still use the WiFi, and I don't have to install any certificates.
Is this second method any more secure than with the college's CA certificate? Or is it less secure? I feel like this is a lose-lose situation if they can read the contents of my HTTPS traffic with the second method.