Wrong. With HTTPS, passive attack (e.g, ISP and anyone who's on your network) won't able to see what data you send to a server.
Oh sure. I had assumed he was already running a VPN since he had mentioned it further up in his comment, which would have encrypted his data against that kind of attack already. But yeah, I take your point.