| ▲ | fragmede a day ago |
| Yeah free VPN is totally a problem, but there's TLS so at least those users aren't getting their bank account information stolen. |
|
| ▲ | Egor3f 21 hours ago | parent | next [-] |
| TLS works when app is installed somewhere else, but not in browser itself. Browser actually handles TLS termination. |
|
| ▲ | bsaul 21 hours ago | parent | prev | next [-] |
| Does tls means certificate pinning ?
Can't a vpn alter dns queries to return a proxy website to your bank, using a forged certificate ? |
| |
| ▲ | bandrami 21 hours ago | parent | next [-] | | Only if you've added a signing certificate the VPN controls to your CA chain. But at that point they don't have to do anything as complicated as you described. | |
| ▲ | notpushkin 21 hours ago | parent | prev [-] | | TLS means “there’s a certificate”. Yeah, if a VPN/proxy can forge a certificate that the user’s browser would trust, it’s an issue. But considering those are browser extensions, I think they can just inspect any traffic they want on the client side (if they can get such broad permissions approved, which is probably not too hard). |
|
|
| ▲ | 21 hours ago | parent | prev [-] |
| [deleted] |
