| ▲ | bsaul 21 hours ago | |
Does tls means certificate pinning ? Can't a vpn alter dns queries to return a proxy website to your bank, using a forged certificate ? | ||
| ▲ | bandrami 21 hours ago | parent | next [-] | |
Only if you've added a signing certificate the VPN controls to your CA chain. But at that point they don't have to do anything as complicated as you described. | ||
| ▲ | notpushkin 21 hours ago | parent | prev [-] | |
TLS means “there’s a certificate”. Yeah, if a VPN/proxy can forge a certificate that the user’s browser would trust, it’s an issue. But considering those are browser extensions, I think they can just inspect any traffic they want on the client side (if they can get such broad permissions approved, which is probably not too hard). | ||