[parito]

Hey,

It's not that simple - it depends on the implementation, otherwise if your browser trusts root cert which was issued by chinese gov, what's to stop them doing the mitm? I mean, they issued the cert.

However to mitigate this, VPN providers (some of them) implement checks to make sure they only trust particular root certs, which makes doing mitm much harder.

Re your trip to China I would not be worried about that though - 30 % of Internet users in China are using VPN's daily so it's not like you will be flagged and get locked for using a VPN. Pick one of the reputable ones (NordVPN?) and you should be good.