|
|
|
|
|
|
by lkbm
2438 days ago
|
|
|
This seems like an overstatement. Five years ago, mostly true, but can they mitm my ssl connections? (I'm getting mixed answers on StackExchange, but it seems like generally no.) They can see what sites I visit, but for most of those sites, they still shouldn't be able to see the content. (This might be more nuanced than the layman explanation needs to be. Just curious for my own sake.) |
|
|
1. All of the apps and sites you care about are HTTPS-only and don't rely on, say, an HTTP-to-HTTPS redirect which can be bypassed.
2. The VPN client doesn't do something like configure a proxy.
3. Your OS, apps, and browser don't have exploitable bugs or weak software update mechanisms, or that the VPN provider or whoever compromised them isn't going to try exploiting them.
Obviously the third one is a relatively low probability since it's noisy but it's the kind of thing which would be hard to rule out since VPN providers have a market incentive to cut corners if they think it won't be noticed and by their nature it's easy to imagine a law-enforcement or intelligence agency thinking it'd be a good service to compromise to get access to a userbase which contains people who are trying to hide something of interest.