|
|
|
|
|
|
by Thorrez
1755 days ago
|
|
|
You're checking your personal email on your work computer? Your employer can see that. One way would be through screen recording. But even without screen recording, your employer can install its own certificates. Chrome at least ignores certificate pinning if there are custom installed local certificates. If you're on a personal device (e.g. your personal phone) on a work wifi, you're secure whether or not certificate pinning is used. So I don't really see any situation in which certificate pinning will help you. The purpose of certificate pinning is to protect against malicious regular root CAs. It's not to protect against your employer or anyone else who can install custom root CAs on your machine, because they could also install malware that steals data directly from Chrome. >Chrome does not perform pin validation when the certificate chain chains up to a private trust anchor. https://chromium.googlesource.com/chromium/src/+/refs/heads/... |
|
|