I haven’t had time to look at the code. Is this generating a unique root certificate per install? If not this could become an attack vector to decrypt TLS traffic.
> During the first run, Zen will prompt you to install a root certificate. This is required for Zen to be able to intercept and modify HTTPS requests. This certificate is generated locally and never leaves your device.
Even if it does create unique root certificates it is a massive attack vector. How good is the tool at protecting the corresponding private key from other software on the device, for example?