This makes it possible for the VPN provider to intercept and monitor essentially all your traffic, in a worst case scenario. When an additional root CA cert is installed by a VPN provider, you are relying only on the provider’s encryption and authenticity checks, as the trusted root certificate can overwrite the encryption and authenticity checks of the actual service you’re using (e.g. Mozilla Firefox, WhatsApp). It’s a pretty egregious flaw in a product specifically designed to ensure that you don’t have to trust third-party companies like internet service providers to protect your privacy. ‘If it’s compromised, it could allow an attacker to forge more certificates, impersonate other domains and intercept your communications.” TechRadar Pro’s security expert, Mike Williams, stated “Installing trusted root certificates isn’t good practice. Several well-known VPN providers – including Surfshark, TurboVPN and VyprVPN – are among six brands called out for a risky practice that potentially undermines user security.Īs part of its Deceptor programme, security research firm AppEsteem found that providers’ apps install a trusted root certificate authority (CA) cert on users’ devices and some providers even fail to obtain users’ consent for doing so Surfshark VPN is one of six popular virtual private network services to fail security tests, with many others failing so-called “deceptor” tests …
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |