69
submitted 1 year ago by tester1121@lemmy.world to c/privacy@lemmy.ml

I keep hearing on VPN ads that you have to use a VPN to not have your login information stolen. So far I have been using Cloudflare WARP to be safe enough. However, if I am using an HTTPS website, do I really need a VPN or WARP? Will an attacker on the same network as me be able to access passwords transmitted over HTTPS?

you are viewing a single comment's thread
view the rest of the comments
[-] PuppyOSAndCoffee@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

Bruh

a vpn can totally MiM if they force you to use their cert.

upstream server ssl <-> vpn client ssl <-> vpn MiM <-> vpn server ssl <-> you

Even with no MiM, VPN is going to know where you are going and how long you are there, and any unencrypted comms (UDP / torrent, funky http URL) are just … there.

I would assume consumer “privacy” VPN traffic is easily monitored by state agencies since there are fixed points of entry & egress?

Any corporate VPN worth its salt is totally MiM all traffic; usually spells it out in the sales brochure.

this post was submitted on 06 Sep 2023
69 points (96.0% liked)

Privacy

31992 readers
470 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS