this post was submitted on 06 Sep 2023
69 points (96.0% liked)

Privacy

31997 readers
951 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I keep hearing on VPN ads that you have to use a VPN to not have your login information stolen. So far I have been using Cloudflare WARP to be safe enough. However, if I am using an HTTPS website, do I really need a VPN or WARP? Will an attacker on the same network as me be able to access passwords transmitted over HTTPS?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

There's a possibility, but not a big one that any given WiFi has an decrypting proxy in place. Your device should be giving a big warning flag if a certificate was found issued by an untrusted cerificate authority. It's possible if someone like Google or a government body ran the portal that they could issue 'trusted' certificates for sites on the fly through such a proxy and grab whatever they want while it's decrypted mid stream.

The whole premise of HTTPS as security is based on the notion that the CAs at the end of the chain are trustworthy and wouldn't do something like that, but it is possible.