Unless they MITM you and whatever app you’re using doesn’t do cert pinning, or they don’t have a legit root cert that they can sign completely valid certs with
To MITM me they'd need the intermediate or root certs of whatever I am connecting to? I don't see how even pinning the cert would help if the chain is invalid to begin with.
Yes sorry there was a typo in my earlier comment, but that’s what I was saying. If they have a stolen root cert, or are given one, they could produce 100% valid certs and youd never be able to tell they were doing it. I find it hard to believe the root certs of the internet have been kept safe all these years from the intelligence branches of these governments that are at cyber war all the time. I wouldn’t be surprised to one day learn root certificates were willingly given to intelligence branches for “national security” or whatever
How would I know? There’s always a VPN new kid on the block everyone shills for. Used to be that ProtonVPN was our savior now it’s nobody even knows it exists.
Point is unless you control every hop in the chain you can’t know it’s safe
