As title. Italy is decided to pass a law that basically creates a chinese-type firewall in the country. The question is simple: even if I’m not doing anything illegal, my VPN provider will have to know what am I doing to report it in case it’s illegal, or face jail.
So how could my traffic remain private in this scenario?
Can a VPN provider with no logs policy be held accountable of anything? Can it actually know what I’m doing?
New to me that https is broken
You can read more about this learning about X.509.
Its the PKI thats broken, namely the root stores. Has been unreliable for many, many years. This is why packages are signed.
So you are basically saying that root CAs are unreliable or compromised?
The great thing is, that you can decide on your own which CAs you trust. Also please proof that those are actively malicious.
And no. That is not the reason that packages are signed, i am guessing you mean packages like on linux, packages contained in the installation repository. The reason is, that you build another chain of trust. Why would i trust a CA which issues certificates for domains with code distribution. That’s not their job.
HTTPS doesn’t stop them from knowing what you visited. It just stops them from knowing what you did while you were there. VVPN provider can still see that you visited Google, but they cannot see what you asked for Google to do for you.
Yes. Not claimed otherwise. OC claimed that they see what you are doing which is wrong.
don’t have to break TLS to know what site you are accessing. The SNI of the cert does that.
The specific url however is protected by TLS.
They see what sites you are visiting yes but they do not see what you are doing on them. They do not see the content of the traffic. Huge difference.
Huge difference depending on who is judging you
When you get judged based on what website you are visiting it is very likely that you are already the bad guy by using a vpn.