Next step would be rewrapping the encrypted data (which several existing proxies already support) as a "security enhancement".
Comment on Google Chrome to soon get a new ‘IP protection’ feature: Here’s what it does
iopq@lemmy.world 1 year ago
This would actually be good, because combined with encrypted client hello, a TLS connection to some website would only be identifiable by the IP and DNS queries. You don’t have to use Google’s DNS either.
So Google will basically see that you’re connecting to a cloudflare hosted website or whatever the case is. Doesn’t help much because they can’t see encrypted data
ripcord@kbin.social 1 year ago
darth_helmet@sh.itjust.works 1 year ago
They’d have to crack TLS or get you to trust their mitm cert, or fake what they present to the user…
I don’t see Google doing anything that foolish, it’s a security nightmare
ripcord@kbin.social 1 year ago
They ship the browser, which on at least many OSes has the certificate store. And Android. They can ship whatever they want.
People fall for all kinds of shit for reasonableish-soubdubg security reasons. Lots of people would have said they didn't believe people would go for this either.
darth_helmet@sh.itjust.works 1 year ago
Ok, but they still present the certificate to the user. They’d have to be very fucky with how they present that information if they were doing the validation at the proxy and then passing back that cert info.
And yeah, regular users might fall for that shit but Chrome would be banned across the corporate landscape the second it was found out.
fubo@lemmy.world 1 year ago
They don’t want every government to immediately ban the use of Chrome on government computers …
muntedcrocodile@lemmy.world 1 year ago
Googles ships the browser wich ships with the root certificates which they can update remotly as the see fit im sure u can see the issue here.
fubo@lemmy.world 1 year ago
Doing that would cause all corporations and governments to switch to Edge immediately. Google actually built infra to make it impossible for them to get away with this kind of hijacking: look up Certificate Transparency.