Comment on Google Chrome to soon get a new ‘IP protection’ feature: Here’s what it does
fubo@lemmy.world 1 year agoYou can’t MITM with a VPN unless the browser accepts an insecure certificate. And that can’t be done without being detected; and the security community would raise seven shades of hell.
Google has actually helped build the infrastructure that (in a public, provable way that Google can’t subvert) makes it impossible to get away with MITM in this manner. It’s called Certificate Transparency.
Put another way: Google wants other big companies and governments to use Chrome and Android. If Google started MITMing traffic like you suggest, no corporation or government would ever touch their products again. So they’ve built infra that lets them prove they don’t.
_s10e@feddit.de 1 year ago
Yes, but the browser is Chrome and this is a feature built into Chrome.
fubo@lemmy.world 1 year ago
Now try reading the rest.
_s10e@feddit.de 1 year ago
I tend to agree with the trust argument. Google wants people to rely on Web technology and Google products and allowing MITM - or failing to prevent - goes against Google’s interest.
I don’t buy the technical argument at all. Google could terminate the TLS connection at the proxy and communicate with the browser on a proprietary encrypted channel. Chrome could easily show a green padlock item and certificate details as seen by the proxy. The whole thing could be open source and transparent. A minority of users will disable the feature; many will accept it. Corporates can be bought by allowing to opt out for ‘sensitive’ servers.
fubo@lemmy.world 1 year ago
They could just rewrite Chrome to send all your passwords in clear text to Mountain View too … but not without security people noticing. That’s my point. The behavior of browsers is not secret.