Jump to content
Not connected, Your IP: 3.137.178.122
greenclaydog

Could MiTM Firewalls/Certificates be issued across businesses, schools and countries to effectively kill VPN technology and Tor?

Recommended Posts

So, i read something interesting today, and it's something i have heard of over quite some time now. It would seem that many companies implement local certificates on their employees machines to effectively prevent any form of private communication on the machine by decrypting all forms of SSL traffic, which may perhaps also apply to SSH, however i am not sure.  The side effect of this SSL decryption is that they block any connection they cannot read. If say, China decided to have every computer in China sold with this sort of configuration, couldn't they effectively kill Tor and VPN completely?

 

I have always heard people on forums across the internet trying to reassure people that SSL (aka stunnel or SSL Tunnel)  can never be blocked or filtered because it would effectively kill all services using HTTPS. 

 

With widespread adoption of these MiTM firewalls, VPN's and Tor can be blocked without disrupting normal HTTPS web services. 

 

The caveat however, is that these systems i believe must be installed on the users machine in order for them to work. But if places that provide wifi such as Schools, Universities and Workplaces require this implementation before being permitted to access the network, what choice do you have? 

 

Doing so, these places could force their employee's, students etc. to go elsewhere on another network to make private communications. If somehow implemented across a country such as China, you would effectively have no choice but to submit your private information visible to the eyes of the government. 

 

Nothing could escape the Great Firewall. 

 

https://it.slashdot.org/story/14/03/05/1724237/ask-slashdot-does-your-employer-perform-https-mitm-attacks-on-employees

 

http://security.stackexchange.com/questions/104576/my-college-is-forcing-me-to-install-their-ssl-certificate-how-to-protect-my-pri

 

PS: i apologize if this post may seem like FUD, but i wanted to raise awareness of this technology and the consequences of its implementation now and in the future. 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...