As title. Italy is decided to pass a law that basically creates a chinese-type firewall in the country. The question is simple: even if I’m not doing anything illegal, my VPN provider will have to know what am I doing to report it in case it’s illegal, or face jail.
So how could my traffic remain private in this scenario?
Can a VPN provider with no logs policy be held accountable of anything? Can it actually know what I’m doing?
Yes, there is countless examples of root CAs containing compromised CAs. Also the private keys live on the server, hot. That’s why we sign with release keys that are not stored on the publishing infr
Then pls proof that? Link to a recent article maybe?
https://www.theregister.com/2024/07/31/digicert_certificates_extension/
DigiCert isn’t the only one. There’s a bunch of others. Just google “Mozilla CA removed” or “google CA removed”
Here’s a couple more examples, but this sort of thing happens all the time, because X.509 is just a terrible design that breaks https
https://bugzilla.mozilla.org/show_bug.cgi?id=1567114
https://www.eff.org/deeplinks/2019/02/cyber-mercenary-groups-shouldnt-be-trusted-your-browser-or-anywhere-else