> vpn provider can easy break your crypto if they need to, mitm you and get cleartext 'records' from live data.
Could you elaborate on that? I'm going to China soon and don't know if I should trust commercial VPN providers. I was under the impression that if I use SSL/TLS it's impossible to MITM my connection.
If an entity can mint certificates that are signed and appear legit then MITM is possible. We so many certificate authorities now it is possible that are certificate trust is failing us or can fail us.
Google chrome can detect a google cert that is not legitimate because it has embedded the certificate fingerprints in the browser for its public certs. We don't have that benefit elsewhere.
Might some state actors have cert signing ability. You be the judge.
It's not that simple - it depends on the implementation, otherwise if your browser trusts root cert which was issued by chinese gov, what's to stop them doing the mitm? I mean, they issued the cert.
However to mitigate this, VPN providers (some of them) implement checks to make sure they only trust particular root certs, which makes doing mitm much harder.
Re your trip to China I would not be worried about that though - 30 % of Internet users in China are using VPN's daily so it's not like you will be flagged and get locked for using a VPN. Pick one of the reputable ones (NordVPN?) and you should be good.
It may be impossible to MITM your connection. However, it is entirely possible for the authorities to just prevent the connection from working in the first place.
Could you elaborate on that? I'm going to China soon and don't know if I should trust commercial VPN providers. I was under the impression that if I use SSL/TLS it's impossible to MITM my connection.