0

Since the closest Q & A I have found about this topic doesn't quite match the focus I have in mind, I felt that a more precise question could be a helpful point of reference for me and many other users in my same situation.

I need to access a specific content on a web site that isn't be available from my country, and make a payment: so I think I necessarely need to use a proxy or VPN service.

The payment page is a SSL-secured webpage on a HTTPS protocol.

Like many of us, I've heard and read about reliability and hazard issues concerning VPN services (especially those free ones) so many times that I am simply worried that my credit card data could be stolen, intercepted or simply exposed.

So the question simply is: even if I run into the worst and most criminal VPN service, will my data be safe as long as the payment page is HTTPS and / or SSL webpage, right? Or there may be some issues anyway?

and that's all, thanks :)

John Galassi
  • 103
  • 1

1 Answers1

0

Well if your worry is the VPN service then they can't decrypt the SSL traffic from the website. They could only decrypt their VPN traffic. So think of your packet now like a gift wrapped 2 times. First the browser wraps your traffic in the SSL encryption then your VPN client wraps its encryption over the SSL.

So if your VPN service is looking at your traffic and using the key to decrypt it it will be left with the SSL encryption which it doesn't have the key for and can't decrypt.

Mike
  • 21,910
  • 7
  • 55
  • 79
  • thanks very much. But, when you say "if your worry is the VPN service" this means that I should have other worries :)? Thanks anyway: I can't upvote yet but I will mark it as problem-solver – John Galassi Nov 26 '17 at 15:23
  • What about a simple MiTM? THE SSL could be improperly issued by any trusted CA in the users browser. – Jacob Evans Nov 27 '17 at 02:35