Ask HN: NordVPN "Threat Protection Pro": intercepting and breaking our web-app?
Has anyone had any experience of these tools, billed as "protecting" the user from e.g. phishing, but actually installing a root certificate and doing local TLS interception? This happens even when Nord's VPN part is completely disabled! In our case, we found that it doesn't seem to handle HTTP/2 Trailers properly on both Windows and macOS, and would just leave the browser hanging waiting for the response back from one of our endpoints (which returned a trailer for measuring timings).
Nord support have been just as useless as you would expect (we have shared a PCAP & TLS session keys etc), but I wanted to ask if anyone else had had experiences with TLS interception like this, supposedly there to enhance security, breaking functionality in this way? It'd be very useful if there was a place to report issues like this publicly, a la Mozilla's webcompat efforts.
It seems pretty scary from a privacy perspective as well, to effectively give your VPN provider the "keys to the kingdom" and enable them to decrypt all of your traffic. I would be very interested to see a teardown of this.
No comments yet.