It’s getting worse and worse. Stay safe and private.

@a.randomjack6661

7 ай бұрын

I seek safety in numbers, not alone in a rabbit hole. It's why being anonymous in public should be a fundamental right. See schools of fish or any creature that flocks 🐑🐑🐑🐑

I love your videos. I bumble on through life thinking everything is fine and then I watch your videos and realize how naive I am in my thinking. Thanks for what you do. 👍❤️💪

@trucid2

7 ай бұрын

No matter how informed you think you are, the rabbit hole always go deeper than you think.

@Corteum

6 ай бұрын

You're right, everything is perfectly fine... even if you're ignorant. ("Ignorance is bliss!").

I thought I was just paranoid with security, now I think I am not taking it seriously enough. And I realize I know very little about it. There is a LOT of shady things out there. Thank You for keeping us informed !

@SunnyCue-ew5ow

6 ай бұрын

I'm 36 living in Los Angeles, I have always been told I'm paranoid and when I found out I'm on the terrorist watch list I realized I wasn't strict enough in my security in almost every phase of my life. I've found out many ways to how I have been tracked and I'm now finally finding ways to block or fight back. When I fight back they make me aware they are watching me. 3g. Was nuts,5g is insane and 6g will ruin us. I hope you find a way to stay ahead unlike 99% of the world.

I've always thought that the "padlock and key" simile is usually very badly explained. In my explanation of public-key encryption, you have the one and only key that can unlock a certain padlock, and you have a way to copy that padlock. When someone wants to send you something securely you first send them an unlocked, open copy of your padlock. (Note: the padlock can be copied by anyone but it can't be reverse-engineered to find the key.) The sender receives your open padlock, puts his message in a box and locks the box using your padlock. When you receive the box you open it with your key and viola! FWIW anyone can copy your padlock and use it to send you a secure message - you don't have to send them a copy yourself.

@wmrieker

7 ай бұрын

but the big question is, when you get someone's padlock, how do you know it really belongs to the person you want to send the message to?

@vpx23

7 ай бұрын

I don't know if this is a good example because you can actually create a key from a padlock in the real world. Also it's one padlock and two keys with different codings, the public key can only close the padlock while the private key can open the padlock.

@kehindeakiode2865

7 ай бұрын

​@@wmriekerit should come with a tiny locked box containing a stamp that should match a stamp on the padlock. This tiny box will be unlockable using a key from a trusted third party (i e. a Certificate Authority)

This is a common practice in large companies. The company I work for has done it. It's called SSL/TLS inspection or SSL/TLS interception. The traffic between the source web browser and the 'encrypted' target website that an employee goes to, when using a company PC or Laptop, is kept logged for some period of time. The company will say that this is to ensure that corporate information isn't being leaked/shared. It is what governments really want to happen on every citizens PC, Laptop, Mobile, etc so they can snoop on everyone.

@dansmith5012

6 ай бұрын

If this was the only angle the government wanted to use it would be bad but this next thing is even worse, the government will force car makers to put a remote killswitch on every new car in 2026. Total power grab and overreach, North Korea style dictatorship in the making.

In Mother Russia, internet accesses you.

@nicoleking772

7 ай бұрын

And, Uncle Sam is honest and upright. A wise and kind old man, would NEVER monitor or surveil the average honest citizen. Sheeeeeet!

@auriuman78

7 ай бұрын

That's scary to envision. You ask the internet a question and it's tendrils determine everything possible about you while giving you some quasi version of what you asked for. As I typed that out, it occurred to me that there's something else in the computer world that works exactly the same way... ... a Trojan horse 😒

@pycontiki

7 ай бұрын

Sisters of Mercy

@pisceananomaly

7 ай бұрын

​@@pycontiki- every time I see those two words together, I think of S.O.M.✔️

@AJ-po6up

7 ай бұрын

@@nicoleking772 Nobody said anything about Uncle Sam, you don't have to be American or like the USA to criticize Russia and its authoritarian government. In fact people who use the USA as a scapegoat every time someone mentions the truth about these dictatorships is just trying to deflect the truth. We all already know that Uncle Sam is evil.

Rob, as always you provide quality content. Very grateful to have discovered your channel for the last 2 years now. I noticed on the Brax2 had many certificates from various places I unchecked many of then after some research;)

Many years ago I downloaded software callled KGB. I tested it on a spare PC and found it keylogged everything and took screenshots of visited websites and sent them to me in an email. If this software can do it 15 years ago then the capabilities must be much greater now.

Wow, love what you are doing here on this channel, please continue :)

This is good information. People should pay attention. It's all a trust system. You elect who you trust to keep your data secure.

This is quite an eye opener. I just browsed the list of trusted root certificates on my Windows machine which includes some that obviously did not come with Windows and yet they are there. Apparently any installer can drop whatever certificate in there without me being asked whether I trust this party. This makes the PKI infrastructure quite pointless. I would expect my OS to ask me if I'm OK with a particular certificate when an installer tries to add a root certificate.

@robbraxmantech

7 ай бұрын

That's my job. To open your eyes

@416shovel

7 ай бұрын

​​@@robbraxmantech Rob i put all the microsoft certificates in the untrusted folder and now UAC blocks me from running anything, even cmd.exe. reversing it in safe mode fixed it.

@jakhannew

7 ай бұрын

​@@robbraxmantech When looking through Security on Windows, I noticed there numerous certificates installed of which I have no clue. Please guide us to make our systems more secure. I understand you cover topics in detail. However, most of the people have no clue about making their systems secure.

@yfelwulf

7 ай бұрын

I was under the impression those root certificates had to be run past Microsoft. Kaspersky anti virus automatically picks up old unauthorised or out of date certificates as well as sites that have none which it blocks.

@DFPercush

7 ай бұрын

@@yfelwulf You realize Kaspersky is a Russian company, right? I don't know of any particular, specific, nefarious activity from them, but I'm pretty sure that product is banned on most government computers. Although they have made efforts to increase transparency and allow auditing of their code, the main concern is the ability to push updates from Moscow at any time. My opinion, if you're nobody important then it's probably fine, but if you work anywhere near sensitive information that might be a target of state or corporate espionage, I'd stay away.

Brax, I love what you do. We need watchdogs. The average person has nothing to hide. But, does not justify anyone snooping on your internet traffic. To me that is no different from standing out side of my bedroom window.

@jakemelinko

7 ай бұрын

To me it's even worse, like someone breaking in while you're sleeping, it's actually also pretty easy, even more than most realize

@tomaszkluska6419

7 ай бұрын

Nothing to hide is equal to nothing to say.

The EU is planning to eliminate encryption too, with device installed scanners.

@keylanoslokj1806

7 ай бұрын

Those WEF globalist fascists.... .

Thank you for this valuable info. I apply your advice to my habits.

Also, because Windows is proprietary software. you don't actually know that dragging the Microsoft certs to the "untrusted" section is actually doing anything. They might have coded the graphics that make it look like it does, but you'll never truly know because you do not have access to the source code.

@trucid2

7 ай бұрын

And even if you could somehow make sure that Windows behaves the way you expect, at any time you might get a windows update that can make whatever changes it wants.

@carlynghrafnsson4221

7 ай бұрын

It does block. I believe it does reset the Microsoft sanctioned certs for update. I can't remember if Win10 prevented you from disabling their certs. I've been using Linux only, since Win11. I trust Microsoft, Google, Apple over a third-party or foreign country. Why? Product liability. Maybe they can dig, but their OS is at stake. Pay Mr. Gates money and he will protect you from the other slimebags. The Great Compromise. Symantec Norton Server brought me more viruses than without it.

@kehindeakiode2865

7 ай бұрын

Actually, you CAN check from the browser, whether the site you are on is using a certificate signed by one of those Microsoft root certs.

@BorlandC452

6 ай бұрын

@@kehindeakiode2865 Good point about checking from the browser, but more broadly, with a closed source operating system, you don't really know that any of the options you choose are taking effect. Especially with things like telemetry. The graphics might show that they're off, but that's as far as you'll know.

I'm getting sea sick by watching this video. 😉 Great stuff! Much love for your videos!

The downside of technology is showing up more clearly every day. I am considering to withdraw and move back to pre-internet practices.

@monad_tcp

7 ай бұрын

using computer without the access to the internet is possible.

This information is invaluable.

I remember back in the late 90's setting up a windows NT cache server. It automatically intercepted and replaced certificates being downloaded to make itself the root authority so it could cache Internet traffic, You couldn't visit a secure site otherwise without updating your root certificates. This was just part of being an ISP with cache acceleration. It wouldn't have been hard to just look into cache if I wanted to. Actually I think that's where I got most of my mp3's, I figured it was the safest way so I didn't have to download them myself. I didn't want my IP address tied to that activity.

Wow.! How easy it is to be fooled by some app. Thanks for the info!

How can we politically fight back and support our privacy rights against this dictatorship Mr Braxman?

@Rob Braxman Tech That was a VERY interesting video. Can you do a video of the various types of cookies... forever cookies in particular, and how to get rid of them? Thank you.

I have certainly written that one before: German tax authorities force enterprises and freelancers to submit their tax declaration using governmental closed source software. The law only says that tax declarations must be submitted electronically in a specific format. But that format is kept secret, as well as the source code of the submission software, and the tax authorities simply interpret the law as duty to run their software. Ironically, the software system is called ELSTER (magpie).

Thanks Uncle Rob!

They do this on the free public Wi-Fi here by promoting a “secure” version where you have to accept a very questionable certificate. FYI, never connect to an ipTime Wi-Fi router.

How about a guide on which ones to cleanup, and which ones you actually need?

Great video thank you

In Fiddler Classic, it's possible to intercept and read any HTTPS/TLS traffic. Every programmer has been using this tool for the past 10 years.

@monad_tcp

7 ай бұрын

I always find it funny when I man-in-the-middle myself to find what funny programs are phoning home for. Suddenly now MITM is "illegal", nothing new, when the goberment does it, its right and legal, when you do it, you're a criminal. Except the concept of a crime isn't valid in the memory space of my computer. I can't commit any crime in the RAM of my computer, because laws don't work there (cyberspace is basically sovereign). Only computer code is law there, as I own the root of that machine, and I own it physically, I am the god emperor of my digital space, and there's nothing anyone can do (except for bashing me to give the keys, if you're fast enough before I press the panic button) Nothing goberment can do, nothing sort of banning me from ever using Turing machines. (good luck, i can make my own Turing machines too)

@anthonysach-htec5934

7 ай бұрын

​@@monad_tcp Some Micro$oft OS EULA had T&Cs that said you can not change the OS on the machine. This was for an OEM pre-installed OS. This was mostly ignored or not know about.

@monad_tcp

7 ай бұрын

@@anthonysach-htec5934 That seems strange, you own the machine, at best changing the OS would just void the license and you would lose only the license. We really need right-of-repair laws with strong guarantees attached to ownership of hardware about copy-right laws or software IP laws.

For me untrusted/broken ms certificates have prevented me from updating/activating windows, but that was back on win7

Are your phones available in Australia? There’s someone in Perth WA doing similar and thought they were associated with you ????

@robbraxmantech

7 ай бұрын

I do not have any associates in AU and we ship many to AU

Excellent work

Hello, I have followed your advise regarding root certificates, I moved microsoft ones and verizon and then UAC broke. I had to create another windows profile in order to avoid windows reinstall. Can you provide a list with those fake root certificates which are save to move into untrusted section? Thank you.

Looks like we all went from, PC=Personal computer to PC=Public computer.

DEAD-LOCKED FOCUSED!! THIS IS HUGE BRAX! YOU NAILED THIS ONE! THIS IS ONE RABBIT HOLE I'M DIVING AS YOU SPEAK! YEH, SEEMS I GOT SKETCHY LOOK'IN CERT.'S FROM ALL OVER THE GLOBE ALSO, MANY IN DIFFERENT LANGUAGES!! GOING TO SEND OFF INTO NEVER-NEVER LAND!! HOW DID I MISS THIS ONE ALL THESE YEARS??? HAS ANYONE TOLD YOU - "YOU ROCK!?" YOU ROCK! 😎👍 🎤🖥🔌✂⚡☎🏠🛡🚫↪🏬☎🖥⚠🎧 THANKS LARGE BRAX!!

Running Fedora 38 / KDE. Under "Network > Settings > SSL Preferences" there all sorts of organization's root certs. This includes Microsoft (not a root CA?), iTrustChina Co, Hongkong Post, ... and more. I should have known Linux is not immune to the hodgepodge of certification authorities, but now what?

Thank you.

What is the odds of that my company is changing their VPN software from Symantec or suppose he is merging with another company and it became z scanner and they going to phase out the semantic in the near future so we were told not to use both vpns or one after another we are told just to use the scanner as of 2 days ago and we were shown a video of a demonstration on how to sign in

gotta buy me some pigeons...

Excellent video

Years ago, Comcast forced me to install their software in my pc if I wanted to be able to access the internet.

I would like to learn this subject area. Is there recommended software to encrypt a file before it's pushed off my motherboard? Then decrypted at other end, old school. Thx,

I've learned something today and dragged a bunch of certs into the untrusted folder! And invaluable info about SSL fingerprints; so I've given the AI assistant I built the additional ability of being able to check website SSL fingerprints too. Not posting the URL in this comment as it probably get deleted, but let me know if you like me to share it.

@NorthernChimp

7 ай бұрын

How do you drag them?

@seb_gibbs

7 ай бұрын

@@NorthernChimp drag to the 'Untrusted 'folder, not its subfolder

@herpderp5222

7 ай бұрын

I would be interested in you sharing it! Thanks!

I highly doubt, setting internal Microsoft certs to "untrusted" is a very good idea. Especially, if Windows Components rely on a couple of them, because they are digitally signed.

I have a PC I use for experimentation and tried untrusting the Microsoft certs and one that Malwarebytes installs as well as a few other random ones. After doing so I was basically locked out of using the majority of Windows tools. Task Manager, regedit, even MMC itself. Every one of them that I tried seemed to be unable to verify the app publisher, so it seems at least one of them is used as a means to do so. This left me no way to revert the changes outside of a full re-install of Windows. Not sure if it's worth mentioning, but the PC wasn't connected to a network at the time. It's also still running Windows 10, 22H2 I believe. I would say it may be a good idea to be careful about which ones you move.

@n.a.2156

7 ай бұрын

Unfortunately, this is precisely the fallout of the suggestion - it immediately revokes verified software trust required for secure O.S. administrative program access. Whether out of ignorance or misinformation, the end result is the same. I was directed to this video by multiple customers. In the future, this mistake can be rectified without reinstalling the O.S. or losing data, but it will require the original administrator account password (it is expected this was this was the case before the newly created errors) : 1) restart the pc in SAFE MODE (hold down the SHIFT key when selecting RESTART) 2) select TROUBLESHOOTING > ADVANCED OPTIONS > STARTUP SETTINGS > SAFE MODE WITH NETWORKING 3) after the restart, login to the ADMINISTRATOR account (or the user with administrator access) normally 4) after the O.S. loads, you will be able to run mmc.exe and revert the changes (move the certificates back to TRUSTED) 5) after they are moved back, restart the computer and access should be restored

Rob, you didn't mention Linux... how do they deal with this issue?

@robbraxmantech

7 ай бұрын

All OS's have the possibility of a Root certificate being installed. On linux it's in a directory /etc/ssl/certs. Many questionable root authorities on there (like Microsoft, Amazon)

Rob, at 16:57 you are wrong afaik. On my normie Android 10, Google Chrome, Firefox, Duckduckgo browser, Lightening Browser, Privacy Browser (Soren Stoutner's), all show certificates natively. Some others do not, though, like Samsung Internet (quite of a concern imo), or Firefox Focus.

I have moved onto using CalyxOS for daily use... I kept my old phone for Google stuff... I wanted to say that I have Never put any ID into any phone I've used or set up.... I never had a Blackberry ID but used those phones for 10 years..... I've never had an apple ID but have used a SE at work..... It's easy to set up an Android WITHOUT putting in a sim or using WiFi or adding a Google account.... I put in my sim AFTER I've totally set up the phone - disabling many apps or Restricting battery use & turning off notifications....etc... There is NO NEED to add your GOOGLE ACCOUNT....

Well this is unsettling.

Great 😊😅 Stuff ! Could you Start constantly reminding us Of Our Precious 4'th Amendment Right to PRIVACY ? Can you put it at the Beginning too ?

@sharan4700

7 ай бұрын

Also Do you Explain Privacy from Satellite Phones ?

@jakemelinko

7 ай бұрын

I think all they have to do is call it national security then people accept it or too bad for you

nice, i just installed Certificate Pinner extension in firefox

Hey Rob, thanks again for another great informative video. I've definitely learned alot from you over the past year since I started watching your videos. I was wondering if I could find an apk for your catch mitm app. Google play won't let me install it on my galaxy tab s7. It says not available for my version of android. I noticed it hasn't been updated in nearly 3 years though. I'm fed up with Google , im about to say F them and install graphenox. Which i probably should've done by now tbh.

@robbraxmantech

7 ай бұрын

try apkpure.com

@majinkakashi20

7 ай бұрын

Thank you my good sir

At one point SAIC owned all this infrastructure, internet, encryption, phone network. All your base are belong to US.

Does this kind of MITM attack still work when a Diffie-Hellman key exchange is used? And do you know how to tell which handshake method is being used?

@robbraxmantech

7 ай бұрын

YES, It is exactly used to defeat Diffie-Hellman or whatever crytpographic method. Doesn't matter.

@DFPercush

7 ай бұрын

@@robbraxmantech Oh, right, because it's not an issue of cracking the encryption, it's a false identity issue with knowing who you're talking to. You can have a very private conversation with the middle man. :P

Another commenter asked about MS vs Avast... this raises a question for me to, this: If there are two fake root certificates, which one is going to be used? I.e. Microsoft has theirs, Avast has theirs...

@robbraxmantech

7 ай бұрын

Both can use it simultaneously. Depends on where you put the MITM

the Canuckistan government does this on their military networks... at least when I worked there... doing any personal stuff from work became very problematic..🤔😎

Interesting I can see the website on my browser but when I search via the play store on my phone I don't see it.

17:31 well, that's time to dust off that head cutter thing

I tried to do as you explained and I moved all Windows certificates to untrusted. Now I am in situation where there is no access to my admin rights even if I am logged in as administrator. I cannot access the registry, Task Manager, install apps, reset PC etc. Please be careful if you decide to do that. I have no idea how to fix it.

I wonder about devices like firewalls and routers, right now I am trying to learn about OPNSense and PfSense. Both getting extremely popular among home users. How to detect or avoid they do a MITM attack? Many routers like Asus asking to install a certificate because it makes your communication safe with the router while configuring the router. But I wonder if it opens a risk for my banking? Maybe I should enable/disable certificates each time I configure my router or better use a different VM for banking and configuring my network-devices that use certificates.

@srvapps

7 ай бұрын

I also use PfSense for prof use (as its also low cost). it has its own CA creation tool. It issues certs for it's VPN clients. I believe its as safe as it can be. I also run VPNs on non standard ports and GEO fence them. And keep my clients' backup off-line and/or off-site. Great firewall by the way. Banking sector perhaps need more strict measures.

@keylanoslokj1806

7 ай бұрын

​@@srvappsit's a physical device right? Not some software or emulator you can just download?

Ty

I cannot find that softare of your's that you said was on google play store.

@robbraxmantech

7 ай бұрын

try apkpure.com

Is there a way to clean my certificate list? Where can I find information about that?

Would connecting over a VPN not protect against this fake TLS MITM cert attack? The MITM attacker would also have to substitute the VPN encryption keys which are different from the TLS keys.

@robbraxmantech

7 ай бұрын

You're only protected through the VPN network. Past the VPN someone could still have an MITM, although less likely

No surprise at all

So which root certificates should we add to untrusted other than microsoft and verisign?

You just gave me fuel for a discussion between a limited connection ssl -proxy (it can get let's encrypt certs, and it can update specific txt records on a dns), and a no connection ssl-proxy with a self signed certificate distributed within the company. Still, I wish there was a way to update client web certificates on a weekly basis without all the hassle the user has to go through. It's like: installing the root cert is supposed to be easy, and installing a client certificate should be done only when you know what you are doing, and you will do it seldomly. It should be the other way around. Why is a client certificate in a browser so incredible much work? It used to be easy and rather safe in firefox by firefox creating the private key, creating the certificate request, sending the request to the server, the server signing it and firefox installing that at the click of a button. Now we have to ask the user to install a file that already has a key (why?) with a certificate, in a way that we can actually also update a root certificate.

@bloepje

7 ай бұрын

To be clear: a self signed certificate should have no place in a company IMHO, especiall if you are a 3rd party, as the action to install a root certificate everywhere is already vulnerable to attacks, let alone safeguarding the keys. As such I hate switches and network gear that force you to accept the self signed of the equipment, because it is more safe to learn to always accept rogue certificates than to accept that it is practically impossible to snoop the password of a device that is connected to the same hardware. But as a matter of fact: I do MITM myself, if an upstream service is not working I have to. But it's not really an MITM, the client service gets the MITM url, and the MITM gets the real url, and since client certificates are never used (why not?), it's an easy way to peek why an upstream service is misbehaving. Like misconfiguration of an F5. The usual problem. People that do not understand how to correctly configure an F5, combine that with people that do not understand how to route, and you get proximus.

i was already aware of this :(

mitm app is not available in the playstore here in Spain??

👍👍👍👍

Nice video but the AVAST Part made me giggle... AV Companys do insert their own Cert the reason is not shady stuff instead its because they could not technicaly do it any different if you want them to scan you web traffic for malware they need to issue their own cert in between to make the stuff readable and still give you the green lock. So if you dont want this turn it off in the Av software you use mostly under the category "TLS Protection"

I just a few days ago visited a Russian university's website and it looked like they are trying to downgrade attack my TLS connection. But it didn't work and the connection was interrupted. That said these problem do not appear with google's browser, which uses QUIC. And yes, I get downgrade attacks to other locations within Europe on a daily basis. The Russian government just does it poorly and gets caught all the time;-)

@Anton43218

7 ай бұрын

What

*Norton Lifelock?!* 😖 I'm just going to go outside and scream.

interesting stuff

Support Comment, ThX Rob’

Lets play "Deception Monopoly".

i checked my certificates in linux and .... well i am gonna need a quite some time to figure this mess out what is what

13:41 browsers use their own CRL, don't they ?

Hehe in near future we may see Message level encryption on top of TLS to achieve E2E encryption in browser through plugin to get around govt snooping... then when it gets popular, the E2E service providers are bought out by big tech giant to snoop for govt again... 😆

💥💥💥 CATCH THE MAN IN THE MIDDLE IS NOT AVAILABLE ON GOOGLE PLAY, WHERE CAN WE GET IT?

@robbraxmantech

7 ай бұрын

apkpure.com

@keylanoslokj1806

7 ай бұрын

​@@robbraxmantechis there a seminar on detecting good and bad certificates

Ooph! I must have been too aggressive on Windows 10 moving MS certs to the untrusted folder. I found I couldn't run most windows programs including mmc with an error about the publisher being unknown and the Admin blocking my access (I am the admin). Just a couple minutes of faffing about and I found that I could run mmc from safe mode. Put all the certs back where they started and all is well again. Once I get caught up on work I'll try again paying a little more attention. If someone else ends up stuck, I hop[e they see this and it helps.

Removing Windows/MS certs broke the task manager

@KingX

7 ай бұрын

I removed the Microsoft ones and one for Symantec and now I'm blocked from MMC on the admin account (not the user one though).

I have developed my own chipher (encryption program in Java) and messaging app (Swing). If you or someone is interested trying it, let me know.

@keylanoslokj1806

7 ай бұрын

Is it open source or a fed honeypot?

The situation with Russian national CA is not black and white. Verisign revoked their certificates given to Russian entities (like banks, government services) due to US sanctions. At the time, these entities were able to issue certificates from European CA, but there is no guarantee, that they won't be revoked again, so the government issued order to create national CA just in case. And of course that CA is not trusted by default, I can understand that. But the choice is: to have certificates issued by that national CA and be "potentially" listened by the government or to not have TLS at all if certificates issued by western CA are revoked again. Both choices are shit, but one of them looks shittier than the other.

👍👍👍👍👍👍

Would a vpn help? What about Linux?

i dont get how any of this helps, the government (or whomever controls the gvt) will just have the companies put this software on any update to your OS on your phone or computer. i think of that everytime theres an update to install, you dont know whats on it, but you update anyway.

First, you say that the middleman certificates are something associated with authoritarian regimes, and then you say that Microsoft actually intercepts all HTTP/TLS traffic, and Microsoft is in 'democratic' America.

@surlyogre1476

7 ай бұрын

I have no problem describing our (USA) current government as a _regime_ .

@robbraxmantech

7 ай бұрын

I'm not accusing anyone of intercepting traffic. Just that they CAN.

@musashi4856

7 ай бұрын

You pose a contradiction where there is none. Read between the lines...

@majorfallacy5926

7 ай бұрын

MS already has access to your OS, a mitm attack is way more effort than necessary for them

@cartermclaughlin2908

7 ай бұрын

I don't see your point. USA is an authoritarian regime. Look up "the Prinston paper" we lost democratic control of our country a long time ago. Russia bad does not necessarily mean US good.

Oh yes check your website certificates. They need to be original from the website, not substituted from someone else.

How do you protect yourself from hackers or viruses without an antivirus ?

@robbraxmantech

7 ай бұрын

Maybe the subject of a video

@darksidrodj_saprillio9726

7 ай бұрын

Thank you very mutch

Govt can decrypt !!

It’s not only Russia.

Your apps don't work on any new versions of android

Can't here you....what's going on.?

What they can't read now. They are all saving for later

enable TLS 1.3 and disable older versions

This is really concerning

Bytes vpn is by malwarebytes?

@robbraxmantech

7 ай бұрын

HELL NO! I RUN BYTZVPN

@keylanoslokj1806

7 ай бұрын

@@robbraxmantech why is malwarebytes compromised and you react so strongly?

google play store say: app developed for older version

@robbraxmantech

7 ай бұрын

use apkpure.com

@exit281

7 ай бұрын

@@robbraxmantech Dear Rob, thanks for ur answer ..I followed ur advise and moved all the microsoft and two avast certificates to the non trusted list...I could store my process for easy access at my desktop as konsole 1...BUT later I wanted to open konsole 1 my win 11 blocked access.. a warning come " an administrator blocked access " well its only me on that computer is no network or something...so I try to run mms.exe same result. ..even to open the command window was blocked...so no way to access my certificate to move em back to trusted...I found a way with left-click on win logo to run command window as admin and executed mms.exe and it opened normal...moved back three microsoft certificates which did not change the blockade ...will continuou tonight...need to identify which cert. blocks my access..... maybe you could publish a set of certificates which are trusted and dont block the workflow and the users can install them and delete all those that came with their machine...but I am not sure if new certificates will be delivered with the usual win updates...a real big security hole...

HOW CAN I REMOVE MS CERTICAGTES ... I NEVER LIKE THEM SPYING

Expect the next Windows Update to "fix" those Microsoft certs being untrusted ;)

@robbraxmantech

7 ай бұрын

LOL. Yeah MITM baked in permanently