Same certs for everybody? Where is the security?

[Guest]

So I signed up. But it looks to me like the certs & private key I downloaded for OpenVPN are the same for everybody. That being the case, anyone sniffing my network traffic could easily download everything they need to decrypt it from TorGuard's website, and it also enables MitM attacks. This is exactly the same problem public pre-shared keys have.

 

As far as I can tell, TorGuard is not offering any meaningful VPN encryption. At least not from anybody (ISP, hotspot operator, NSA, whoever) who bothers to record my session. I guess my IP is hidden from the non-VPN servers to which I connect, which is nice, but...this means (if I care about encryption at all) I need to do something like use Tor over the VPN, and if I'm doing that I can just use Tor by itself.

 

If I'm wrong or if there's some other factor in play, I'd love to hear about it. I want to like this service. I just don't get it right now--what's really being offered here?

 

Thanks.

[Support]

We have already addressed this via support ticket, as we have already said a few times..

 

1) We don't have any private keys for download, these are called CA certs which the user needs to connect to OpenVPN, please learn more about OpenVPN before you go mouthing off nonsense.

 

2) We use encryption *OF COURSE* as you will see in the client logs ? did you even check them ? do you know how to ? they use either blowfish or AES.

 

3) NO-ONE can initiate "man in the middle attacks" without private keys - these are all *private* and no-one else can get them - i have told you this i don't know how many times now.

 

Read and Learn!