Firefox’s free VPN will offer 50 gigabytes of monthly data, which is pretty generous for a browser-based VPN. A Mozilla account is required to make use of it, which isn’t a hardship (they’re free), but is a point of friction some may wish to know upfront.
The SSL/TLS encryption used on the web is designed to prevent that type of attack. It’s called “asymmetric encryption”, because a different key is used to encrypt and decrypt data. So each side has both a private and public key. You can broadcast your public key, and then anyone can use it to encrypt a message that only YOU can decrypt, with your private key. The private key never goes over the network, so the VPN provider can’t intercept messages meant for you.
It’s possible to spoof the server’s certificate and make your browser think it’s talking to a real server when it’s not. However, this is difficult, because certificates follow a chain of trust, so they’d either need to compromise one of the certificate authorities (plausible for state-level actors), or compromise your web browser/OS so that it trusts a fake authority (definitely possible for a browser/OS vendor, but again, it would be noticed, especially in an open-source product like Firefox).
There are lot of enterprise products out there that perform this kind of “attack” so that businesses can monitor their network traffic. They do this by requiring adding their certificate authority to the list of trusted certs in the OS. This is often called “deep packet inspection”. If you try to use these products without adding their certs, your browser will throw a fit every time you load a site because it will see that the certificate doesn’t match.
Interesting, okay. Just to be clear, if the middle man, i.e. the VPN, were to listen in on the data exchanged during the TLS handshake, wouldn’t it be able to recreate both parties’ key pairs simply using the same algorithm? If it has all the pieces, so to speak. Or is the tech resistant to that as well?
This would require the server’s certificate, which the VPN wouldn’t (generally) have access to.
The key part of this is that server certificates are trusted and verifiable. To the extent that’s true, the process is secure against man-in-the-middle attacks. That’s because the client browser can confirm that the server’s certificate is legitimate, and encrypt its own public key with that server’s public key, so nobody in the middle can read it.
If a man in the middle replaced the encryption keys with their own, then the client would know about it, because it can verify the server’s encryption key and of course it knows its own private key, which has never been transmitted over the wire.
You can read more details on the process here: https://www.ssl.com/article/ssl-tls-handshake-ensuring-secure-online-interactions/
Of course nothing is 100% secure. God only knows how many third parties (like government intelligence agencies) have compromised major certificate authorities. If you have access a certificate authority’s private keys, then you can spoof basically anything.