Comment 39 for bug 772709

Forest (foresto) wrote :

Also, this is a security problem. It robs the user of the ability to easily see that the VPN is (still) connected. If the VPN goes down, and the user doesn't happen to see the momentary pop-up message (or if that message has been accidentally or deliberately suppressed), the user will think his communications are encrypted when they are actually exposed.

It can easily be exploited:
1. Distract the user or wait until he looks away from his screen.
2. Interfere with the internet connection for a few seconds, causing the user's VPN to fail.
3. Capture the user's packets.