RMS, you are a world class hero. It scares me to imagine a world where one needs to audit on perpetuity or reverse engineer everything just to have a little peace of mind. I wish for activists with your passion and energy in every field of knowledge.

It narrows the chance of DNS interception but the second attack can be mitigated through certificate validation of the VPN server.