@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
How do they MiT you on an encrypted connection? i.e. if you're using HTTPS, they have no ability to inject anything.
Oh there are ways. How do you think that tools like Palo Alto do deep channel inspection?
And of course there are ways - but I will never install an ISP cert as long as another internet connection option is available.
But once that option is gone, well, so is the free and open internet.
Lots of people don't have alternative options to check and see if they are getting an ISP cert or not.
Oh.. I think I see where you are going here... but now my question is - will that work?
Let's assuming I'm trying to download telegram, so I go to https://telegram.org. The ISP can't fake the cert for Telegram.org - I mean they can, but your browser won't trust their fake cert, unless they got the ISP's own root cert into the user's computer's root store.
But when EVERY site says you have a fake cert, I know no one that doesn't accept them. One time, sure. I stopped Dominica just the other night because some site had a cert problem and I knew something had happened. But when it is every site and you can't do anything without accepting them, you start accepting them. What else can you do?
You can get another ISP - at least until there is no option for another ISP.
But things like Chrome completely freak out when it runs into a fake google cert - I'm not sure if that freak out includes simply not working for google properties or not though.
Sometimes you can. Sometimes you can't. Often you can't.