Comment by acdha

Your assumption is very optimistic for a number of people: a generation of security policy wanted everything routed through central monitoring points so you get home network -> vpn -> corporate data center -> remote server and back, all in the hope that the monitoring system would see malicious traffic (since attackers know how to use encryption & obfuscation, this is usually easily bypassed).