Comment by parineum
7 hours ago
How are they going to MITM communications with certs that never left my machine?
Are you suggesting they broke TLS or that they've somehow acquired every private cert generated?
7 hours ago
How are they going to MITM communications with certs that never left my machine?
Are you suggesting they broke TLS or that they've somehow acquired every private cert generated?
You just intercept the traffic after its decrypted on the server side, or are you suggesting you somehow send encrypted traffic that never gets decrypted?
How closely have you reviewed your browser's list of default trusted CAs?
I second this: HTTPS (as most consumers use it) is probably a front (who are these CA's really anyway?)
Plot twist: _Perhaps_ Mythos / Fable keeps explaining ways (that we can't comprehend or don't always work) to break HTTPS due to the three letter agencies making sure they had input on their creation (and thus backdoors, I mean "bugs"), so the real catastrophe they are hiding is that HTTPS is broken (for most people, most of the time.)
Remember when Quantum computing was the threat to HTTPS? Turns out it was the humans own inability to think outside of the box!
I wouldn't go that far. I remember https://en.wikipedia.org/wiki/Firesheep - HTTPS-everywhere was unambiguously an improvement over the status quo.
It just doesn't protect you all that well from nation-scale adversaries.
> How are they going to MITM communications with certs that never left my machine?
The long game. They:
- make sure you wouldn't be in a position to need to transmit data anywhere that would receive it without CA's in their hypothetical pocket
- manage the evolution of the cloud industry to make sure portable VM's and Containers can have their data archived (both in-RAM, disk, hey just send us the running VM!)
- backdoor'd encryption algorithms from the design and implementation phase to ensure a global unlocking mechanism for any data encrypted by anybody who used a large class of extremely commonly available software
So, you run your own private bank in a cloud VM with tenant managed keys? They backdoor'd the encryption algorithm your cloud VM disk relies on, because they blackmailed one of the developers at the company who developed the hypervisor system used by your provider. Open source project? Perfect. (If you think this is nonsense, then remember the rapid discovery of ancient "bugs" causing all this drama to begin with.)
Your TLS privately generated certs that are 100% foolproof aren't actually used anywhere encrypting the data they want, because it's either worthless, or, available elsewhere perhaps at a different (or same) time.