ISPs inject malware into chat download streams
-
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
How do they MiT you on an encrypted connection? i.e. if you're using HTTPS, they have no ability to inject anything.
Oh there are ways. How do you think that tools like Palo Alto do deep channel inspection?
And of course there are ways - but I will never install an ISP cert as long as another internet connection option is available.
But once that option is gone, well, so is the free and open internet.
Lots of people don't have alternative options to check and see if they are getting an ISP cert or not.
Oh.. I think I see where you are going here... but now my question is - will that work?
Let's assuming I'm trying to download telegram, so I go to https://telegram.org. The ISP can't fake the cert for Telegram.org - I mean they can, but your browser won't trust their fake cert, unless they got the ISP's own root cert into the user's computer's root store.
-
@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
How do they MiT you on an encrypted connection? i.e. if you're using HTTPS, they have no ability to inject anything.
Oh there are ways. How do you think that tools like Palo Alto do deep channel inspection?
And of course there are ways - but I will never install an ISP cert as long as another internet connection option is available.
But once that option is gone, well, so is the free and open internet.
Lots of people don't have alternative options to check and see if they are getting an ISP cert or not.
Oh.. I think I see where you are going here... but now my question is - will that work?
Let's assuming I'm trying to download telegram, so I go to https://telegram.org. The ISP can't fake the cert for Telegram.org - I mean they can, but your browser won't trust their fake cert, unless they got the ISP's own root cert into the user's computer's root store.
But when EVERY site says you have a fake cert, I know no one that doesn't accept them. One time, sure. I stopped Dominica just the other night because some site had a cert problem and I knew something had happened. But when it is every site and you can't do anything without accepting them, you start accepting them. What else can you do?
-
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
How do they MiT you on an encrypted connection? i.e. if you're using HTTPS, they have no ability to inject anything.
Oh there are ways. How do you think that tools like Palo Alto do deep channel inspection?
And of course there are ways - but I will never install an ISP cert as long as another internet connection option is available.
But once that option is gone, well, so is the free and open internet.
Lots of people don't have alternative options to check and see if they are getting an ISP cert or not.
Oh.. I think I see where you are going here... but now my question is - will that work?
Let's assuming I'm trying to download telegram, so I go to https://telegram.org. The ISP can't fake the cert for Telegram.org - I mean they can, but your browser won't trust their fake cert, unless they got the ISP's own root cert into the user's computer's root store.
But when EVERY site says you have a fake cert, I know no one that doesn't accept them. One time, sure. I stopped Dominica just the other night because some site had a cert problem and I knew something had happened. But when it is every site and you can't do anything without accepting them, you start accepting them. What else can you do?
You're held hostage by your ISP. Given no other choice you might be tempted to accept their terms but you'd be idiotic in accepting those terms of having to accept their cert. I'll give you that for majority of people, yeah, they wouldn't think twice. Which is sad.
-
@nashbrydges said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
How do they MiT you on an encrypted connection? i.e. if you're using HTTPS, they have no ability to inject anything.
Oh there are ways. How do you think that tools like Palo Alto do deep channel inspection?
And of course there are ways - but I will never install an ISP cert as long as another internet connection option is available.
But once that option is gone, well, so is the free and open internet.
Lots of people don't have alternative options to check and see if they are getting an ISP cert or not.
Oh.. I think I see where you are going here... but now my question is - will that work?
Let's assuming I'm trying to download telegram, so I go to https://telegram.org. The ISP can't fake the cert for Telegram.org - I mean they can, but your browser won't trust their fake cert, unless they got the ISP's own root cert into the user's computer's root store.
But when EVERY site says you have a fake cert, I know no one that doesn't accept them. One time, sure. I stopped Dominica just the other night because some site had a cert problem and I knew something had happened. But when it is every site and you can't do anything without accepting them, you start accepting them. What else can you do?
You're held hostage by your ISP. Given no other choice you might be tempted to accept their terms but you'd be idiotic in accepting those terms of having to accept their cert. I'll give you that for majority of people, yeah, they wouldn't think twice. Which is sad.
But what is the OTHER option? See the issue? They own you, in many cases, accepting their terms is a foregone conclusion.
-
For all intents and purposes, an ISP is the government. You can refuse to accept the terms and conditions of your government, but you still have to use their water and pay their taxes.
-
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
How do they MiT you on an encrypted connection? i.e. if you're using HTTPS, they have no ability to inject anything.
Oh there are ways. How do you think that tools like Palo Alto do deep channel inspection?
And of course there are ways - but I will never install an ISP cert as long as another internet connection option is available.
But once that option is gone, well, so is the free and open internet.
Lots of people don't have alternative options to check and see if they are getting an ISP cert or not.
Oh.. I think I see where you are going here... but now my question is - will that work?
Let's assuming I'm trying to download telegram, so I go to https://telegram.org. The ISP can't fake the cert for Telegram.org - I mean they can, but your browser won't trust their fake cert, unless they got the ISP's own root cert into the user's computer's root store.
But when EVERY site says you have a fake cert, I know no one that doesn't accept them. One time, sure. I stopped Dominica just the other night because some site had a cert problem and I knew something had happened. But when it is every site and you can't do anything without accepting them, you start accepting them. What else can you do?
You can get another ISP - at least until there is no option for another ISP.
But things like Chrome completely freak out when it runs into a fake google cert - I'm not sure if that freak out includes simply not working for google properties or not though.
-
@scottalanmiller said in ISPs inject malware into chat download streams:
For all intents and purposes, an ISP is the government. You can refuse to accept the terms and conditions of your government, but you still have to use their water and pay their taxes.
while the service might not be as good, at least I live in an area where there is more than one option.
-
@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
@scottalanmiller said in ISPs inject malware into chat download streams:
@dashrender said in ISPs inject malware into chat download streams:
How do they MiT you on an encrypted connection? i.e. if you're using HTTPS, they have no ability to inject anything.
Oh there are ways. How do you think that tools like Palo Alto do deep channel inspection?
And of course there are ways - but I will never install an ISP cert as long as another internet connection option is available.
But once that option is gone, well, so is the free and open internet.
Lots of people don't have alternative options to check and see if they are getting an ISP cert or not.
Oh.. I think I see where you are going here... but now my question is - will that work?
Let's assuming I'm trying to download telegram, so I go to https://telegram.org. The ISP can't fake the cert for Telegram.org - I mean they can, but your browser won't trust their fake cert, unless they got the ISP's own root cert into the user's computer's root store.
But when EVERY site says you have a fake cert, I know no one that doesn't accept them. One time, sure. I stopped Dominica just the other night because some site had a cert problem and I knew something had happened. But when it is every site and you can't do anything without accepting them, you start accepting them. What else can you do?
You can get another ISP - at least until there is no option for another ISP.
But things like Chrome completely freak out when it runs into a fake google cert - I'm not sure if that freak out includes simply not working for google properties or not though.
Sometimes you can. Sometimes you can't. Often you can't.
