Hacker News new | comments | show | ask | jobs | submit login

How would the ISP know what pages you went to over HTTPS? Only the domain name would be available, through SNI/DNS.

They could just MITM all connections and say 'for compatibility reasons, please install this root certificate'.

With a fee, this requirement could then be waived.

Dystopian but technically possible.

This type of hypothetical drives me batty, and I was tempted to be snarky. I'm not sure how to respond to the idea that there will ever be a time your ISP requires root cert installation for service, but I will be finding a way to launch a WISP of my own at that point.

It's only slightly hypothetical.


Gogo didn't require installing a root cert, but they DID issue forged certificates to MitM connections to *.google.com (and others).

Also, remember "Superfish"? Their root cert was pre-installed by Lenovo.

My original was already snark. Though I don't think its impossible that a small amount of non-technical people might actually be convinced to do this.

Just the domain names is already a lot of information...

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact