Hey, fellow genius on Hacker News, do note that TLS doesn't protect against state actors, because they can very easily manipulate certificate authorities, and a malicious certificate authority completely removes most protections TLS supposedly provides.
It's enough to compromise one CA for TLS to be entirely defeated - any CA can sign a certificate for any site, and TLS implementations will accept it. The only defense is pinned certificates, but that comes with its own problems.
