You can test Comcast in the same way that you can test a Tor exit node - the technique is exactly the same. The threat of a rogue network admin is similar to that of a rogue waitress stealing credit card info - significant criminal liability if caught. To top that, people in a position to carry out such an attack are generally easily identifiable by their employers if there is a criminal investigation. The same can't be said for the administrator of a Tor node in a foreign country.
The NSA threat relies on the assumption that they are targeting you specifically; the risk with a rogue exit node is that you are exposing yourself to an adversary that doesn't care who their victim - i.e. most criminals. My issue with Tor advocacy is that it's attempting to mitigate the risk of a perceived adversary by exposing users to a much more realistic threat. My spouse and I have both had our credit cards stolen before, but I've never had any reason to believe that I've been targeted by the NSA.
There is a definite tradeoff with regards to the whitelist/blacklist model, but ultimately both solutions are really just patching over inherent flaws in SSL trust model. I wasn't clear in earlier post - my issue is not necessarily with the HTTPS Everywhere model, but rather the perception that it gives the user pervasive end-to-end encryption and solves the issue of rogue exit nodes.
If you test comcast in the same fashion, the rouge employee can see that you are sending several thousands unique credit-card number to some website and are thus behaving in a very strange and obvious manner. They can see plainly if the request comes the investigating branch of the police.
With a tor exit-node, the operator can't identify who is sending them the traffic. They can't distinguish a investigating police from a victim.
You can disagree and think that rouge Comcast employees are easier identified than Tor operator. This is a trust question, and everyone is free to pick who they trust and who they don't. The argument given in favor of Comcast just don't sway me, and it would likely require a research paper with test data in order to actually prove what has higher risk associated with it.
The NSA do not target people specifically. That was proven by the revelations from Snowden, and has been quite obvious for quite a long time. NSA doesn't care who their victim is when they are collecting the information. It is cheaper and more effective to target everyone, and then data mine the result after everything is in their hands.
The NSA threat relies on the assumption that they are targeting you specifically; the risk with a rogue exit node is that you are exposing yourself to an adversary that doesn't care who their victim - i.e. most criminals. My issue with Tor advocacy is that it's attempting to mitigate the risk of a perceived adversary by exposing users to a much more realistic threat. My spouse and I have both had our credit cards stolen before, but I've never had any reason to believe that I've been targeted by the NSA.
There is a definite tradeoff with regards to the whitelist/blacklist model, but ultimately both solutions are really just patching over inherent flaws in SSL trust model. I wasn't clear in earlier post - my issue is not necessarily with the HTTPS Everywhere model, but rather the perception that it gives the user pervasive end-to-end encryption and solves the issue of rogue exit nodes.