But if you assume full DTA mode, isn't it prudent to assume ANY server hosting provider would have the capacity to snoop on your session, no matter how it's set up, simply because it's the host and happens to control a point outside the encryption envelope? That not even countries with privacy protections written into the law can be considered safe (because they may engage in extrajudicial activity on the sly)?
IOW, if you must assume DTA mode, wouldn't your best bet be to simply get off the Internet altogether?
Biting the hand that feeds IT
