Re: It's funny to see that now...
"to a point where some countries and companies MITM every connection,"
They can only do that if you have physical access to the machines at either end, that's kind of the point of encryption. Commercial MITM requires you to trust a certificate that you would not encounter in the wild and would not be trusted by default in your browser.
Governments may be different but, pretty much, they can demand you just send them the data, they don't have to decrypt it - but to decrypt it requires the end-point's co-operation. You can't sniff a connection to Facebook from a Chinese PC without Facebook or the browser manufacturer being complicit - and you can't "break" it by using other certs without cert-pinning going ape and warning the user.
However, that said, working in a school I have a *legal requirement* to monitor every web access. Thus I have no option but to MITM every connection with an internal cert, and denying anything that doesn't present or tries to bypass that cert.
Unfortunately, it's just not as simple as "just work out what pages the user is looking at that they shouldn't" any more.
And that's just a UK school. Imagine what some of the big companies that deal with industrial espionage, military projects, etc. have to do to comply with what they need to..
Biting the hand that feeds IT
