> How much of a problem is this in reality?
Bigger than you realise, clearly.
I can't give you any specific examples for France, but in the US (which lets face it, is a market with a massive amount of influence on tech) various ISPs have been caught doing things like:
- Verizon injected a subscriber specific advertising ID into HTTP requests, allowing their advertising partners to track you across sites (and you, of course, can't see it as a user, because it happens on the wire)
- Comcast removed advertising code from pages and injected their own, removing revenue from the site you're visiting (and "supporting" by enabling ads)
- If you followed the UK news about 10 years ago, you'll likely have heard of Phorm, a business contingent on intercepting and profiling your HTTP traffic (BT ran a trial without notifying users, it got to the point the EU had to threaten our govt if they didn't enforce their own laws)
There are plenty of other examples spread across the globe, before we even get onto some of the Snowden revelations and what the security services were found to be getting up to.
> Something of a non-issue given that it only counts for the one site.
The *example* was one site, it applies to plenty of others too, that's just the way examples work.
There's a reason why browsers are concerned about mixed content (i.e. embedding content fetched with plain http in a https page) - because they're available to be manipulated by a man on the wire, those assets can be used in order to inject unwanted content and potentially compromise the page (much like why having unvetted ads on a payment page is a horrible idea).
Biting the hand that feeds IT
