Yes. Of course using https everywhere is best. But sometimes that\'s not an opti

Question

Yes. Of course using https everywhere is best. But sometimes that's not an option. In those cases, I'd like to make an informed decision. Is there any information about their prevalence? Or would that all be hidden anyway so no one knows? Does it depend on the site visited?

To be clear: I'm not referring to an attack on my wifi connection. Nor any other kind of attack. I'm asking specifically about connecting to a major ISP (let's assume U.S.) and visiting a site or connecting to my hosted web site. I'm also not asking about the government being the mitm, just anybody else.

Explanation / Answer

MITM attacks by ISPs are rare, but still do happen.

- Some mobile ISP rewrite images to be more compressed, some also compress HTML and Javascript if transferred over HTTP
- Some ISP DNSs respond to unknown domains and redirect to their search engine
- Iran's national ISP used hacked Diginotar certificates to MITM SSL connections to Google
- If the ISP is your employer, they might have put a SSL MITM CA to your work PC and are inspecting SSL traffic

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.