4-10% of encrypted web connections are man-in-the-middled and intercepted

Cloudflare's joint research with "a large e-commerce site" and Mozilla found that between 4-10% of secure, encrypted web connections are "intercepted," largely by corporate antivirus software that inserts its own certificates into users' browsers, allowing it to scan all traffic entering workers' computers.

This kind of workplace surveillance is often hand-waved away by capitalist bootlicker apologists who say that you should expect no privacy while using employer-provided equipment (I think this is bullshit: you'd be pissed if discovered that your private lunch break parking-lot conversation with your spouse about your cancer diagnosis was secretly recorded by your employer's hidden mics; your employer's man-in-the-middle attack on your personal Gmail traffic during your lunch break is no more acceptable).

But even if you're OK with the idea of your employer spying on you, there's the matter of overall security: man-in-the-middling browsers significantly reduces their security.

In addition to the "legitimate" workplace surveillance and other anti-virus/anti-malware interceptions, Cloudflare detected a large amount of "unknown" interceptions it attributed to malware.

The net result of using bad crypto, illustrated below, is that it opens up weaker connections to attacks. Hackers could also intercept encrypted connections and steal confidential data such as credentials, instant messages, and emails. In certain cases, like Komodia, the cryptographic implementation is so broken that an attacker can intercept any encrypted communication with little effort.

To quantify how HTTPS interception affects connection security, we analyzed the security of the cryptographic stacks used by these interceptors. Overall, we found that 65% of the intercepted connections going to the Firefox update server have reduced security, and a staggering 37% are easily vulnerable to man-in-the-middle attacks due to blatant cryptographic mistakes (e.g., certificates are not validated). As reported in the chart above, while a little better, the numbers for Cloudflare are still concerning: 45% of the intercepted connections to Cloudflare have decreased security, and 16% are severely broken. Finally, the numbers for the e-commerce website sit in between: 62.3% have reduced security and 18% are severely broken.

Understanding the prevalence of web traffic interception
[Elie Bursztein/Cloudflare]

(via 4 Short Links)