[nailer]

From the conclusion:

> We deployed these heuristics on three diverse networks:

> (1) Mozilla Firefox update servers,

> (2) a set of popular e-commerce sites, and

> (3) the Cloudflare content distribution network.

> In each case, we find more than an order of magnitude more interception than previously estimated, ranging from 4–11%.

> As a class, interception products drastically reduce connection security. Most concerningly, 62% of traffic that traverses a network middlebox has reduced security and 58% of middlebox connections have severe vulnerabilities. We investigated popular antivirus and corporate proxies, finding that nearly all reduce connection security and that many introduce vulnerabilities (e.g., fail to validate certificates).