[spacexsucks]

As a point of clarification, lest someone take you seriously, clear warnings are what is needed. And smart users. Instead of raising awareness, google et al have been trying to hide https, parts of url, so that they can maintain control.

As someone who runs their own cloud top to bottom with custom CAs, adding a trusted root CA is a pain. Removing the ability for me to run ym CA takes away control of my own device from me and puts it in the hand of the big companies.

You should hard reset your phone when crossing boundaries. You would do the same if somone borrwed your clothes.

Would you lend some one your clothes with your passport and wallet in it? Then why is a phone any different.

[mike_d]

It sounds like you are the type of person that should just be rolling their own browser anyway.

Like I said, there are a lot of things they could have done better here. But the threat is real and its not some tinfoil conspiracy by "big tech." It is our job as technologists to first and foremost do what we can to protect the 99.999% of users who do not run their own CA.

[thayne]

Running your own CA is a pretty common thing for companies to do, to manage internal SSL certificates. And telling systems to trust it IS a pain. Even on Desktop you can't just drop a file in a folder, because chrome and firefox don't trust the system CAs, so you have to configure those separately, and possibly other applications as well.

I don't think it is some big conspiracy, but it isn't a good situation.