Thanks, but I wasn't actually looking for an analogy. I'm trying to understand things like how the government (or whatever actor) would gain access to browser history via a MITM attack for instance.
They wouldn't gain access to previous browser history, but as soon as they issue a certificate for a website they can get ISPs to use that certificate for MITM.
Any MITM attack is always going to be going forward, not in reverse, at least to capture authentication sessions (and then you can root around in someone's account).
3. Malware running a local proxy (Malware can try to inject it's own cert into the store too but that cert would be compromised by CT/AV/etc. A proxy with a valid gov cert would be much harder to detect.)
4. Compromised cell sites (stingray type devices)
5. Mistyped urls, often in combo with spear phishing.