[TacticalCoder]

Private messages won't be scanned for now, but what about the certificates in web browsers that could be swapped at will by any certificate in the control of some EU apparel so that "encrypted" web traffic could be sniffed and MITMed?

Which moreover came with a fineprint specifying that it'd be illegal for browsers to warn users about certificate being swapped?

Is that out of the window for now too?

[sofixa]

> Private messages won't be scanned for now, but what about the certificates in web browsers that could be swapped at will by any certificate in the control of some EU apparel so that "encrypted" web traffic could be sniffed and MITMed?

That was a (probably) unintended consequence of the eIDAS legislation, where specific Certificate Authorities must be trusted by browsers to enable digital certificates and signing to work EU-wide. This has since been corrected and the legislation explicitly states that those CAs and the regular CAs can and should be kept separate, thus MITM won't be possible unless the browser chooses to mix things.