[gigel82]

Tangentially related, I found many built-in Windows applications and services use certificate pinning and will either fail outright or modify behavior (easily identified by the number and size of packets with and without MITM).

It made me very curious to find out what data they're downloading / exfiltrating that they feel the need to go to such extremes to hide it from the user.

FWIW, even some of the packages that do pass through MITM are further encrypted binary blobs, not clear text.