|
|
|
|
|
|
by itopaloglu83
814 days ago
|
|
|
Here’s how I see it. This is akin to opening your USPS mail and reading your correspondence with a friend. When instead they could’ve checked who the mails were addressed. If Facebook wanted to learn the protocol Snapchat uses, they only needed a single test device. If they only needed to learn usage patterns, they could’ve checked where the traffic is sent to or app usage time etc. Installing a root certificate is very intrusive and they behavior shows that if they are ever given the opportunity to be become a root certificate authority, they are likely to issue malicious certificates. As far as I know, no website can pin their certificates, so this takes us back to pre-HTTPS days where ISPs and network operators had a lot of fun reading user traffic. |
|
|