|
|
|
|
|
|
by wannacboatmovie
698 days ago
|
|
|
What is described in the article is not some elaborate scheme or novel work of software engineering. Rather, it's exactly what 99% of corporate networks do (proxy server with SSL inspection using a custom root certificate) "to combat cyber threats". As coincidence would have it, this is the perfect alibi provided by a snake oil "cybersecurity" app by one of the world's largest companies. Every tech company that has promulgated the lie that a VPN operated by a third party provides added security is indirectly responsible for this. Funneling all your traffic through a shady intermediary does no such thing, and in fact often does the opposite. |
|
|
I do know that this is done - in fact worked at a pretty major smartphone manufacturer and never logged in to any personal account on work devices. It was pretty obvious by even just looking at the security info on chrome/firefox that the certificate used was a root signed by the company itself. I used to shout at the top of my lungs to my friends, that hey, _this_ is how your information is vulnerable to the corporate overlords, but I guess they weren't as paranoid as I.
The first thing I checked when moving to my next employer was if they were intercepting SSL traffic like this. (They weren't - they used Falcon)