[jusepal]

I'm currently in Malaysia. TM, the biggest public facing ISP here goes a step further by also ssl mitm-ing Google dns and Cloudflare dns DoH endpoint. Their idea is to hijack and route all query intended for both to their own DoH server. Obviously browsers showed big red warning about the attack since users explicitly setup their browser to use Google or Cloudflare DoH but instead being hijacked and routed to TM's own DoH endpoint. The whole ordeal is so baffling, i wonder which senior network admin at TM give that a go, or whether TM actually got competent network admin at all.

With that single misstep, suddenly the people realized if they could (and did) mitm Google and Cloudflare dns endpoint, they could mitm Gmail, Outlook, Riotgames, Facebook, Tiktok or whatever too. Public outcry comes pouring in and the Minister of Comm backtracked.