[otabdeveloper4]

You ISP sniffing and MiTMing traffic on the wire is the least likely vector of malware injection.

ISP's are usually serious businesses with reputations and don't hack their own customers.

[latexr]

That “usually” is doing a ton of work. I remember Vodafone injecting scripts into webpages many years ago. While trying to find a source, I bumped into other shenanigans.

https://www.simpleanalytics.com/blog/vodafone-deutsche-telek...

[otabdeveloper4]

Out of all the bad actors on the Internet, your ISP is the least bad.

[latexr]

That’s not a valid defence, it’s moving the goalposts and whataboutism. ISPs shouldn’t be bad actors at all and they have the ability to do the most harm.

[kube-system]

Maybe if they live in a high income country with relatively strong consumer protections and are using their home ISP. But quite a lot of the internet is very much not that.

In some places and on some networks, MiTMing http traffic for undesirable use-cases is routine.