Moonchild wrote:Because HTTPS is end-to-end encryption, any intermediate intercepting this will immediately be known. By definition, this kind of filtering can only be done on the PC itself (with a certificate installed in the client allowing it) because otherwise (at least in Pale Moon's case) the connection will be flagged as untrusted (since it will be an MitM attack).
Thanks for uploading the PDF of this substantive paper. Regarding Pale Moon detection of MITM, are you referring to the use of NSS, as described on page 3 of the paper?
Firefox was the most consistent of the four
browsers, and by default, each version produces a nearly
identical Client Hello message regardless of operating system
and platform. ...Mozilla maintains its own TLS implementation,
Mozilla Network Security Services (NSS) [42]. NSS specifies
extensions in a different order than the other TLS libraries
we tested, which allows it to be easily distinguished from
other implementations. The library is unlikely to be directly
integrated into proxies because it is seldom used in server-side
applications.
And as an FYI,
this blog from one of the long-time Mozilla stalwarts, Robert O'Callahan, advises
only using Windows Defender for real-time AV. (He was in the trenches of Firefox development for many years, so his opinion carries a lot of weight in this regard. And coincidentally, I see that Moonchild
ported one of his patches today.)