After all the horrible consumer practices Comcast does regularly you'll still give them the benefit of the doubt? How many times do they have to prove themselves as untrustworthy and consumer hostile that you'll stop sitting there and just hoping that next magical tech will make them stop trying to extract maximum money and inject ads into your stream?
Yes, HTTPS is great and should be deployed everywhere. But thinking that they'll just give up on injecting ads into your stream when a large chunk of people use it is hopelessly naive - especially when off-the-shelf enterprise solutions that MITM HTTPS traffic already exist.
The technical capability to MiTM TLS exists since the very moment TLS was designed. It all hinges on the ability to get a trusted certificate for the domain you want to MiTM. You can do TLS MiTM with Apache if you choose to. Acquiring the Cert has always been the problem and nothing changed in that regard. Strictly speaking, things on that front have become harder since browsers are becoming more and more strict about enforcing TLS security. If Comcast moved to distributing a CA cert to their customers I could quite well imagine that all Browser vendors block that root, as they’ve done with CA that fell out of trust.
Not to mention the Certificate Transparency efforts..
Breaking TLS is considerably harder. And forcing a cert upon your customers would be hard to scale... It would be similar to implementing a firewall forbidding TLS and VPNs. That's a hard sell.
Comcast and their telco friends just managed to lobby legislation away while completely ignoring complaints and good business. It doesn't look like Americans have any power to fight against these companies so trust into other for-profit companies which are reliant to Comcast & Co. for their profits seems a bit optimistic to me :/
That post wasn't about legislation. It was about the fact that if Comcast started trying to install root certs on the machines of customers using them for their ISP (which itself is unlikely because of the extra cost both to install, and to troublehsoot, i.e., "why can't I browse anything when I am on my new phone"), Google, Apple, and Microsoft could, and likely would, decide to reject them in their respective browsers as being untrusted. Because they have seen fit to do that in other instances where user security was compromised, and an ISP MITM every bit of your traffic is no less alarming.
Yes, HTTPS is great and should be deployed everywhere. But thinking that they'll just give up on injecting ads into your stream when a large chunk of people use it is hopelessly naive - especially when off-the-shelf enterprise solutions that MITM HTTPS traffic already exist.