"Corporate MITM" is built into the very idea of PKI. Running your own custom PKI is a completely valid way to operate a network. This is a feature because it allows anyone to establish their own trust tree, completely outside of the public certificate trust network.
"Regimes" sounds pejorative but in truth, companies have a duty and in many cases a legal obligation to protect their networks. Prima facie, I don't see any reason at all why interception of traffic in this circumstance is "bad," except maybe a potential for political misuse like any other written medium.
I actually think the reverse would be substantially worse: if _only_ the public trust chain was valid in major browsers, we would be completely hosed and there would be no distinguishing factor at all between remote attestation and trust.
Thus, corporate TLS interception is, at worst, a necessary byproduct of a very well chosen tradeoff.
I have a minor quibble with "my network". You should have the right to intercept the traffic originating or terminating at your devices, but not to intercept any traffic going between other people's devices just because it's on your network.
Hah, remember how Amazon invented "Cyber-Monday"? They claim the Monday after Thanksgiving when people go back to work it'll be their first encounter with Internet-connected computers after the Thanksgiving vacation, and it's the time where they'll be most busy shopping for Christmas presents...
Amazon was barely a blip when Cyber Monday first came out, let alone the inventors of the term.
> The term "Cyber Monday" was coined by Ellen Davis, and was first used within the ecommerce community during the 2005 holiday season. According to Scott Silverman, the head of Shop.org, the term was coined based on 2004 research showing "one of the biggest online shopping days of the year" was the Monday after Thanksgiving (12th-biggest day historically). Retailers also noted the most significant shopping period was December 5 through 15 of the previous year. In late November 2005, The New York Times reported: "The name Cyber Monday grew out of the observation that millions of otherwise productive working Americans, fresh off a Thanksgiving weekend of window shopping, were returning to high-speed Internet connections at work Monday and buying what they liked." At the time, a lot of people had slow Internet at home. The idea for having such a holiday was created by Tony Valado, in 2003 while working at 1800Flowers.com, and coined "White Wednesday" to be the day before Thanksgiving for online retailers.
Privacy of communications is a protected right in lots of jurisdictions, not by default overridden by employer interests. From a values pov it makes sense as well, privacy is a human right and the fact that you're at work doesn't invalidate that, social interactions at work can be of a personal nature that is good to keep confidential.
> We consider an HTTPS connection to be intercepted when there is a mismatch between the expected client request signature corresponding to the browser identified by the User Agent, and the actual client request fingerprint of the request.
Sounds like something that would be "trivial" to defeat, by means of "emulating" other TLS implementations more closely?
Presumably so. You'd just need to compile the curl-impersonate for the appropriate browser you want to impersonate, and then link it in to a proxy that used libcurl for its https traffic.
https://github.com/cloudflare/mitmengine