On Wed, Jun 25, 2025 at 12:04 AM Endre Szabo via NANOG <nanog@lists.nanog.org> wrote:
I bet they do on-device TLS MITM. Not sure how easy it is to do that these days, but let’s assume.
Possible, but very difficult. Especially with HTTP/3 replacing HTTP 1.1. Also, surreptitiously defeating encryption of apps that can hold end users' most sensitive data in order to feed it to some other program or cloud server on the Telco network (intercepting and decrypting private data to send to someone else's computer for AI processing to detect violations) would be placing people at severe and unexpected risk. Those servers or apps would become an obvious target for criminals interested in the content of encrypted messages that can include payment details, or wallet keys, or whatever people think best to protect by e2e encrypted transport. With a surreptitious implant; it's possible the phone has even been resold or placed in the hands of someone who has not consented to this 3rd party exfiltration and data processing. A Telco should not want to touch that one with a 1000 foot pole. Just have the entity who does the chipping/ backdooring of the phones operate the infrastructure and hold the responsibility in case of malfunction or compromise of the service.
What’s more interesting is what they do with the actual payload extracted from these encrypted sessions. Like, for videos in the hundreds of megabytes range. What and where analyzes that content? -- -JA