We're more in the area of things that actually are not websites than websites. The websocket stuff I added as an experiment and if people want to use our stuff to make HTML5 applications without a proxy server in between. If it's indeed between browser and website someone could MITM it of course if that person can also give you a fake security certificate into your browser.
But on the large scale that will never happen. Maybe in corporate networks but I doubt that this will become widespread.
But on the large scale that will never happen. Maybe in corporate networks but I doubt that this will become widespread.
Maybe not ubiquitous, but multiple governments already use fake certificates to spy on secure connections, and it is incredibly common in corporate environments.
I would be surprised if this passed muster in US courts, that an IT dept could present fraudulent information to an individual in order to access private data, vs just blocking that traffic.
From what I've heard, US employees have very little legal right to privacy while at work, even if doing things or visiting e-mail accounts of a personal nature. Regardless of whether the practice would survive a legal battle, it is already widespread.
But on the large scale that will never happen. Maybe in corporate networks but I doubt that this will become widespread.