> Some progress is better than none, and it's still nice that my ISP can't snoop on me any more. Unfortunate, TLS also took away my ability to inspect my own traffic! This makes it more difficult for me to monitor what my OS and browser vendor are doing, and as I've said previously, i trust these parties comparatively less than my ISP.
It might be more correct to say that Certificate Pinning made it so you can't inspect your own traffic - for sites with TLS but without certificate pinning, you can just as easily create your own root certificate and force the browser and OS to trust the cert by installing it at the OS level. This is (part of, atleast) how tools like Fiddler and Charles Proxy allow you to inspect HTTPS traffic, the other part being a mitm proxy that replaces the server's actual cert with one the mitm proxy generates [0]
I've used mitm proxies, the problem is I don't know whether the software is behaving the same way under a proxy as it would normally.
Edit: To be clear, I'm not even suggesting the software would be doing this maliciously! Apps do all sorts of weird things when you try to proxy them, I know this because I do run most of my traffic through a proxy (for non-privacy reasons). Just for example, QUIC gets disabled.
If you're that worried about software being that devious, then you probably shouldn't be using that software at all, regardless of your ability to monitor its traffic.
this isn't solely about the aspect you're hinting at: plenty of smart appliances are effectively useless/inoperarive if not interacted with with their accompanying proprietary (shitty) smartphone app. Developing an alternative app requires reverse engineering; that's when you realize the current state of the art is obfuscating and encrypting each and every network layer even for gadgets as mundane as an RGB mood light.
It might be more correct to say that Certificate Pinning made it so you can't inspect your own traffic - for sites with TLS but without certificate pinning, you can just as easily create your own root certificate and force the browser and OS to trust the cert by installing it at the OS level. This is (part of, atleast) how tools like Fiddler and Charles Proxy allow you to inspect HTTPS traffic, the other part being a mitm proxy that replaces the server's actual cert with one the mitm proxy generates [0]
[0]: https://www.charlesproxy.com/documentation/proxying/ssl-prox...