When David Cameron, prime minister of the UK, said concerning online messaging applications that offer end-to-end encryption, such as WhatsApp, iMessage, and Snapchat:
In our country, do we want to allow a means of communication between people, which even in extremis, with a signed warrant from the home secretary personally, that we cannot read?
I got a bit worried. What Cameron said, means that the existing encryption standard, SSL/TLS (https), does not encrypt at all. Is breaking SSL/TLS that easy? Yes, it is. Just use one of the following tools:
In other words, your employer, your ISP, or any other service provider on the route between you and the web site you are communicating with, can read your SSL/TLS internet traffic.
Therefore, any ISP employee can easily know your internet banking password and lift money from your bank account. Band aids such as 2FA (two-factor authorization) do not make any difference. All that the attacker needs to do, is to strategically cut off your traffic to prevent you from logging off. From there on, the attacker just continues your session in your stead. Furthermore, nothing stops ISP employees from collecting databases full of credit card details and selling them to the highest bidder. Law enforcement and intelligence agencies can also do that. That is probably what they are doing already.
Your browser was specifically constructed to deceive you. It will trust a signed certificate, not because it is trustworthy, but because that is the false belief that law enforcement (LE) needs in order to read your traffic. The certificate circus is effectively the backdoor that David Cameron demands.
I do not have a problem with the fact that Microsoft, Apple, and Google collaborate with the powers that be, in deceiving the general public. Microsoft, Apple, and Google are corporations. They kiss arse of the powers that be. They are actually meant to. Since they are not meant to be trusted anyway, they cannot do much damage, unless someone really trusts them, but then such persons will just get what they have asked for.
I have a much bigger problem with the Mozilla Foundation. It is a sanctimonious non-profit organization created for the betterment of the world. They mislead us into believing that doing good is their ultimate ambition. It isn’t. They are dangerous liars. It would have been perfectly possible to build in support for SSH, nacl, or similar encryption systems into firefox. They do not want to do that. They have always, happily supported the SSL/TLS monopoly on encryption and knowingly deceived and misled their users.
Too much trust has gone into the browser and into the belief that SSL/TLS really encrypts your traffic. Theory of deception says that everything that is trusted will be subverted and that the total amount of deception (B-A)² will keep growing in function of the aggregate belief in the deceptive statement (A=B). Theory of deception also predicts that an entire industry will emerge, geared at making money from exploiting that false belief (A=B).
Ultimately, it is the believer in the falsehood who will be held responsible for his false beliefs, because it is him who has worshipped pagan gods. Worse, it is his false belief that has created them.