(no title)

> In my opinion, most of the governments must have obtained access to numerous Certificate Authority private keys by now. As a result, they would not only be logging DNS records but also the entire unencrypted data transfer.

Certificate Transparency ensures that having control over a Certificate Authority's private keys doesn't allow for undetectable MITM attacks since both Chrome [1] and Apple (Safari) [2] will not trust certificates that have not been submitted to CT logs and stamped as such. If a government attempts to issue a trusted certificate using a CA they control, it will be logged. You can't passively decrypt TLS connections with just access to a CA's private keys since those aren't the keys involved in communication, or even the server's private key due to forward secrecy (assuming modern TLS configs).

[1]: https://groups.google.com/a/chromium.org/g/ct-policy/c/wHILi...

[2]: https://support.apple.com/en-gb/HT205280

If they had compromised root keys, then they still need to MITM the connection in order to provide a fake certificate. This would be detectable, and there has been no evidence of it happening, so I'm sceptical its happened in any significant way. If it was widespread, and not just very targeted, we would know about it.

A government agency using a root key, and getting spotted, would be disastrous for everyone, themselves included. So, if they do have them, and I think you are probably right to assume they do, they would only use them as a last resort in incredibly extreme cases. It would not surprise me if they have have them but have never used them.

> As a result, they would not only be logging DNS records but also the entire unencrypted data transfer.

Note that even if you have the private key for a specific certificate, you still cannot perform a passive MitM attack against servers that use modern TLS using perfect forward secrecy, and active MitM attacks can sometimes be detected by the web server itself. There are different techniques that have cropped up; here's an old doc page about Caddy v1, mainly because it's the one that I remembered first:

https://caddy.its-em.ma/v1/docs/mitm-detection

That said, as others have mentioned, CT logs basically foil direct man-in-the-middle attacks abusing CA certificates. The attack will work, assuming it isn't foiled by HSTS, but it will be detected. For a government surveillance program, this would obviously be a very bad outcome.

The CA system definitely gets some deserved flak for being flawed, however I've personally found myself impressed with how much practical security against attackers the web ecosystem has managed to build up. It also was probably good to get more of it done ahead of time before governments could try to abuse gaps in the system; as it stands now, if we had DoH and ESNI (edit: or, now, ECH, I suppose) deployed widely across the internet, it would probably render this entire government surveillance operation useless.

Or the major DNS providers are just providing the government with the data without the need to MITM the connection.

Major ISP's definitely I feel like would do this. And most people are leaving DNS as default to their ISP (especially on mobile)

No need for that, just a D notice on Cloudflare and half the internet is decrypted.

Random thought: they can't use the intercepted communication against you in court because it would reveal their capability. But they can use it in an indirect way to target you.

> It is so sad that so many people won't experience late 1980s and early 1990s era of the internet, which was devoid of extensive surveillance and censorship.

Was it though?

Check out Freenet my friend. It is exactly like the internet of the 90's in almost every way, with all the good and bad that entails.