Don’t try to support your arguments by pasting paragraphs of text from ChatGPT.
That said, there is a little nugget of useful information in there: “To do this, they install a corporate root certificate on all employee devices.”
This is true: if you are using a device which has had a root certificate installed on it you are vulnerable to MITM attacks. I would argue that your employer stealing your Anthropic API key is a pretty low risk compared to everything else that is wrong with that scenario!
Your original message above also mentioned coffee shop WiFi: that’s not a threat here. Your coffee shop has not installed a root certificate in your device.
simonw|1 year ago
That said, there is a little nugget of useful information in there: “To do this, they install a corporate root certificate on all employee devices.”
This is true: if you are using a device which has had a root certificate installed on it you are vulnerable to MITM attacks. I would argue that your employer stealing your Anthropic API key is a pretty low risk compared to everything else that is wrong with that scenario!
Your original message above also mentioned coffee shop WiFi: that’s not a threat here. Your coffee shop has not installed a root certificate in your device.
kreetx|1 year ago
Though, on topic, Claude enabling access for browsers adds nothing specific to this risk - it's a generic risk for any TLS connection.
ellellem|1 year ago
[deleted]