top | item 46736320

(no title)

cptskippy | 1 month ago

> This was not a mitm attack

My intent was not to color or frame the activity but to use shared understood knowledge to convey the concept. It's like the terms blacklist and whitelist. Yes they're rooted in racism, and gosh darn it if everyone doesn't still use them because we know immediately what they are and there no better term. On the flip side we successfully switched from master to main.

If you don't want people saying "mitm attack" you gotta come up with something that rolls off the tongue a little better than "it was lawful mitm inspection of a user's own traffic".

discuss

franga2000|1 month ago

The wording is only secondary to my point, which is that this isn't something to prevent. It's not "a security thing". You said "to mitigate the MiTM attack". It's not an attack and nobody should be trying to "mitigate" it. If an app vendor in trying to evade inspection by the user, they're either being shady or incompetent.

And no, most people at least in the reverse engineering circles I'm in/follow, don't say "MiTM attack" when things are done by the user with consent. I've heard MiTM-ing as a verb, MiTM/SSL/TLS proxying/inspection/interception or even (incorrectly) SSL stripping (and surely some more that I don't remember).