$SFOR http://bit.ly/2HkCacx / TLS 1.3 Note how ISPs invisibly redirecting download requests for popular programs, injecting them with government spyware. Unencrypted web traffic is now provably a critical, in-the-wild vulnerability. 20-30% of top internet sites are affected. This attack could have been prevented post-2013, when IETF considered including mandatory encryption as part of the new HTTP/2.0 standard.

But they blocked it despite explicit warnings that without that protection, users would soon face exactly the attacks we see today.