Corporate networks decrypt SSL
> So the article is wrong, unless people are stupid enough to agree to install random certs into their browser (game over anyway).
Or installs some malware into the machine, or has to install a certificate to connect to a VPN, or ...
> I have a device in school that intercepts all SSL, decrypts, analyses for keywords, and then SSL's it again to send upstream to website. But you can't do that without a lot of client interaction and basically control of the client machines.
So do most corporate networks and almost all corporate PCs are connected to a domain which gives that level of control. In summary if your computer belongs to a domain you can assume that the corporate firewall is decrypting your traffic.