Re: Feedback Request – Embedded Child Protection Solution for Telcos (Academic Research)

[Jay Acuna via NANOG <nanog () lists nanog org>]

On Wed, Jun 25, 2025 at 12:04 AM Endre Szabo via NANOG
<nanog () lists nanog org> wrote:

> I bet they do on-device TLS MITM. Not sure how easy it is to do that these days, but let’s assume.

Possible, but very difficult.  Especially with HTTP/3  replacing HTTP 1.1.

Also, surreptitiously defeating encryption of apps that can hold end
users' most
sensitive data in order to feed it to some other program or cloud server on
the Telco network (intercepting and decrypting private data to send to
someone else's computer for AI processing to detect violations) would be
placing people at severe and unexpected risk.

Those servers or apps would become an obvious target for criminals interested
in the content of encrypted messages  that can include payment details,
or wallet keys, or whatever people think best to protect by e2e
encrypted transport.


With a surreptitious implant; it's possible the phone has even been resold or
placed in the hands of someone who has not consented to this 3rd party
exfiltration and data processing.   A  Telco should not want to touch that one
with a 1000 foot pole.    Just have the entity who does the chipping/
backdooring of the phones operate the infrastructure and hold the
responsibility in case of malfunction or compromise of the service.

> What’s more interesting is what they do with the actual payload extracted from these encrypted sessions.
> Like, for videos in the hundreds of megabytes range. What and where analyzes that content?
--
-JA
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/PPWU3WJATZSL42IUWPC6YZUULY3KVGEU/