[20:10:17] <XioNoX>	 I was thinking about this Kazakstan MitM thing. Is it possible for us to know if a user is being MitM'ed?
[22:00:27] <Krenair>	 I suppose it's possible their MitM proxies might exhibit some unique characteristics to the outside
[22:00:35] <Krenair>	 particular set of ciphers or whatever
[22:00:43] <Krenair>	 but not necessarily
[22:08:54] <Krenair>	 client side can check issuers etc. but I'm not sure if JavaScript code we send to browsers would have the ability to check this
[22:12:26] <Krenair>	 might be a particular set of IPs or whatever
[22:15:33] <Krenair>	 am reminded of https://en.wikipedia.org/wiki/Internet_Watch_Foundation_and_Wikipedia#Effects_on_Wikipedia
[22:23:48] <cdanis>	 XioNoX: it should be not too hard to detect it from within mobile apps, but I don't think there's a good way to detect it from within javascript running inside an unmodified web browser
[22:33:22] <Platonides>	 hmm, I wonder if the Wikipedia app pins the certificate and shows a warning if the user is being MITMed
[22:47:42] <Krenair>	 oooh, mobile apps, good call cdanis 
[22:48:05] <Krenair>	 Platonides, I wonder if that behaviour is consistent across the separate apps :))
[22:48:50] <Platonides>	 good point :D