It's possible to do HTTPS MITM detection!
https://caddyserver.com/docs/mitm-detection
(seems to exploit the fact that most MITM proxies are simplistic wrt UA)
Related Posts
Just released a new version of difftastic!
* Verilog support
* Improved Erlang, F#, Gleam, Pascal and Swift
* Better detection of binary files
https://github.com/Wilfred/difftastic/releases/tag/0.64.0
It's incredibly hard to explain adversarial problems to users. I see gamers sincerely asking "why doesn't the publisher just fix the cheater problem?".
This is exacerbated by the fact that sharing too many details of anticheat can make the problem worse.
The "line of death", where the browser UI splits between trusted UI elements and UI controlled by the website.
Also argues that HTTP warnings are better than HTTPS padlocks, because there's incentive to spoof padlocks lower on the page.
https://emilymstark.com/2022/12/18/death-to-the-line-of-death.html