This attack could have been prevent post-2013, when the @IETF considered including mandatory encryption as part of the new HTTP/2.0 standard. But they blocked it despite explicit warnings that without that protection, users would soon face exactly the attacks we see today.

Edward Snowden on Twitter

“Huge: @Citizenlab catches ISPs invisibly redirecting download requests for popular programs, injecting them with government spyware. Unencrypted web traffic is now provably a critical, in-the-wild vulnerability. 20-30% of top internet sites affected. https://t.co/5RR8BlkicH”

^twitter.com