I use adblock on Firefox on my phone. Used to be fun to jailbreak and install my own apps and stuff, just getting lazier as I age I think

Not quite. This might be a better explanation than I’m providing: https://chat.openai.com/share/c77fc7ed-9d68-4076-ab70-e953a3896bb6

If I understand the question, the traffic in your local intranet will basically always be encrypted with your root cert. So client -> proxy with your cert, then normal internet encryption from proxy -> internet.

For the apps, it depends on the app, but you can usually insert your cert into their store, it might just be different than the systems store. This could be hard to do on an non-rooted iPhone, idk. My experience is with Linux desktops. For example, in chromium based apps, there is a database in ~/.pki/nssdb that you can insert your cert into. Again, this is something I do at work where we have a very tightly controlled network and application stack. I would not recommend a MiTM proxy for your home environment, it will only cause headaches.

I think it’s important to understand how a typical SSL certificate is generated. Basically, there are a handful of companies that we have all agreeded to trust. When you download Chrome it comes with a set of trusted root certificates, so does your OS, etc. So when Amazon wants to create an SSL for amazon.com, the only way they can do that is by contacting one of those handful of trusted companies and getting them to issue a certificate that’s says Amazon.com. When you go to the site, you see a trusted party generated the cert and your browser is happy.

When you create a new root certificate and install it on your computer, you become one of those companies. So now, you can intercept traffic, decrypt it, read it, reissue a certificate for amazon.com (the same way Amazon would have gotten one from the third parties), reencrypt it, and pass it along to the client. Because the client trusts you it’s still a valid certificate. But if you inspect the certificate on the client side the root signer will no longer be GoDaddy or whatever, it will be you.

Honestly not worth the trouble on mobile

How does distro box do with more complicated gui based applications?

This guy's a fucking clown, I'm sure he's like 15

I used to work as a contractor for an environmental remediation firm. All the waterways that you joke about not swimming in are actually full of some awful carcinogen. Old industrial plants dumped awful chemicals for years and years. Some of these issues are being slowly addressed, but regulation is always well behind the science. But often, if the liability is significant enough, companies will spend millions of dollars a year to kick the can down the road doing studies and monitoring so that they can avoid what would be hundreds of millions to actually remediate the problem.