How NSA etc does MITM

This is "speculation" but shows how it "could" be done

Block diagram of how in the PDF

https://s3.amazonaws.com/s3.documentcloud.org/documents/785152/166819124-mitm-google.pdf

 

Although if the user was versed in security and had the proper measures in play that MITM would be a total failure. How?

Utilize a method whereby you examine the ENTIRE certificate fingerprint (automatically) compared to a KNOWN valid one from previous connections and it would immediately tip you off. There is NO way to create a perfect match (SHA-1) for the actual full fingerprint unless the adversary has stolen and has used/access to the private key for the site certificate. Tough to do. The more security minded sites/connection types establish PFS which disables even a stolen private key.

The example above is for when you connect to "secure https" type sites. If you are connecting to http sites there is almost no security for those that are "black hatters" with a will. Nothing I do in http is of any importance to me and my vpn tunnel is always encrypted using pfs up to the exit node so I don't care. My .02.

 

Do they perform MITM against Tor users and under what circumstances would they do it?

 

New NSA Leak Shows MITM Attacks Against Major Internet Services

 

The question is....why would the NSA brother doing MITM attacks against me or just a regular Tor user? I'm just using Tor to prevent my ISP from knowing what kind of sites I browse and preventing web sites from knowing my true IP address.