Huh. I wasn't aware that ISPs could successfully intercept and spoof SSL connections without the user being aware. That doesn't match my understanding of SSL, at least assuming the CA root store is intact and not modified. Is https://im.youronly.one/techmagus/philippines-isp-hijack-connection-2021206/ the blog post you mentioned ? The browser detected that one though, so SSL still worked, right?