"News of the security flaw comes the same day that Microsoft is ending support for Windows 7. The company has encouraged people to upgrade to Windows 10 to keep their PCs and laptops secure. "
Hummmmm...
At what point do they say that? Are those your assumptions? The bank might have failed to provide proper controls to secure the account. As example, 2FA is not common for banks in Canada. If the client's computer was compromised, 2FA should have secured the access to the account.
IMO relying 100% on the end devices to protect themselves is too risky.
Layered security seems to work best.
Also I prefer to heavily monitor/secure two appliances/systems than heavily monitor thousands of end devices
I don't think NOT performing packet inspection due to privacy concern is a good idea. (Good security controls should exist over its administration)
One reason why organizations use packet inspection is to protect its staffs, customers and vendors from malicious actors who could cause data breaches leading to huge privacy issues.
Privacy over Security? The right balance must be found
In a corporate environment, managed devices can be configured to force the use of specific DNS settings. The same type of implementation (MITM) could be used to analyse the requests.
That being said, this is at the OS level. An app such as Firefox could still override those settings or provide their own implementation.
Wondering if the way to go is in Incognito mode from a different IP. But then the moment I authenticate with Amazon for example, my profile (and associated data points [All IPs used, cookies, etc.]) could be used to target advertisement.
Level 6: You can exclude the protocol entirely (eg: "//news.ycombinator.com")
This will ensure the browser uses the "current protocol" as in if your website is browseable from http all request //www...com will be http and if your page is fetched using https, all resources starting with //www.hn.com will be loaded using https
if your website was reachable from protocol xyz://mydomain.com, all resources starting with // would be fetched using the xyz:// protocol