Some software check for updates without requiring the packages to be signed. The ISP could do a HTTP redirect to a fake torrent client update. The program says “Update available”. It downloads a malicious version.
Other ISPs have been caught injecting adverts into their traffic. So there’s ways.
On the other hand: HTTPS
HTTPS would prevent advert injection, assuming you didn’t accept a bad certificate at any point. But if they control your router and infrastructure, they can still redirect you to other pages however they want.
Some software check for updates without requiring the packages to be signed. The ISP could do a HTTP redirect to a fake torrent client update. The program says “Update available”. It downloads a malicious version.
Other ISPs have been caught injecting adverts into their traffic. So there’s ways.
On the other hand: HTTPS
HTTPS would prevent advert injection, assuming you didn’t accept a bad certificate at any point. But if they control your router and infrastructure, they can still redirect you to other pages however they want.