The article says that Superfish "injects third-party ads on Google searches." Does that include https://encrypted.google.com/ in Chrome and Firefox, or do key pinning and HSTS preloading successfully prevent that?
EDIT: According to another comment here, HTTPS connections in Firefox aren't affected because they don't use the system certificate store. But what about Chrome - do users see an error on pages with pinned keys, or is the proxy smart enough not to attack those connections? Or does it also disable Chrome security features like HSTS and key pinning?
EDIT: According to another comment here, HTTPS connections in Firefox aren't affected because they don't use the system certificate store. But what about Chrome - do users see an error on pages with pinned keys, or is the proxy smart enough not to attack those connections? Or does it also disable Chrome security features like HSTS and key pinning?