Recently on Tor Talk, there was a discussion of SSL visibility appliances (https://www.bluecoat.com/products/ssl-visibility-appliance). They are able to strip out SSL transparently (good article here: http://www.zdnet.com/how-the-nsa-and-your-boss-can-intercept-and-break-ssl-7000016573/).<p>Are there any effective means to audit trusted CA's in browsers, so that none of these vendors are in the list? Manually reviewing every CA obviously isn't an option.<p>Does anyone have any good plugin suggestions, or defensive techniques?
I should also mention that I am not asking about defenses in particular applications, such as Tor, which does include hardcoded certs. I am more interested in everyday use while not using specialized services such as VPN clients and Tor.