> We can't look inside the TLS tunnel, we only transport the TCP side.
But you could if you were malicious, you control the tunnel creation code.
> It's end to end encrypted in the same sense that when you go to hackernews your ISP can't see your password because of TLS.
But its not like that. I do not have to trust my isp to not be evil. There is nothing my isp can do to read the password. I do have to trust you, you could easily modify the software in a way to read my password.