How does one take advantage of unencrypted traffic?
You can trust your ISP, but your data will not pass through just your ISP's routers. On a simple level, the internet works by passing data from one router to another, repeatedly moving each packet closer to its destination, until it is hopefully delivered. This means that your connection passes through several routers before finally reaching the site you are connecting to.
Now, as an example, right now, there are 10 routers sitting between me and stackexchange.com. Of these, apparently only the first two or three belong to my ISP. The rest either belong to some internet backbone provider, the server's ISP, or any other upstream ISP that exists between my ISP and the server's ISP. So now, instead of having to trust one ISP, you have to trust at least two ISPs and the internet backbone providers. Now that's a lot of people to trust. If any one of these has a rogue employee with access to install malware on the routers, or any of these routers are misconfigured or using outdated firmware with known vulnerabilities, an attacker can perform a Man in the Middle attack and harvest your credit card details, passwords, PII etc. as well as inject ads and/or malware and perform any other malicious action they can think of.
And that doesn't even take into account state sponsored attackers and mass surveillance. A state sponsored actor that is interested in getting access to plaintext HTTP traffic doesn't even require a rogue employee or exploitable router vulnerability. They can serve the ISP a subpoena or they can silently tap right into the fiber-optic cables. If the traffic they are targeting doesn't pass through their jurisdiction, they have the resources to perform attacks like BGP hijacking to redirect the traffic through their own jurisdiction.*
*In at least one incident, a non-state sponsored attacker also managed to perform this by hacking an ISP
I trust my ISP
There's the start of your problem. ISPs performing MITM attacks to modify cleartext http traffic, adding in their own trackers, additional or replacement ads, overage and nonpayment warnings, etc. has become the norm. And aside from being outright malicious in themselves, these things can all introduce new vulnerabilities into the sites you're visiting.
There are lots of opportunities to get in the middle after the traffic leaves your home router.
The two big opportunities that come to mind are:
- governments routing traffic from the ISP through their infrastructure (widespread or targetted surveillance)
- MITM on the server side
But MITM is not the only threat. Traffic can be logged by the various routers and infrastructure, so while they might not get all traffic, they can see and log things like passwords, metadata, etc.