How would that work, unless the Blind posters are posting from corp-managed phones which have company-signed certs installed?

lots of places use an MDM profile if you connect to work email, for instance.

This kind of deep packet inspection is in no way limited to phones.

sure, my point was really: there's no way for your employer to intercept the packet contents unless they've got their own cert bundle installed, and you'd have to be pretty clueless to use this from a corp machine of any kind.

most people are in fact clueless.