Alan Ralph

Wearer Of Many Hats


🛠️ Please note that this site is a work-in-progress as I play around & experiment — things may change appearance between visits. 🛠️

Cyber-Mercenary Groups Shouldn't be Trusted in Your Browser or Anywhere Else

Cooper Quentin, EFF:

DarkMatter, the notorious cyber-mercenary firm based in the United Arab Emirates, is seeking to become approved as a top-level certificate authority in Mozilla’s root certificate program. Giving such a trusted position to this company would be a very bad idea. DarkMatter has a business interest in subverting encryption, and would be able to potentially decrypt any HTTPS traffic they intercepted. One of the things HTTPS is good at is protecting your private communications from snooping governments—and when governments want to snoop, they regularly hire DarkMatter to do their dirty work.

[…]

Mozilla and other root certificate database maintainers (Microsoft, Google, and Apple) should not trust Dark Matter as a root certificate authority. To do so would not only give Dark Matter, a company which has repeatedly demonstrated their interest in breaking encryption, enormous power; it would also open the door for other cyber-mercenary groups, such as NSO Group or Finfisher, to worm their way in as well.


If you'd like to comment, send me an email.