Bonum Certa Men Certa
ClearlyDefined is Just Microsoft Land Grab (Which the OSI Now Actively Participates in) | Links 15/10/2020: Parted Magic Leaves OpenBox, US Congress Urged to Choose Free Software

A FIDO/FIDO2 False Sense of Security for Premium Prices

Military-grade nonsense that is proprietary and untrustworthy (monopolised by the likes of Google and Microsoft)

Manifestation against missileSummary: From the attack on software freedom (including Richard Stallman and other leaders/luminaries) we've seen a shift to attacks on privacy itself, e.g. auditable encryption; today we discuss the troubling developments in the FIDO/FIDO2 space

THE ESSENCE of Free/libre software is control, liberty, autonomy, independence, security, decentralisation and sometimes privacy too. Those are all just words that convey concepts in English. It's better understood in the absence of those things (when one lacks or loses freedom). As RMS puts it, to paraphrase a bit, either the user controls the program or the program is an instrument by which some corporation (or government) controls the user. It's really that simple. To alleviate that unjust leverage of power (developers or developers' employer) over computer users we need freedom-respecting software that is audited by many and forked if mischief occurs. This helps ensure that the public interest is prioritised, not the bottom line of some business/es. That does not mean that no business can exist; many businesses are based around distributing and supporting Free software. Perfectly moral and ethical business practices are compatible with the Four Freedoms.



"Earlier this year there was a major incident, which saw millions of rogue certificates being issued by Let’s Encrypt..."With all that in mind, we've grown cynical if not deeply concerned about the Linux Foundation. The institution itself is a misnomer (it promotes operating systems other than Linux), its biggest players (leadership) are monopolistic proprietary software companies, it advocates mass surveillance, and it works for Microsoft (which in turn works to undermine Linux).

Earlier this year there was a major incident, which saw millions of rogue certificates being issued by Let’s Encrypt, which is connected to the Linux Foundation and hosted/coded on Microsoft servers. These certificates were later revoked, but there was no transparency about what had happened. Can we trust one CA to manage so many certificates? Look at its backers and sponsors. These certificates aren't free; if they seem to be free, it's because someone foots the bill to gain something, such as the US government receiving back door access to undermine encryption (by access to private keys or similar). They're already done that even inside Switzerland, covertly of course! So do we trust Let’s Encrypt? Not really, even less so after that incident. There was never clarity and now even an explanation of what was done, who the culprit was and so on.

But this article isn't about Let’s Encrypt. It's about FIDO2. The patterns may be similar, at least some salient points. "I don't know if you've been keeping up with the developments in hardware security tokens," one reader told us this week, "but I have been very alarmed with the developments that are happening with regards to FIDO2. I feel like this is another attempt to stomp out competition just like TLS CAs did before Let's Encrypt was a thing."

"We use GnuPG a great deal here in Techrights. Most of our messages are encrypted."The reader is a bit of an expert in that domain. Also remember how the founder of Ubuntu originally amassed his wealth. "Right now," the reader noted, "companies that make products like Yubikey and Titan Security Key are selling obscenely overpriced hardware just because it has a "FIDO2 Certified" logo on it. I feel like hardware security tokens are going to end up in the same situation that happened with TLS CAs where a few bodies monopolise the system and dictate who gets to be a "trusted provider". A FIDO2 certification costs about $6500 USD, last time I checked. As someone that uses GnuPG and its open ecosystem of hardware, it pains me to see the monopolisation and profiteering that's happening around the security space."

We use GnuPG a great deal here in Techrights. Most of our messages are encrypted.

"I hope you can share this message with the right people," our reader appealed, "to combat the monopolisation and anti-competitive attempts by organisations like FIDO Alliance. There's nothing open about the FIDO Alliance. The firmware for most of those devices are closed-source and the only reason people are duped into buying them is because of the "FIDO2 Certified" seal on those products. I feel like this is a turning point in cybersecurity history and we need to kill this attempt at monopolisation before we end up with the tragedy that happened with TLS CAs."

"A mechanism for trust among parties, e.g. encryption, is crucial in a free and democratic society."How many billions of dollars were washed down the drain because of these? And we ended up with "trusted" CAs that are mostly in bed with the world's biggest spying operation. Which means they might be worse than useless...

"We decide who to trust with our OpenPGP certificates," our reader noted. "We don't let other bodies make that decision for us. Let's work together to make sure we nip this FIDO nonsense in the bud. We've got the platforms and people. The WebAuthn W3C steering members are stuffed with Google, Microsoft, and (surprise) Yubico people. I'm almost certain that they're using embedded cryptography MCUs in their closed proprietary products and then making a eye-watering profit margin."

Notice that their stuff is controlled partly by Microsoft and the NSA (in GitHub). So they clearly do not value or grasp basic security.

Our reader noted: "The OpenSK project on GitHub (by Google, I believe) uses an overpriced board and there's a nice disclaimer at the bottom that OpenSK is not FIDO certified (this is blatant FUD). They aren't even using the embedded crypto MCUs on the Nordic chip. They have gone with the excuse that their software-driven crypto is "research quality" code. OpenSK is a blatant attempt to spread FUD about uncertified FIDO hardware. Yubico are in on it as well.

"We might be the first site to touch this subject, but there's more on the way for sure.""Nitrokey has a FIDO2 product and I think it's uncertified by the looks of things. I know Nitrokey people are very closely linked to GnuPG devs because I've been around GnuPG dev a lot recently. I'm pretty sure the folks at Nitrokey see the dangers of monopolisation but they're keeping it quiet (probably in fear of the media pull Google et al have). I would also prefer remaining anonymous, thanks for allowing that..."

A mechanism for trust among parties, e.g. encryption, is crucial in a free and democratic society. Those who undermine the encryption basically maintain keys to the castle. They've long attempted to put back doors (or back door access, e.g. via third parties) to everything. Sometimes the media describes that as "weakening" encryption, but that actually means breaking; weak means broken.

We might be the first site to touch this subject, but there's more on the way for sure. "Wanted you to be the first to throw a punch though," our reader noted, "because people in the community trust you on these things."

But there's lots more on the way. Stay tuned.

ClearlyDefined is Just Microsoft Land Grab (Which the OSI Now Actively Participates in) | Links 15/10/2020: Parted Magic Leaves OpenBox, US Congress Urged to Choose Free Software

Recent Techrights' Posts

More IBM Layoffs in India
If IBM cannot afford to retain workers in India, then something is truly "out of control" at IBM
Dr. Richard Stallman Has Done No Harm to the GNU Project or the FSF (He Had Benefited Both, Always, Even After the Attacks on Him Began)
Some people try to prevent Dr. Stallman from speaking or having a platform where many people can hear him
Microsoft Isn't Denying the Mass Layoffs
Still silence from Microsoft
In Western Africa GNU/Linux Flirts With 5% Market Share
there's a gradual increase in GNU/Linux usage there
Gemini Links 09/01/2026: Pro1 X Repair and the Mercury Protocol
Links for the day
No, Microsoft Did Not Deny the Q1 Mass Layoffs (Microsoft Can Delay These)
Maybe they disperse or delay the layoffs (changing plans), but the layoffs are going to happen
EPO People Power - Part XXIX - Getting DER SPIEGEL, FAZ, Deutschlandfunk and Sueddeutsche Zeitung (SZ) to Cover EPO Scandals
We kindly ask our readers to contact their local media and urge it to cover the scandals
 
GNU/Linux May be Approaching 10% "Market Share" in Montenegro
The surge started around 2021
At IBM, "Employee Reviews" (or Appraisals in the UK) Are a "Trojan Horse" for RAs (Mass Layoffs), a Waste of Time
comments from IBMer serve to suggest that appraisals can be precursors
'Vice Coding' is Not "AI", It's a Sewer, It is Junk
Linus Torvalds was wrong. 'Vibe coding' isn't good for anything.
Links 09/01/2026: Technical Blogging Lessons Learned and Google's Gmail Getting a Lot Worse
Links for the day
Escaping GAFAM Colonialism Requires Homegrown Free Software
GNU/Linux now measured at 3% in Zambia
GNU/Linux at 4% in Saudi Arabia, Says statCounter
Some years ago Windows fell to a "market share" of just 11% there
Links 09/01/2026: Cambodia and China Extradition, "NATO’s High-risk Patrols Near Ukraine"
Links for the day
Only One Person in Charge of Fedora is Not IBM Staff
This is not a community project, it's just a way for IBM to onboard unpaid volunteers
This Is Not a Drill, GNU/Linux is Really Going 'Mainstream' on Laptops (and Desktops)
It is important to explain to people software freedom
IBM Albany Layoffs
not only did many in the site lose their job; there's more to come "and likely another one in February" (weeks from now)
EPO Workers' Industrial Action to Include Many Strikes, to Last Several Months
In some ways, The Hague and Bavaria are becoming almost indistinguishable from Moscow
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, January 08, 2026
IRC logs for Thursday, January 08, 2026
Gemini Links 08/01/2026: "New Year, Old Plans" and Alex's "Butlerian Jihad"
Links for the day
LLM Slop About "Linux" Scarce and of Very Low Quality
At this rate, we reckon there may be one (or zero) per day by year's end
IBM's "Forever Layoffs" (to Bypass Warnings or Notices as Required by WARN Act)
There is a bunch of speculations about when the next "major round" of RAs will be
Attempts to Undermine This Site's Latest Series Using Intimidation, Threats, and Presumptuous Accusations
threatening language is less effective when everyone is an alibi
Links 08/01/2026: "Golden Smartphone" Scam and Riseup Account Issues
Links for the day
Links 08/01/2026: Possible "Collapse of NATO Over Greenland"; Journalistic Malpractice and "US Voters Hate Slop"
Links for the day
EPO People Power - Part XXVIII - A Sensitive Issue for Germany and The Netherlands
If Germans who read this series can communicate this to public officials or to their media, maybe they can strike a nerve and get the ball rolling
Age Discrimination at IBM Discussed Amid Mass Layoffs (Especially in the United States)
Workers are anxious. Are they next to face the axe?
Gemini Links 08/01/2026: Potentiometer Calculator, Power Outages, Why You Should Abandon Discord for IRC (e.g. Ergo), and Formatting Gopher Posts
Links for the day
Links 08/01/2026: More Software Patents Squashed, White House Repeats Misinformation From the Kremlin
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, January 07, 2026
IRC logs for Wednesday, January 07, 2026
The Free Software Foundation (FSF) Looking to Add Associate Members
"Celebrate '26 by helping us reach our New Year's goal before Jan. 16: join as an associate member today. You will help the FSF remain strong and independent to empower technology users everywhere. Join us today and help us reach our goal of 100 new associate members!"
Only Google is Still Spreading Lots of Slopfarms' Fake News and Plagiarism About Linux
2 days' worth of Google News spewing crap out about "Linux"
Georgia Institute of Technology (Georgia Tech) Formally Announces Upcoming Richard Stallman Talk
Room 100, Scheller College of Business
Links 07/01/2026: Europe's 'Binding Commitments' on Ukraine's Security, "Venezuelan Leaders Project Independence"
Links for the day
Gemini Links 07/01/2026: Smart Toaster and Social Control Media Fatigue
Links for the day
Projection Tactics - Part II: Causing "Serious Harm" to Many People (Even Animals)
Narcissists and sociopaths are like that
Even Microsofters Now Speak About Microsoft Reportedly Planning to Sack 10% of Its Staff (as Early as This Month, or 2 Weeks From Now) as Real Income Falls
Microsoft buying from Microsoft isn't real income, it is accounting fraud
The four freedoms and GNU/Linux naming controversy, by Akira Urushibata
Social control media owned and run by 'broligarchs' keeps attacking RMS for insisting on names that include GNU
Crans-Montana, Le Constellation: journalists, victims' families, ProtonMail users at risk, police raids
Reprinted with permission from Daniel Pocock
GNU/Linux Reaches All-Time High in Tanzania
This month (and year) GNU/Linux is measured at an all-time high there, based on the data that statCounter can see
Open Source Initiative (OSI) Not Doing Its Job, Instead It's Promoting Microsoft Ponzi Schemes
it participates in Microsoft's Ponzi scheme, which helps Microsoft distract from or excuse the mass layoffs
Links 07/01/2026: Microsoft ChatGPT Killing People and Microsoft "Github monopoly is destroying the open source ecosystem"
Links for the day
The Register MS: Installing Free Software on Your Device is 'Sideloading'
This is a form of propaganda
Mass Layoffs in Microsoft's XBox Soon, Just Like We've Said for Months
IBM and Microsoft are heading in a similar trajectory and are hiding how bad things are using similar tactics
Mozilla's Assisted Suicide, Assisted by GNOME
Firefox is meant to get better all the time, but instead it gets worse
Now It's a Mainstream Media (MSM) Story: Microsoft Layoffs Coming, They'll be Vast (and They Blame "AI", As Usual!)
the books were cooked (accounting fraud) to hide what really went on
Frankly Getting Sick of Slop About "AI" (Slop)
Calling everything out there "AI" serves nobody and nothing but the Ponzi scheme
Stick to the Science, the Facts, the Observable Reality
Science is at the heart of this site
Africa's Search Market Has Been Unfavourable to Microsoft
In Africa, as we've just noticed, Bing is moving down, even more sharply this year
Slideshare is Slop
Be sure fools will rewrite history online
Gemini Links 07/01/2026: Looking at 2026, Linux Anti-Minimalism, Diode Function Generators, and Inkscape
Links for the day
Projection Tactics - Part I: What is "Serious Harm"? Or Whose?
the most serious harm was done to us
Links 07/01/2026: More Signs XBox the Console is Dead/Dying, Convicted Felon Repeats Threats of Greenland Annexation
Links for the day
EPO People Power - Part XXVII - Science- and Principles-First Journalism About Issues That Matter
journalism became so shallow that nowadays it can be replaced by bots
Media Gaslighting Dooms the Media
this "AI" gaslighting is done because publishers get paid to do so
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, January 06, 2026
IRC logs for Tuesday, January 06, 2026