Bonum Certa Men Certa

Let's Encrypt is Garbage, Albeit It's Disguised as 'Free' Privacy

Earlier this year (an unexplained incident, still): Techrights Urges Readers to Ask the Linux Foundation's Let's Encrypt (Backed by Companies That Give the NSA Back Doors) Some Hard But Legitimate Questions

Let's Encrypt address

Let's Encrypt LF connection

Let's Encrypt and LF

The signature for Let's Encrypt

Source: The latest-available IRS filing. See the IRS filing in full [PDF] for a lot more.

Summary: The 'Linux' Foundation in 'privacy' clothing is more like a monopoly disguised as non-profit while taking money from monopolies (to do their biddings in the most surveillance-intensive country in the entire world)

Yesterday we asserted (and then explained why) today's Linux Foundation -- or LF for short (one way to avoid the misleading name) -- works for monopolies, not Linux. It uses the "Linux" brand to market itself.



One thing that came from LF is a CA that issues loads and loads of certificates which expire after 3 months.

"The aspect nobody wishes to talk about is that the Let's Encrypt monopoly is reinforcing monopoly and monopolies (Let's Encrypt itself is fast becoming a monopoly and it helps large companies further monpolise and thus centralise the Web)."Look who backs this. Look who funds this. Look where the code is hosted (proprietary Microsoft GitHub). Even the site itself is outsourced to proprietary Microsoft GitHub...

Let's Encrypt is partly funded by Microsoft/GitHub and various other unsavoury companies notorious for their back doors (we can name more than a handful).

So much for security, considering how close Microsoft and the NSA have long been.

But that's not the point. That's not the most important thing.

The aspect nobody wishes to talk about is that the Let's Encrypt monopoly is reinforcing monopoly and monopolies (Let's Encrypt itself is fast becoming a monopoly and it helps large companies further monpolise and thus centralise the Web).

It may sound peculiar at first, but considering the FIDO situation we've seen it elsewhere as well. Much power can be gained -- sometimes money follows -- by making oneself the de facto standard. Then abuse and chaos may ensue, as monopolies need not compete and appease/please anyboby.

Yesterday the Let's Encrypt site published a blog post which bears a rather meaningless if not misleading headline (because a suitable headline would likely upset people right from the get-go).

Put in simple terms, sites that adopt HTTPS with the 'free' (so-called, hence scare quotes) Let's Encrypt will become inaccessible to a lot of visitors. In the name of fake 'privacy', which does nothing about spying at the endpoints (like data sales to brokers). People who think HTTPS 'means privacy' should remind themselves that companies like Facebook -- a Let's Encrypt sponsor -- use HTTPS and it does nothing to prevent Facebook from assaulting privacy like Microsoft assaults love itself. HTTPS helps secure things not at the endpoints but during transit.

LWN's headline was vastly more informative than the waffle from Let's Encrypt and it said:

Fallout from upcoming Let's Encrypt certificate changes



As described in this Let's Encrypt blog entry, certificates issued by Let's Encrypt will soon be signed solely by that organization's own root certificate, which is accepted by all modern browsers. There is one little catch, though: versions of Android prior to 7.1.1 (released in late 2016) do not recognize that certificate and will start throwing errors. "Currently, 66.2% of Android devices are running version 7.1 or above. The remaining 33.8% of Android devices will eventually start getting certificate errors when users visit sites that have a Let’s Encrypt certificate. In our communications with large integrators, we have found that this represents around 1-5% of traffic to their sites." There appears to be little to be done about this problem other than to encourage owners of older Android devices to install Firefox.


It quotes part of what Jacob Hoffman-Andrews said, followed by: "Hopefully these numbers will be lower by the time DST Root X3 expires next year, but the change may not be very significant."

Next year?

Let's Encrypt moneyJust one year? Hardly anything would change by then. See the comments in LWN. One person said: "Rooting old phones requires erasing them. I'd hazard that the users of those phones would be cautious about that (data loss), as opposed to current phones (loss of access to baking and game apps)."

They're pushing people to buy new so-called 'phones' (spying devices). And further down it says: "Plausibly deniable way to send users up the upgrade treadmill. C'mon, Android users! Throw away your devices, again!"

Why would anyone wish to turn away users in the name of fake 'privacy' or dubious levels of confidentiality? If the Let's Encrypt folks somehow hand over keys to the government (e.g. under Trump NSLs), then what good is it really? It not only helps monopolies but also militant empires.

Let's Encrypt may claim to be a liberating and democratising force, but that's assuming it does what it says on the tin.

An encrypted systems specialist elaborated on this. "Trust should only exist between the provider of data and the consumer," he said to us. "Any other third party introduced into the system is an attack against privacy, security, and autonomy. Don't let quacks convince you otherwise."

"The discussion should lead the user to devices and browsers that let them have a local list of public keys they trust. That's the basic function of TLS anyways. The concept of a CA needs to be binned altogether. You can still trust certs yourself on Firefox. Just ignore the browser warnings."

He added that "what [we] should tell users is to start trusting self-signed certificates in favour of certs provided by CAs. Let's Encrypt is a vehicle for maintaining the trust monopoly. It's free so people blindly just use it, without realising they're just further entrenching the trust monopoly. Anyone can generate TLS certs with openssl (or even more secure libressl; libressl is by the OpenBSD team. It's the best TLS software around. There's nothing magical about TLS certificates. If someone has something like WordPress, you can just use libressl to generate your own certs and then put a banner on the top of your info page on your website asking users to trust whichever cert you generated and hasn't expired [and] what we really need in a truly security-and-privacy respecting Web browser is one that rejects all TLS certificates by default and only accepts certs the user agrees to accept. Right now the situation is the opposite of what it should be. Users have monopolised "trust providers" dictate which certs they accept. Kind of how you do when you set up SSH. You block all public keys by default and only allow ones you trust yourself. And you, the user, have full control of your trust system. Delegation of trust mechanisms to third parties is flagrant stupidity in any security system. In summary: right now you, the user, have a dictator ordering you whom you can and cannot trust. This is absurd. Your devices and software shouldn't stop functioning when you want to take back control over your trust. The current system is a dictatorship of CAs forcing people to give up control over their trust (and by extension, their security and privacy). These are abuses against articles 12 and 19 of the Universal Declaration of Human Rights."

Don't forget that Let's Encrypt is US-based and monopolies-backed. They're not a charity, not a nonprofit either. They have motivations that aren't altruistic and we know who pays the salaries (not friends and allies of privacy, sometimes foes of it). They call themselves "[a] nonprofit Certificate Authority providing TLS certificates to 225 million websites." The Linux Foundation also calls itself "nonprofit", but we know that's a lie.

The encrypted systems specialist said he "[had] forgot[ten] to mention one other big point. The fact you can't block CAs in your browser and certain certificates is evidence enough of the malice behind the design and implementation of the web today."

The incidents of March (earlier this year) could be seen as an eye-opener. They never bothered explaining why they had issued millions of bad certificates, which they later revoked; they didn't explain what actually caused this incident and what was done about it.

As a side note, the SELinux project of Red Hat (now IBM) used to issue monthly declarations about no government interventions/involvement. Those stopped years ago. What is it they say about canaries?

"I have never seen any letsencrypt documentation say they have canaries," oiaohm wrote this morning, "and if you know USA law on the matter canaries is basically false. One of the USA encrypted email systems that is shutdown now had canaries and when the NSA with NSL stepped in they were forbid from using them. So their end users knew nothing."

A lot more discussion regarding this issue can be found in tomorrow's IRC logs.

Comments

Recent Techrights' Posts

Daniel Pocock as Independent Candidate, Now in The London Standard
"Daniel Pocock is an independent candidate."
Andy Burnham as National Leader Would be Excellent for Techrights
Burnham has envisioned a British "centre of power" (or gravity) that moves northwards, isn't concentrated in the southeast anymore
In Defence of Courts' Privacy Policies
If you want friends, go offline. Meet real people and share real experiences.
Why I Quit Academic Career (or Academia) Nearly 15 Years Ago
I am told by people who stayed that it has only gotten worse
EPO "Cocaine Communication Manager" - Part XV - Nazi-Like Thinking at the European Patent Office (EPO) Not a Thing of the Past
antisemitism inside the EPO
Daniel Pocock Running for Office Again, Clacton-on-Sea By-election
By-election - code name "Pocock-on-Sea"
Links 17/07/2026: Microsoft is Cutting OneDrive Coverage, Larry Ellison Sued by Paramount Investor
Links for the day
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 17, 2026
IRC logs for Friday, July 17, 2026
Gemini Links 18/07/2026: A Manifesto by The Dissident, Shokz Headphones, and Gemini Tinylog Reader (GTL)
Links for the day
IBM Already Tentatively Down for Next Week (Monday) After Its Worst-Ever Week
What a week for IBM!
Links 17/07/2026: Protests Erupt Throughout Ukraine and Anthropic Caught Secretly Spying on Users
Links for the day
Gemini Links 17/07/2026: "Silence Doesn't Mean Abandoned", Revisiting PalmOS in 2026
Links for the day
Farage Out, Daniel Pocock in?
Can Pocock beat his previous voting record?
Layoffs at Microsoft Are Massive, Go Under the Radar for the Most Part
Microsoft is in a really bad shape
One Heck of a Week for IBM, the 'Grandpa' of 'High-Tech', International Business Machines Corporation (NYSE:IBM) Under Investigation by Bronstein, Gewirtz & Grossman, LLC
If IBM gets busted or might be busted, will the CEO jump, get pushed, or be arrested?
“Why Open Source Misses the Point of Free Software”
As Dr. Richard Stallman once put it
GNU/Linux Grows at the Expense of Microsoft Windows in Croatia, Now Close to 8%
Croatia has been mentioned a lot lately in relation to EPO "lobbying" (vote-rigging)
27-Year IBM Veteran on IBM: "Worse than the Titanic and Perhaps Just Like Madoff, Enron, etc."
several comments we saw today envisioned the CEO of IBM in an orange suit (in US prison)
ServiceNow/ServiceLine and Slop at the EPO is Becoming a Health Risk to Staff
PD44 has historically been the oppressor at the EPO
IBM Can Burn Pensioners to Appease Wall Street and Protect the Billionaire CEO With His Humongous Bonuses
Its stock it set to open 2.82% in the red
IBM SHAREHOLDER INVESTIGATION: Potential Securities Claims Involving International Business Machines (IBM)
there's a risk of criminal action against executives
Tux Machines Moving Onwards and Upwards
"...tasks expand to fill the time available"
The Register MS is Publishing Spam for Gartner Group to Spread Hype About "AI", Mentioned 30 Times in the Paid (Fake) Article
One sure thing is, the so-called 'tech media' is profoundly compromised by American corporations
"Market Share" of GNU/Linux Nearly Trebled in Cambodia This Month
GNU/Linux is still measured at 8% by statCounter
GitHub is Dying (Traffic Down Despite Bots and Slop), Microsoft Will Eventually Cull it - Just Like XBox - to Limit the Losses
Do not stay on GitHub (Microsoft) under the false assumption that it is "free hosting" or will always be around
Teaser: Daniel Pocock is About to Go Mainstream Again
Stay tuned, Pocock has something in store
Microsoft Has Just Been Sued Over Layoffs
If the rumours are true, there is yet another wave of layoffs at Microsoft
Richard Stallman Always Cautioned, Upfront, That His Political Views Were Wholly Separate From His Scientific Work or GNU
Notice that he already spoke a lot about politics
Nichirei and Asahi Beer Need to Take Cyberattacks as Hint of Opportunity to Move to Free Software
Windows TCO
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 16, 2026
IRC logs for Thursday, July 16, 2026
Gemini Links 17/07/2026: Sunlight in the Clouds, Techno-Therapy, and Sloppifying Original Text
Links for the day
Links 16/07/2026: Slop Recognised as a Waste of Energy, Hong Kong Cracking Down on Dissent/Opposition Some More
Links for the day
GNU/Linux Approaching 5% "Market Share" in Oceania, Almost Trebling in 12 Months
It is difficult to ignore the gains made by GNU/Linux this month
Microsoft Whistleblowers Explain How Brutal the Latest Cull is (Layoffs in Seconds-Long Calls, Mass Elimination of Whole Studios and High-Level Officials)
we see anonymous leakers or whistleblowers in the media today
Gemini Links 16/07/2026: esp32-gemserv, Slop-Contaminated Free Software, and Moving Systems
Links for the day
Last Summer Microsoft Mass Layoffs Came in Two Large Waves, Rumours Say Next Week Another Large Wave is Coming
If many more Microsoft layoffs are formally admitted next week we will not be surprised
Tomorrow is Another Strike Day at Europe's Second-Largest Institution, the Media is Still Deliberately Ignoring It
Fridays are now recommended “anchor days" for EPO strikes
Public Interest News Foundation Shows News Drought or News Deserts in the United Kingdom
Public Interest News Foundation shows that we should be deeply concerned
Illusions of Choice
Choices can be differently bad or equally bad
Windows Down to 10% in India
Windows is a "burning platform"
One Year Has Passed
Our aim is to repair an injured system wherein "abuse of process" can be turned into a weapon, leveraged even by foreigners who are funded by affluent third parties
Techrights is Annoying People Who Work for (and Serve) People Who Annoy (and Abuse) Society
Working against us (instead of with us) has historically been a bad strategy
No Skinnerboxes, No Slop, No False Idols or Corporate Prophets
Torvalds does not understand the everyday struggles of tech workers and tech users because he is a millionaire
IBM's Next Stop: $199 (Market Cap Already Under 2.5 Times IBM's Debt)
Don't rush to call us "sensationalist" over it
Links 16/07/2026: Solar Greenwashing by Energy-Wasting GAFAM and Growing Concerns About Harm by Social Control Media
Links for the day
Gemini Links 16/07/2026: Photography, Agility, and "Today I have Truly Become a Linux User."
Links for the day
Rebellion Brewing at Microsoft
As always, we welcome Microsoft whistleblowers
Technology Against Human Nature
Losing a sense of what it means to be alive
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 15, 2026
IRC logs for Wednesday, July 15, 2026