Bonum Certa Men Certa

Daniel Pocock Brought Back the Site of Let's Encrypt's Founder and Proved That Let's Encrypt Does Not Verify Authenticity

posted by Roy Schestowitz on Sep 03, 2024

Let's Encrypt warning

Peter Eckersley

Let's Encrypt (part of Linux Foundation, hostage of GAFAM) and other prominent CAs may say it's "cheap" or "free" to get a 'valid' certificate (well, valid as in "OK" from their own and subjective point of view, till they change their minds). There's something dangerous about this cartel or cabal of so-called "trust" (chain thereof). Like Mastodon's secret blacklists for "the Fediverse", constituting authoritarian groupthink. Does a site with a "certificate" or some bytes from Let's Encrypt signal that it's safe? That it is authentic? No. Any malicious site, even a site that serves malware, can get a certificate from Let's Encrypt.

So what does that even accomplish or signal? Is that any more about security than "secure" boot is? It's good at locking people out of their own PC, even when nothing is wrong with the PC (or server [1, 2]).

Now that Peter Eckersley's site is back online it's a good time to revisit his "child", Let's Encrypt, which is slipping away in Geminispace. 2 days ago only 42 capsules were known to be using Let's Encrypt, yesterday it was down to 41, and today:

2562 (89.6 %) capsules are self-signed, 40 (1.4 %) use the Certificate Authority Let's Encrypt, 256 (9.0 %) are signed by another CA (may be not a trusted one).

So... yes.. It's down to 40 now. Top capsules in Lupa:

Gemini top capsules Sept 2024

techrights.org served 21,602 Gemini requests yesterday. It used its own self-signed certificate. Because in Gemini the client software does not scream and shout if one doesn't outsource. Gemini Protocol isn't made by a bunch of clowns.

Outsourcing trust is simply not security, and barely even authenticity. As Daniel Pocock put it yesterday: "After securing Peter's domain, I immediately wanted to run certbot from Peter's Let's Encrypt project and obtain a certificate. Should it really be this easy to obtain a certificate for a domain previously owned by somebody else? Make of that what you will."

Other Recent Techrights' Posts

[Meme] From Checked by Three Examiners to Gone (Granted) in 3 Seconds!
twice as many monopolies with 10% less staff
EPO Staff Representatives Explain the Latest Corruption at the EPO in a New Paper
Owing to corrupt management the EPO has resorted to corporate crime or organised crime designed to benefit large corporations. Who will pay the price? Everybody else in Europe.
Saudi Arabia and Its Footprint in X/Twitter
a massive proportion of pro-ISIS accounts in Twitter were operated from Saudi Arabia or by Saudi Arabians
 
Wine Took the Bait (Mono), Soon Starts the Microsoft Circus With the Banhammer
large companies are exercising more control over the thing/s they claim to "donate" to
Richard M. Stallman Explains Why the Web Becoming a Pile of Proprietary JavaScript Programs (Not Pages to Render) Does Harm to Web Users
"The web was designed to let users control how that data would be rendered but businesses didn't like that."
Links 13/09/2024: Crackdowns on Bloggers, Deepfakes, Internet Archive‘s Wayback Machine Now in Google Search
Links for the day
RedMonk: September the Month of the Mouth of Redmond (Still)
the usual storyline, i.e. what's not controlled by Microsoft's proprietary GitHub simply does not exist
Links 13/09/2024: Disinformation in Focus, End of Presidential Debates (Trump Accepts It Hurts Him)
Links for the day
Mono as a Double-Purpose Trojan Horse Inside Wine
And now they can oust founders and top contributor with a CoC
This is How Bad Things Have Become at Microsoft
We're seeing nearly 80 reports in English about those layoffs
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 12, 2024
IRC logs for Thursday, September 12, 2024
Links 13/09/2024: Recorded Future Bought by MasterCard, Bits of Freedom Turns 25
Links for the day
Gemini Links 13/09/2024: Towards Aristocratic Personal Computing, Technology and Privac
Links for the day
Once Again, Mass Layoffs at Microsoft (Just Like Every Month This Year)
Reporting and articles trickling in (in recent hours)
Rumour: Layoffs in IBM Consulting Today
IBM has had many layoffs lately
Microsoft Has Infiltrated the OSI and Its Moles (Whom It Pays to Speak 'for' OSI) Control the Narrative
This is utterly grotesque
Links 12/09/2024: Apple Owes a Lot of Money, Repressions and Censorship of Activists Noted
Links for the day
Anniversaries Coming Up
Probably the funnest year of our lives, and definitely the most productive
In Europe, Vista 11 Grew Only 3% (Relative to Other Windows Versions) This Year
That's a huge problem for Microsoft
Google's YouTube Censorship Has Gotten a Lot Worse and Anti-scientific (for Commercial Reasons)
By today's standards, YouTube is not something RMS can (or would) use
Google Appears to Have Broken Every Single Instance of Invidious. It's a Wake-up Call, Please Stop Uploading Videos to YouTube.
Including videos of Free software events
[Meme] Video Uploads Improved
The tools are all in our self-hosted Git repository and the licence is, as usual, AGPLv3
Apple Event as Fine Example of the "IT" Circus
It's not clear if the enemy of Free software is a company like Apple is simply public ignorance that Apple keeps fostering
Imposters Inheriting Institutions
Dealing with the "imposter syndrome"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 11, 2024
IRC logs for Wednesday, September 11, 2024
Gemini Links 12/09/2024: Clean Island and VCFMW19
Links for the day
Links 11/09/2024: EPO Patents Tossed Out by Courts, Software Patent Reveals Ford "Tech That Listens to Driver Conversations to Serve Ads"
Links for the day
More "Linux" SEO SPAM, Wrapped Up as Clown Computing, Composed by a "Bullshit Generator" (LLM)
linuxsecurity.com at it again this week
"Linux" and Linux.com Diploma Mill
The front page of Linux.com right now is the usual nonsense
[Meme] The Ponzi Scheme That Eats Rivals (by Paying Them to Stop Competing)
Why compete when you can bribe and defang antitrust authorities?
In 2006 We Had a Novell Problem and Now We Have Several Novells
Microsoft thorns inside the community
Richard M. Stallman (RMS) Debunks Misconceptions About What Free Software Means and Explains How It Works
Free software means people (including users and developers) exercise control over the program, not the programmers
Links 11/09/2024: ROOPHLOCH Report, Small Web Experiences, and Cohost Effectively Dead
Links for the day
Links 11/09/2024: Russia Enters Latvia With Drone, Truth Social Stock Crashes
Links for the day
Certificate Authority Let's Encrypt Has Fallen From 12% in Geminispace to Just 1.2% in Two Years (Capsules Usually Self-Sign Their Certificates)
Don't ask the imposters about security
The "IT Industry" is Full of Imposters (It's a Growing Crisis)
They often manage the companies
Richard Stallman Explains Stochastic Parrots (LLMs)
From his latest talk
The Toys of Today's Kids and Coordination Woes, Not to Mention a Lack of Social Skills
Too much time indoors, too much screen time
Dispelling the Notion That Microsoft is Political Left
Microsoft not only got bailed out (several times) by Donald Trump but also approached him to take over TikTok without paying for it
Linus Torvalds, the Son of a Politician, Tries to Stay Out of Politics (or Political Topics)
"I'm just a geek" has its limits in practice
Richard Stallman Still Deals With Politics
Stallman's gonna Stallman
GAFAM Not Invincible
The US has an election very soon and Microsoft is already bribing candidates for deregulation and favours, based on press reports
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 10, 2024
IRC logs for Tuesday, September 10, 2024
The Greatest Show on Earth (Buzzwords Circus)
What next? Being denied medical service because you don't have a Facebook account?
Gemini Links 11/09/2024: Happiness, Improvised Nebuliser, and olden Age of Palm OS
Links for the day