Bonum Certa Men Certa

Outsourcing is Not Security

posted by Roy Schestowitz on Jun 28, 2026

10 hours ago somebody asked: "Why does Gemini prefer self-signed certificates?"

Well, based on Lupa, 3,162 (91.7%) of the known capsules use self-signed certificates. But the question goes like this:

Why does Gemini prefer self-signed certificates when in most scenarios, they provide no improved security over plaintext?

Most people are always going to visit a site from the same internet connection. If the ISP decides to MITM, you will never notice. The only devices where you have any chance of ever noticing you have been MITM'd are mobile devices - where you either notice that the public WiFi is MITMing you or your ISP at home. But a desktop computer at home? You will never notice as long as the MITM is in place from the start and continues. Which is exactly what we've seen in basically all cases where an ISP does MITM.

So why does Gemini obsess with having TLS, but configuring it in a way that makes it almost completely useless? Why not either have no TLS at all or have proper TLS?

It didn't take long for people to explain the false assumption made above. The person hosting the bulletin board said: "TLS with TOFU isn't "broken". Even without a 3rd party vouching for identities, it provides a number of advantages thanks to cryptography. Also, client certificates are very handy."

Similarly, one might ask, "whose terrible idea was it to let Microsoft control billions of PCs from the moment they boot?"

There are so many reasons why it's bad and undesirable, as shown in a thread from last summer:

"Secureboot is based on a chain of trust and we don't trust the bastards at the top of it."

"I bet it's because it triggers the question "secure for whom"?"

"Because man I just want a simple BIOS"

"Restricts freedom. Implementation issues. Vendor lock in. Should I go on?"

"Because it's "secure" against the user doing what they want with their computer."

"Because I paid my own money for the machine but some meddling corporation thinks it still owns my hardware and can dictate what I can and cannot boot on it. Secure boot is a repudiation of the sacred notion of personal property. Secure boot is pure evil."

"Microsoft’s role in distributing certs. When we were building this feature for Bottlerocket, a system that needs next level security, Microsoft becomes an obvious threat (to at least the business if not the process of distributing the secure boot database)."

Outsourcing to Microsoft is the opposite of security. Microsoft is just a back doors giant.

Other Recent Techrights' Posts

IBM's Alderon as "Silent Layoffs", Not Just Bailout From Taxpayers
Seeing through the noise
Laptop Bricked After Microsoft Certificates Expiry
Is "Jim" dead?
Five Years After Its Formation Libera.Chat Has the Most Simultaneous Users in Internet Relay Chat (IRC)
netsplit.de also measures the cross-network total at over 300k, probably for the first time in years
 
Week of Microsoft Layoffs, Maybe Record-Breaking Scale
They will mislead about the scale
Links 28/06/2026: More Om Malik Eulogies, Cloudflare Promotes Web Browser Monocultures
Links for the day
'Modern' Web: "Stop! You Are Browsing Too Fast!"
Can the Web ever recover from this?
Pensions Tied to Ponzi Schemes Are Themselves Ponzi Schemes
Pensions are becoming more like that as well
Monoculture in Europe as National (or Continental) Security Threat
We need more browser diversity
Canada 5-0: GNU/Linux Rises to 5.0%, Windows Rapidly Falls to New Lows
Will we be seeing 6-0 (6%) by year's end and will Microsoft be shown two red cards?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 28, 2026
IRC logs for Sunday, June 28, 2026
Gemini Links 29/06/2026: Sansieviera, HiFi, and Self-Signed Certificates
Links for the day
Outsourcing is Not Security
Outsourcing to Microsoft is the opposite of security
Links 28/06/2026: Turkey's State Broadcaster Suspends Commentator, Journalists Under Attack
Links for the day
Debugpoint.com Turns to LLM Slop for 'Help'
This is how sites die
Follow the Real Security Experts
Werner Koch
Assessing the Upcoming (July) Proprietary/GAFAM Cuts
The total (or %) matters to us because it can help shed light on what scale of layoffs to expect next week
Microsoft Lunduke Does Not Correct or Clarify Misinformation That He Posted (or Repeats It Instead)
Not the first time [...] detracts and/or distracts from legitimate criticisms
How Not to Do Security
Asking Microsoft for permission
Gemini Links 28/06/2026: Simulation Theory and Pursuit of Novelty
Links for the day
The Slop 'Religion' is Dying: From Widespread (Paid-for) Hype to Widespread Hate
Wait till "sentiment" in Wall Street - not just general (public) "sentiment" - shifts strongly against slop
For Whistleblowers' Sake, Choose Hosting Platforms Wisely
Techrights is hard to 'sedate'
How to Discreetly Leak Important Information to Techrights
Some years ago we published multi-part series about how to contact us securely
Expect Many More Whistleblowers From Microsoft
We envision many pissed off workers from Microsoft will become whistleblowers after next week's giant wave
Efforts to Resume Progress on FreeJS, LibreJS, and Reduce Dependence on Microsoft
It's still in a relatively early development stage
Whistleblowers Improve the World
we should appreciate and respect whistleblowers
Microsoft Windows Plunges to All-Time Lows in Japan
Microsoft is disintegrating; many people no longer use (nor need) Windows
GNU/Linux Turns 43 in 3 Months From Now
The Manifesto of the Free software movement (GNU Manifesto, 1985) turned 40 last year
SLAPP Censorship - Part 121 Out of 200: One Day We'll Discover What Company or Rich Person/s Funded the Lawfare Against Us
Even if the law firm shoulders some of the losses, then it is in effect an investor in the lawfare, according to established caselaw
Working on "Linux", But on Microsoft's Payroll
Under the totally false guise of "security" those same people are now promoting TPMs and other horrible things
Links 28/06/2026: Energy Crunch, EEE by Microsoft, and John Bolton Pleads Guilty in Dictatorship of SLAPPs
Links for the day
Jim Not Dead Yet
Let's wait a few more days
Microsoft Layoffs So Big They Cannot Even Wait for 'D-Day' (July 1)
"Layoffs at Xbox Appear to Have Already Begun, with Multiple Compulsion Games Employees Announcing Their Departures"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 27, 2026
IRC logs for Saturday, June 27, 2026
Links 28/06/2026: Heatwave in Europe and Media Failing to Actually Criticise Power
Links for the day
Gemini Links 28/06/2026: Poems, Photographs, and Neoliberalism as Religion
Links for the day
SLAPP Censorship - Part 120 Out of 200: Garrett Undermines His Own Application Because His Friend Graveley Failed to Accomplish What They Had Both Aimed For
Hold off the "popcorn"
Don't Settle for Slop
Slop is a bit of a symptom of where society is told to go
Gemini Links 27/06/2026: Photography From Interlaken to Shynige Platte, Slop 'Code', and Distro Hopping
Links for the day
TIGER COMPUTING LTD Sent Us Threats Half a Decade Ago (Because of Criticism of Their In-House Debian Developer), Now the Company's Debt is Deepening
So what is they're connected to the military?
GNU/Linux in Mexico Near All-Time High
With all the tourists packing the place (or hotels) we can imagine big changes to be seen next month (many portable devices)
Summer Plans in Tux Machines
July is nearly upon us
Gopher (Protocol) Turns 35, Gemini is 28 Years Younger
Bad technology comes and goes very fast
Be Like Stallman and Assange, Not Like MElon or Bill Epsteingate
these people treat women like worse than dirt
Exposure Leads to More Whistleblowing
In areas like IBM or European patent affairs we've always earned a lot of trust
European Patent Office (EPO) Series Will Run Well Into July
We still have a very significant chunk of EPO "trench" stories
Links 27/06/2026: Journalists Kicked Out of China, Torture in Iran and Turkey
Links for the day
How Microsoft is Preventing or Slowing Down Adoption of GNU/Linux (Fake 'GNU' Controlled by GitHub in Windows, WSL, Sabotage at Boot Level, Not Limited to Dual-Booting)
Microsoft is still at it
Rising Computer Prices Good News for GNU/Linux and Free Software
This can greatly assist the adoption of BSDs and GNU/Linux
Links 27/06/2026: More Restrictions on Social Control Media and Russia is Leveraging Cellebrite/Back Doors
Links for the day
Saying "No" is Not a Bad Thing
Society benefits from people who say "No!" even when it seems impolite (and possibly inconvenient) to say so
Next Week's "Bloodbath" at Microsoft Includes "Silent Layoffs" (Which Microsoft Won't Count)
The notion of "silent layoffs" is fast becoming the "new normal"
Akira Urushibata on the Likely False (Unverifiable) Claims Anthropic Makes About Defects for Marketing/Hype
Some pro-LLM person has managed to derail the discussion on this topic
European Patent Office (EPO) Series: "Team Campinos" in Split
The EPO team was of course headed by Campinos himself who delivered a "forward-looking" keynote speech to the assembled audience consisting mainly of Administrative Council delegates from the national IP offices
Supporting Women in the Free Software Community
The common theme here is abuse of women
Left IBM After Many Years, Came to Microsoft/XBox, Now Silent Layoffs at XBox
many inside XBox will have their last day next week
Gemini Links 27/06/2026: Homeworlds and Tarot Cards
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 26, 2026
IRC logs for Friday, June 26, 2026