Certificate Authorities (CAs) Are Serving the Authorities, Not You
The centralised CAs "model" is not working
THE so-called "security model" we have is not working for the vast majority of us; the oligarchs control the chains (follow the money trail to understand the CAs are controlled by billionaires' "foundations" - i.e. parties that disregard security and privacy); what they offer the Web could be controlled by a proper consortium, but the Linux Foundation's subgroup is primarily sponsored by the likes of Ford and Rockefeller, not by security-vested parties.
What's at stake? Control. Not security. Not privacy. Not trust. Not authenticity. It's all about control. Whose? Not yours. You hand over control to a cartel of CAs, which are barely even independent from one another. Those CAs control not only the Web but also protocols like IRC; similarly, in IRC, some of the moderators overlap, so "Big IRC" (the very large networks) do not moderate independently, i.e. same as Mastodon.
Look ahead to foresee the threats. Think today and prepare upfront.
"In the future they can muzzle them by dealing with CAs," I wrote this morning, having noticed a considerable rise in site shutdowns by the US government, not even for illegal activities but for political reasons. Yes, "Russia this and that...."
I know, I know, I don't tolerate Russia's invasion of Ukraine any more than the average European, it's just that I can see where this leads to, a la arrests of Telegram's founder, who is also French. Will Zuckerberg be arrested for not being sufficiently pro-Trump? Or for not censoring Trump critics? And if we all agree that Zuckerberg is a terrible person, how about the same for Jack Dorsey? Or some other person who is less controversial and widely reviled?
A reader wrote to me that the above is a "5 or 10 paragraph topic" because we can envision how site-blocking at CA level would be implemented, maybe even when. At the moment they'd rather not do that as it can curtail adoption of HTTPS, not just centralised CAs (not the same thing but an additional restriction they gradually shoehorn into browsers).
"There is a lot of background info regarding CAs and how they are distributed," the reader said, "which is relevant and which most of the public probably does not know about. Those that do know about the distribution problems might not have thought about them much."
We wrote about CAs about a hundred times before, but there is no single page that is very detailed and extensive. Back when we maintained a real wiki - not just an archive thereof - it was feasible to make explanatory documents with many links and sections, refined gradually over time.
For the purpose of explaining CAs maybe we'll work on some PDF publication, but the problem is, many people these days do not bother opening PDF files and, if they do, many don't bother reading them (deterred by length, document magnitude and time required to read). █