Bonum Certa Men Certa
ClearlyDefined is Just Microsoft Land Grab (Which the OSI Now Actively Participates in) | Links 15/10/2020: Parted Magic Leaves OpenBox, US Congress Urged to Choose Free Software

A FIDO/FIDO2 False Sense of Security for Premium Prices

Military-grade nonsense that is proprietary and untrustworthy (monopolised by the likes of Google and Microsoft)

Manifestation against missileSummary: From the attack on software freedom (including Richard Stallman and other leaders/luminaries) we've seen a shift to attacks on privacy itself, e.g. auditable encryption; today we discuss the troubling developments in the FIDO/FIDO2 space

THE ESSENCE of Free/libre software is control, liberty, autonomy, independence, security, decentralisation and sometimes privacy too. Those are all just words that convey concepts in English. It's better understood in the absence of those things (when one lacks or loses freedom). As RMS puts it, to paraphrase a bit, either the user controls the program or the program is an instrument by which some corporation (or government) controls the user. It's really that simple. To alleviate that unjust leverage of power (developers or developers' employer) over computer users we need freedom-respecting software that is audited by many and forked if mischief occurs. This helps ensure that the public interest is prioritised, not the bottom line of some business/es. That does not mean that no business can exist; many businesses are based around distributing and supporting Free software. Perfectly moral and ethical business practices are compatible with the Four Freedoms.



"Earlier this year there was a major incident, which saw millions of rogue certificates being issued by Let’s Encrypt..."With all that in mind, we've grown cynical if not deeply concerned about the Linux Foundation. The institution itself is a misnomer (it promotes operating systems other than Linux), its biggest players (leadership) are monopolistic proprietary software companies, it advocates mass surveillance, and it works for Microsoft (which in turn works to undermine Linux).

Earlier this year there was a major incident, which saw millions of rogue certificates being issued by Let’s Encrypt, which is connected to the Linux Foundation and hosted/coded on Microsoft servers. These certificates were later revoked, but there was no transparency about what had happened. Can we trust one CA to manage so many certificates? Look at its backers and sponsors. These certificates aren't free; if they seem to be free, it's because someone foots the bill to gain something, such as the US government receiving back door access to undermine encryption (by access to private keys or similar). They're already done that even inside Switzerland, covertly of course! So do we trust Let’s Encrypt? Not really, even less so after that incident. There was never clarity and now even an explanation of what was done, who the culprit was and so on.

But this article isn't about Let’s Encrypt. It's about FIDO2. The patterns may be similar, at least some salient points. "I don't know if you've been keeping up with the developments in hardware security tokens," one reader told us this week, "but I have been very alarmed with the developments that are happening with regards to FIDO2. I feel like this is another attempt to stomp out competition just like TLS CAs did before Let's Encrypt was a thing."

"We use GnuPG a great deal here in Techrights. Most of our messages are encrypted."The reader is a bit of an expert in that domain. Also remember how the founder of Ubuntu originally amassed his wealth. "Right now," the reader noted, "companies that make products like Yubikey and Titan Security Key are selling obscenely overpriced hardware just because it has a "FIDO2 Certified" logo on it. I feel like hardware security tokens are going to end up in the same situation that happened with TLS CAs where a few bodies monopolise the system and dictate who gets to be a "trusted provider". A FIDO2 certification costs about $6500 USD, last time I checked. As someone that uses GnuPG and its open ecosystem of hardware, it pains me to see the monopolisation and profiteering that's happening around the security space."

We use GnuPG a great deal here in Techrights. Most of our messages are encrypted.

"I hope you can share this message with the right people," our reader appealed, "to combat the monopolisation and anti-competitive attempts by organisations like FIDO Alliance. There's nothing open about the FIDO Alliance. The firmware for most of those devices are closed-source and the only reason people are duped into buying them is because of the "FIDO2 Certified" seal on those products. I feel like this is a turning point in cybersecurity history and we need to kill this attempt at monopolisation before we end up with the tragedy that happened with TLS CAs."

"A mechanism for trust among parties, e.g. encryption, is crucial in a free and democratic society."How many billions of dollars were washed down the drain because of these? And we ended up with "trusted" CAs that are mostly in bed with the world's biggest spying operation. Which means they might be worse than useless...

"We decide who to trust with our OpenPGP certificates," our reader noted. "We don't let other bodies make that decision for us. Let's work together to make sure we nip this FIDO nonsense in the bud. We've got the platforms and people. The WebAuthn W3C steering members are stuffed with Google, Microsoft, and (surprise) Yubico people. I'm almost certain that they're using embedded cryptography MCUs in their closed proprietary products and then making a eye-watering profit margin."

Notice that their stuff is controlled partly by Microsoft and the NSA (in GitHub). So they clearly do not value or grasp basic security.

Our reader noted: "The OpenSK project on GitHub (by Google, I believe) uses an overpriced board and there's a nice disclaimer at the bottom that OpenSK is not FIDO certified (this is blatant FUD). They aren't even using the embedded crypto MCUs on the Nordic chip. They have gone with the excuse that their software-driven crypto is "research quality" code. OpenSK is a blatant attempt to spread FUD about uncertified FIDO hardware. Yubico are in on it as well.

"We might be the first site to touch this subject, but there's more on the way for sure.""Nitrokey has a FIDO2 product and I think it's uncertified by the looks of things. I know Nitrokey people are very closely linked to GnuPG devs because I've been around GnuPG dev a lot recently. I'm pretty sure the folks at Nitrokey see the dangers of monopolisation but they're keeping it quiet (probably in fear of the media pull Google et al have). I would also prefer remaining anonymous, thanks for allowing that..."

A mechanism for trust among parties, e.g. encryption, is crucial in a free and democratic society. Those who undermine the encryption basically maintain keys to the castle. They've long attempted to put back doors (or back door access, e.g. via third parties) to everything. Sometimes the media describes that as "weakening" encryption, but that actually means breaking; weak means broken.

We might be the first site to touch this subject, but there's more on the way for sure. "Wanted you to be the first to throw a punch though," our reader noted, "because people in the community trust you on these things."

But there's lots more on the way. Stay tuned.

ClearlyDefined is Just Microsoft Land Grab (Which the OSI Now Actively Participates in) | Links 15/10/2020: Parted Magic Leaves OpenBox, US Congress Urged to Choose Free Software

Recent Techrights' Posts

The four freedoms and GNU/Linux naming controversy, by Akira Urushibata
Social control media owned and run by 'broligarchs' keeps attacking RMS for insisting on names that include GNU
Open Source Initiative (OSI) Not Doing Its Job, Instead It's Promoting Microsoft Ponzi Schemes
it participates in Microsoft's Ponzi scheme, which helps Microsoft distract from or excuse the mass layoffs
The Register MS: Installing Free Software on Your Device is 'Sideloading'
This is a form of propaganda
Mozilla's Assisted Suicide, Assisted by GNOME
Firefox is meant to get better all the time, but instead it gets worse
Frankly Getting Sick of Slop About "AI" (Slop)
Calling everything out there "AI" serves nobody and nothing but the Ponzi scheme
Media Gaslighting Dooms the Media
this "AI" gaslighting is done because publishers get paid to do so
 
The Free Software Foundation (FSF) Looking to Add Associate Members
"Celebrate '26 by helping us reach our New Year's goal before Jan. 16: join as an associate member today. You will help the FSF remain strong and independent to empower technology users everywhere. Join us today and help us reach our goal of 100 new associate members!"
Only Google is Still Spreading Lots of Slopfarms' Fake News and Plagiarism About Linux
2 days' worth of Google News spewing crap out about "Linux"
Georgia Institute of Technology (Georgia Tech) Formally Announces Upcoming Richard Stallman Talk
Room 100, Scheller College of Business
Links 07/01/2026: Europe's 'Binding Commitments' on Ukraine's Security, "Venezuelan Leaders Project Independence"
Links for the day
Gemini Links 07/01/2026: Smart Toaster and Social Control Media Fatigue
Links for the day
Projection Tactics - Part II: Causing "Serious Harm" to Many People (Even Animals)
Narcissists and sociopaths are like that
Even Microsofters Now Speak About Microsoft Reportedly Planning to Sack 10% of Its Staff (as Early as This Month, or 2 Weeks From Now) as Real Income Falls
Microsoft buying from Microsoft isn't real income, it is accounting fraud
Crans-Montana, Le Constellation: journalists, victims' families, ProtonMail users at risk, police raids
Reprinted with permission from Daniel Pocock
GNU/Linux Reaches All-Time High in Tanzania
This month (and year) GNU/Linux is measured at an all-time high there, based on the data that statCounter can see
Links 07/01/2026: Microsoft ChatGPT Killing People and Microsoft "Github monopoly is destroying the open source ecosystem"
Links for the day
Mass Layoffs in Microsoft's XBox Soon, Just Like We've Said for Months
IBM and Microsoft are heading in a similar trajectory and are hiding how bad things are using similar tactics
Now It's a Mainstream Media (MSM) Story: Microsoft Layoffs Coming, They'll be Vast (and They Blame "AI", As Usual!)
the books were cooked (accounting fraud) to hide what really went on
Stick to the Science, the Facts, the Observable Reality
Science is at the heart of this site
Africa's Search Market Has Been Unfavourable to Microsoft
In Africa, as we've just noticed, Bing is moving down, even more sharply this year
Slideshare is Slop
Be sure fools will rewrite history online
Gemini Links 07/01/2026: Looking at 2026, Linux Anti-Minimalism, Diode Function Generators, and Inkscape
Links for the day
Projection Tactics - Part I: What is "Serious Harm"? Or Whose?
the most serious harm was done to us
Links 07/01/2026: More Signs XBox the Console is Dead/Dying, Convicted Felon Repeats Threats of Greenland Annexation
Links for the day
EPO People Power - Part XXVII - Science- and Principles-First Journalism About Issues That Matter
journalism became so shallow that nowadays it can be replaced by bots
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, January 06, 2026
IRC logs for Tuesday, January 06, 2026
Gemini Links 06/01/2026: Collective Responsibility, Pico2DVI, and TV Detox
Links for the day
Microsoft Loves Freedom, Democracy... and Linux? No, Microsoft Laying Off Because "Microsoft Loves Linux" Was Failed Posturing, Its Former Staff Moves to GNU/Linux
"What are the running totals for IBM and Microsoft layoffs?"
GNU/Linux at 4% "Market Share" (Even According to Steam Survey)
Another milestone
Links 06/01/2026: Neglect of the Elderly, Abandonment of International Laws
Links for the day
Links 06/01/2026: More Reports Point to Mass Layoffs at Microsoft (Later This Month), Greenland/Denmark Cautions the Dictator Who Illegally Invaded Venezuela
Links for the day
Internet Policy/Net Reality: You Must Never Ever Rely on Google (no "S.E.O." Either)
Stack Overflow is dying
Ahead of Mass Layoffs Microsoft Tries to Rebrand or Redefine XBox (Because the XBox is Tentatively Dead)
2026 will be the last year of XBox in all likelihood
Richard Stallman (RMS) Announces His Georgia Talk 2.5 Weeks in Advance
A lot earlier than usual
Dr. Andy Farnell on Technology That Harms People (and Lack of Regulation Which is Needed to Address This Problem)
Dr. Farnell's article is long but well worth reading
GNU/Linux Rising to 5% in Cameroon and It's Hardly the Exception
"AI" is just a smokescreen as losses pile up
Rumours: Microsoft to Lay Off 12,500-25,000 Workers Soon (Tentatively Wednesday, 15 Days From Now)
"Layoffs are coming third full week of Jan. Likely 21st but these things can move around a bit based on last minute developments."
EPO People Power - Part XXVI - European Media Has Become Part of the Problem
it is as clear as daylight that Cocainegate is real
IBM 2026 "Organizational Change/s" Means Layoffs Resume Soon, Some Claim "Forever Layoffs."
It's about "narrative control"
Microsoft Layoffs in January 2026
Get ready
Google Still Boosting Slopfarms
Slopfarms will probably all perish as soon as Google News quits sending them visitors
Links 06/01/2026: Cryptocurrency Scam Emails and Greenland's Fear of Getting 'Venezuelad'
Links for the day
Links 06/01/2026: DIY Projects and Inertial Music
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, January 05, 2026
IRC logs for Monday, January 05, 2026
To The Register MS, ARM Means Microsoft Windows (Follow the Money)
the Free software community can campaign and run sites (like the one below), but it cannot afford to bribe so-called 'news' sites like Microsoft and its OEMs do
IBM's CEO Makes No Sense
"IBM CEO Aravind Krishna on what’s really driving tech layoffs"
Links 05/01/2026: Tensions in Korea, Ukrainians See "Double Standard" in a US Russia-Style Invasion
Links for the day
Gemini Links 05/01/2026: Farewell to CBS Reality, Being On-Call, Digital Ad Spendings
Links for the day
Remember That Nobel Prizes Are All Named After the Inventor of Explosives (Even a "Nobel Prize for Peace")
These rewards are only as valuable as the reputation they earn for themselves
Baidu and Yandex Have Overtaken Microsoft in Asia
how about all the Bing layoffs?
Googlebombing for Bill Epsteingate
Maybe the slopfarms too can help him cover up
Of Course GNU/Linux Has Reached All-Time High in Africa in 2026
Africa will, on average, gravitate towards Free software or whatever costs less
From GNU/Linux Boosting to Slop-Boosting Career
It is sad to see someone who devoted many years of his life producing GNU/Linux stories stooping down to this "AI" boot-licking
IBM Buys, Then Disposes/Sacks, the Staff (That It Paid For)
Any money gained is spent buying some more companies to add/join up their revenue, even if the debt surges and there's little integration going on (misfits absorbed)
Time for Microsoft to Rebrand to Fit the Vapourware (Ponzi Scheme)
something between Meta and Alphabet
Links 05/01/2026: Slop Ruining Children's Minds, "Complicity of the Press in US Violence"
Links for the day
Microsoft's Windows Falls Below 20% in the UK
After a lot of years of advocacy and hard work
The Real GNU Anniversary (Not Manifesto or Announcement) is Today
the development, not the manifesto
GNU/Linux Usage Said to Have Doubled in Oceania
it's hard to discount or dismiss Oceania as a bunch of "coconut islands"
There's No Such Thing as "AI Godfather", Stop Repeating This Pure Nonsense!
Infantile or corruptible media that plays along with slop or uses slop will perish
Gemini Links 05/01/2026: "Poverty and Hunger", "Entrepreneurial Family", "Abandoning Obsidian for Logseq"
Links for the day
Links 05/01/2026: A Shrinking Canadian Economy, Brigitte Bardot's Environmentalism Recalled, Unredacted Epstein Files
Links for the day
Microsoft Allegedly Uses Performance Improvement Plans (PIPs) to Hide the Massive Scale of Company-Wide Layoffs
Just like IBM; they meanwhile talk a bunch of nonsense about "AI" to distract from their commercial calamity
Battles Are Won in the Court of Public Opinion
Many "systems" rely on the mere perception or appearance of legitimacy
No, Writing Isn't in Decline, Some of the Large and Centralised Platforms Are
Slop isn't really competition, just a passing fad and pure noise
GNU/Linux Share in Mongolia More Than Doubles
they probably lack any genuine excitement for "hey hi PCs"
Whistleblowing is About Understanding Boundaries and Risks
The bottom line is, people typically find out the truth at the end
EPO People Power - Part XXV - While EPO Managers Snort Cocaine the Staff Compiles 'Insurance Files' to Expose EPO Corruption
In this increasingly authoritarian world we need more whistleblowers
"The European Patent Reform" That Represents a Gross Violation of Laws, Constitutions, and Conventions (in Order to Make the Rich Even Richer, Mostly Outside Europe)
How far and how long will EPO corruption go?
The Reputation Issue Is Not Our Fault
Trying to squash words (and people) merely diverts more attention to them
GNU/Linux Distribution "Ultimate Edition" Fixes Its Web Site (Apparently Compromised Months Ago)
they dealt with the issue before media shame and a catastrophe of trust
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, January 04, 2026
IRC logs for Sunday, January 04, 2026