Bonum Certa Men Certa
ClearlyDefined is Just Microsoft Land Grab (Which the OSI Now Actively Participates in) | Links 15/10/2020: Parted Magic Leaves OpenBox, US Congress Urged to Choose Free Software

A FIDO/FIDO2 False Sense of Security for Premium Prices

Military-grade nonsense that is proprietary and untrustworthy (monopolised by the likes of Google and Microsoft)

Manifestation against missileSummary: From the attack on software freedom (including Richard Stallman and other leaders/luminaries) we've seen a shift to attacks on privacy itself, e.g. auditable encryption; today we discuss the troubling developments in the FIDO/FIDO2 space

THE ESSENCE of Free/libre software is control, liberty, autonomy, independence, security, decentralisation and sometimes privacy too. Those are all just words that convey concepts in English. It's better understood in the absence of those things (when one lacks or loses freedom). As RMS puts it, to paraphrase a bit, either the user controls the program or the program is an instrument by which some corporation (or government) controls the user. It's really that simple. To alleviate that unjust leverage of power (developers or developers' employer) over computer users we need freedom-respecting software that is audited by many and forked if mischief occurs. This helps ensure that the public interest is prioritised, not the bottom line of some business/es. That does not mean that no business can exist; many businesses are based around distributing and supporting Free software. Perfectly moral and ethical business practices are compatible with the Four Freedoms.



"Earlier this year there was a major incident, which saw millions of rogue certificates being issued by Let’s Encrypt..."With all that in mind, we've grown cynical if not deeply concerned about the Linux Foundation. The institution itself is a misnomer (it promotes operating systems other than Linux), its biggest players (leadership) are monopolistic proprietary software companies, it advocates mass surveillance, and it works for Microsoft (which in turn works to undermine Linux).

Earlier this year there was a major incident, which saw millions of rogue certificates being issued by Let’s Encrypt, which is connected to the Linux Foundation and hosted/coded on Microsoft servers. These certificates were later revoked, but there was no transparency about what had happened. Can we trust one CA to manage so many certificates? Look at its backers and sponsors. These certificates aren't free; if they seem to be free, it's because someone foots the bill to gain something, such as the US government receiving back door access to undermine encryption (by access to private keys or similar). They're already done that even inside Switzerland, covertly of course! So do we trust Let’s Encrypt? Not really, even less so after that incident. There was never clarity and now even an explanation of what was done, who the culprit was and so on.

But this article isn't about Let’s Encrypt. It's about FIDO2. The patterns may be similar, at least some salient points. "I don't know if you've been keeping up with the developments in hardware security tokens," one reader told us this week, "but I have been very alarmed with the developments that are happening with regards to FIDO2. I feel like this is another attempt to stomp out competition just like TLS CAs did before Let's Encrypt was a thing."

"We use GnuPG a great deal here in Techrights. Most of our messages are encrypted."The reader is a bit of an expert in that domain. Also remember how the founder of Ubuntu originally amassed his wealth. "Right now," the reader noted, "companies that make products like Yubikey and Titan Security Key are selling obscenely overpriced hardware just because it has a "FIDO2 Certified" logo on it. I feel like hardware security tokens are going to end up in the same situation that happened with TLS CAs where a few bodies monopolise the system and dictate who gets to be a "trusted provider". A FIDO2 certification costs about $6500 USD, last time I checked. As someone that uses GnuPG and its open ecosystem of hardware, it pains me to see the monopolisation and profiteering that's happening around the security space."

We use GnuPG a great deal here in Techrights. Most of our messages are encrypted.

"I hope you can share this message with the right people," our reader appealed, "to combat the monopolisation and anti-competitive attempts by organisations like FIDO Alliance. There's nothing open about the FIDO Alliance. The firmware for most of those devices are closed-source and the only reason people are duped into buying them is because of the "FIDO2 Certified" seal on those products. I feel like this is a turning point in cybersecurity history and we need to kill this attempt at monopolisation before we end up with the tragedy that happened with TLS CAs."

"A mechanism for trust among parties, e.g. encryption, is crucial in a free and democratic society."How many billions of dollars were washed down the drain because of these? And we ended up with "trusted" CAs that are mostly in bed with the world's biggest spying operation. Which means they might be worse than useless...

"We decide who to trust with our OpenPGP certificates," our reader noted. "We don't let other bodies make that decision for us. Let's work together to make sure we nip this FIDO nonsense in the bud. We've got the platforms and people. The WebAuthn W3C steering members are stuffed with Google, Microsoft, and (surprise) Yubico people. I'm almost certain that they're using embedded cryptography MCUs in their closed proprietary products and then making a eye-watering profit margin."

Notice that their stuff is controlled partly by Microsoft and the NSA (in GitHub). So they clearly do not value or grasp basic security.

Our reader noted: "The OpenSK project on GitHub (by Google, I believe) uses an overpriced board and there's a nice disclaimer at the bottom that OpenSK is not FIDO certified (this is blatant FUD). They aren't even using the embedded crypto MCUs on the Nordic chip. They have gone with the excuse that their software-driven crypto is "research quality" code. OpenSK is a blatant attempt to spread FUD about uncertified FIDO hardware. Yubico are in on it as well.

"We might be the first site to touch this subject, but there's more on the way for sure.""Nitrokey has a FIDO2 product and I think it's uncertified by the looks of things. I know Nitrokey people are very closely linked to GnuPG devs because I've been around GnuPG dev a lot recently. I'm pretty sure the folks at Nitrokey see the dangers of monopolisation but they're keeping it quiet (probably in fear of the media pull Google et al have). I would also prefer remaining anonymous, thanks for allowing that..."

A mechanism for trust among parties, e.g. encryption, is crucial in a free and democratic society. Those who undermine the encryption basically maintain keys to the castle. They've long attempted to put back doors (or back door access, e.g. via third parties) to everything. Sometimes the media describes that as "weakening" encryption, but that actually means breaking; weak means broken.

We might be the first site to touch this subject, but there's more on the way for sure. "Wanted you to be the first to throw a punch though," our reader noted, "because people in the community trust you on these things."

But there's lots more on the way. Stay tuned.

ClearlyDefined is Just Microsoft Land Grab (Which the OSI Now Actively Participates in) | Links 15/10/2020: Parted Magic Leaves OpenBox, US Congress Urged to Choose Free Software

Recent Techrights' Posts

Behind an Economy of Fake 'Worths' and Fictional 'Valuations' or 'Market Caps'
They normalise white-collar crime and say "everyone is doing it!"
Links 18/01/2026: "South Africa is Running Out of Software Developers", Companies Spooked to Find Slop is a Major Liability
Links for the day
Place Your Bets: Who Will Die First? Microsoft or IBM?
Not even joking; make a guess
Restoring Professional Pride in the Tech Sector
Rejecting slop isn't being a Luddite
Slop Bubble "Is Worse Than The Dot Com Bubble"
Edward Zitron Says It like it is
IRC Proceedings: Saturday, January 17, 2026
IRC logs for Saturday, January 17, 2026
Microsoft Lunduke Keeps Distracting From the Real Problems With Rust
Microsoft Lunduke is stigmatising critics
Stack Ranking Against IBM/Red Hat Staff and a Signal of Mass Layoffs (RAs) Justified by Red Hat and IBM as Poor Performance/Misconduct/Other
Working in an atmosphere like this sounds like a nightmare
 
GNU/Linux Still up (statCounter Says to 6%) in Bosnia And Herzegovina
Let's see where it is at year's end
Making Layout Changes
Feedback can be sent to us
Eventually the Joke (and Financial Fraud) is on Microsoft, Stigmatised for Slop
Is Microsoft trying to commit suicide?
GNU/Linux Leaps to All-time Highs in Virgin Islands
it seems to have started around the "end of 10"
'Cancel Culture' Doesn't Work (in the Long Run)
Despite all the attacks, I'm enjoying life, I'm keeping productive, and our audience continues to grow
Making and Keeping the Sites Accessible
Sometimes less does mean "more" (or "MOAR")
The "Alicante Mafia" - Part IV - How Europe's Largest Patent Office Recruited Drug Addicts, Antisemites, and People Who Absolutely Cannot Do the Job (But Know the 'Right' People)
To better overlap industrial actions we might delay/postpone/pause this series for a bit
Benefiting by Adding Presence in Geminispace
As the Web gets worse, not limited to bloat as a factor, people seek alternatives
Google News Recently Started Syndicating Another Slopfarm, Linuxiac
Even if Google is aware that there is slop there, it's hard to believe that Google will mind
Software Patents and USMCA (or NAFTA)
We recently pondered going back to issuing 2-3 articles per day about patents and common issues with them
IBM Sued Over PIPs
PIPs are "performance improvement plans"
Sites With "Linux" in Their Name That Are in Effect Slopfarms and Issue Fake Articles
We try to name some of the prolific culprits
Gemini Links 18/01/2026: Raising Notifications From Terminal and Environmental Sanity
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
Links 17/01/2026: Internet Blackout Normalised, Russian Attacks Civilians by Causing Massive Blackouts
Links for the day
Linuxiac Has Become a Slopfarm, Calling Them Out Isn't Fixing That
What a shame. A once-decent site about "Linux" bites the dust.
Luzern Lion Monument, Albanian Female Whistleblowers: Swiss jurists were cowards
Reprinted with permission from Daniel Pocock
The Splinternet is Already Here, Owing to the Militarisation of Technology (Slop, Social Control Media, Back Doors, and More)
you know what's gonna happen next...
Gemini Links 17/01/2026: Slow computing and Environment Leak
Links for the day
Links 17/01/2026: US Censorship and Violence Crisis, Growing Anger Levels Against Slop Sold as "Intelligence"
Links for the day
Microsoft's "valuation depends on infrastructure that does not exist."
Indeed
The Typical Trajectory: Datamation Began Experimenting With LLM Slop for Fake Articles. Then Datamation Died. (Last Month)
It's always ending up this way
Accounts or Devices (e.g. Phones) That Get 'Burnt' Have Many Pitfalls
Embassies and consulates habitually fail at this
Avoiding the Spooks (Nobody Watches the Watchers, They're Practically Unaccountable)
If more people adopt encryption, it'll be easier for us to deal with whistleblowers
Protecting Whistleblowers Requires Technical Knowledge/Skills
even the highest media judges aren't aware of how to protect sources
At Least 5 Women Quit Brett Wilson LLP in Recent Months. It's the Firm That Attacked My Wife and I on Behalf of Americans (One of Them Strangled Women).
It seems like good news that the women escape this workplace
Slop About Slop and Slop About "Linux"
In short, avoid slopfarms
Report/Benchmark Says 'Vibe Coding' Results in Security Holes
There are risks they don't like talking about
EPO Abuses Covered in Spanish
Knowing what we know (and heard/saw), the sinister silence of the media is perceived by some to be complicity of the lower order.
Richard Stallman Encourages "ICE Out For Good" Protests, His Opponents Do Not (Passive and Uncaring About Human Rights)
He has done a lot philosophically, politically, and so on
Record Traffic in Geminispace or Over Gemini Protocol
it's never too late to join
The "Alicante Mafia" - Part III - Europe's Second-Largest Organisation on Strike, Protests, Other Industrial Actions to Come Impacting Over 95% of the Workforce
The EPO's management is highly evasive, weak, and vulnerable
Claim That IBM Marked 15% of its Workforce for Potential Layoffs
No wonder we keep hearing from Red Hat people who say they hate IBM
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, January 16, 2026
IRC logs for Friday, January 16, 2026
Great Reset at IBM, the Company That Pulps Red Hat
In 2026 many workers are RTO'ed, PIP'ed, and at Red Hat many have effectively 'left the company' and now start afresh as "IBM" staff
The "Alicante Mafia" - Part II - Breakout of Discontent This Winter in Europe's Second-Largest Organisation
So far we've caused a lot of panic and stress inside Team Campinos
The "Alicante Mafia" - Part I - An Introduction to the Mafia Governing the EPO
Are some people 'evacuating' themselves to save face?
J.H.M. Ray Dassen & Debian, Red Hat, GNOME unexplained deaths
Reprinted with permission from Daniel Pocock
At Microsoft, "Firing People is a "Cheat Code" to Pump the Stock Short-term But They Are Literally Destroying the Company's Soul Long-term."
They frame layoffs as a "success story"
Gemini Links 16/01/2026: "Porting My Main Website Over to Gemini" and Seeed Studio DevBoard
Links for the day
IBM Stacked and Ranked Badly, Maladministration Dooms the Company
Now they stack people up for PIPs and layoffs ("RAs")
Google News Poisons Its Own Index With More Slopfarms (Including "filmogaz")
Naming and shaming lazy slobs who rip off other people using LLMs can work, eventually
Links 16/01/2026: UK Royal Family's "Legal Team Accused of Dishonesty, Fraud and Misconduct", OSI Still Controlled by Microsoft (the OSI's Spokesperson is on Microsoft's Payroll, Not Interim Executive Director, Deborah Bryant)
Links for the day
Writing About Corruption
Fraud is everywhere
The B in IBM is Brown-nosing and Buzzwords (or Both)
International Buzzwords Machines
Naming Culprits in Switzerland
Switzerland is highly secretive about white-collar crime
IBM's 'Scientific-Sounding' Tech-Porn Won't Help IBM Survive (or Be Bailed Out)
Who's next in the pipeline?
IBM Was Never the Good Guy
its original products were used for large-scale surveillance, not scientific endeavours
The Bluewashing is Making Red Hat Extinct (They All Become "IBM", Little by Little)
IBM does not care what's legal
Slopfarms Push Fake News About Microsoft Shutdown, 30,000+ Microsoft Layoffs Last Year Spun as Only "15,000"
The Web is seriously ill
Countries Take Action Against Social Control Media and 'Smart' 'Phones', Not Slop (Plagiarised Information Synthesis Systems or P.I.S.S.)
None of this is unprecedented except the scale and speed of sharing
Sanitised Plagiarism as "AI" (How Oligarchy Plots to Use Slop to Hide or Distract From Its Abuses, or Cause People Not to Trust Anything They See/Read Online)
This isn't innovation but repression
Sites That Expose Corruption Under Attack, Journalism Not Tolerated Anymore (the Super-Rich Abuse Their Wealth and Political Power)
Sometimes, albeit not always, the harder people try to hide something, the more effective and important it is for the general public
Recent Layoffs at Red Hat (2026 the Year of Ultimate Bluewashing)
I found it amusing that Red Hat's CEO has just chosen to wear all blue, as if to make a point
Links 16/01/2026: Social Control Media Curbs in Australia Underway, MElon Still Profiting by Sexualising Kids 'as a Service'
Links for the day
More People Nowadays Say "GNU/Linux"
We still see many distros and even journalists that say "GNU/Linux"
LLM Slop on the Web is Waning, But Linuxiac Has Become a Slopfarm
I gave Linuxiac a chance to deny this or explain this; Linuxiac did not
More Signs of Financial Troubles at Microsoft, Europe Puts Microsoft Under Investigation
The end of the library is part of the cuts
Team Campinos Talks About SAP Days Before EPO Industrial Actions and a Day Before the "Alicante Mafia" Series (About Team Campinos Doing Cocaine)
EPO staff that isn't morally feeble will insist on objecting to illegal instructions
Pedophilia-Enabling Microsoft Co-founder Cuts Staff
Compensating by sleeping with young girls does not make one younger
Microsoft Shuts Down Campus Library, Resorts to Storytelling About "AI" to Spin the Seriousness of It
Microsoft is in pain
Free Software Foundation (FSF) Back to Advertising the Talks of Richard Stallman
A pleasant surprise
Stack(ed) Rankings and Ongoing Layoffs at Red Hat and IBM (Failure to Keep Staff Acquired by IBM)
IBM is mismanaged and its sole aim is to game the stock market (by faking a lot of things)
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, January 15, 2026
IRC logs for Thursday, January 15, 2026
Gemini Links 16/01/2026: House Flood and Pragmatic Retrocomputing Dogfooding
Links for the day