The company that verifies safe websites in your browser works for the US government

By Scott Marlette Last updated Nov 9, 2022

A company that several major web browsers rely on to verify safe and secure websites has links to U.S intelligence agencies and law enforcement, new research has claimed.

An expose by the Washington Post (opens in new tab) (TWP) (paywall), which draws its conclusions from documentation, records, and interviews with security researchers.

TrustCor Systems’ Panamanian registration records reveal that it shares personnel with a spyware developer previously identified as having links to Arizona company Packet Forensics, which public records have previously unveiled to have sold “communication interception services” to US agencies “for more than a decade.”

Root certificate infrastructure

Google Chrome, Apple Safari, Mozilla’s supposedly secure browser Firefox, and several others all allow TrustCor to sign root certificates for websites it deems as safe and legitimate, directing users to them, instead of potentially convincing fakes.

TrustCor maintains that it has never cooperated with government information requests or monitored users on behalf of a third party. However, the Pentagon is refusing to comment, and Mozilla is demanding answers from TrustCor while threatening to remove its authority.

The revelations surrounding TrustCor pose a PR nightmare for browsers like Firefox who market themselves as privacy tools, but its own products can now also no longer be considered safe for its end users.

MsgSafe, an email provider from TrustCor that purports to offer end-to-end encryption, has been denounced by security experts speak to TWP, claiming that an early version of the software contained spyware developed by a company linked to Packet Forensics.

An expert familiar with Packet Forensics’ work explicitly confirmed that it had used TrustCor’s certificate process and MsgSafe to intercept communications and “help the US government catch suspected terrorists”.

He also claimed that TrustCor’s products and services were only being used to seek out these “high-profile targets”, and there have been no reports of root certificates being used to vouch for impostor websites for purposes such as data collection.

However, the doubt seeded by the revelations may cause reputational damage to the web browsers involved, as there’s no way of knowing if TrustCor’s strategy will change.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.