Privacy International is criticizing Microsoft for its approval of the Thai military government's root certificate by default, which could enable spying on Thai citizens:
Privacy International, a UK-based nonprofit founded in 1990, released a report showing that Microsoft is the only operating system vendor to have approved the Thai military government's root certificate by default, which is managed by the Electronic Transaction Development Agency (ETDA). The nonprofit worries that the Thai government could now perform "man-in-the-middle" (MITM) attacks against Thai citizens. [...] In a statement to Tom's Hardware, Microsoft said that the Thai government obtained a root certificate in Windows only after passing the company's "extensive" approval process combined with an audit by BDO, a Canadian accounting and auditing firm.
Meanwhile, Google is launching its own root certificate authority:
The move, announced Thursday, will stop Google relying on an intermediate certificate authority (GIAG2) issued by a third party in its ongoing process of rolling out HTTPS across its products and services. "As we look forward to the evolution of both the web and our own products it is clear HTTPS will continue to be a foundational technology," Google explained in a blog post. "This is why we have made the decision to expand our current Certificate Authority efforts to include the operation of our own Root Certificate Authority."
The newly established Google Trust Services will operate these Certificate Authorities on behalf of Google and parent company Alphabet.
(Score: 2) by Nerdfest on Sunday January 29 2017, @03:25PM
Got an example? I know both they and Mozilla pop up a very annoying warning, but I've never seen anything blocked.