nprofile1q…nh9qy : non-ACME certs suck big time. However, now the internet has ...

Erik van Straten /

npub1eny…ad6c

2025-01-23 22:53:31

in reply to nevent1q…rapm

nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq8yve5f33hyqq35t3y3xu72t9x33pfdznd0kq78lf73wkxchzr5hs8nh9qy (nprofile…h9qy) : non-ACME certs suck big time.

However, now the internet has turned into a malicious phishing mess.

People can no longer determine who is responsible for a website, and nobody cares.

Google hosted fake websites (using ACME certs from Let's Encrypt) on their cloud servers called:
• cancel-google[.]com
• adsupport-google[.]com
• helpdesk-google[.]com

See (Dutch) https://infosec.exchange/@ErikvanStraten/113837934294209517.

Google also doesn't give a fsck about HSTS, see https://infosec.exchange/@ErikvanStraten/113856108585517842.

Worse, last year a phishing site with a domain name containing "google" was proxied by Cloudflare - and had a "GOOGLE TRUST SERVICES" DV certificate.

Did I mention that browsers suck and that Big Tech, making Big Money, is knowingly complicit to cybercrime?

And did I mention that certificates were not invented to please admins?

#Phishing #DV #GoogleIsEvil #BigTechIsEvil #GTS #BrowsersSuck #AnonymousWebsites

Author Public Key

npub1enykdkvhlawrwuaj94953gtvvq3x9urxwlcqx6wuvqumssfjaktqehad6c

Show more details

Published at

2025-01-23 22:53:31

Kind type

1 Short Text Note

Event JSON

{ "id": "7e87ec89794035318ab5a37b2196b9c92ff5106db06d576adbaf3c89f4c4b73a", "pubkey": "ccc966d997ff5c3773b22d4b48a16c602262f06677f00369dc6039b84132ed96", "created_at": 1737672811, "kind": 1, "tags": [ [ "p", "39199a2631b90008d171244dcf2965346214b4536bec0f1fe9f45d6362e21d2f", "wss://relay.mostr.pub" ], [ "p", "beee28c6450eb5d21bf94279d1f3f41e524c87abf86393835b45e6a1e98390e7", "wss://relay.mostr.pub" ], [ "e", "52daad45a3075ba32b98ca68449d2a0c2de49898bffc04b04598bb959eebb09f", "wss://relay.mostr.pub", "reply" ], [ "t", "phishing" ], [ "t", "dv" ], [ "t", "googleisevil" ], [ "t", "bigtechisevil" ], [ "t", "gts" ], [ "t", "browserssuck" ], [ "t", "anonymouswebsites" ], [ "imeta", "url https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/880/078/095/828/947/original/163437be2a37d794.png", "m image/png", "dim 1750x1185", "blurhash UT6u9,ayaxoftWj[jsfRtVj[j[ayo%j[j[ay" ], [ "proxy", "https://infosec.exchange/users/ErikvanStraten/statuses/113880125384919871", "activitypub" ] ], "content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq8yve5f33hyqq35t3y3xu72t9x33pfdznd0kq78lf73wkxchzr5hs8nh9qy : non-ACME certs suck big time.\n\nHowever, now the internet has turned into a malicious phishing mess.\n\nPeople can no longer determine who is responsible for a website, and nobody cares.\n\nGoogle hosted fake websites (using ACME certs from Let's Encrypt) on their cloud servers called:\n• cancel-google[.]com\n• adsupport-google[.]com\n• helpdesk-google[.]com\n\nSee (Dutch) https://infosec.exchange/@ErikvanStraten/113837934294209517.\n\nGoogle also doesn't give a fsck about HSTS, see https://infosec.exchange/@ErikvanStraten/113856108585517842.\n\nWorse, last year a phishing site with a domain name containing \"google\" was proxied by Cloudflare - and had a \"GOOGLE TRUST SERVICES\" DV certificate.\n\nDid I mention that browsers suck and that Big Tech, making Big Money, is knowingly complicit to cybercrime?\n\nAnd did I mention that certificates were not invented to please admins?\n\n#Phishing #DV #GoogleIsEvil #BigTechIsEvil #GTS #BrowsersSuck #AnonymousWebsites\n\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/113/880/078/095/828/947/original/163437be2a37d794.png", "sig": "0c356a7465ccbd84eff971eb679ca3ac5f90c679d662c3f0907bd4e5456d146ebcfb8fd5668cdfa79677b2f22937911f6c01fbd71660a741847e40eed0b5bd75" }