Like the TSA at the airport. Security that we never needed before, but now suddenly we do. Now we’re dependent on a third party gatekeeper for permission to have a web site. Free, for now. It’s a move by the weasels-that-be to turn the Internet into yet another tool for profit and control.
No.
cali_ash@lemmy.wtf 9 months ago
No it’s not.
And it’s not really like the TSA on the airport. It’s more like “having a door on your plane” security.
nxdefiant@startrek.website 9 months ago
This is the best analogy I’ve ever read, bravo.
Dr_Satan@lemm.ee 9 months ago
What if the issuer of the security certificate started charging you $1000 a year?
Why wouldn’t they?
Shadow@lemmy.ca 9 months ago
Letsencrypt certs are free dude. Https literally costs you nothing.
cali_ash@lemmy.wtf 9 months ago
I’d switch to another certiciate provider …
Nollij@sopuli.xyz 9 months ago
Not THE issuer. AN issuer. All of your devices have a number of trusted top-level issuers (Root certification authorities). Windows has about 50 preloaded, and this list largely matches what you’ll find on Android, Mac, etc. Everyone’s been mentioning Let’s Encrypt, which descends from ISRG Root X1. But you can (relatively) easily get certs from Thawte, Verisign, and many others.
And if none of those are to your liking, you can install your own. Seriously, there’s nothing technical stopping you. Most corporate devices (Windows, Mac, Linux; Android or iOS; mobile, client, server) have the company’s root certs installed. The challenge for public trust is exactly that- Trust. You must operate in a way that is generally trustworthy.
Let’s Encrypt was actually pretty revolutionary. You aren’t entirely off base with your concern. Prior to that, getting a cert that was trusted by most devices was non-trivial, and came with an expense. But that wasn’t because of the desire for encryption. Rather, it was about verifying that you were who you said you were. These also served as proof of identity.