Internet security is a complex process and quite challenging too. However, measures like the requirement of an SSL certificate by a website handling user traffic ensures data transmitted over the internet remains safe. SSL keeps sensitive information sent across the Internet encrypted. These SSL Certificates are issued by Certificate Authorities (CA).
Browsers like Firefox rely on this list of authorities, which are trusted to verify and issue the certificates that allow for secure browsing, using technologies like TLS and HTTPS. Although good, these authorities have weaknesses too. For instance, a company in control of a root Certificate Authority could potentially decrypt traffic that it has access to. Cyber-security company DarkMatter, based in the United Arab Emirates is a case in point.
DarkMatter, a cybersecurity company is seeking to become approved as a top-level certificate authority in Mozilla’s root certificate program. The company has a history of trying to break encryption. EFF, a non-profit organization and a firm advocate of user privacy, free expression, and innovation notes DarkMatter already has an intermediary certificate issued by QuoVadis. QuoVadis, in turn, is run by DigiCert. This should ring a bell. Mozilla should not trust Dark Matter as a root certificate authority. To do so would not only give Dark Matter an authority but would also open the door for other cyber-mercenary groups.
Having said that, it is possible to remove root certificates in Firefox but doing so would impact any certificate issues by QuoVadis. To be precise, any site you visit that uses such a certificate will refuse to load. So, if you are concerned about Dark Matter being included in the Mozilla trust database, follow these steps to remove DarkMatter Certificates from Firefox.
Remove DarkMatter Certificates from Firefox browser
Launch Firefox browser. In its address bar load about:preferences#privacy to open the Privacy & Security settings.
Scroll down to locate the Certificates section.
There, click on the View Certificates button, if visible.
Instantly, Firefox will list all authorities in an overlay. Scroll down until you find the QuoVadis Limited listing (since it is what you want to remove).
Select a certificate and choose ‘Delete or Distrust’ option (Hold down Shift to select multiple certificates).
Select Ok to remove the certificate from Firefox.
Repeat the above two steps until the QuoVadis Limited listing is no longer seen.
You may read the discussion here on mozilla.dev.security.policy.
UPDATE BY ADMIN: Please read the comments below.
- Tags: Firefox