Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Startcom Allegedly Purchased by WoSign
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Startcom Allegedly Purchased by WoSign

KobeKobe Member
edited August 2016 in Providers

A little bit dull and old, but a former Startcom employees appears to have accused WoSign of buying StartSSL, thereby putting it under the control of principals located in the People's Republic of China.

I don't think most people care, and the privacy implications are not extremely significant, but still an interesting read.

His website: https://www.letsphish.org/

Thanked by 1mailcheap

Comments

  • century1stopcentury1stop Member
    edited August 2016

    accused? is China or Startcom employees communist? never heard of free market?

  • KobeKobe Member

    century1stop said: accused? is China or Startcom employees communist? never heard of free market?

    Kind of a moot point when significant government and legal intervention exists in the Chinese market.

  • Legal intervention or otherwise, Chinese corp are allowed to takeover foreign org and China at this point are opening more doors to locals and foreigners alike, moving towards lesser communist type administration, possibly a democracy later. As you can see, China is busy establishing international brands, Li Ning, Huawei, Xiaomi, etc. and it is no surprise they will buy over established brands/corps to do just that.

  • iTK98iTK98 Member
    edited September 2016

    (I'm the owner of letsphish.org)

    Legal issues...

  • 2 separate corp entities I'm afraid, it isn't an issue. I guess wosign is in it for the technology and running Startcom from the UK isn't a problem. There are tons of companies doing just that.

  • joepie91joepie91 Member, Provider

    @century1stop said:
    2 separate corp entities I'm afraid, it isn't an issue. I guess wosign is in it for the technology and running Startcom from the UK isn't a problem. There are tons of companies doing just that.

    It is an issue if they are not transparent about it.

  • jarjar Provider
    edited September 2016

    Content removed as a courtesy for @iTK98

    Thanked by 1iTK98
  • Incident 2

    In July 2016, it became clear that there was some problems with the

    StartEncrypt automatic issuance service recently deployed by the CA
    StartCom. As well as other problems it had, which are outside the scope
    of this discussion, changing a simple API parameter in the POST request
    on the submission page changed the root certificate to which the
    resulting certificate chained up. The value "2" made a certificate
    signed by "StartCom Class 1 DV Server CA", "1" selected "WoSign CA Free
    SSL Certificate G2" and "0" selected "CA 沃通根证书", another root
    certificate owned by WoSign and trusted by Firefox.

    Using the value "1" led to a certificate which had a notBefore date

    (usage start date) of 20th December 2015, and which was signed using the
    SHA-1 checksum algorithm.

    • The issuance of certificates using SHA-1 has been banned by the

    Baseline Requirements since January 1st, 2016. Browsers, including
    Firefox, planned to enforce this[2] by not trusting certs with a
    notBefore date after that date, but in the case of Firefox the fix had
    to be backed out due to web compatibility issues. However, we are
    considering how/when to reintroduce it, and CAs presumably know this.

    • The issuance of backdated certificates is not forbidden, but is listed

    in Mozilla's list of Problematic Practices[3]. It says "Minor tweaking
    for technical compatibility reasons is accepted, but backdating
    certificates in order to avoid some deadline or code-enforced
    restriction is not."

    • WoSign deny that their code backdated the certificates in order to

    avoid browser-based restrictions - they say "this date is the day we
    stop to use this code"[4]. If that is true, it is not clear to us how
    StartCom came to deploy WoSign code that WoSign itself had abandoned.

    • It seems clear from publicly available information that StartCom's

    issuance systems are linked to WoSign's issuance systems in some way.
    Nevertheless, it should not have been possible for an application for a
    cert from StartCom to produce a cert signed by WoSign.

    • This misissuance incident was not reported to Mozilla by WoSign as it

    should have been.


    https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I

    they are very clearly not separate structural entities

  • century1stop said: accused? is China or Startcom employees communist?

    Well, um, yes, China is a Communist country. The government of China will tell you that. Is this really news to you?

    Or are you just trying to slap some freedom paint on the Chinese flag to cover it up?

    jarland said: Personally I'm always interested to know when I'm trusting security to someone in a communist country. Their government doesn't even pretend to hold up to my ideals, and specifically spends a ton of money to block their citizens from learning about their own history. Every government may have its problems, but China and Internet freedom are hilariously incompatible and I think it's not intellectually honest to suggest otherwise.

    This.

    century1stop said: Legal intervention or otherwise, Chinese corp are allowed to takeover foreign org and China at this point are opening more doors to locals and foreigners alike, moving towards lesser communist type administration, possibly a democracy later.

    Yeah..."later"...perhaps the rest of the planet will be more receptive "later"...

    For LET support, please visit the support desk.

  • rm_rm_ Member

    raindog308 said: China is a Communist country

    China is as much communist, as the Democratic People's Republic of Korea (often referred to as North Korea) is democratic.

  • doghouchdoghouch Member
    edited August 2016

    @rm_ said:

    raindog308 said: China is a Communist country

    China is as much communist, as the Democratic People's Republic of Korea (often referred to as North Korea) is democratic.

    They are technically a democracy, with the exception that Kim runs in the only party there. (and if you don't vote for him, he's still in power, so he can publicly execute you like everyone else)

  • mailcheapmailcheap Member, Provider

    Chinese person owning a UK front to run an Israeli CA. Seems pretty sweet! The only issue would be if they were to move to China, which they didn't. WoSign was an intermediate CA who issued bad certs; anyone with a spare $20k and valid docs can be an int. CA!

    Mailcheap.co (Cyberlabs s.r.o. & Cyberlabs Inc.) | Dedicated Email Servers | Complete API support | AI Spam Filtering
    Affiliate program w/ 50% commission

  • Maybe they incorporated in UK just not to be under the laws of China. Anyhow, from the time Let's Encrypt or CloudFlare SSL started, never had the need of StartSSL anymore.

    Thanked by 1netomx

    Digital Web Agency - We offer web design services

  • mailcheapmailcheap Member, Provider

    @Catalin said:
    Maybe they incorporated in UK just not to be under the laws of China. Anyhow, from the time Let's Encrypt or CloudFlare SSL started, never had the need of StartSSL anymore.

    For those of us needing OV/EV SSL, its still the best bang for buck!

    Mailcheap.co (Cyberlabs s.r.o. & Cyberlabs Inc.) | Dedicated Email Servers | Complete API support | AI Spam Filtering
    Affiliate program w/ 50% commission

  • WilliamWilliam Member, Provider

    Again: Israel already HAS FULL CONTROL OF STARTCOM.

    Our laws allow in a war situation - which is the permanent case since 2006's Lebanon war - that the Shabak (-> DoD/FBI mix) and Mossad (-> CIA essentially) obtain any data required from any local company or locally controller company without a public order (or, in most cases, with none at all).

    The Chinese laws are not much worse and if any it lowers cooperation with the US (which Startcom would do but Chinese are unlikely to).

    Thanked by 1colingpt
  • WilliamWilliam Member, Provider
    edited September 2016

    raindog308 said: China is a Communist country. The government of China will tell you that

    No, they do not. The party line is that the Chinese communism is NOT Lenin or Marx based but an asian adaption that incorporates free market and other western and especially Chinese specialities. By definition this cannot be communism, they know that and everyone else does as well.

  • jarjar Provider

    At the end of the day there's still one really important thing: StartSSL has always been over complicated junk. Especially with $3 certs and letsencrypt out there.

  • WilliamWilliam Member, Provider

    jarland said: At the end of the day there's still one really important thing: StartSSL has always been over complicated junk. Especially with $3 certs and letsencrypt out there.

    Yea, and sending your ID to Israel is rather... questionable, you never really know where it ends up (eg. Mossad is known to have used passports made with data of foreigners before).

    Thanked by 2mycosys vimalware
  • @William said:

    raindog308 said: China is a Communist country. The government of China will tell you that

    No, they do not. The party line is that the Chinese communism is NOT Lenin or Marx based but an asian adaption that incorporates free market and other western and especially Chinese specialities. By definition this cannot be communism, they know that and everyone else does as well.

    Finally there is someone knowing something about P.R.China. The most significant communism thing you may find is the expression in P.R.China constitution. Other than that, pls tell what's the difference between a communism China and a capitalism US/UK(or whichever you want)

    and pls, not democracy, if you really believe American or any other capitalism countries citizen have more "freedom", then I won't debate on that, you win and congratulations!

  • jarjar Provider
    edited September 2016

    @colingpt said:

    @William said:

    raindog308 said: China is a Communist country. The government of China will tell you that

    No, they do not. The party line is that the Chinese communism is NOT Lenin or Marx based but an asian adaption that incorporates free market and other western and especially Chinese specialities. By definition this cannot be communism, they know that and everyone else does as well.

    Finally there is someone knowing something about P.R.China. The most significant communism thing you may find is the expression in P.R.China constitution. Other than that, pls tell what's the difference between a communism China and a capitalism US/UK(or whichever you want)

    and pls, not democracy, if you really believe American or any other capitalism countries citizen have more "freedom", then I won't debate on that, you win and congratulations!

    The Great Firewall and I can have as many daughters as I want without being forced by law to murder them. No need for debate :P

    Communism is fading in the marketplace in China. It is not fading in the control of the population and information. It will eventually get there, I've no doubt, but today that's just not where it's at. It may not be "true" communism but neither is the US "true" democracy, and yet we accept it as valid shorthand for our system of government. Creating variations of popular government types is not at all a new thing.

    I do not trust Internet safety to a country that goes to such efforts to ensure a lack of privacy and access to information on its entire population. I only trust my own country so far as knowing that my leaders are incompetent and that government is still not on par with the private sector.

    Of course, it's all a fairly useless point when I don't like the certificate authority in the first place. So why I would bother typing this is more of a question of "why haven't you had red bull yet today?"

    Thanked by 2daily mycosys
  • MicrolinuxMicrolinux Member
    edited September 2016

    @Kobe said:
    thereby putting it under the control of principals located in the People's Republic of China [...] the privacy implications are not extremely significant

    One of the craziest things I've heard so far.

  • I thought this is already known by everyone.

    i've been suspicious about this for months, only not having concrete proofs.

  • Many people confuse China by calling it "Communist" when they actually want to say "Authoritarian", since in many aspects Chinese political leadership and social rules are fundamentally similar to how the USSR operated and is a living proof that alternative political systems can in fact work and be competitive, and that's why people don't want China to be regarded the same politically as the EU or US.

    Thanked by 2colingpt vimalware
  • WilliamWilliam Member, Provider
    edited September 2016

    jarland said: I can have as many daughters as I want without being forced by law to murder them. No need for debate :P

    Uh, you... what? What law should that be?

    Forced abortion is a thing of the past in the PRC and was even then rare and not gender but much more policy related (one child policy), much more people died by malnutration by the great leap forward fail which also killed the birth rate before spiking it again.

    Abortion based on gender is federally/central (AFAIK) or provincial (additionally?) illegal, even ultrasound engineers/doctors at this time cannot (might have changed) tell you the gender of your child which is why they use "hints" for it ("cannot tell" = no penis = likely girl).

    Aborting girls is a cultural thing mostly as a boy is seen as provider for the family and prestige, the CENTRAL government (where it has full power control) does not like it at all as it also drops the gender rates which the technocrats - 100% correct - see as an issue for the future (and they plan ahead for around 50-100 years as you can see on the long term plans).

    jarland said: It may not be "true" communism

    No. It is not. As per the definition of real communism (which is impossible to achieve by limits of humans in mostly empathy and conscience but let's not get into that) Marx and extensions/differences in of eg. Lenin or Trotsky and some of the GDR party kadre (they wrote a LOT of books) it simply cannot be and never was.

    The PRC never really argued for this point either as we have seen (eh, not me due to age obviously) on the USSR split and their very clear descriptions of their own system and X year plans and their background (sadly i can't read Chinese books and they don't have good translations outside of sometimes Korean, Japanese or Russian - for older also rarely German but GDR style).

    jarland said: I do not trust Internet safety to a country that goes to such efforts to ensure a lack of privacy and access to information on its entire population

    I would advise to check your browser certificate store, you might find some surprises, China - Turkey - South Africa - Taiwan among others.

    Thanked by 2jar mycosys
  • @William said:

    jarland said: I can have as many daughters as I want without being forced by law to murder them. No need for debate :P

    Uh, you... what? What law should that be?

    Forced abortion is a thing of the past in the PRC and was even then rare and not gender but much more policy related (one child policy), much more people died by malnutration by the great leap forward fail which also killed the birth rate before spiking it again.

    Forced abortion (dubbed 'backstreet abortions') did still occur just under the radar and not officially.

  • WilliamWilliam Member, Provider

    OpticalSwoosh said: Forced abortion (dubbed 'backstreet abortions') did still occur just under the radar and not officially.

    Where? In some town with 2000 people in inner mongolia? Seriously, where do you get that info from? The birth rate is even in the official statistics again going up.

    The CN gov further does not give much shit about criticism (plus holds a security council seat snagged from the poor ROC) so if they want to continue abort, which has been done in the past and was even documented and partly praised, they most likely do it openly.

    Thanked by 1mycosys
  • Will China ever regain ROC again?

  • @ManofServer said:
    in many aspects Chinese political leadership and social rules are fundamentally similar to how the USSR operated and is a living proof that alternative political systems can in fact work and be competitive

    You can make just about any political system "work" and be "competitive". The relevant question is at what cost are these things accomplished?

    and that's why people don't want China to be regarded the same politically as the EU or US.

    Er, China is not regarded as politically the same as the EU or US because they have a different political system . . .

  • WilliamWilliam Member, Provider

    ManofServer said: Will China ever regain ROC again?

    No, but the PRC wants to always have the capability to do so which pressures Taiwan/ROC to play along. The status quo (minus the base building on islands) is favourable for all sides.

    Thanked by 1ManofServer
  • @Microlinux said:

    @ManofServer said:
    in many aspects Chinese political leadership and social rules are fundamentally similar to how the USSR operated and is a living proof that alternative political systems can in fact work and be competitive

    You can make just about any political system "work" and be "competitive". The relevant question is at what cost are these things accomplished?

    and that's why people don't want China to be regarded the same politically as the EU or US.

    Er, China is not regarded as politically the same as the EU or US because they have a different political system . . .

    The "cost" is a subjective measurement, what is a "cost" to you may be a benefit to a Chinese person, only the end results can be viably measured to prove/disprove a point.

    I mean, for example look at this photo. It has Blessed tanks, Battle priests and everything else a guy can dream of - yet some would be appalled, so you never know

  • @William said:

    jarland said: I can have as many daughters as I want without being forced by law to murder them. No need for debate :P

    Uh, you... what? What law should that be?

    Forced abortion is a thing of the past in the PRC and was even then rare and not gender but much more policy related (one child policy),

    thank you

    Aborting girls is a cultural thing mostly as a boy is seen as provider for the family and prestige, the CENTRAL government (where it has full power control) does not like it at all as it also drops the gender rates which the technocrats - 100% correct - see as an issue for the future (and they plan ahead for around 50-100 years as you can see on the long term plans).

    and the central gov have been panicking for some time about the rising 'lack of wives' leading to first the 2 child policy if a girl came first, and then the abandonment of the policy.

    jarland said: It may not be "true" communism

    No. It is not. As per the definition of real communism (which is impossible to achieve by limits of humans in mostly empathy and conscience but let's not get into that) Marx and extensions/differences in of eg. Lenin or Trotsky and some of the GDR party kadre (they wrote a LOT of books) it simply cannot be and never was.

    This is one hell of a stretch - there is ZERO evidence to support this. One of the prerequisites Marx listed as essential for communism is industrialisation, another is a surplus as found in industrialised countries, but no industrialised country has ever successfully ATTEMPTED to implement a communist, socialist or anarchist system for any period of time. The so called communist countries were all impoverished peasant agrarian societies attempting to skip the captalist stage, which marx listed as utterly NECESSARY before communism can occur.
    I am not saying it can happen, or it would be good,m just that there is actually no data to support your assertion - Marx would have told you those revolutions would be utter disasters and lead to greater inequity and authoritarianism.

    jarland said: I do not trust Internet safety to a country that goes to such efforts to ensure a lack of privacy and access to information on its entire population

    I would advise to check your browser certificate store, you might find some surprises, China - Turkey - South Africa - Taiwan among others.

    Not to mention all those sweet NSA backdoors and weaknesses that they worked so hard to insert into public key cryptography

  • @jarland said:
    The Great Firewall and I can have as many daughters as I want without being forced by law to murder them. No need for debate :P

    I can only agree this party, my lord.... :-)

    Everyone hates GFW, that's the first reason why I came LEB/LET for building up my own vpn.

    About the second part.... you need to update your knowledge about that. Now you can legally have two children, no matter daughters or sons (just curious do you where get that idea we force people to kill daughters??....) Even before that, If you pay for the social penalty, your child will have official identity, but if you don't then wait for several more years, nobody really kill someone for this, at least for my 25 years old life, I haven't seen it or heard it happen. (I did hear it happen in my parents' age when the rule applied early stage, and they didn't kill people or children, they force to lose public gov or big corp's job.)

    One-Child rule now just changed to TWO-CHILDREN rule, but both of them are guilty in terms of basic "human right"(American politicization favorite terms for China, lol). My age is the only generation who are alone without brother or sisters in Chinese history, I don't think anyone may be more eager than us to have someone grown up with you. This policy also comes with two side: bright one, pls consider a non-exist 1.8 billion China and a non-exist war because of Chinese-can-not-feed-themselves-so-they-invade; dark side, which is we are beginning to suffer. Today in China, Even you can have a second child, young generation doesn't want to due to the high cost of raising Child in a quality way. China has not been developed but has to face those problem that developed ones bother, like aging of population. As quiet a few scholars claimed, when fertility rate decline to a certain point, it will never go up again....

  • jarjar Provider
    edited September 2016

    colingpt said: you need to update your knowledge about that

    Yeah I guess I'm a bit behind, had no idea that had changed some. That's great to hear. The stories about people smuggling their children outside of the country in hopes that they could actually live a life at all are just heartbreaking. I've been hearing these stories for years. It's still not freedom, and I'm sure it's still breaking people's hearts. I'm sure people are still smuggling their third child out of the country.

    But anyway, I guess the GFW is more than sufficient to justify my conclusion to myself.

    Thanked by 1mycosys
  • mycosysmycosys Member
    edited September 2016

    @jarland said:

    colingpt said: you need to update your knowledge about that

    Yeah I guess I'm a bit behind, had no idea that had changed some. That's great to hear. The stories about people smuggling their children outside of the country in hopes that they could actually live a life at all are just heartbreaking. I've been hearing these stories for years. It's still not freedom, and I'm sure it's still breaking people's hearts. I'm sure people are still smuggling their third child out of the country.

    But anyway, I guess the GFW is more than sufficient to justify my conclusion to myself.

    The medical system over there is enough of a tragedy, if you read 'China's 2st century eunuchs' from vice magazine (yes very gonzo, but the ljnks prove their point is utterly valid - a vid from a chinese 'medical manufacturer' was just mind boggling as an electronic engineering tech - 2 of their main claims for each machine were that they were grounded and the PSU had sufficient capacity. The machines were using HF RF external heating (yes literally a big CB radio) or red light (literally nothing more than red light) according to the manufacturer themselves, and according to the manufacturer, the 'journo' and his witnesses these machines are near ubiquitous.

    oh yeah - to add to the mind boggling their top models boast the added feature of AMPLITUDE MODULATION!!! their 'entry' level treatments are CW

    Thanked by 2jar ihatetonyy
  • Sorry to put it like this but it is so amusing seeing you guys arguing about what China is like in this way.

    Let's keep the topic back to WoSign and leave the political parts in the Cest Pit thread, or have another thread about this: there are quite a lot of Chinese around here, why not ask them about what's going on?

    My thought about this WoSign drama is: now we know

    • StartSSL is being controlled by WoSign, on the contrast of having WoSign as one of the partners(a who belongs to who problem)

    • WoSign is pretty crappy about security, respecting the fact that any CA is there to ensure the security of the Internet while fighting against the govn't 's surveillance in a way

    • It seems that WoSign is somehow closely related to 360, the damned evil company(to put it in a nice way) who is well-known to be involved in invading user's privacy, as well as actively participating the mass surveillance project of the Chinese govn't, including but not limited to building the GFW

    For me this is good enough to alert me that I should remove their root cert out of my machine.

    BTW, @jarland thank you for be so faithful in China, but if I were you I won't trust the govn't so much.

  • jarjar Provider
    edited September 2016

    cnbeining said: leave the political parts in the Cest Pit thread

    To some degree yes, but there's definitely some politics related to the technical aspects of encryption right now in our time and I think it's okay to go into some of that. We're not at each others throats or anything so that's good :)

  • joepie91joepie91 Member, Provider
    edited September 2016

    So apparently, @iTK98 is now being threatened with legal action by WoSign, and Richard Wang (the WoSign CEO) is trying to prevent further spreading of the information by claiming that every third-party redistribution would make the penalties for @iTK98 more severe (which is something that I very, very strongly doubt).

    I'd say that this idiocy is enough reason not to trust WoSign anymore.

    (More information about the incident can be found here, by the way.)

  • jarjar Provider

    @joepie91 said:
    So apparently, @iTK98 is now being threatened with legal action by WoSign, and Richard Wang (the WoSign CEO) is trying to prevent further spreading of the information by claiming that every third-party redistribution would make the penalties for @iTK98 more severe (which is something that I very, very strongly doubt).

    I'd say that this idiocy is enough reason not to trust WoSign anymore.

    (More information about the incident can be found here, by the way.)

    That's just grand. I noticed that yesterday when he edited his post early in the morning. I found his reply a bit weird here tbh, but when he removed it I removed my quote of it as a courtesy. Hope he's alright.

  • Funny that you have problem with it being taken over by China but totally okay with being owned by Israel ... Kek.

    A dreb l7did ma7édou skhoun ! - Flan | تناكت، ليت راحت في تبي

  • jarjar Provider
    edited September 2016

    @dotted said:
    Funny that you have problem with it being taken over by China but totally okay with being owned by Israel ... Kek.

    As a US citizen, tell me which of the two countries you believe is more likely see me as more of a cultural or economic threat. It's about position. In my position, China is more of a concern for me in relation to privacy and security than Israel. Will that be true forever? Probably not, everything changes. Today, this is my situation.

    Not actually as amusing as you thought. Rather boring, actually.

  • @jarland said:

    @dotted said:
    Funny that you have problem with it being taken over by China but totally okay with being owned by Israel ... Kek.

    As a US citizen, tell me which of the two countries you believe is more likely see me as more of a cultural or economic threat. It's about position. In my position, China is more of a concern for me in relation to privacy and security than Israel. Will that be true forever? Probably not, everything changes. Today, this is my situation.

    So, this whole thing/thread is subjective ...

    Not actually as amusing as you thought. Rather boring, actually.

    Well, that again depends on your position :p

    Funny in my case since I just watched an old documentary about Stuxnet.

    A dreb l7did ma7édou skhoun ! - Flan | تناكت، ليت راحت في تبي

  • jarjar Provider
    edited September 2016

    @dotted said:

    @jarland said:

    @dotted said:
    Funny that you have problem with it being taken over by China but totally okay with being owned by Israel ... Kek.

    As a US citizen, tell me which of the two countries you believe is more likely see me as more of a cultural or economic threat. It's about position. In my position, China is more of a concern for me in relation to privacy and security than Israel. Will that be true forever? Probably not, everything changes. Today, this is my situation.

    So, this whole thing/thread is subjective ...

    No, just my opinion and my reasons for it. Is that a problem? You should consider the context of my position and consider it just that, my position.

    Not actually as amusing as you thought. Rather boring, actually.

    Well, that again depends on your position :p

    Funny in my case since I just watched an old documentary about Stuxnet.

    I wouldn't claim that the US or Israel has no interest in violating privacy or security, only that I am less likely a target of interest to Israel, and I also claim incompetence from the US government in their ability to stand intellectually equal to the private sector in their own country.

    So that explains a little of why I'm concerned about China but kind of "meh" about Israel. I suspect I'm not alone, many people here from the US as well :)

    Thanked by 1GoatSeller
  • @joepie91 said:
    So apparently, @iTK98 is now being threatened with legal action by WoSign, and Richard Wang (the WoSign CEO) is trying to prevent further spreading of the information by claiming that every third-party redistribution would make the penalties for @iTK98 more severe (which is something that I very, very strongly doubt).

    I'd say that this idiocy is enough reason not to trust WoSign anymore.

    (More information about the incident can be found here, by the way.)

    WoSign's sh*t is spreading even in China:

    http://www.ithome.com/html/it/254688.htm

    (ITHome is a major IT website in China)

  • WilliamWilliam Member, Provider

    jarland said: As a US citizen, tell me which of the two countries you believe is more likely see me as more of a cultural or economic threat. It's about position. In my position, China is more of a concern for me in relation to privacy and security than Israel. Will that be true forever? Probably not, everything changes. Today, this is my situation.

    Oh boy.

    From a gov point (so we assume companies in either country are rather loyal to their users and don't just sell access/data outside of gov order, in that point IL wins especially on US sourced data): It's not.

    Israel is a whole other level than China plus there is the religious nonsense to the extreme*3 on top.

    Difference is simple - If the Mossad uses this data no one will shit on them, and even then there will be no penalties (arguably Israel does much worse on a human rights point with none). If China uses it there would be severe consequences, either international-legal (sanction wise, unlikely but possible, any UN LEGAL military action would be impossible due to the security council seat) or just again more trust issues and thus economic damage. The Chinese central government as well as the party (which are not one another) are not interested in either of this.

    I actually think the Chinese gov cares more about their locals than the US - The US spies on foreigners, the Chinese spy local. The US companies export exploited hardware, the Chinese use their own hardware with designed taps/etc - Their export hardware is scrutinized and likely fairly clean even if the coding and efficiency (grading probably like E and coverage 60% lol) is utter shit.

    mycosys said: This is one hell of a stretch

    eh, not an expert on communism (and i don't see how it can ever work, human psychology just does not work like that) - yea, it is possible for them (or in fact anyone else) to get the point of full, however they are not near it (neither is anyone else) at this time and don't claim to be either. I don't think the party claims the need for this or the "target" either anymore but that still seems to be the plan behind.

    mycosys said: The medical system over there is enough of a tragedy

    PRC is pretty horrible (you can get better care in a few countries in Africa), Cuba managed well and seems to be a rare exception of post-Soviet influence sphere/communist aligned or based countries - All others failed in health (not too sure about the Soviet health system but i don't remember reading it was exceptional, and even if partly it likely sourced from their sphere majorly).

    cnbeining said: StartSSL is being controlled by WoSign, on the contrast of having WoSign as one of the partners(a who belongs to who problem)

    From what i know the majority owner of Thawte is not even known (and there are quite a bunch of root certs from companies with unknown owners or plainly obvious front people or lawyers as owners) - This "problem" seems to be seen as far more drama than real issue.

    Multiple large tech firms are now Chinese owned, Chinese controlled or substantially Chinese financed.

    The Qatari and Saudi state funds (among UAE and so on) are heavily investing in technology and some of these funds hold major positions in such usually seated by a local sheikh or high gov appointment (VW i think, should be a good example, other German companies as well) - They are far more worrying than some Chinese semi private company.

    Thanked by 1mycosys
  • joepie91joepie91 Member, Provider
    edited September 2016

    I've made an overview of past incidents with various Certificate Authorities - it can be found here. It of course also includes the current WoSign/StartCom mess.

    Contributions welcome :)

Sign In or Register to comment.