Mozilla will not trust certificates issued by a company accused of selling surveillance and hacking services to oppressive regimes in the Middle East.
The browser maker announced today that it will not include the root certificates of a controversial company named DarkMatter[1] inside Firefox's root store -- the browser internal list of entities approved to issue TLS certificate for securing signing encrypted HTTPS traffic.
Wayne Thayer, Certificate Authority Program Manager at Mozilla, made the formal announcement today.
Besides declining the inclusion of DarkMatter's root certificate inside Firefox, Thayer also said that Mozilla will be distrusting six intermediate certificates owned by QuoVadis, which DarkMatter was using as a temporary mechanism to issue TLS certificates to its customers.
If DarkMatter's root certificate would have been included in Firefox, it would have allowed the company the ability to issue TLS certificates that would have certified fake websites as legitimate ones.
Many cyber-security experts and privacy advocates warned Mozilla[2] that DarkMatter would abuse this position to help its surveilannce operations. Some of these operations have been previously detailed in reports from Reuters[3], the New York Times[4], The Intercept[5], and other sources[6]. The linked news article detail alleged DarkMatter-orchestrated hacking operations against human rights activists, journalists, and foreign governments, which DarkMatter carried out at the behest of the United Arab Emirate' government.
DarkMatter previously contested the reports. A company spokesperson did not reply a request for comment from ZDNet sent earlier today.
Last ditch effort to spin off CA business didn't work
As a last ditch effort to have its certificates trusted inside Firefox, DarkMatter tried to spin off its Certificate Authority (CA)