For the average user who doesn't understand that there are different corporations governing different TLDs, this is all rather frightening and trust beyond the com/org/net tlds will likely continue to erode. I would have expected ICANN to have thought this through more carefully.
I can only hope that a statement like this isn't used to pacify the masses until this issue is relegated to obscurity. In the mean time, I'm looking at other publishers (thank GOD that many of them I heaven't heard of are discussed here) for content and refuse to pay for a $400/yr safari subscription while NEVER REALLY OWNING ANYTHING.
> their certs are more trustworthy than 90% of the certs that users would add.
Why? Why wouldn't I trust my own cert more than any Google trusted certs. I'm sure the majority of CA's are responsible entities, but I trust my certs more, because I control them!
I can't really say if Google is taking this approach to secure a device from heavy handed enterprise admins; but if true, it's gone too far by allowing only the app from having private conversations with the api and not allowing the user to see what's being sent over the wire.
This isn't exactly new, we do after all, have certificate pinning. But now, this certificate pinning is done at the OS level by DEFAULT, un-trusting all certs except the ones that Google deems fit.
We know that there have been un-trustworthy Certificate Authorities that all our machines have trusted until its been deemed unworthy by our vendors... and eventually expunged! But this change explicitly un-trusts us, the users of our own phones -- in the name of security.
User deftnerd (https://news.ycombinator.com/item?id=12061342) had an excellent suggestion that the trusting of user added certs can be relegated to the TPM module (via password, passcode, fingerprint, etc..) -- not by the heavy handed approach of simply blocking us out of our own phones conversation.
This renders tools like mitmproxy un-usable. But really, if it's your device, why can't you see your own traffic?
I can understand how this might improve security, but it locks you out of the conversation your own phone is having. Feels like reverse privacy; Not even you can know what you're saying!