HackerTrans
TopNewTrendsCommentsPastAskShowJobs

plzthrowaway

no profile record

comments

plzthrowaway
·4 anni fa·discuss
> I am probably in the minority here, but I can’t help but feel like Rachel was a victim of a sloppy but effective smear campaign.

I usually have sympathy for privacy-friendly services being abused by bad actors, and i certainly have sympathy for anyone being impersonated by State-sponsored APT for nefarious purposes. However, after reading through the thread, this does not seem to match reality.

It took just a few email back and forth for TrustCor to change their statement from "we know nothing about these people" to "we used to have common investors", while placing the blame on a single recently-deceased individual... which still does not explain how a malicious data exfiltration (malware) SDK ended up in a beta product of theirs (a question they silently skimmed over), or why they pretend not to know why most of their legal infrastructure in place is deeply tied to this malicious actor.

Without commenting on the CA operations of TrustCor (and its lack of transparency), or the seemingly-broken security promises of the MsgSafe service, it seems relevant for the CA/B forum that TrustCor is obviously arguing in bad faith and trying to dissimulate ties to a now-well-known APT.

You would certainly expect most CAs to operate more transparently, to be registered where they actually operate, and to disclose where their hardware is located, especially when this location exposes them to NSL-style laws. Operating out of a mailbox in a tax heaven, for a company based in Canada, with machines in the USA is already very sketchy. TrustCor's responses in the mailing lists in my humble opinion clearly outlines that they are bad faith (if not entirely malicious) and should be treated accordingly by browser vendors.

I understand that Rachel is now in a bad position and feels smeared. And maybe she is not the person responsible for the malicious setup/activities of the entire company (maybe she's even unaware), but that's what you get for being the public face of a rather-secretive malicious actor.