Where does PM get it's list of trusted CA's?

General discussion and chat (archived)

Where does PM get it's list of trusted CA's?

Post by Thehandyman1957 » 2019-02-24, 02:58

Was doing some reading this evening when I ran across this article.
Cyber-Mercenary Groups Shouldn't be Trusted in Your Browser or Anywhere Else
https://www.blacklistednews.com/article ... where.html

In it, they talk about a shady company getting trusted CA's with the likes of F.F. and the
cost of that decision.

My question is, does PM get their CA's from Mozilla? Or do we get them from somewhere else.
Forgive me if I am not using the right terminology here. :think:

Posts: 151
Joined: 2018-05-26, 18:13

Re: Where does PM get it's list of trusted CA's?

Post by Michaell » 2019-02-24, 04:12

Not answer to your question, but....
Mozilla and other root certificate database maintainers (Microsoft, Google, and Apple)
:silent: :sick: :evil: :twisted: :cry: :!:

Years ago after Firefox update, I would go in and delete all but a few more trusted CAs.

Now I don't even bother using them most of the time.
Win10home(1709), PM28.13port

User avatar
Board Warrior
Board Warrior
Posts: 1569
Joined: 2015-07-23, 16:09
Location: Norway

Re: Where does PM get it's list of trusted CA's?

Post by Tomaso » 2019-02-24, 12:29

How to distrust DarkMatter certificates in Pale Moon:
1) Navigate to 'Tools' (or 'Pale Moon' button) > 'Preferences' > 'Advanced' > 'Certificates', and click on the "View Certificates" button.
2) Scroll down, and highlight all "QuoVadis Root" certificates.
3) Click on the "Delete or Distrust" button, and confirm distrust by clicking "OK".

Article @ gHacks:
https://www.ghacks.net/2019/02/24/how-t ... tificates/
A Reuter's article links DarkMatter to the United Arab Emirates government and surveillance operations.
One such operation, called Karma, saw the team hack iPhones of "hundreds of activists, political leaders, and suspected terrorists" according to Reuters.

Issue report @ GitHub:
Last edited by Tomaso on 2019-02-24, 12:50, edited 4 times in total.

User avatar
Posts: 157
Joined: 2017-09-27, 06:50

Re: Where does PM get it's list of trusted CA's?

Post by hujan86 » 2019-02-24, 12:39

DarkMatter controls an intermediary certificate already called QuoVadis. QuoVadis is owned by DigiCert which means that there is some oversight in place currently.
I'm speechless. :wtf:
Avatar's Source: yereverluvinuncleber
SierraChart_100 wrote:Firefox started off good and gradually descended into absurdity.
Moonraker wrote:Palemoon is still the only fully customised browser available.
basicuser wrote:Pale Moon an oasis of sanity in a sea of stupid.

User avatar
Pale Moon guru
Pale Moon guru
Posts: 29334
Joined: 2011-08-28, 17:27
Location: Tranås, SE

Re: Where does PM get it's list of trusted CA's?

Post by Moonchild » 2019-02-24, 18:36

Issue wontfixed.

To answer the question, root certificates in the trust store are part of NSS (i.e. we normally do not manage this ourselves but delegate this to the NSS team).
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss

User avatar
Board Warrior
Board Warrior
Posts: 1696
Joined: 2015-09-30, 23:02
Location: uk.

Re: Where does PM get it's list of trusted CA's?

Post by Moonraker » 2019-02-24, 23:27

Just a cautionary note.disabling ir deleting these certs will cause issues with some known sites like twitter and protonmail seems to be affected also.
Xenial puppy linux 32-bit.

Pale moon 29.0.0.