Google continues to build out its ownership of key Internet infrastructure. Email/Spam filtering, Chrome Browser, DNS
As we look forward to the evolution of both the web and our own products it is clear HTTPS will continue to be a foundational technology. This is why we have made the decision to expand our current Certificate Authority efforts to include the operation of our own Root Certificate Authority. To this end, we have established Google Trust Services (https://pki.goog/), the entity we will rely on to operate these Certificate Authorities on behalf of Google and Alphabet.
Thoughts, in no particular order:
- Bought company with root certificates to shorten lead time to control
- Ownership of and widespread use of Chrome web browser, DNS and trusted root certificates means that Google has unprecedented amount of control over user data regardless encryption.
- Can silently MITM any traffic in browser by combining web browser and certificate configuration
- Data gathering from DNS servers for destinations, source addresses/geolocation, usage profiling
- Chrome already prevents many privacy and usability features available in other browsers e.g. Reading mode,
- Adds to data-gathering possibilities from web services that predict searches, URLs and spelling errors built into browser
One of the base assumptions for internet safety was that functions would be widely distributed which included the spread of companies that could control and operate these functions. While BGP and routing is still “unowned” critical services like DNS and TLS are being owned by private corporations (Google, Cisco, Oracle etc) and Governments (China, Russia).
This is a disturbing pattern.
Google Online Security Blog: The foundation of a more secure web : https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html