Sectigo’s chief compliance officer has hit out at Google for minimizing the visibility of Extended Validation HTTPS certificates in Chrome.
These are the certificates that contain verified details about the owner of the cert, such as its legal name, government-issued business ID number, and physical location. These records could be displayed in, or be easily accessible from, the browser's address bar. This information is manually verified by humans at the certificate issuer prior to the cert being handed over. The idea being that if someone arrives at a website and wants to be certain it's operated by, say, their bank, they can check the verified details of the owner and see that, indeed, yes, it is their bank.
Google all but hid these extra details in a Chrome update a couple of years ago, arguing that netizens couldn't care less if a site is protected by an EV or a vanilla HTTPS cert – it won't stop them putting in their credit card number or password. Others in the industry have questioned the usefulness of EV certs.
In a chat with The Register, Sectigo CCO Tim Callan said his biz, which among other things is one of the biggest sellers of EV HTTPS certificates, was "going to remove street and postal information from all of our public sites," seeing as Google thinks no one cares where a business is based.
In some browsers, it's very difficult to even find it. And you have to really know what you're doing
"Once upon a time, if you went back to the 2000s, that information was very ..