Heikki Toivonen wrote: > Duane wrote: >> Ok, based on this reply and others we can assume it's possible to judge >> the possibility of fraud in similar manners to how we associate fraud in >> real life, ie ask others about (or in this high tech world google about >> it), after all if you have a problem with a company you tell everyone >> about it, or at least all the bloggers seem to. > > If it were so easy. I've run into this situation several times. I've > wanted to buy something fairly expensive, and went looking for good > deals on the net. I then find a bunch of online stores with good prices. > I have tried all kinds of search (typically "company name" suck etc.), > look at sites where other companies are rated etc. But when you go > through some of that you realize you are not much wiser, because: > > - if the site is new, there won't be any feedback > - if there is only good experiences, it goes under reported (maybe not > reported at all) > - if there are bad reports, there will certainly be good reports as > well, and you will have a fiendishly hard problem of trying to figure > out if the good outweigh the bad (the ugliest situation is when the > company that is being criticized by some is heavily promoted by the > company itself by their bloggers etc.) > - you have competing companies anonymously bashing each other > - any company that has operated for a while will gather both good and > bad feedback > > In short, either you get no feedback at all or you get mixed feedback.
I don't see how EV certificates will solve any of the above points either... -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Because e164.arpa is a tax on VoIP "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
