Hacker News new | past | comments | ask | show | jobs | submit login

> But I'll admit that I don't remember which ones had them and which didn't, other than that I expected my financial institutions to have them.

This is a core point in the article too that you've glossed over: no one knows which websites must have EV information other than a general "hope my bank has one". EV certificates are useless not just because the browsers are dropping them, the browsers are dropping marks for EV certificates because they are useless for actual security.

They were an interesting attempt at security, but like the "take your shoes off at the airport", it only really helped you from maybe blowing up your own foot, tops. Ultimately the only thing that EV certificates were doing was lining the pockets of security theater predators, because despite "reports" they've never really meant anything to the average consumer and most consumers never learned how/where to look for them except sometimes "maybe my bank should have one, I don't know?"

This is worse than that, because no one ever wondered if they should have one.

People only notice when it is there.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact