Ok, but then why actively block attempts to tackle this problem?
Yes, there are edge cases in which EV certs can be confusing, but in general they give a guarantee that you're dealing with a registered company from a country with generally respected business standards. That's a lot better than the current state where the site might as well be served from a raspberry pi in some teenager's basement.
If the company's name is not sufficient to identify them, put an address in there, too, or registration number or whatever. I don't get what's so hard about this.
And as for "people are ignoring them", I'm sorry, but this is largely the browser vendors' fault. For a long time, people were ignoring cert errors as well. Browser vendors reacted with a massive UI revamp up to intentional dark patterns to change behaviour here - and it worked.
Meanwhile, with EV certs, UX went into the exact opposite direction: Browsers were increasingly de-emphasizing the EV data, to the point that people are actively discouraged from looking it up. No wonder then that no one checks EV information.
"in general, except for the edge cases" is the opposite of a guarantee. they create a situation where users assume a level of trust that can't be actually guaranteed, which is exactly what fraudsters exploit.
browsers aren't actively blocking attempts to tackle this problem. browsers are blocking schemes which falsely claim to tackle the problem.
Yes, there are edge cases in which EV certs can be confusing, but in general they give a guarantee that you're dealing with a registered company from a country with generally respected business standards. That's a lot better than the current state where the site might as well be served from a raspberry pi in some teenager's basement.
If the company's name is not sufficient to identify them, put an address in there, too, or registration number or whatever. I don't get what's so hard about this.
And as for "people are ignoring them", I'm sorry, but this is largely the browser vendors' fault. For a long time, people were ignoring cert errors as well. Browser vendors reacted with a massive UI revamp up to intentional dark patterns to change behaviour here - and it worked.
Meanwhile, with EV certs, UX went into the exact opposite direction: Browsers were increasingly de-emphasizing the EV data, to the point that people are actively discouraged from looking it up. No wonder then that no one checks EV information.