Thanks for the comments on my question. Maybe it should have gone into a
different category like "general" so I do appreciate your feedback.
You are right - I'm actually not as concerned about the software cert
companies use as about their tracking. Are there any ethical certificate
companies that don't track the sites that use their certs? So the freedoms
I'm concerned about are the freedoms not to be tracked and controlled by this
new "licensing" of the web. Of course ISP's and hosts track activity, so you
can't get around the fact that people have to run the infrastructure to make
online interactions possible and they obviously track activity.
But if Let's Encrypt is backed by Torvalds, Google, Facebook and any other
friends in the silicon valley, are we fools to think they aren't collecting
all stats and monetizing that? What stops any certificate company from
monetizing the data boom they receive from our sites?
Another thing to be curious about is the script that Let's Encrypt runs on a
server to constantly monitor and update the certificate... It may be free,
open-source, inspectable, but it's still tracking constantly and each site is
the data boom/sale.
So, I am still on a search for a trust-able ethical cert company. If that
even exists. Otherwise I will have to come to terms with the fact that it
doesn't exist.
Thank you
