Current Version plugins

How to remove DarkMatter Certificates from Firefox

Cyber-security company DarkMatter, based in the United Arab Emirates, applied to become a top-level certificate authority in Mozilla’s root certificate program recently.

Certificates are a cornerstone of today’s Internet; HTTPS ensures that communication is encrypted. A company in control of  a root CA could potentially decrypt traffic that it has access to.

A Reuter’s article links DarkMatter to the United Arab Emirates government and surveillance operations. One such operation, called Karma, saw the team hack iPhones of “hundreds of activists, political leaders, and suspected terrorists” according to Reuters.

The EFF notes that DarkMatter’s “business objectives directly depend on intercepting end-user traffic on behalf of snooping governments”.

DarkMatter controls an intermediary certificate already called QuoVadis. QuoVadis is owned by DigiCert which means that there is some oversight in place currently.

Firefox users, and anyone else who has access to tools to manage certificates, might want to remove the intermediary certificates from the certification store. You may remove the root certificate from Firefox using the same method if Mozilla, or anyone else, goes ahead with the inclusion of the root certificate in Firefox.

Note: As some readers have pointed out, certificates get restored with every update. You may also need to clear a site’s cache if you run into loading issues. See this guide.

Removing the certificates

firefox root-certificates dark matter remove

Here is how you can remove certificates from Firefox:

  1. Load about:preferences#privacy in the Firefox address bar to open the Privacy & Security settings.
  2. Scroll down to the Certificates section on the page.
  3. Click on the View Certificates button.
  4. Firefox lists all authorities in an overlay. Scroll down until you find the QuoVadis Limited listing (or any other listing you want to remove).
  5. Select a certificate, it does not matter which. Tip: Hold down Shift to select multiple certificates.
  6. Click on “delete or distrust”.
  7. Select ok to remove the certificate from Firefox.
  8. Repeat steps 5-7 for all other certificates that you want to remove. until the QuoVadis Limited listing is no longer there.

delete quovadis

You can follow the discussion and integration of the root certificate on Mozilla’s Bugzilla website and the Firefox Dev Security Policy group on Google Groups.

Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader. The post How to remove DarkMatter Certificates from Firefox appeared first on gHacks Technology News.

Leave a Comment

Your email address will not be published. Required fields are marked *

Menu Title