GoogleSharing, a recently released anonymization service, has had its legs cut out from under it when Gandi.net, a French based registrar, revoked GoogleSharing’s secure sockets layer certificate. Gandi.net, which bills itself as a “no bullshit company,” claimed that the certificate was revoked “due to multiple and deliberate serious breaches” of the terms of service.
The alleged violations included trademark infringement, providing incorrect information to the registrar’s database and using the certificate for “fraudulent activities,” though these were not expanded upon. The move came last week, leaving 30,000 GoogleSharing users without the service.
The GoogleSharing service prevents Google from being able to track a user’s website visits and searches.
“GoogleSharing thrives by being totally transparent to the end user,” Moxie Marlinspike, announcer of the service, wrote. “They install the addon and never have to think about it again. They don’t have to do anything special or visit any special websites. By causing a four day interruption, they’ve likely killed the majority of our user base.”
The Register received the following reply from the COO of Gandi, Joe White:
We certainly acknowledge that we could have handled this better, particularly in not contacting the customer prior to the revocation of the certificate. The reason for the certificate being revoked was because of the inaccurate whois data. Certificates really are a seal of trust, but that cannot be based on falsified whois data. It was right to revoke the certificate for this reason, but not without being in contact with the customer. We have reviewed and changed our processes to rectify this.
The other reasons given, re google, etc. were probably over zealous from the support/legal team. It’s not our place to speculate about what google would or would not do about the domain name. The other issues had nothing to do with the certificate being revoked and we apologise for any confusion caused by that.
We’re known in the industry for standing up for our customers rights, but it is based on mutual trust and respect. And if the whois data in falsified we don’t know who are customers are and we cannot stand up for them in the same way.
Anyway, I hope that gives some better insight into why we took action. We have learned from this and changed our processes and we hope to avoid this kind of error in the future. Many thanks