Comodo's massive invasion of privacy!

I am a private software developer. I am not a business wanting to advertise my services to anyone and made that very clear to Comodo when I requested a code signing certificate.

However, for whatever unfathomable reason, Comodo requires me to publish my person phone number in an internet directory of a “trusted 3rd party” so they can then look it up and then call me to verify my number.

Ok, firstly I have to put the number in the directory. Me… The person you are trying to verify. I could get a $2 SIM card put it in a phone, publish the number then throw the SIM/phone away. How does this in any way, shape or form add some level of verification/security to the process? Its a no brainer that this is a flawed idea and needs to go. It might have been relevant 20 years ago when people had a phone listed in the big printed phone book that came to your house but not anymore!

Now secondly, back to my mobile phone number. I develop data forensics software used by government departments and other people to investigate criminals computers. The names of my products are information anyone can access who is involved but due to policy that makes no sense in point #1, i have to publish this information on the internet for anyone to see! I really don’t want these people having my contact information!

The invasion of my privacy for this ludicrous idea of making things secure and verified is beyond me. Not to mention ill probably have every telemarketer scan my online listing within a day and spam me with business offers and calls.

To make matters worse, i couldnt even send in my telephone bill which shows my business details, personal name/address and of course the phone number. Apparently this isnt proof enough but I can enter whatever I want in online and thats taken for gospel!?

I manage the security of countless servers using SSL products and I can tell you what, as of next renewal I can guarantee there will be ZERO of these systems using a Comodo product. Also none of my clients who use code signing on their products will be using Comodo again after this.

I have been purchasing my code signing certs from Comodo for years now, this has NEVER EVER been an issue before. I have NEVER had a phone call from Comodo to verify my identity. I have NEVER had to publish my person details online which any primary school student can tell you these days is a bad idea…

All I have been trying to do is sign an EXE file so i can send it to a client. Its now 2 weeks late because of this messing around and I still dont have a ■■■■ certificate!!

I heard back and apparently my infobel record isnt working for comodo or whatever now.

How the hell do i get a refund from comodo… its beyond a joke… im so angry… How is it this hard, how does it take this long and how are people SOOOO unhelpful!?

Its going to cost me my client if this doesnt get resolve… so over it.

I was shocked when I read your title. I can’t appraise your problem but your title doesn’t match very well to your problem. I was thinking comodo is a spy software. So I’m happy that it isn’t so!

Anyone who asks you to put your personal phone number on the internet for absolutely no reason is invading your privacy in my book. Just like someone writing it on the back of a toilet door saying “for a good time call XXXXXXXX”…

I published my information just so I can get this ■■■■ certificate and have been verified. Now im waiting for my information to be deleted offline if that is at all possible.

Still don’t fathom how me putting my number online just so Comodo can look it up and then call me makes any sense - my brain is hurting.

.....to put your personal phone number on the internet .......

Ah, now I understand. That, of course, I didn’t want, too. Otherwise I don’t know if this is necessery to get a certificate. I don’t think so. Only comodo needs to know if you’re trustworthy, I think. Or is public access a prerequisite?

It has to be in a “trusted third party phone directory” which of course is visible to everyone as comodo need to be able to look it up. Amazingly comodo didn’t ask me for ANY other information to get my certificate. They just took this phone directory listing I created myself and used it as my entire verification!

Luckily I managed to get the infobel company to remove my details from the directory the second I had my code signing certificate.

So as soon as this certificate expires I will be heading to any of the competitors as they don’t force you to do something so stupid!

Sounds pretty dumb. I wonder how other companies handle this.

I am surprised because, as far as I know, comodo is now one of the leading certification bodies.
But what I found surprised me and may surprise you, too. This can be the reason for the “new” procedure and perhaps this may help you understand what’s going on. This may also be the reason why none from the comodo’s team has yet commented on it:

https://www.golem.de/news/certificate-authority-comodo-gehoert-jetzt-einem-staatstrojanerbesitzer-1711-130920.html

Article published: 1 November 2017, 16:42 hrs

not literally translated:

It is already the second certification body to be sold this year: Comodo transfers the certificate business to an investment company. This company also has manufacturers of statestrojans in its portfolio…
It is piquant that the new owner is also the majority owner of NSO, a manufacturer of so-called statestrojans.
Comod sold in his history more then 91 Mill. of Certifikates and is so one of the biggest certification bodies in the world. Bill Holtz is to become the new Chief Operating Officer.
Melih Abdulhayoglu, will remain on the company’s board of directors as a minority shareholder.

And now this may the reason for the procedure you don’t want:

[b]Last year, an OCR error at Comodo caused users to create certificates for domains they do not own[/b]

Maybe I could help you a little. Once more: I have no knowledge of certifations.

Very interesting (in the same article):

Symantec also will sale its battered certificate and the deal seems to be closed. Before the sale was announced, Mozilla and Google had announced that they would withdraw confidence in certificates issued by Symantec.

All this is of course irrelevant to me as a satisfied, well protected user by Comodo and I hope this will be so in the future, and of course I hope comodo (Melih) doesn’t sell
any other parts of the cis.