SSL WHO? Security – UPDATE

The Scoop:

2016 Google enacted a new policy on SSL Security Certificates.

SSL (Secure Sockets Layer) is the standard security technology for establishing an ‘encrypted link between a web server and a browser.’  

This link ensures that all data passed between the web server and browsers  remain “Private and Integral.”

The big hype reason for SSL is to assure security during transactions, specifically credit card transactions and personal information.

You can see the policy at work by looking to the top left of your URL.  There you will see either a lock with the word “secure” or a circle with an  ‘i’  in the middle, for “insecure.”

It’s a wonderful idea, but here is the truth of what is happening:

Large internet companies that have domain name owners or simply individuals who are affiliates are now requiring the affiliates to pay for the SSL certificate fees;  and then telling affiliates to put their personal name and address on the certificate;  except for the e mail address.  

For the e mail address, the domain name affiliate is told to put the large internet company’s  e mail address in the certificate area where the domain name owner’s e mail address should go.

Some large internet companies suggest putting the name of the large internet company as the administrator with no address.  The administrator is the administrator for a domain name and not a web site.

This passes off both the expense of the SSL certificate and the responsibility for any problems associated with the credit card transaction to the domain name affiliate.

However, at no time is the domain name ‘affiliate’ accepting the credit cards, or receiving any personal information.

When there is a problem with a transaction, the responsible party has now become “The Domain Name Affiliate.”

Large Internet Companies use up to 78% affiliate template pages in sales. 

When a domain name owner simply forwards their domain name to a template affiliate site created by the large internet company that accepts credit cards and personal information, the domain name affiliate has now become the responsible party for transactions and personal information gathered by the large internet company.

The large internet company name and address that took the credit card transaction is not given and is not encrypted on the SSL certificate.

The affiliate’s name and information is encrypted and only the e mail address of the large internet company conducting the transaction is given as ‘certified’ security.

This policy is causing major dis-information on the internet and creating more security problems with personal information and credit card numbers.


Large companies are being hacked.  Most recently a credit scoring company that gathered social security numbers and credit card numbers of 124 million users

and on this date that companies URL still reads that it is “secure.”

So, what good is the SSL certificate of encrypting information from web server and browser if the information is wrong and/or scrambled by crackers?  

Many hackers are what is known as ‘crackers.’  They claim their ‘cracking hacking’

is a joke and they scramble the information of large internet companies;

and the large internet companies don’t realize they have been ‘cracked’ for months, sometimes years.  It’s a type of attack and very popular.

The large internet company is cracked and hacked and all the information is taken and scrambled even when the web site reads that it is secure!  

At the time of Googles policy change of June 2016, SSL certificates were issued by respected and well known domain name companies for a fee of approximately $37 per year.  At the time of this writing (14 months later) several new pop up companies are issuing SSL certificates for only $4.99 and they are advertising themselves on Google.  

Dis-information violates Icann and most large internet company’s information system policies and yet, the large internet companies are telling domain name owners who are affiliates to break the large internet company’s own policies and the policies of Icann

 to “YIELD”to Google.


What is it called if Google and affiliates

are selling SSL certificates and SSL certificate companies?


Do SSL Security Certificates constitute “Security Fraud if filled out incorrectly or with false information intentionally withheld?”

Is it possibly inside trading by Google?  Do the companies now selling SSL Security Certificates advertise on Google?  Does Google benefit financially when these new companies pay for advertisement on Google?  Does Google own or control these companies and their growth in capital by accepting and ranking the ads?  And does that growth in capital benefit with more capital to Google?

Update Again:  11/30/17

Conversation with Godaddy regarding SSL and the CSR categories in which to put the data that will be encrypted with transactions.  I explain that the CSR form given to me by the large internet company, affiliate manager does not have the categories to separate the domain name holder and the large internet company’s information.

I further explain that putting my personal address and phone number creates dis-information and possibly holds me responsible for credit card transactions which I am not processing.  I also do not collect any personal information.  The Godaddy employee tells me that it’s very interesting and I need to ask my attorney.  I ask for a recommendation and am told I must call my own attorney.

The Godaddy employee also tells me that it would be interesting to hear back my attorney’s opinion since it’s important to keep up with legal information like this.

Well, gee?

I have also discovered that there are different CSR forms, apparently.  I am uncertain, but have found companies that offer SSL for “all your domain names” and for “business domains vs. personal domains.”  In addition, the fees are sky rocketing for all of this SSL security at approximately $250 – $425 per year.  Considering that the domain name cost $12 per year, this is quote a percentage.

If a company wants to consider having a “secure” “S” read on their url because it’s better for business, then large internet companies might want to consider actually knowing who is processing the credit card.

I have discovered even more shattering information.  Some large internet companies are not processing the credit cards but are out sourcing the transaction to processing companies.

In addition, I originally called Godaddy because in renewing a domain name using PayPal, Godaddy and other large internet companies no longer require their program to ask the user for their PayPal password.  In other words, transactions with PayPal can be made using only “the payment method.”

Godaddy explained it to me like using a credit card vs. a debit card.  A password is not needed when using a credit card, but is needed when using a debit card.

Well, how does that justify using PayPal then?  And a credit card requires “A Signature.”

Again, I come back to the only conclusion that I can derive from all this headache.  The conclusion is that no transaction is secure on the internet and that no user can be certain by any stretch of the imagination that their banking information is safe.

Google algorithm “so called” change to read httpS, The “S” meaning that there is encrypted data to help keep monetary transactions safe in what is called an “SSL” is a very faulty system.

After I have personally verified that there are multiple CSR forms with different categories to fill in on templates, SSL companies offering “Private Keys” which keep the encrypted data ‘Private’ until subpoenaed and Large Internet Companies shirking responsibilities off to their affiliates, I report that this entire system is going to fail and it is going to fail at a maximum economic level.

Users will still need to “subpoena” information when a transaction goes wrong and they will have trouble finding the “service address” in order to serve a petition of complaint.  And even after filing and serving a complaint, the user who was wronged will still not be certain that they are filing and serving the correct party.

With out sourced companies conducting transactions, domain name owners paying for SSL and private keys while providing their own personal information, and then forwarding urls to affiliate template pages;

Most people do not even understand most of this article or what I am describing.  How can any reasonable person believe that this is going to create a “Safer System?”




Update:  11/28/2017

I have Generated a ‘basic’ CSR to discover what is on the form and what will be ‘verified’ and put on the encryption of the credit card transaction and collection of personal data.

The template reads the following with the ‘given example answers’ in parenthesis:

Country  (US)

State  (Texas)

Locality  (San Antonio)

Organization  (Big Bob’s Beepers)

Organizational Unit  (Marketing)

Common Name  (

The information given in the CSR form will be encrypted with a private key (size 2048) on the SSL Certificate.  The private key is then held by the SSL certificate holder to be given out only when requested and to ‘assure security’ of the information on the SSL certificate.

Here is what Godaddy describes as an SSL Certificate:

Please note that Godaddy url reads httpS (meaning secure site) without being logged in.

Please note that Godaddy url reading httP (without the ‘S’) logs onto the same page.

Here is Google search for ‘SSL”….0…1.1.64.psy-ab..…0.g2tlPdnhn1o

Prices are from $87-$425 per year depending on features of multiple domain names and/or with private key to keep data private.  Question, if I hold the key to keep data private, and I can keep that data from credit card transaction users, how does that increase security?

I have filled out the ‘basic’ CRS form and submitted it to several sites.  Their program continues directly to their credit card payment to be received.  I am expected to accept ‘their security with my credit card information’ to get an SSL to show that I am safe to use for a credit card transaction.

Now, how does anyone with knowledge in securities not notice this house of cards?

If I trust a company with my credit card information for an SSL, and that company is not legitimate, they simple give me an SSL that I pass on to my domain name registrar.

And if I use paypal,  sites are now holding “payment” information for paypal…

Copyright 2000 Peggy Penny, accredit Sociologist, Cal Poly Tech University.