mjensen.org

Comodo/Sectigo privacy failure

I don’t think I’ll ever use Comodo/Sectigo for encryption certificates again. Needing me to send a gov’t issued ID is fine. Insisting that it’s secure to send it through plain email is not.

If that’s how they handle private data, I don’t want them to have mine.

These are actual replies from their support staff during our email back and forth when I told them that their online form to upload documents wasn’t working.

Thanks for the reply. Please attach the Photo Id here. Will upload the document and Validate the order.

and

Thanks for the reply. I have already informed you this email also secured connection for you all our services. Please upload here to validate the order.

For those that aren’t aware, unless your email is end-to-end encrypted, it isn’t secure. If you’re not sure whether your email is e2e encrypted then it isn’t. Setting up secure communication over email isn’t a simple task. You’d know if you did it.

FYI - I cancelled my order and got a full refund.