[JohnTHaller]

For those who may not remember or may not have heard, QiHoo is the company behind the most popular scam browsers in the world: Qihoo 360 Secure. It was one of the most popular browsers in China with 28% of the market a few years ago. It used an IE logo colored green, force-uninstalled competing browsers by claiming they were unsafe, made uninstallation so difficult you'd often have to re-image the machine, breaks SSL, can expose user passwords, etc.

Remember, this is a "security" company.

It's rather fascinating: https://webdesign.tutsplus.com/articles/qihoo-360-secure-the...

Personally, I wouldn't trust anything this "security" company is connected with anywhere need my devices, software, or business.

[jedberg]

And yet, unless you go through the effort of removing every trusted CA from your browser, you implicitly trust them because Mozilla/Google/etc. do.

And thus why the CA system is broken in a nutshell.

[mixedCase]

>And thus why the CA system is broken in a nutshell.

I wouldn't call it broken. From what I see on Linux and Windows, Chrom[e|ium] relies on the system's trusted certificates. You always have the last says on who's in and who's out.

EDIT: Just checked, the Chromium-specific trusted CAs can be revoked through its configuration interface, doesn't just rely on system certs. Important detail, but still, user has the last word.

[arkydon]

Also accused of gaming antivirus tests http://www.pcworld.com/article/2919554/tencent-qihoo-antimal...

[nsgi]

Also the sixth browser vendor in the CAB forum.