[KomradeKeeks]

Thanks for posting that; depending on the site (if you go to equifaxsecurity2017 or trustedidpremer) you see different ToUs.

Equifax has the clause for opting out of arbitration, but Trusted ID Premier's Terms of Use doesn't have it. The enrollment site I've seen is owned by Trusted ID Premier, and it's arguably deceptive that Equifax structured the site as a bat-and-switch to see if their shitstorm exposed you.

Heck, they may have even planned a PR push around telling news outlets to refer readers to that site, omitting that using trustedidpremier.com means that you agree to a ToU that mentions only waiving the right to participate in class-action suits, but not how to opt-out.

[dictum]

>equifaxsecurity2017

It's so phishing-sounding that I want to believe it was chosen after a quick focus group with the "people who are most likely to become fraud victims" demographic.

[jaggederest]

I had to go check the certificate chain to make sure it was legit, and they're using an amazon-generated certificate that appears legitimate. Definitely looks fishy but I think they're just that bad at making trustworthy websites.

[Pharaoh2]

DV certs don't say anything about who the own the website. Just that the website is the URL you are trying to visit. Someone else could have registered the url and created the website, so checking the certificate chain doesn't prove anything.

EV certs on the other hand at least claim to verify who owns the website but even then I would be cautious.

[jaggederest]

Right, I was mostly looking to see if it was some dodgy cert provider - Amazon is on my mental list of questionable-but-not-obviously-scammy ones. EV certs, to me, just mean 'this cert is intended to secure company x's sites', not 'company x controls this site'. So an obvious on-page-text mismatch to the cert raises red flags, for example.