Background
Back in the day, if you wanted SSL (TLS) on your website, you had to pay fealty to a CA (certificate authority), such as DigiCert.
Fast forward to late 2014, an organization called let's encrypt is founded, with the goal of providing free TLS certificates signed by them, as a nonprofit certificate authority. The organization was founded, in part, by Internet privacy idealists, and, at least, by some on the team, with the best intentions in mind.
One of these founders was this guy:
https://en.m.wikipedia.org/wiki/Peter_Eckersley_(computer_scientist)
Peter was an idealist, and an "AI ethicist". He died in 2022. He said to vitrify his brain and leave a note next to it that says "scan me". Obviously, this could just be a comical and mildly egotistical way of jokingly keeping his legacy alive. It could also be understood, by the most conspiracy minded individuals, to mean, "if you only knew the things I knew..."
Another founder was this guy, one Princeton graduate, now professor, who happened to try to convince the Clinton campaign to double check the swing states that Trump barely one, in case there was electronic voting fraud/hacking that took place:
https://en.m.wikipedia.org/wiki/J._Alex_Halderman
Problem
The reason creating a nonprofit like this is such a big deal, and the reason SSL certificates costed hundreds of dollars and were a pain in the neck, is because browsers don't just trust any old certificate. They have to have a centralized authority that can be trusted, so that a man in the middle attack cannot be easily mounted by some third party who pretends to be the SSL certificate authority for your domain, using hardware on the wire between your server and the clients trying to access it. Browsers, like Chrome and Firefox, need to add each trusted CA to a list maintained in the browser, and these browsers only trust certificate authorities after a long and grueling process. Otherwise, they put their users' security at risk of such a certificate authority sharing their signing keys (e.g., with a foreign government or some other spying party), allowing for man in the middle listening attacks.
Let's Encrypt went through this process, in order to be trusted by all of the major browsers, and has been a trusted certificate authority since 2015. Because their certificates are free and easy to create, they naturally took over most of the market share from the existing CAs, almost immediately.
Today, if you go to a website, chances are you are connected via HTTPS (TLS), and the certificate is signed by Let's Encrypt.
Theory / Nightmare Scenario
As many other technologists in the conspiracy world, I've long thought "surely they have some serious zero day exploit and other Bad stuff that they will use to create this digital Covid nightmare", but it's quite possible that, rather than working really hard to find exploits, they just simply created a free exploit and have been waiting to harvest it.
Imagine the Let's Encrypt keys were taken by/given to "bad actors", and used to man-in-the-middle the entire Internet, through Internet backbones (large centralized network switches, undersea cables, etc.), giving these "bad actors" unencrypted access to nearly all information being sent over the wire (login credentials, banking information, SMS, email, other private communications, everything).
In such a scenario, almost every service in existence would be 100% compromised. Not only with this bring about the "digital Covid" nonsense that the WEF talked about, but it would also remove all privacy from every place where privacy was expected, which would have other really weird and demoralizing implications as well (e.g., what would the world be like after everybody was aware of what everybody else they knew was watching on porn websites, etc.).
This would be the most transformational event in human history, in my opinion.
Disclaimer: this is all just personal opinion and is meant for entertainment purposes only.
True that, combining multiple types of security, including some basic obscurity, is much smarter when you have threats coming from every direction. People used to proclaim, back in the day, in the tech world "obscurity through security is no security at all", while using passwords, which are literally just obscure strings of characters.
oldie but a goodie on opsec
Awesome thank you, will watch later today.