Why are they certificate authorities? What do they do that ensures the information is 'secure'? I know that they verify if a 'certificate' is from a 'trusted' source but who decides which sources are 'trusted' and which aren't?
UPDATE: The question is not answered by the other question.
Why can you trust Google.com by trusting GeoTrust? A website wants to communicate with you securely. In order to prove its identity and make sure that it is not an attacker, you must have the server's public key. However, you can hardly store all keys from all websites on earth, the database would be huge and updates would have to run every hour!
The solution to this is Certificate Authorities, or CA for short. When you installed your operating system or browser, a list of trusted CAs probably came with it. This list can be modified at will; you can remove whom you don't trust, add others, or even make your own CA (though you will be the only one trusting this CA, so it's not much use for public website). In this CA list, the CA's public key is also stored.
I get the public key private key aspect. I understand the tech, but I guess I wasnt specific enough. My question was who chooses the list of trusted CAs? The quote above suggests that you can 'remove whom you don't trust, add others, or even make your own CA...' but it isn't that simple. If you remove geotrust you basically can't use any chromium based browsers(so almost all of them), youtube, gmail, or any other alphabet company. The quote above also suggests "you can hardly store all keys from all websites on earth, the database would be huge and updates would have to run every hour!" There are 1.5 billion websites, using 4096 bit pub key its around 715gb worth of keys. Taken from that standpoint it sounds like a rational decision, except only 200million of those sites are actually active which amounts to 95gbs worth of keys at 4096 bit encryption. 95gbs is easily manageable in todays world but its still pretty steep. Do you think any 1 user would ever visit all 200 million active sites? No it would never happen. An average user visits 10 or so unique websites per day, and most likely wont regularly visit more than a 100 unique websites in a year. If its 100 unique websites then thats only 0.0000512gbs or 0.0512mbs or 51.2kbs. 100 unique websites might be average but what about the upper end of users, lets say its 100,000 a year, thats only 0.0512gbs or 51.2mbs or 51200kbs. That is absolutely nothing compared to the 5gigs that google keeps in a users local cache. Its absolutely absurd that we are forced to go through these corrupt corporations in order to freely use the internet. If a major website wants to secure its site then it should use its own encryption methods like an adult, not a child that needs to hold daddy's hand when it comes to security. So who decides what CAs are trusted? Why cant a regular users CA become trusted? I just find it frustrating that so many intelligent tech people are so incredibly naive and gullible.