This article also links to a post where someone gets an EV certificate for a company called "Identity Verified" [0], and it's just as bad from a user point of view, particularly on Safari and iOS where the only thing you see is the EV certificate name. Name your company "Secure Connection", "Encrypted Site", "129-bit Secure".. there are endless variants that would likely trick a significant number of people.

[0] https://0.me.uk/ev-phishing/

The tweet linking to this[1] is a better headline, I think:

> I got an extended validation certificate for "Stripe, Inc" but in another state. Can you tell the difference?

[1] https://twitter.com/iangcarroll/status/940281927789146112

I try to stick to the HN guideline: "please use the original title, unless it is misleading or linkbait"

Oh yes, absolutely - I just meant a better headline for the article itself. I think it's a better summary.