Game launcher installs Root CA certificate on your machine

Summary

Launcher Version: N/A N/A Operating system: Windows Windows Antivirus/Firewall (if any): N/A N/A Wine/Mono Version (if any): N/A Hello, I've noticed that the launcher installs a custom Root CA certificate onto my machine. After checking the code, it seems that this certificate is used for Authenticode verification of the validity of the signatures of automatically downloaded launcher executables. I believe I do not need to expound the security implications of this too much to an audience of software developers, but for the sake of thoroughness, with the installation of the "Carbon Crew" CA certificate as a trusted Root CA, users of this launcher automatically become liable to having ALL their encrypted communications with any website or service eavesdropped on. To clarify, this would require whomever possesses the private keys for the CA to sign fraudulent certificates for whatever service they want to intercept your communications with and then MITM your communications with the service. I have no evidence that either of these things have been happening or will happen and I genuinely do not want to accuse anyone of anything at this point. However, even if this is in fact a well-intentioned bad execution of the code signature verification idea and not malicious in any way, it is still a pretty egregious security issue for the users of SBRW. For what it's worth, also consider the case wherein the private keys for the CA are stolen in some way from whomever currently has them. I also want to note that the certificate has a highly inappropriate and unnecessarily broad list of key usage IDs included, of which I would assume that no more than two or three are necessary for the advertised function of this certificate. The complete list follows: List Server Authentication (1.3.6.1.5.5.7.3.1) Client Authentication (1.3.6.1.5.5.7.3.2) Code Signing (1.3.6.1.5.5.7.3.3) Secure Email (1.3.6.1.5.5.7.3.4) Time Stamping (1.3.6.1.5.5.7.3.8) Unknown Key Usage (1.3.6.1.4.1.311.2.1.21) ...