Seamless secure (TLS) connections on the internet are underpinned by the Web PKI - a system where Certificate Authorities (CAs) issue identity certificates to people and sites, and clients such as browsers have a "trusted root" list of those they think will do that job right. Mozilla runs the only open and transparently root program, which defines what Firefox (and probably your Linux distro) trusts; this talk explains how we use that power to make the Internet a safer and more secure place.