I recently found myself wondering, why big sites such as Facebook, Google, Github etc usually aren't using EV SSL certificates? It probably would make non-technical users trust the website more and perhaps make them more aware of phishing (eh, I don't believe in that myself, but it's still nice to dream...), and it's not like they can't afford it.
Scott Helme, a security researcher has an article on EV certificates and some of the issues with them in an article from December 2017 (<a href="https://scotthelme.co.uk/are-ev-certificates-worth-the-paper-theyre-written-on/" rel="nofollow">https://scotthelme.co.uk/are-ev-certificates-worth-the-paper...</a>). There was some discussion on this when it was originally submitted to HN at <a href="https://news.ycombinator.com/item?id=15850837" rel="nofollow">https://news.ycombinator.com/item?id=15850837</a>.<p>Adam Caudill also has some insight here: <a href="https://adamcaudill.com/2017/04/09/looking-value-ev-certificates/" rel="nofollow">https://adamcaudill.com/2017/04/09/looking-value-ev-certific...</a>