26 votes

Mozilla takes action to protect users in Kazakhstan

10 comments

  1. Soptik
    (edited )
    Link
    What’s happening? After several failed attempts, Kazakh government did it. They created master certificate and forced every single internet user in Kazakhstan to install it in order to access the...

    What’s happening? After several failed attempts, Kazakh government did it. They created master certificate and forced every single internet user in Kazakhstan to install it in order to access the Internet.

    Doing this allows Kazakhstan government to spy on everyone, doing anything - even under https - and there is no way to stop it. They can read your mail, your personal facebook chat, see exactly which videos you watch and which articles you read.

    Kazakh government did what they could to market this as cybersecurity and aiding national sevurity, without saying one word what it actually means.

    Due to increasingly frequent cases of personal information theft and bank account hijacking, we are introducing a security certificate that will become an efficient way to protect the country from hackers, scammers, and other cyberthreats.
    Deployment of the security certificate will help us protect your data and stop attacks befoore they succeed.
    The security certificate is a set of digital data that is required for encrypted protocols to wrk. It will help protect the Kazakh people from attacks and illegal content.
    You should install the certificate on every device connected to the Internet, else there will be technical difficulties with accessing particular resources.

    Source

    Mozilla and Google banned Kazakhstan certificate, meaning user won’t be able to access the Internet if the certificate is installed. Mozilla also adviced users in Kazakhstan to educate themselves in Tor browser usage.

    15 votes
  2. [2]
    unknown user
    Link
    There's not really much that Mozilla can do here though, right? I mean yes you can mark the certificate as untrusted, but not letting the user browse the internet doesn't help much if their goal...

    There's not really much that Mozilla can do here though, right? I mean yes you can mark the certificate as untrusted, but not letting the user browse the internet doesn't help much if their goal is to browse the internet.

    It seems the best thing they can do here, which they've done, is educate users about VPN's and Tor.

    8 votes
    1. Soptik
      (edited )
      Link Parent
      Mozilla had exactly the same discussion. I wrote about it in this comment. What they try (together with Google Chrome) is to make people angry at the government, with hope that they will back off....

      Mozilla had exactly the same discussion. I wrote about it in this comment.

      What they try (together with Google Chrome) is to make people angry at the government, with hope that they will back off. If they did nothing, it would send clear signal to other governments (Russian Federation?) that they can do the same, without fear of any repercussions.

      I personally don’t think it’ll help, but at least it’s something. At least Google joined, together they have about 80% 97% market share.

      Edit: Apple joined the team, and Google's changes will propagate into Chromium.

      9 votes
  3. [3]
    balooga
    Link
    Looks like Apple is onboard too but Microsoft (unsurprisingly) is not. My guess is this is still probably enough critical mass to kill the Kazakh surveillance project dead. I'm not looking forward...

    Looks like Apple is onboard too but Microsoft (unsurprisingly) is not. My guess is this is still probably enough critical mass to kill the Kazakh surveillance project dead. I'm not looking forward to whatever they try next though; as my linked article mentions, this was not their first attempt.

    Strange times we live in, to see private software companies standing up against nation-states, but I'm grateful for them. Mozilla in particular is heroic, though Google will probably get most of the credit here due to their market share.

    8 votes
    1. [2]
      Soptik
      Link Parent
      Thanks for the article! It might be worth replacing the current link with yours. And chrome will build it into Chromium. That brings our total to about 97%, assuming Edge is still not based on...

      Thanks for the article! It might be worth replacing the current link with yours. And chrome will build it into Chromium. That brings our total to about 97%, assuming Edge is still not based on Chromium. And it looks like it worked:

      Kazakhstan reportedly said it halted the use of the certificate. But the browser makers' actions could protect users who already installed it or prevent future use of the certificate by Kazakhstan's government.

      Anyway, I'm glad Firefox and Apple are there. If this action has that big effect, imagine what could Google do if they controlled all the web browsers out there via Chromium. They could decide to cut out entire countries and no one could do anything about it. And one doesn't just fork Chromium and build their own browser - especially without working browser.

      7 votes
      1. balooga
        Link Parent
        You make a good point about Chromium's dominance. As inferior as Microsoft's browsers have been for the past 20 years or so (typing that makes me feel so old) at least they contributed to...

        You make a good point about Chromium's dominance. As inferior as Microsoft's browsers have been for the past 20 years or so (typing that makes me feel so old) at least they contributed to diversity in the ecosystem. Their adoption of Chromium was a huge blow to the health of the market, because it both increased Google's control and reduced the necessity of open web standards.

        Firefox is the one significant remaining holdout. And it's a good one! But Gecko's market share is merely a sliver of Chromium's and we need more choices, not fewer. The scariest thing for me is that newcomers are unlikely to appear. The barriers to entry for creating a competitive modern browser are nigh impenetrable at this point.

        6 votes
  4. [3]
    eka
    Link
    For the rest of the world, what to do when governments start doing stuff like this?

    For the rest of the world, what to do when governments start doing stuff like this?

    3 votes
    1. [2]
      Soptik
      Link Parent
      Tor. It isn't even that hard to use. My school blocks all ports except 80 and 443, so there's no way to access my server (that's running on raspberry on 8443). I used VPN for a while, but then...

      Tor. It isn't even that hard to use.

      My school blocks all ports except 80 and 443, so there's no way to access my server (that's running on raspberry on 8443). I used VPN for a while, but then they decided to ban VPNs. So I learnt how to use Tor. And IMO it's easier to use than VPN. And it's almost impossible to block. Even China couldn't do it. My school tried to block Tor as well, but it took me about 15 seconds to bypass the block.

      You just download tor, install it and start it. If you can use Chrome or Firefox, you can use Tor. It's built on top of Firefox, so the UI is almost exactly the same. It's usually slower, but you can stream 480p videos just fine.

      And if is Tor for some reason blocked in your country (or school), you just click "configure" button and click "Tor is blocked in my country". And that's it. That's how you bypass The Great Firewall of China, or anyone else that blocks/spies on you.

      5 votes
      1. LewsTherinTelescope
        Link Parent
        FYI, depending on your device, you don't even need to use a separate browser for Tor, I believe there are system-wide options.

        FYI, depending on your device, you don't even need to use a separate browser for Tor, I believe there are system-wide options.

        1 vote