For some time now, the Kazakh government has forced its citizens to use local Internet Service Providers (ISPs) to install a state root certificate in all browsers and on all devices. In this way, the state is able to engage in encrypted Internet connections as a man-in-the-middle, to read sensitive content and to influence which websites can be accessed at all.
As heise Security already reported at the end of July, the government claims to protect the population from hacker attacks as well as "viewing illegal content". Mozilla and Google do not believe this: they have announced that they will block the spyware certificate in their Firefox and Chrome browsers.
Mozilla advises use of the Tor browser
An entry by developer Wayne Thayer on the Mozilla blog It can be seen that Firefox will not trust the certificate in the future even if users install it manually. When visiting a web page that responds with the certificate, they will receive an error message indicating that it is untrustworthy. The developers are putting into action a project that has already been implemented since the introduction of the spy certificate by the Kazakh government was discussed in the Mozilla bugtracker,
Thayer strongly advises internet users in Kashstan to immediately remove the certificate from all devices and replace their old passwords with new, strong ones. And he recommends them to deal with the possibilities of (more or less) anonymous surfing via Tor browser and VPN.
Google mentioned in his blog post about Chromethat the certificate blockade should also be incorporated into other Chromium-based browsers as a future component of the Chromium source code "in due course": "In addition, the certificate has been added to a Chromium based browser in due course."
More on the subject:
. (TagsToTranslate) browser (t) Chrome (t) Firefox (t) Google (t) Kazakhstan (t) Mozilla (t) TLS (t) encryption (t) monitoring