Mozilla, Google move to block Kazakhstan's attempts to spy on its citizens

The forced use of a government certificate has been described as an 'attack on user security'

Graphic of individuals being glared at by cameras and having their privacy invaded

Google and Firefox developer Mozilla will block attempts by the government of Kazakhstan to intercept the web traffic of its citizens, the companies announced on Wednesday.

The joint action follows reports in July that the Kazakh regime had started forcing internet service providers to adopt custom web certificates, allowing officials to decrypt HTTPS internet traffic.

Despite claiming the certificate would provide greater protection for users against fraud and hacking attempts, the decision sparked widespread condemnation, with many arguing it severely undermines privacy.

Google and Mozilla have both said they distrust this certificate and as such have introduced "technical solutions" that will prevent traffic from being intercepted. For Mozilla's part, it has revoked the certificate using OneCRL, said to be a "non-bypassable block".

Google has said it will also block the certificate the government required users to install and added it to the list of those blocked inside Chromium's source code.

Mozilla, known for its staunch support of user privacy, described Kazakhstan's methods as an "attack" on user privacy.

"People around the world trust Firefox to protect them as they navigate the internet, especially when it comes to keeping them safe from attacks like this that undermine their security," said Marshall Erwin, senior director of Trust and Security at Mozilla. "We don't take actions like this lightly, but protecting our users and the integrity of the web is the reason Firefox exists."

Google's senior engineering director Parisa Tabriz said her company would "never tolerate any attempt, by any organisation government or otherwise to compromise Chrome user's data".

"We have implemented protections from this specific issue, and will always take action to secure our users around the world."

This marks the second time Mozilla has worked actively against the Kazakh government. In 2015 government agencies asked to have its root certificate included in Mozilla's root store program, its list of approved certificates that can be used with its browsers. However, the request was eventually denied after it was discovered the certificate would be used to intercept user data.

Further government attempts then ended in failure after a number of organisations took legal action against the administration.

Mozilla is known for taking a stand against state surveillance attempts, maintaining a section on its company website showcasing its latest investigations and providing support for those concerned about privacy.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

3 Aug 2020