Mozilla, Google move to block Kazakhstan's attempts to spy on its citizens

The forced use of a government certificate has been described as an 'attack on user security'

Graphic of individuals being glared at by cameras and having their privacy invaded

Google and Firefox developer Mozilla will block attempts by the government of Kazakhstan to intercept the web traffic of its citizens, the companies announced on Wednesday.

The joint action follows reports in July that the Kazakh regime had started forcing internet service providers to adopt custom web certificates, allowing officials to decrypt HTTPS internet traffic.

Despite claiming the certificate would provide greater protection for users against fraud and hacking attempts, the decision sparked widespread condemnation, with many arguing it severely undermines privacy.

Google and Mozilla have both said they distrust this certificate and as such have introduced "technical solutions" that will prevent traffic from being intercepted. For Mozilla's part, it has revoked the certificate using OneCRL, said to be a "non-bypassable block".

Google has said it will also block the certificate the government required users to install and added it to the list of those blocked inside Chromium's source code.

Mozilla, known for its staunch support of user privacy, described Kazakhstan's methods as an "attack" on user privacy.

"People around the world trust Firefox to protect them as they navigate the internet, especially when it comes to keeping them safe from attacks like this that undermine their security," said Marshall Erwin, senior director of Trust and Security at Mozilla. "We don't take actions like this lightly, but protecting our users and the integrity of the web is the reason Firefox exists."

Google's senior engineering director Parisa Tabriz said her company would "never tolerate any attempt, by any organisation government or otherwise to compromise Chrome user's data".

"We have implemented protections from this specific issue, and will always take action to secure our users around the world."

This marks the second time Mozilla has worked actively against the Kazakh government. In 2015 government agencies asked to have its root certificate included in Mozilla's root store program, its list of approved certificates that can be used with its browsers. However, the request was eventually denied after it was discovered the certificate would be used to intercept user data.

Further government attempts then ended in failure after a number of organisations took legal action against the administration.

Mozilla is known for taking a stand against state surveillance attempts, maintaining a section on its company website showcasing its latest investigations and providing support for those concerned about privacy.

Featured Resources

The ultimate guide to business connectivity in field services

A roadmap to increased workplace efficiency

Free download

The definitive guide to migrating to the cloud

Migrate apps to the public cloud with multi-cloud infrastructure solutions

Free download

Transform your network with advanced load balancing from VMware

How to modernise load balancing to enable digital transformation

Free download

How to secure workloads in hybrid clouds

Cloud workload protection

Free download

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021