Mozilla, Google move to block Kazakhstan's attempts to spy on its citizens
The forced use of a government certificate has been described as an 'attack on user security'
Google and Firefox developer Mozilla will block attempts by the government of Kazakhstan to intercept the web traffic of its citizens, the companies announced on Wednesday.
Despite claiming the certificate would provide greater protection for users against fraud and hacking attempts, the decision sparked widespread condemnation, with many arguing it severely undermines privacy.
Google and Mozilla have both said they distrust this certificate and as such have introduced "technical solutions" that will prevent traffic from being intercepted. For Mozilla's part, it has revoked the certificate using OneCRL, said to be a "non-bypassable block".
Google has said it will also block the certificate the government required users to install and added it to the list of those blocked inside Chromium's source code.
Mozilla, known for its staunch support of user privacy, described Kazakhstan's methods as an "attack" on user privacy.
"People around the world trust Firefox to protect them as they navigate the internet, especially when it comes to keeping them safe from attacks like this that undermine their security," said Marshall Erwin, senior director of Trust and Security at Mozilla. "We don't take actions like this lightly, but protecting our users and the integrity of the web is the reason Firefox exists."
Google's senior engineering director Parisa Tabriz said her company would "never tolerate any attempt, by any organisation government or otherwise to compromise Chrome user's data".
"We have implemented protections from this specific issue, and will always take action to secure our users around the world."
This marks the second time Mozilla has worked actively against the Kazakh government. In 2015 government agencies asked to have its root certificate included in Mozilla's root store program, its list of approved certificates that can be used with its browsers. However, the request was eventually denied after it was discovered the certificate would be used to intercept user data.
Further government attempts then ended in failure after a number of organisations took legal action against the administration.
Mozilla is known for taking a stand against state surveillance attempts, maintaining a section on its company website showcasing its latest investigations and providing support for those concerned about privacy.
How to choose an AI vendor
Five key things to look for in an AI vendorDownload now
The UK 2020 Databerg report
Cloud adoption trends in the UK and recommendations for cloud migrationDownload now
2021 state of email security report: Ransomware on the rise
Securing the enterprise in the COVID worldDownload now
The impact of AWS in the UK
How AWS is powering Britain's fastest-growing companiesDownload now