Mozilla, Google move to block Kazakhstan's attempts to spy on its citizens

The forced use of a government certificate has been described as an 'attack on user security'

Graphic of individuals being glared at by cameras and having their privacy invaded

Google and Firefox developer Mozilla will block attempts by the government of Kazakhstan to intercept the web traffic of its citizens, the companies announced on Wednesday.

The joint action follows reports in July that the Kazakh regime had started forcing internet service providers to adopt custom web certificates, allowing officials to decrypt HTTPS internet traffic.

Despite claiming the certificate would provide greater protection for users against fraud and hacking attempts, the decision sparked widespread condemnation, with many arguing it severely undermines privacy.

Google and Mozilla have both said they distrust this certificate and as such have introduced "technical solutions" that will prevent traffic from being intercepted. For Mozilla's part, it has revoked the certificate using OneCRL, said to be a "non-bypassable block".

Advertisement
Advertisement - Article continues below

Google has said it will also block the certificate the government required users to install and added it to the list of those blocked inside Chromium's source code.

Mozilla, known for its staunch support of user privacy, described Kazakhstan's methods as an "attack" on user privacy.

"People around the world trust Firefox to protect them as they navigate the internet, especially when it comes to keeping them safe from attacks like this that undermine their security," said Marshall Erwin, senior director of Trust and Security at Mozilla. "We don't take actions like this lightly, but protecting our users and the integrity of the web is the reason Firefox exists."

Google's senior engineering director Parisa Tabriz said her company would "never tolerate any attempt, by any organisation government or otherwise to compromise Chrome user's data".

"We have implemented protections from this specific issue, and will always take action to secure our users around the world."

This marks the second time Mozilla has worked actively against the Kazakh government. In 2015 government agencies asked to have its root certificate included in Mozilla's root store program, its list of approved certificates that can be used with its browsers. However, the request was eventually denied after it was discovered the certificate would be used to intercept user data.

Further government attempts then ended in failure after a number of organisations took legal action against the administration.

Mozilla is known for taking a stand against state surveillance attempts, maintaining a section on its company website showcasing its latest investigations and providing support for those concerned about privacy.

Advertisement
Related Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019