Mozilla, Google move to block Kazakhstan's attempts to spy on its citizens
The forced use of a government certificate has been described as an 'attack on user security'
Google and Firefox developer Mozilla will block attempts by the government of Kazakhstan to intercept the web traffic of its citizens, the companies announced on Wednesday.
Despite claiming the certificate would provide greater protection for users against fraud and hacking attempts, the decision sparked widespread condemnation, with many arguing it severely undermines privacy.
Google and Mozilla have both said they distrust this certificate and as such have introduced "technical solutions" that will prevent traffic from being intercepted. For Mozilla's part, it has revoked the certificate using OneCRL, said to be a "non-bypassable block".
Google has said it will also block the certificate the government required users to install and added it to the list of those blocked inside Chromium's source code.
Mozilla, known for its staunch support of user privacy, described Kazakhstan's methods as an "attack" on user privacy.
"People around the world trust Firefox to protect them as they navigate the internet, especially when it comes to keeping them safe from attacks like this that undermine their security," said Marshall Erwin, senior director of Trust and Security at Mozilla. "We don't take actions like this lightly, but protecting our users and the integrity of the web is the reason Firefox exists."
Google's senior engineering director Parisa Tabriz said her company would "never tolerate any attempt, by any organisation government or otherwise to compromise Chrome user's data".
"We have implemented protections from this specific issue, and will always take action to secure our users around the world."
This marks the second time Mozilla has worked actively against the Kazakh government. In 2015 government agencies asked to have its root certificate included in Mozilla's root store program, its list of approved certificates that can be used with its browsers. However, the request was eventually denied after it was discovered the certificate would be used to intercept user data.
Further government attempts then ended in failure after a number of organisations took legal action against the administration.
Mozilla is known for taking a stand against state surveillance attempts, maintaining a section on its company website showcasing its latest investigations and providing support for those concerned about privacy.
Key considerations for implementing secure telework at scale
Identifying the security risks and advanced requirements of a remote workforceDownload now
The State of Salesforce 2020
Your guide to getting the most from SalesforceDownload now
Fast, flexible and compliant e-signatures for global businesses
Be at the forefront of digital transformation with electronic signaturesDownload now
Rethink your cybersecurity strategy for the new world
5 steps to secure the enterprise and be fit for a flexible futureDownload now