What you need to know
- Browser makers are blocking a root certificate Kazakhstan ISPs were forced to install to spy on citizens.
- Google, Mozilla, and Apple are all blocking the certificate.
- This protects users of Safari, Chrome, and Firefox from the certificate.
ISPs in Kazakhstan were forced to install a root certificate that allowed the government to effectively spy on their citizens by breaking HTTPS encryption and monitoring what web pages they went to and what information was being sent back and forth.
Apple, which makes the Safari browser pre-installed on Macs, iPhones, and iPads; Mozilla, which makes Firefox; and Google, which makes Chrome, the browser for PCs, ChromeOS and Android, have all now moved to ban that certificate. There's no word if Microsoft has put a similar block in place for Edge yet.
Apple sent me the following statement:
ZDNet also has statements up from Google and Mozilla.
From now on, Safari, Firefox, and Chrome will throw up errors if and when they encounter the Kazakh root certificate. And good for them. Once any government starts to sink its surveillance fangs into core internet technology, and breaks the encryption fundamental to not only privacy but security, all governments and enterprises, fearful and malevolent, will follow.
It's much easier to stop it before it starts.
Microsoft gave a statement to Vice.com (https://www.vice.com/en_us/article/ne8vam/google-mozilla-block-kazakhsta...). Basically, the certificate was not implicitly trusted in Microsoft browsers in the first place, so there is no need to explicitly block/untrust it. "A Microsoft spokesperson said in a statement "The Certificate Authority (CA) in question is not a trusted CA in our Trusted Root Program. A full list of trusted CA’s can be found here.""
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.