Web Browsers Impede Kazakhstan Surveillance

August 23, 2019

Big browsers are making friends in far places. Engadget reports, “Google and Mozilla to Block Web Surveillance in Kazakhstan (Updated).” Google Chrome, Mozilla Firefox, and (we learn in the updated article) Apple Safari are now auto-blocking Kazakhstan’s latest attempt to spy on its citizens. That attempt revolves around a root certificate that government forced upon its internet users last month. Reporter Amrita Khalid explains:

“The nation forced ISPs to cooperate by making it mandatory for all customers to install the certificate in order to gain access to the internet. Turns out that the root certificate was a Trojan Horse. It allowed the Kazakhstan government to perform a ‘man-in-the-middle’ or MitM attack against HTTPS connections to a list of 37 domains, including Facebook, Twitter, Google and more, according to a study published by University of Michigan’s Censored Planet. Normally, HTTPS websites are encrypted in a way that ISPs or governments won’t be able to access it. In the case of Kazakhstan, the MitM attack broke the encryption in these sites, allowing the government to freely spy on private internet activity.”

Kazakhstan has since backed down after legal challenges within its borders. Google, Mozilla, and Apple are taking no chances, though, and will continue to block the certificate, just in case the government changes its mind again. Khalid writes:

“Given Kazakhstan’s track record, it’s not unlikely that such a vulnerability will be exploited again. In its 2018 Freedom on the Net report, Freedom House classified Kazakhstan as ‘not free’ due to the authoritarian regime’s tight controls on media and internet. Internet censorship in the nation is currently at an all-time high under the regime of its current leader, President Kassym-Jomart Tokayev. The government regularly blocks news sites and shuts down the internet and messaging services following protests. Due to a 2014 law, state agencies can freely block websites without a court order.”

Mozilla has said it will keep an eye on Kazakhstan and will act to deflect any similar certificates down the line. We expect Google and Apple will be similarly vigilant.

Cynthia Murrell, August 23, 2019

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta