Kazakhstan spies on citizens’ HTTPS traffic; browser-makers fight back

by
Dan Goodin
from Ars Technica - All content on (#5BVVR)
internet-privacy-800x533.jpg

Enlarge (credit: Thomas Jackson | Stone | Getty Images)

Google, Mozilla, Apple, and Microsoft said they're joining forces to stop Kazakhstan's government from decrypting and reading HTTPS-encrypted traffic sent between its citizens and overseas social media sites.

All four of the companies' browsers recently received updates that block a root certificate the government has been requiring some citizens to install. The self-signed certificate caused traffic sent to and from select websites to be encrypted with a key controlled by the government. Under industry standards, HTTPS keys are supposed to be private and under the control only of the site operator.

A thread on Mozilla's bug-reporting site first reported the certificate in use on December 6. The Censored Planet website later reported that the certificate worked against dozens of Web services that mostly belonged to Google, Facebook, and Twitter. Censored Planet identified the sites affected as:

Read 3 remaining paragraphs | Comments

index?i=AHn7ZgcQCpU:qC6LRUctJCA:V_sGLiPB index?i=AHn7ZgcQCpU:qC6LRUctJCA:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments