On Wednesday, August 21, Google, Apple and Mozilla announced intention to implement in their browsers a blocking of digital certificates issued by the certifying center of Kazakhstan.[dropcap]I[/dropcap]n July, residents of Kazakhstan were ordered to install on all gadgets with Internet access a state security certificate that allows law enforcement officers to decrypt traffic and learn what users do on the Internet, including reading correspondence, intercepting usernames and passwords.
The subject of surveillance included visits to popular sites, in particular, Facebook, Twitter and YouTube.
Google and Mozilla considered that these actions undermine the security of users and, joining forces, decided to introduce a technical limitation that would block the installation of the certificate in Chrome and Firefox browsers (Google also made corresponding changes to the Chromium code).
“In order to protect users in Firefox and Chrome, the use of the root certificate of a certification authority in Kazakhstan was blocked. This means that browsers will not trust him, even if it is installed by the user. We believe that this is an adequate answer, as users in Kazakhstan are not offered a reasonable choice whether to install a certificate, and since [the actions of the Kazakh authorities] undermine the integrity of an important network security mechanism. Now, when trying to access a site that responds with this certificate, users will see an error message stating that the certificate should not be trusted”, – Mozilla said in a statement.
Note that according to a study by the Censored Planet project, Kazakhstani Internet providers block access to the Internet if a user refuses to install a certificate developed by the authorities.
“We will not allow any organization to compromise the personal data of Chrome users, whether it be a state or commercial structure. We are introducing protection against this certificate and will always take measures to protect our users around the world”, – said Paris Tabriz, Google’s senior CTO and computer expert.
Mozilla recommends Kazakhstan users affected by this change use a VPN or go to the Tor browser to access the Internet. In addition, developers are strongly advised to remove the root certificate of the Government of Kazakhstan, if it was previously installed, after which “immediately” change the passwords.[box]In 2015, the government of Kazakhstan wanted to add its root certificate to the Mozilla Trusted Certificate Program. After refuse, it tried to force users to install it on their own, but the plan failed.[/box]