Three big browser makers are now blocking the use of a root certificate that Kazakhstan’s government had used to intercept internet traffic. According to Ars Technica, Khazakhstan reportedly said it halted the use of the certificate. Ars Technica reported that the actions taken by Google, Mozilla, and Apple could protect users who already installed it or prevent future use of the certificate by Kazakstan’s government.
Apple told Ars Technica that it is blocking the ability to use the certificate to intercept internet traffic.
Mozilla posted on The Mozilla Blog “Today, Mozilla and Google took action to protect the online security and privacy of individuals in Kazakhstan. Together, the companies deployed technical solutions within Firefox and Chrome to block the Kazakhstan government’s ability to intercept internet traffic within the country.”
The response comes after credible reports that internet service providers in Kazakhstan have required people in the country to download and install a government-issued certificate on all devices and in every browser in order to access the internet. This certificate is not trusted by either of the companies, and once installed, allowed the government to decrypt and read anything a user types or posts, including intercepting their account information and passwords. This targeted people visiting popular sites like Facebook, Twitter, and Google, among others.
Google posted information on its Google Security Blog. Part of that blog post says: “In response to recent actions by the Kazakhstan government, Chrome, along with other browsers, has taken steps to protect users from the interception or modification of TLS connections made to websites.”
It continues: “Chrome will be blocking the certificate the Kazakhstan government required users to install. The blog post has more specific details about that certificate.
It is good that these companies, all of whom make browsers, are taking a stand against government intrusion into people’s privacy. I hope that these companies will take the same action whenever another government chooses to spy on its own people in an effort to sneakily discover what those people do online.