Sign In

Communications of the ACM

ACM TechNews

Kazakhstan Spies on Citizens' HTTPS Traffic; Browser-Makers Fight Back


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
The Kazakhstan government has been requiring some citizens to install a self-signed certificate that caused traffic sent to and from select websites to be encrypted with a key controlled by the government.

Google, Mozilla, Apple, and Microsoft said theyre joining forces to stop Kazakhstans government from decrypting and reading HTTPS-encrypted traffic sent between its citizens and overseas social media sites.

Credit: Thomas Jackson/Stone/Getty Images

Google, Mozilla, Apple, and Microsoft said they are partnering to stop Kazakhstanâs government from decrypting and reading HTTPS-encrypted traffic sent between citizens and overseas social media sites.

All four of their browsers recently received updates that block a self-signed root certificate the Kazakh government has been requiring some citizens to install, which causes traffic sent to and from select websites to be encrypted with a government-controlled key.

The Censored Planet website said the certificate operated against dozen of Web services that primarily belonged to Google, Facebook, and Twitter.

Computers with the certificate installed used a key that the Kazakh government also could use to decrypt data in transit.

Censored Planet said the percentage of hosts within Kazakhstan experiencing the interception was about 11.5%, up from 7% in 2019.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found