SOURCE: MOTHERBOARD | VICE
On Wednesday, Google and Mozilla announced they would block an encryption certificate the Kazakhstan government has forced citizens to download. The certificate allows authorities to intercept Facebook, Twitter, Google, and other passwords of the 18 million people in the country. But now with two of the main browser makers pushing back, that surveillance will be more difficult for the government to carry out.
“We will never tolerate any attempt, by any organization—government or otherwise—to compromise Chrome users’ data. We have implemented protections from this specific issue, and will always take action to secure our users around the world,” Parisa Tabriz, senior engineering director for Chrome, said in a statement.
A root certificate is a file that once installed inside a user’s web browser can read encrypted traffic. Browsers come bundled with a list of trusted organizations that issue root certificates, called certificate authorities, or CAs. CAs can then issue individual certificates for specific sites.
The government of Kazakhstan is not a trusted authority however, and has a history of using sweeping surveillance powers on its population. Last month, Mozilla and some other open source projects debated how to respond when Kazakhstan started to force people in the country to download the root certificate.