• Lojcs@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I’m so sick of being stressed about the same thing over and over again. There needs to be a large scale investigation on the people that keeps trying to push this. I’m shocked there isn’t a constant media outrage to match these attacks. And I don’t hear anybody talking of codifying encryption integrity neither. It’s always just privacy experts discovering such attacks at the last minute seemingly by chance and trying to rally people against it in time. Does nobody in positions of power who care to stop these?

    • OsrsNeedsF2P@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Media targets the average citizen. Average citizens won’t easily understand the ramifications, so the media writes on clickable stories instead.

    • pragmakist@kbin.social
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      1 year ago

      I haven’t had a chance to check anything yet, but given who (Mozilla) is reacting and how, I suspect this is just another case of EU authorities acting to protect their citizens from (American) corporate abuse

        • pragmakist@kbin.social
          link
          fedilink
          arrow-up
          0
          arrow-down
          2
          ·
          1 year ago

          I don’t know whether it’s true.

          I am however confident that you don’t know either.

          But as for the “slightest” research, riddle me this: Why is there no link to the proposal in the article?

      • Arthur Besse@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I haven’t had a chance to check anything yet, but given who (Mozilla) is reacting and how, I suspect this is just another case of EU authorities acting to protect their citizens from (American) corporate abuse

        Not in this case. I suggest you read the open letter (which is signed by 335 scientists and researchers from 32 countries so far).

        Or, do you consider it to be corporate abuse when Mozilla prevents governments from using their certificate authorities to launch MITM attacks and impersonate websites for the purpose of intercepting internet traffic? Because that is what we’re talking about.

        • pragmakist@kbin.social
          link
          fedilink
          arrow-up
          0
          arrow-down
          2
          ·
          1 year ago

          Until I find the bloody proposal that none of it’s detractors seems to dare link to, I’m going to assume that I, as a citizen of EU, has a clear and present interest in not having Mozilla et al using their control of our browsers to block government services.

          I can do without my browser suddenly deciding that it doesn’t trust the fire department, thank you very much.

          (Or the pharmacy, or my doctor, or, or or at lot of things.)

          • Spotlight7573@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            They haven’t released the text publicly but they’re voting on it in less than a week. That’s also one of the many objections that Mozilla et al has to this whole thing: it’s basically being done in secret in a way that won’t give the public any time to react or object.

            Historically, the browser vendors have only distrusted certificate authorities when they had reason to not trust them, not some arbitrary reason.

            One of the examples of them preventing a CA from being trusted is Kazakhstan’s, which was specifically set up to enable them to intercept users’ traffic: https://blog.mozilla.org/netpolicy/2020/12/18/kazakhstan-root-2020/

            Even if all of the EU states turn out to be completely trustworthy, forcing browser vendors to trust the EU CAs would give more political cover for other states to force browser vendors to trust their CAs. Ones that definitely should not be trusted.

            I think there wouldn’t be nearly the same level of objection if it was limited to each country’s CC TLD, rather than any domain on the internet.