Kazakhstan depends on the HTTPS traffic of its citizens; browser makers fight back

Watch camera looking into your laptop computer

Google, Mozilla, Apple, and Microsoft have said they are teaming up to stop the Kazakhstan government from decrypting and reading HTTPS encrypted traffic sent between its citizens and overseas social media sites. .

All four company browsers have recently received updates that will ban a root certificate that the government has been asking some citizens to submit. The self-identified certificate caused traffic sent to and from selected websites to be encrypted with a government-controlled key. Under industry standards, HTTPS keys should be private and controlled only by the site operator.

A thread on the Mozilla bug reporting site reported the certificate was first used on December 6. The Censored Planet website later reported that the certificate was working against dozens of Google-owned web services, Facebook , and Twitter in particular. The Censored Planet identified the sites affected by:

    • google.com
    • youtube.com
    • facebook.com
    • vk.com
    • instagram.com
    • twitter.com
    • mail.ru
    • allo.google.com
    • android.com
    • cdninstagram.com
    • dns.google.com
    • docs.google.com
    • encrypted.google.com
    • goo.gl
    • mail.google.com
    • messages.android.com
    • messenger.com
    • news.google.com
    • ok.ru
    • picasa.google.com
    • plus.google.com
    • sites.google.com
    • tamtam.chat
    • translate.google.com
    • video.google.com
    • vk.me.
    • www.youtube.com
    • www.messenger.com
    • www.google.com
    • www.facebook.com
    • www.instagram.com
    • groups.google.com
    • hangouts.google.com

Instead of sending traffic that could be decrypted by the website and the individual end user respectively, computers that had the certificate submitted were used a key that the Kazakhstan government could use to decrypt the data.

This is at least the second time the Kazakh government has asked some citizens to submit the certificate, with the last time being in August 2019. The major makers of the browser have stopped that change as well. .

Censored Planet said the percentage of hosts within Kazakhstan who suffered from the interference was around 11.5 percent, up from 7 percent last year.