What just happened? All major browsers have united to block a root certificate being used by a government to monitor users’ Internet traffic. The certificate targeted citizens living in Kazakhstan’s capital city of Nur-Sultan, who were unable to access foreign websites like Google, Twitter, Instagram, and Netflix, unless they had the certificate installed on their devices.
The certificate reportedly allowed the Kazakhstan government to intercept and decrypt HTTPS traffic – essentially monitoring citizens’ Internet usage. The government claimed that the certificates were being used as part of a cybersecurity training exercise. ZDNet explains, “The government’s explanation did, however, make zero technical sense, as certificates can’t prevent mass cyber-attacks and are usually used only for encrypting and safeguarding traffic from third-party observers.”
The big four browser-makers – Apple, Google, Microsoft, and Mozilla – have now blocked the certificate in their respective software. This means that after the ban, even if users in Nur-Sultan have the certificate installed on their device, the browsers will refuse to use them – meaning users’ data will remain secure, and out of the hands of Kazakh officials.
It’s not the first time the four companies have united to make the Internet a more secure place. Back in August 2019, a similar certificate used to intercept traffic for various Russian and English-speaking social media sites was also blocked in Kazakhstan.