BTC $99701.7691
ETH $4001.5992
XRP $2.4326
SOL $238.4370
BNB $746.5525
DOGE $0.4505
ADA $1.2067
stETH $3998.3742
TRX $0.3210
AVAX $52.2270
TON $6.9027
wstETH $4745.4179
WBTC $99470.2962
UNI $17.4560
DOT $10.4487
LINK $24.9285
WETH $3967.0288
SUI $4.3700
HBAR $0.3327
BCH $617.0504
LTC $137.6823
XLM $0.4860
NEAR $7.8298
PEPE $0.0000
APT $14.9501
weETH $4220.5315
ICP $14.9779
FET $2.0918
POL $0.7067
ETC $37.4531
VET $0.0678
CRO $0.2022
DAI $0.9990
RENDER $10.3029
TAO $701.5715
BSC-USD $0.9933
FIL $7.9004
ARB $1.1671
BGB $2.8843
USDE $1.0010
KAS $0.1743
AAVE $282.0285
IMX $2.0884
ENS $41.2517
STX $2.6776
ATOM $10.2917
ONDO $1.7168
BTC $99701.7691
ETH $4001.5992
XRP $2.4326
SOL $238.4370
BNB $746.5525
DOGE $0.4505
ADA $1.2067
stETH $3998.3742
TRX $0.3210
AVAX $52.2270
TON $6.9027
wstETH $4745.4179
WBTC $99470.2962
UNI $17.4560
DOT $10.4487
LINK $24.9285
WETH $3967.0288
SUI $4.3700
HBAR $0.3327
BCH $617.0504
LTC $137.6823
XLM $0.4860
NEAR $7.8298
PEPE $0.0000
APT $14.9501
weETH $4220.5315
ICP $14.9779
FET $2.0918
POL $0.7067
ETC $37.4531
VET $0.0678
CRO $0.2022
DAI $0.9990
RENDER $10.3029
TAO $701.5715
BSC-USD $0.9933
FIL $7.9004
ARB $1.1671
BGB $2.8843
USDE $1.0010
KAS $0.1743
AAVE $282.0285
IMX $2.0884
ENS $41.2517
STX $2.6776
ATOM $10.2917
ONDO $1.7168
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • EU introduces new rules for web traffic interception

    Privacy advocates are worried about the new authority.

    In order to facilitate electronic transactions within the European Union's single market, the eIDAS regulation governing electronic identification and trust services is currently undergoing revisions. It's a major piece of legislation in the age of digitization, and its implementation makes sense given the industry's explosive growth. The updating procedure, however, raised some concerns. In March 2022, a group of experts addressed Members of the European Parliament with an open letter warning of the risks of the new version of eIDAS for the global Internet security system.

    Even in its preliminary form, which EU negotiators have approved, Mozilla is concerned about the potential consequences of eIDAS 2.0. Mozilla's new "Last Chance to Fix eIDAS" document goes into great detail about how upcoming legislation will mandate that all EU web browsers only trust certification authorities and cryptographic keys that have been authorised by individual national governments.

    Mozilla claims that these developments could give EU governments the means to intercept encrypted internet traffic across the EU, greatly increasing their ability to monitor their citizens. As a result, any EU member state can issue authentication keys for websites, and browsers can't refuse to use them without government approval.

    A certificate for interception and tracking issued by one EU Member State can be used against a citizen of any other EU country. The authorities did not implement any checks or balances to ensure that these keys were used properly before being distributed. Because of discrepancies in the rule of law among EU Member States and well-documented instances of abuse of power by the stage services for political ends, such actions give rise to grave concerns.

    According to Mozilla's research, the European Signature Dialog's mission to "gather the leading European trust service providers to share best practises, shape a common industry position on regulatory issues, and enhance the capabilities of European solutions to ensure guaranteed data security" is misguided. As stated in the LinkedIn message:

    Mozilla recently launched a campaign accusing the current eIDAS legislation of misinformation in order to block amendments to Article 45 concerning qualified EU web authentication certificates ("QWAC").

    According to the European Signature Dialogue document, Mozilla's claims are false. Eric Rescorla, author of the Educated Guesswork blog, provides an excellent introduction to eIDAS and QWAC for those curious about the technology behind it. A less specialised problem, however, exists. 

    Such EU actions can lend support to the tactic of authoritarian regimes of forcing browsers to automatically trust government certification centres. Cyber security and basic human rights would be at risk if the law were adopted by other states.

    The Questions Answered by the European Signature Dialogue

    Since the European Union does not manage the "root" authentication centres used by QWAC issuers, it cannot "spy" on its own citizens by means of certificates. Mozilla has no right to make such an accusation.

    The European Union may not have control over the "root" authentication centres, but Mozilla claims that individual EU Member States would indeed be able to obtain such control that, in turn, could allow, for example, their intelligence services to track encrypted web traffic.

    The last question in the European Signature Dialogue is, "Why does Mozilla spread this disinformation?" responds that "Mozilla is often perceived as a Google satellite, opening the way for Google to promote its commercial interests." Insinuating that Mozilla is nothing more than a "satellite" of Google and therefore suspecting its motives is an attack on the other arguments put forth by the European Signature Dialogue.

    In addition, Mozilla and 335 scientists and researchers from 32 countries, as well as various NGOs, have signed a joint statement criticising the proposed eIDAS reform, disproving the claim that this is simply an attempt by Google to sidestep European legislation. This is what they forewarn:

    A government-run organization will intercept all web traffic from EU citizens, including financial information, legally protected data, medical records, and family photos. Because all browsers will accept certificates issued by this institution, websites accessed from outside the EU will still be vulnerable to interception. Citizens may choose not to use new services and functions under eIDAS 2.0; however, this choice is not available under article 45. All citizens will need to trust these certificates, which compromises online security for everyone.

    In closing

    This regulation does not eliminate any of the existing risks. In fact, it poses new dangers to European citizens and institutions while providing no benefits whatsoever by undermining tried-and-true methods of secure web authentication. In addition, if the law is implemented, it is likely that other countries will demand the same access from browsers as EU Member States (something some have already tried to do unsuccessfully in the past), posing a global threat to web security.

    Author reign3d
    Discover the ONLY Ways Cellphones Can Be Tracked by the Police & How to Prevent That
    5 Most Dangerous Attacks On a Wi-Fi network

    Comments 0

    Add comment