BTC $68391.2648
ETH $3903.5878
BNB $602.2104
SOL $169.6992
stETH $3900.9124
XRP $0.5304
DOGE $0.1658
TON $6.4371
ADA $0.4594
AVAX $37.2673
wstETH $4559.6158
WETH $3916.3555
WBTC $68481.1744
LINK $18.2218
DOT $7.3902
TRX $0.1117
UNI $10.8218
BCH $471.3399
MATIC $0.7417
PEPE $0.0000
LTC $83.6866
FET $2.2538
ICP $12.1949
RNDR $10.0147
DAI $1.0008
CAKE $2.9711
weETH $4054.9217
NEAR $7.9068
IMX $2.3203
ETC $31.4395
APT $9.4947
ezETH $3874.8914
HBAR $0.1054
WIF $3.6835
MNT $1.0292
KAS $0.1409
FIL $5.9409
FDUSD $0.9999
GRT $0.3140
FLOKI $0.0003
STX $1.9947
TAO $425.0386
USDE $1.0012
ATOM $8.6347
OKB $47.1787
ENS $27.1095
XMR $143.4324
BTC $68391.2648
ETH $3903.5878
BNB $602.2104
SOL $169.6992
stETH $3900.9124
XRP $0.5304
DOGE $0.1658
TON $6.4371
ADA $0.4594
AVAX $37.2673
wstETH $4559.6158
WETH $3916.3555
WBTC $68481.1744
LINK $18.2218
DOT $7.3902
TRX $0.1117
UNI $10.8218
BCH $471.3399
MATIC $0.7417
PEPE $0.0000
LTC $83.6866
FET $2.2538
ICP $12.1949
RNDR $10.0147
DAI $1.0008
CAKE $2.9711
weETH $4054.9217
NEAR $7.9068
IMX $2.3203
ETC $31.4395
APT $9.4947
ezETH $3874.8914
HBAR $0.1054
WIF $3.6835
MNT $1.0292
KAS $0.1409
FIL $5.9409
FDUSD $0.9999
GRT $0.3140
FLOKI $0.0003
STX $1.9947
TAO $425.0386
USDE $1.0012
ATOM $8.6347
OKB $47.1787
ENS $27.1095
XMR $143.4324
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • EU introduces new rules for web traffic interception

    Privacy advocates are worried about the new authority.

    In order to facilitate electronic transactions within the European Union's single market, the eIDAS regulation governing electronic identification and trust services is currently undergoing revisions. It's a major piece of legislation in the age of digitization, and its implementation makes sense given the industry's explosive growth. The updating procedure, however, raised some concerns. In March 2022, a group of experts addressed Members of the European Parliament with an open letter warning of the risks of the new version of eIDAS for the global Internet security system.

    Even in its preliminary form, which EU negotiators have approved, Mozilla is concerned about the potential consequences of eIDAS 2.0. Mozilla's new "Last Chance to Fix eIDAS" document goes into great detail about how upcoming legislation will mandate that all EU web browsers only trust certification authorities and cryptographic keys that have been authorised by individual national governments.

    Mozilla claims that these developments could give EU governments the means to intercept encrypted internet traffic across the EU, greatly increasing their ability to monitor their citizens. As a result, any EU member state can issue authentication keys for websites, and browsers can't refuse to use them without government approval.

    A certificate for interception and tracking issued by one EU Member State can be used against a citizen of any other EU country. The authorities did not implement any checks or balances to ensure that these keys were used properly before being distributed. Because of discrepancies in the rule of law among EU Member States and well-documented instances of abuse of power by the stage services for political ends, such actions give rise to grave concerns.

    According to Mozilla's research, the European Signature Dialog's mission to "gather the leading European trust service providers to share best practises, shape a common industry position on regulatory issues, and enhance the capabilities of European solutions to ensure guaranteed data security" is misguided. As stated in the LinkedIn message:

    Mozilla recently launched a campaign accusing the current eIDAS legislation of misinformation in order to block amendments to Article 45 concerning qualified EU web authentication certificates ("QWAC").

    According to the European Signature Dialogue document, Mozilla's claims are false. Eric Rescorla, author of the Educated Guesswork blog, provides an excellent introduction to eIDAS and QWAC for those curious about the technology behind it. A less specialised problem, however, exists. 

    Such EU actions can lend support to the tactic of authoritarian regimes of forcing browsers to automatically trust government certification centres. Cyber security and basic human rights would be at risk if the law were adopted by other states.

    The Questions Answered by the European Signature Dialogue

    Since the European Union does not manage the "root" authentication centres used by QWAC issuers, it cannot "spy" on its own citizens by means of certificates. Mozilla has no right to make such an accusation.

    The European Union may not have control over the "root" authentication centres, but Mozilla claims that individual EU Member States would indeed be able to obtain such control that, in turn, could allow, for example, their intelligence services to track encrypted web traffic.

    The last question in the European Signature Dialogue is, "Why does Mozilla spread this disinformation?" responds that "Mozilla is often perceived as a Google satellite, opening the way for Google to promote its commercial interests." Insinuating that Mozilla is nothing more than a "satellite" of Google and therefore suspecting its motives is an attack on the other arguments put forth by the European Signature Dialogue.

    In addition, Mozilla and 335 scientists and researchers from 32 countries, as well as various NGOs, have signed a joint statement criticising the proposed eIDAS reform, disproving the claim that this is simply an attempt by Google to sidestep European legislation. This is what they forewarn:

    A government-run organization will intercept all web traffic from EU citizens, including financial information, legally protected data, medical records, and family photos. Because all browsers will accept certificates issued by this institution, websites accessed from outside the EU will still be vulnerable to interception. Citizens may choose not to use new services and functions under eIDAS 2.0; however, this choice is not available under article 45. All citizens will need to trust these certificates, which compromises online security for everyone.

    In closing

    This regulation does not eliminate any of the existing risks. In fact, it poses new dangers to European citizens and institutions while providing no benefits whatsoever by undermining tried-and-true methods of secure web authentication. In addition, if the law is implemented, it is likely that other countries will demand the same access from browsers as EU Member States (something some have already tried to do unsuccessfully in the past), posing a global threat to web security.

    Author reign3d
    Discover the ONLY Ways Cellphones Can Be Tracked by the Police & How to Prevent That
    5 Most Dangerous Attacks On a Wi-Fi network

    Comments 0

    Add comment