BTC $74809.1795
ETH $2822.1804
SOL $188.0710
BNB $596.1587
XRP $0.5553
DOGE $0.1915
stETH $2820.0676
TRX $0.1610
ADA $0.3687
TON $4.8232
wstETH $3342.7866
WBTC $74803.8554
AVAX $26.9421
WETH $2816.4602
UNI $9.0784
LINK $12.2953
BCH $373.8120
SUI $2.2388
DOT $4.0851
LEO $6.1699
DAI $1.0000
LTC $70.6095
weETH $2963.6419
NEAR $4.1487
APT $9.5547
PEPE $0.0000
BSC-USD $0.9993
TAO $511.1519
FET $1.3827
ICP $7.8372
CAKE $1.7897
FDUSD $0.9990
XMR $163.0433
ETC $20.0600
KAS $0.1186
WBT $19.3283
USDE $1.0012
AAVE $181.5232
RENDER $5.0266
POL $0.3380
STX $1.6783
IMX $1.2077
OKB $39.9289
CRO $0.0869
WIF $2.3403
ARB $0.5668
FIL $3.7209
BTC $74809.1795
ETH $2822.1804
SOL $188.0710
BNB $596.1587
XRP $0.5553
DOGE $0.1915
stETH $2820.0676
TRX $0.1610
ADA $0.3687
TON $4.8232
wstETH $3342.7866
WBTC $74803.8554
AVAX $26.9421
WETH $2816.4602
UNI $9.0784
LINK $12.2953
BCH $373.8120
SUI $2.2388
DOT $4.0851
LEO $6.1699
DAI $1.0000
LTC $70.6095
weETH $2963.6419
NEAR $4.1487
APT $9.5547
PEPE $0.0000
BSC-USD $0.9993
TAO $511.1519
FET $1.3827
ICP $7.8372
CAKE $1.7897
FDUSD $0.9990
XMR $163.0433
ETC $20.0600
KAS $0.1186
WBT $19.3283
USDE $1.0012
AAVE $181.5232
RENDER $5.0266
POL $0.3380
STX $1.6783
IMX $1.2077
OKB $39.9289
CRO $0.0869
WIF $2.3403
ARB $0.5668
FIL $3.7209
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • EU introduces new rules for web traffic interception

    Privacy advocates are worried about the new authority.

    In order to facilitate electronic transactions within the European Union's single market, the eIDAS regulation governing electronic identification and trust services is currently undergoing revisions. It's a major piece of legislation in the age of digitization, and its implementation makes sense given the industry's explosive growth. The updating procedure, however, raised some concerns. In March 2022, a group of experts addressed Members of the European Parliament with an open letter warning of the risks of the new version of eIDAS for the global Internet security system.

    Even in its preliminary form, which EU negotiators have approved, Mozilla is concerned about the potential consequences of eIDAS 2.0. Mozilla's new "Last Chance to Fix eIDAS" document goes into great detail about how upcoming legislation will mandate that all EU web browsers only trust certification authorities and cryptographic keys that have been authorised by individual national governments.

    Mozilla claims that these developments could give EU governments the means to intercept encrypted internet traffic across the EU, greatly increasing their ability to monitor their citizens. As a result, any EU member state can issue authentication keys for websites, and browsers can't refuse to use them without government approval.

    A certificate for interception and tracking issued by one EU Member State can be used against a citizen of any other EU country. The authorities did not implement any checks or balances to ensure that these keys were used properly before being distributed. Because of discrepancies in the rule of law among EU Member States and well-documented instances of abuse of power by the stage services for political ends, such actions give rise to grave concerns.

    According to Mozilla's research, the European Signature Dialog's mission to "gather the leading European trust service providers to share best practises, shape a common industry position on regulatory issues, and enhance the capabilities of European solutions to ensure guaranteed data security" is misguided. As stated in the LinkedIn message:

    Mozilla recently launched a campaign accusing the current eIDAS legislation of misinformation in order to block amendments to Article 45 concerning qualified EU web authentication certificates ("QWAC").

    According to the European Signature Dialogue document, Mozilla's claims are false. Eric Rescorla, author of the Educated Guesswork blog, provides an excellent introduction to eIDAS and QWAC for those curious about the technology behind it. A less specialised problem, however, exists. 

    Such EU actions can lend support to the tactic of authoritarian regimes of forcing browsers to automatically trust government certification centres. Cyber security and basic human rights would be at risk if the law were adopted by other states.

    The Questions Answered by the European Signature Dialogue

    Since the European Union does not manage the "root" authentication centres used by QWAC issuers, it cannot "spy" on its own citizens by means of certificates. Mozilla has no right to make such an accusation.

    The European Union may not have control over the "root" authentication centres, but Mozilla claims that individual EU Member States would indeed be able to obtain such control that, in turn, could allow, for example, their intelligence services to track encrypted web traffic.

    The last question in the European Signature Dialogue is, "Why does Mozilla spread this disinformation?" responds that "Mozilla is often perceived as a Google satellite, opening the way for Google to promote its commercial interests." Insinuating that Mozilla is nothing more than a "satellite" of Google and therefore suspecting its motives is an attack on the other arguments put forth by the European Signature Dialogue.

    In addition, Mozilla and 335 scientists and researchers from 32 countries, as well as various NGOs, have signed a joint statement criticising the proposed eIDAS reform, disproving the claim that this is simply an attempt by Google to sidestep European legislation. This is what they forewarn:

    A government-run organization will intercept all web traffic from EU citizens, including financial information, legally protected data, medical records, and family photos. Because all browsers will accept certificates issued by this institution, websites accessed from outside the EU will still be vulnerable to interception. Citizens may choose not to use new services and functions under eIDAS 2.0; however, this choice is not available under article 45. All citizens will need to trust these certificates, which compromises online security for everyone.

    In closing

    This regulation does not eliminate any of the existing risks. In fact, it poses new dangers to European citizens and institutions while providing no benefits whatsoever by undermining tried-and-true methods of secure web authentication. In addition, if the law is implemented, it is likely that other countries will demand the same access from browsers as EU Member States (something some have already tried to do unsuccessfully in the past), posing a global threat to web security.

    Author reign3d
    Discover the ONLY Ways Cellphones Can Be Tracked by the Police & How to Prevent That
    5 Most Dangerous Attacks On a Wi-Fi network

    Comments 0

    Add comment