This year we’ve seen a range of different ways governments around the world have tried to change basic security on the web for users. Much of this has been attempted through legislation, direct interference with the network, or as a direct request from the government to Internet governance authorities. On the other hand, we’ve also seen new anti-censorship mechanisms helping people so they can regain access to the wider world, providing hope in really trying times.
European Union digital identity framework
While the European Union’s eIDAS (eletronic Identification cardLure aDedication and confidence sServices), the framework and the law are nothing new and have been in force since 2014, and there have been several proposed amendments in the European Parliament that have sparked new conversations and concerns. As an example, there is a proposal amendment For Article 45 which we believe could fundamentally change the web trust paradigm as we know it. The amendment requires that web browsers trust government-selected third parties, without the necessary security safeguards.
EFF He went to the antiquities He concluded that it was a solution in search of a problem. The proposal would mandate expensive Qualified Web Authentication Certificates (QWACs) for websites, rather than cheaper or Free certificates as a safer option for communicating on the web; It could potentially make users vulnerable to malicious activity by government CAs (or Qualified Trust Service Providers / QTSPs) in a worst-case scenario.
6 December 2022, Council of the European Union The original amendment was adopted Language though proposals from several Committees In the European Parliament that would allow browsers to protect users in light of a security threat by QTSP. The final decision rests with the Industry, Research and Energy (ITRE) Commission, and we urge a final vote to ensure that browsers continue to block certificate authorities that do not meet security standards, especially when the EU itself faces member states. diverse Issues about democracy.
The Internet in a Time of War
With the Russian invasion of Ukraine, many issues arose about government bans, censorship, and security risks within And the Abroad from Russia. Within the country it is diverse VPN networks And anonymity protocols such as Tor It was banned, which we can speculate is likely to deter dissent and monitor people’s traffic.
Heavy foreign sanctions have been another layer that has contributed to the fragmentation of the Russian internet. As businesses cut ties, services such as Certificate Authorities Stop issuing new certificates to any website with a Russian top-level domain (such as .ru). This created space for the Russian government to step in and Create a “Trusted Russian Root CA” To fill in the gaps in these locations, paving the way for the scope Splinternet Russia ultimately aspires to that. Finally, requests came from the Ukrainian government to the Internet Corporation for Assigned Names and Numbers (ICANN) to completely cut off Russia’s top-level domains from the rest of the Internet. ICANN is a US-based international non-profit organization that oversees the global system of Internet domain names and IP addresses. We explained why this order would not only not affect those in error, but would negatively affect them Web security for everyone. Fortunately, ICANN denied the request.
uprising in Iran
On September 13, 2022, Mahse Amini, a 22-year-old Kurdish woman, visited Tehran with her family. Arrested By “morality” police officers, he died in custody three days later. Since then, protests have continued in Iran by large sections of the Iranian people and, in response, protests Government banned Many online services within the country. As in Russia, Iran’s efforts to filter domestic Internet traffic are not new, and are part of an ongoing effort to deter dissent and withhold important information from the outside world. back in March, EFF signed a letter The Iranian government along with more than 50 other organizations to urge it to repeal the strict “Cyberspace Services Regulatory System Law”. This bill violates the basic rights to privacy and freedom of expression. While not ratified, it has already been suspected that some parts of it have been implemented Previously. With more recently proven incidents of internet censorship, the government has already crossed that bridge towards a host of human rights abuses.
Advance anti-censorship tools
With Iran as an example, we have seen new forms of Blocking modern protocols on the Internet and the popular endpoints it supports; Such as Encrypted DNS And the http/3. While we are concerned about how governments can develop to creatively block network traffic, we are also optimistic about developments to help activists get their message out and connect with others.
One tool that has become very popular is the snowflake. This tool helps connect those in countries where Tor is blocked by helping the user’s traffic appear harmless. You can learn how to “become a snowflake” and support censored people to connect to the open web Our post. Speaking of Tor, Tor Browser has also added a New automatic connection assistance The feature that connects to Tor bridges in case Tor is blocked in your area. This feature ensures that you can now seamlessly connect with Tor Bridges, including with Snowflake.
With reports that Signal has been banned in Iran, the Call signal agents Meredith Whitaker, Head of Signal, gave him a very easy guide on how to create and host a Signal proxy and help people securely reconnect to the platform. While there are reports that they can be blocked if detected by government censors, there are ways to secretly share the addresses of these agents, as outlined in the guide.
Finally, this year, the Open Network Interferometer Observatory (OONI) is also a file New chapter online With the human rights training platform Advocacy Assembly to use OONI tools to measure censorship and real-time data for various frequently banned websites and services such as WhatsApp. This effort could aid in the effort to open-source research for more nuanced cases around the world that could be missed.
While it is difficult to combat Internet censorship at the government level, we hope to see continued innovations to keep these technologies open and accessible to the public around the world. Part of that is keeping internet security strong in places everywhere, not just in those countries that are traditionally seen as authoritarian. Promote and Defending end-to-end encryption And encryption everywhere on the web even where internet security is at its strongest in the world will help help when it’s at its weakest.