Mozilla and Google say they have taken action to protect the online security and privacy of individuals in Kazakhstan. The companies have deployed technical solutions within the Firefox and Chrome browsers to block the Kazakhstan government’s ability to intercept internet traffic within the country.
The move comes after credible reports that internet service providers in Kazakhstan have required people in the country to download and install a government-issued certificate on all devices and in every browser in order to access the internet. This fake root certificate is not trusted by either of the companies, and once installed, allows the government to decrypt and read anything a user types or posts, including intercepting their account information and passwords via a man-in-the-middle attack. This targeted people visiting popular sites Facebook, Twitter and Google, among others.
The blocking of the certificate by Mozilla and Google means that it will not be trusted by Firefox or Chrome, even if the user has installed it.
This is not the first attempt by the Kazakhstan government to intercept the internet traffic of everyone in the country. In 2015, the Kazakhstan government attempted to have a root certificate included in Mozilla’s trusted root store program. After it was discovered that they it was intending to use the certificate to intercept users’ data, Mozilla denied the request. Shortly after, the government forced citizens to manually install its certificate but that attempt failed after organizations took legal action.
“People around the world trust Firefox to protect them as they navigate the internet, especially when it comes to keeping them safe from attacks like this that undermine their security,” said Marshall Erwin, senior director of trust and security at Mozilla. “We don't take actions like this lightly, but protecting our users and the integrity of the web is the reason Firefox exists.”