The EU Wants to Spy on Europeans’ Internet Use ⋆ Brownstone Institute \ stacker news ~security

The EU Wants to Spy on Europeans’ Internet Use ⋆ Brownstone Institute brownstone.org/articles/the-eu-wants-to-spy-on-europeans-internet-use/

3517 sats \ 14 comments \ @erict875 13 Jan security

The proposed EU eIDAS Article 45 would require internet browsers to trust an additional root certificate from each EU member state government. This would allow EU governments to conduct man-in-the-middle attacks to intercept encrypted web traffic within their borders. This is a threat to the identity, integrity and confidentiality on the internet that could empower censorship.

view all related items

121 sats \ 0 replies \ @ek 13 Jan

Guess someone needs to start writing blog posts about public key infrastructure and how you can manage (and thus delete) certificates on your machine. I assume browsers don't bundle them as binaries but still store them on your machine as files (it's just too convenient to use existing infrastructure). This should mean that you can simply delete these root certificates stored on your machine.

22 sats \ 3 replies \ @Lost_dogz 13 Jan

It's unreal how fast the EU is changing from an institution that used to protect citizens freedoms towards authoritarianism.

As I understand it there's been a radio silence on this from the Commission for the last 2 months. Follow developments here: https://last-chance-for-eidas.org/

0 sats \ 2 replies \ @mf 13 Jan

Is it changing? Did people "go west" in rhe past because their freedoms were protected?

10 sats \ 1 reply \ @Lost_dogz 13 Jan

Yes, it's changed over the last 5 to 10 years. Before that, especially the EU parliament, but to a lesser degree even the Commission, were staunch supporters of civil liberties.

As to the "past" you seem to be referring to: there was no EU then, so kind of irrelevant. Also, people are migrating towards the EU today, not away from it.

0 sats \ 0 replies \ @mf 13 Jan

It is relevant from the perspective that whether you have an EU or not, some people seem to want to leave it once again.

100 sats \ 0 replies \ @erict875 OP 13 Jan

In an open letter to the EU’s proposed digital identity reform, signed by 409 scientists and researchers from 33 countries, as well as numerous NGOs, you can read:

Concretely, the regulation enables each EU member state (and recognised third party countries) to designate cryptographic keys for which trust is mandatory; this trust can only be withdrawn with the government’s permission (Article 45a(4)).

WTF! The idea of mandatory trust sounds oxymoronic to me. I'm reminded of this definition of love:

Love is our involuntary response to virtue, if we're virtuous.

You cannot command or command love, this would be called rape. Similarly, you cannot command respect, and the same applies to trust.

0 sats \ 0 replies \ @ladyluck 14 Jan

Privacy is dying out

0 sats \ 0 replies \ @xz 13 Jan

It's not easy to follow what's going on with this. Article 45 deleted by Committee on the Internal Market and Consumer Protection (14.9.2022)

Article 45 Requirements for qualified certificates for website authentication

OPINION of the Committee on the Internal Market and Consumer Protection for the Committee on Industry, Research and Energy on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity

(38) Article 45 is replaced by the following:

deleted

0 sats \ 0 replies \ @xz 13 Jan

Secret EU law.

Shocking in itself.

Still no public text...

Basically, fuck you, we will right laws without asking you.

0 sats \ 4 replies \ @Eobard 13 Jan

deleted by author

51 sats \ 3 replies \ @SpaceHodler 13 Jan

This is the neat part: they can't.

This regulation only affects the uninformed and the obedient, being either of which is optional.

101 sats \ 2 replies \ @anon 13 Jan

Oh they absolutely can.

ISPs will simply inject cloudflare-like "checking your browser for security" pages that verify the backdoor-edness of your browser. No backdoor, no Internet connection. Yes, you can try to detect the security-check page and enable the cert only for that, but it'll be a cat-and-mouse game and your browser will be broken half the time while you're playing it. Not something many people will do.

"He who controls the dark fiber, controls the universe!"

0 sats \ 0 replies \ @SpaceHodler 14 Jan

I'm sure there would be a group of devs happy to volunteer to play that cat and mouse game by releasing updates to automate this. The repo might have to move out of GitHub.

0 sats \ 0 replies \ @anon 14 Jan

Could you use skynet plus a vpn to get around it? Or just tor browser?