The proposed EU eIDAS Article 45 would require internet browsers to trust an additional root certificate from each EU member state government.
This would allow EU governments to conduct man-in-the-middle attacks to intercept encrypted web traffic within their borders. This is a threat to the identity, integrity and confidentiality on the internet that could empower censorship.
pull down to refresh
related posts
Guess someone needs to start writing blog posts about public key infrastructure and how you can manage (and thus delete) certificates on your machine. I assume browsers don't bundle them as binaries but still store them on your machine as files (it's just too convenient to use existing infrastructure). This should mean that you can simply delete these root certificates stored on your machine.
In an open letter to the EU’s proposed digital identity reform, signed by 409 scientists and researchers from 33 countries, as well as numerous NGOs, you can read:
WTF!
The idea of mandatory trust sounds oxymoronic to me. I'm reminded of this definition of love:
You cannot command or command love, this would be called rape. Similarly, you cannot command respect, and the same applies to trust.
It's unreal how fast the EU is changing from an institution that used to protect citizens freedoms towards authoritarianism.
As I understand it there's been a radio silence on this from the Commission for the last 2 months. Follow developments here: https://last-chance-for-eidas.org/
Is it changing? Did people "go west" in rhe past because their freedoms were protected?
Yes, it's changed over the last 5 to 10 years. Before that, especially the EU parliament, but to a lesser degree even the Commission, were staunch supporters of civil liberties.
As to the "past" you seem to be referring to: there was no EU then, so kind of irrelevant. Also, people are migrating towards the EU today, not away from it.
It is relevant from the perspective that whether you have an EU or not, some people seem to want to leave it once again.
Privacy is dying out
It's not easy to follow what's going on with this. Article 45 deleted by Committee on the Internal Market and Consumer Protection (14.9.2022)
Article 45 Requirements for qualified certificates for website authentication
OPINION of the Committee on the Internal Market and Consumer Protection for the Committee on Industry, Research and Energy on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity
(38) Article 45 is replaced by the following:
deleted
Secret EU law.
Shocking in itself.
Still no public text...
Basically, fuck you, we will right laws without asking you.
deleted by author
This is the neat part: they can't.
This regulation only affects the uninformed and the obedient, being either of which is optional.
Oh they absolutely can.
ISPs will simply inject cloudflare-like "checking your browser for security" pages that verify the backdoor-edness of your browser. No backdoor, no Internet connection. Yes, you can try to detect the security-check page and enable the cert only for that, but it'll be a cat-and-mouse game and your browser will be broken half the time while you're playing it. Not something many people will do.
"He who controls the dark fiber, controls the universe!"
I'm sure there would be a group of devs happy to volunteer to play that cat and mouse game by releasing updates to automate this. The repo might have to move out of GitHub.
Could you use skynet plus a vpn to get around it? Or just tor browser?