Justin Sullivan/Getty Images
- Google, Mozilla, and Apple have blocked an encryption certificate issued by the Kazakhstan government, which citizens were asked to install on their browsers and that critics said enabled the government to monitor their internet traffic.
- The government reportedly said the software was a security measure but researchers from the University of Michigan found that installing the browser certificate allowed the government to surveil which sites people were accessing, and see anything a user types or posts.
- According to the researchers, the fake certificate targeted 37 sites including Google-owned messaging apps, Google Docs, Instagram, Gmail, Twitter, Facebook, and a number of Russian social media services.
- Google’s Chrome is by far the most popular browser in Kazakhstan, according to StatCounter, with almost 70% market share.
- Visit Business Insider’s homepage for more stories.
Google, Mozilla, and Apple are blocking an encryption certificate issued by the Kazakhstan government, which citizens were asked to download, and which critics say would enable the government to monitor users’ internet traffic.
The update means that Google’s Chrome, Mozilla’s Firefox, and Apple’s Safari browsers will all automatically block the "fake" certificate.
The Kazakhstan government reportedly said the software was a security measure, but Google and Mozilla said that once installed, the certificate would allow the government to decrypt and read anything a user types or posts, including intercepting their account information and passwords.
That was based on research from the Censored Planet project at the University of Michigan, which found that the government was targeting 37 sites for interception, including: A number of Google-owned sites such as Gmail, YouTube, Google Docs, Allo, and Google Translate; Facebook, Instagram, and Facebook Messenger; and Russian social media sites including VKontakte and Mail.ru.
Chrome is by far the most popular browser in Kazakhstan, according to StatCounter data, with almost 70% market share.
"We will never tolerate any attempt, by any organization—government or otherwise — to compromise Chrome users’ data. We have implemented protections from this specific issue, and will always take action to secure our users around the world," Parisa Tabriz, senior engineering director at Google’s Chrome, also wrote on Wednesday.
"People around the world trust Firefox to protect them as they navigate the internet, especially when it comes to keeping them safe from attacks like this that undermine their security.
"We don’t take actions like this lightly, but protecting our users and the integrity of the web is the reason Firefox exists," Marshall Erwin, senior director of trust and security at Mozilla, wrote in a statement on Wednesday.
Apple confirmed to multiple news organizations that it would also be blocking this certificate.
A spokesperson did not immediately respond to Business Insider’s request for further comment.
Mozilla pointed out that this isn’t the first time that the Kazakhstan government has attempted to intercept the internet traffic of its citizens. In 2015, the Kazakhstan government attempted to have a root certificate included in Mozilla’s trusted root store program, the company said.
"After it was discovered that they were intending to use the certificate to intercept user data, Mozilla denied the request. Shortly after, the government forced citizens to manually install its certificate but that attempt failed after organizations took legal action."
Business Insider reached out to the Kazakhstan embassy in London for comment but did not immediately hear back.
- Don’t ask your voice assistant for a customer service number — it might supply you with a scammer’s number instead
- The Apple Card comes with 3 different credit card numbers — here’s what they all mean
- How to update your Apple Watch to get the device’s latest features and software fixes