
Browsers Take a Stand Against Kazakhstan’s Invasive Internet Surveillance - DiabloD3
https://www.eff.org/deeplinks/2019/08/browsers-take-stand-against-kazakhstans-invasive-internet-surveillance
======
s_Hogg
So man in the middle in the developing world is bad, but pervasive tracking in
the developed world is absolutely fine. Got it.

Edit for replies to this message: I accept the distinction being made, but
that doesn't mean I'm more happy about one thing than the other. Both suck.

~~~
floatboth
MitM is a fundamental breach of trust between you and the websites you visit.

The websites themselves tracking you… well, whatever, visit better websites,
block third-party trackers (Firefox actually does that out of the box), use
Tor Browser.

(Also, the tracking is not exclusive to the "developed world" lol)

~~~
jancsika
A thing affects a tiny percentage of the world population. An ethical stance
is made.

A thing affects enormous percentage of world population. A shrug is performed.

~~~
thewhitetulip
There is a big difference between MiTM and tracking.

When google tracks me when I'm in India it is not for finding out if I am
against my PM and a threat to the party and if they want to silence me

------
slezyr
Why no one does same against all other countries? Why not make browser, which
can by pass all blocks and etc? And why it's not default already?

All these news about Kazakhstan just feels like a farce. Go ahead and do same
against China.

~~~
dchest
Because no other country yet required their citizens to install root
certificate, which the browsers can block.

(Speaking of China, Google did remove Chinese CA after it was used for MiTM
[https://security.googleblog.com/2015/03/maintaining-
digital-...](https://security.googleblog.com/2015/03/maintaining-digital-
certificate-security.html))

~~~
MaxBarraclough
In the interests of precision: nothing there says it was the doing of the
Chinese state. A private company, MCS Holdings, was at fault there.

~~~
codedokode
It doesn't matter who ordered to issue a certificate, a CA must not issue fake
certificates anyway and discovery of such a certificate is a proof of
violation of rules.

