Hacker News new | past | comments | ask | show | jobs | submit login

If a government mandates its citizens to install the government’s own root certificate, then it’s not that easy to find a long-term technological solution. The problem here is not a technical one, IMHO. The problem is that the government of Kazakhstan is not respecting the freedom of its people.

Point in case: In 2018, Kazakhstan ranked #144 in the Economist Intelligence Unit’s Democracy Index. Countries such as China, Cuba and Belarus had a better ranking. [See https://en.wikipedia.org/wiki/Democracy_Index#Democracy_Inde...]

IMO what’s needed is first and foremost more democracy in Kazakhstan. That’s not something that Firefox can solve.

With that said, perhaps anti-surveillance technology can assist the affected users. Maybe Tor. I’ve heard about some other, similar project but I can’t recall its name right now.

[Edit: These where the anti-censorship applications I was thinking of: https://www.psiphon3.com/ and https://getlantern.org/. Can’t vouch for their security though.]

I don't agree. First off, no matter how you or me may be enraged by the incident, this is not (and shouldn't be!) a "moral problem" for the Firefox. And, by the way, if you are not living in the Kazakhstan, it's not for you to decide "what is needed first and foremost in Kazakhstan", it's their business entirely.

From the point of view of the Firefox, this should be an extremely simple technical problem. There is CA that is known to be "compromised" in an entirely technical sense, i.e. it is known to allow MITM. So blacklist it, end of discussion. Allow the user to remove it from the blacklist somewhere in browser's settings: it's not for you (Firefox) to decide what the greater good is.

I assume, it would indeed be a problem for Kazakhstan to fixing the service if people are not using the internet, because their browser doesn't work (because it's both an economical and a social disaster, obviously). Or maybe it wouldn't, because Kazakhstan will send troops to every home to replace every browser by Kazakh-fox or whatever. And it may play out to the better in the end, as much as it can lead to massacre.

But (as a 3rd party technological company) don't play mighty and powerful, responsible for the lives of people in Kazakhstan, it's not your fucking business how they live. You see a technological problem (known CA allowing MITM) — you solve it (block the CA!). That's what you promised your users to provide, to fix technological problems, not to fix the political climate in Kazakhstan, USA, China, whatever.

The certificate is not in the Firefox trust store. The government is requiring users to add it manually.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact