Hacker News new | past | comments | ask | show | jobs | submit login


To continue using internet, you need to install our government-provided fork of Firefox that doesn't blacklist our government-provided root cert.

regards, your Tele2

That's exactly what will happen if they all-out blacklist. The best near-term option may be a compromise: a special indicator in the browser UI that the connection has been set up in such a way that some organization may be monitoring.

Yes, this kind of indicator should always have existed for the corporate and anti-virus local roots as well.

for all we know NSA may already be doing that all the time, and they're only the worst of the good guys.

Modern browsers require that leaf certificates which are issued in a chain which descends from a built in publicly trusted root include "certificate transparency" information. This means that the certificate has been published in numerous public logs and so would be discovered.

No doubt the NSA intercepts all kinds of things, but they're not doing it with TLS MITM technology (at least not without further additional hacks).

That is, assuming that your downloaded copy of Firefox contains these root certificates and not some different ones.

They don't even need to fork Firefox - there are couple of Russian browsers (https://browser.yandex.com/, https://browser.ru/) that would definitely allow Kazakhstan government to snoop into traffic (and hey even have Kazakh language support already). ISP will just advise clients that bad western companies banned Kazakhstan, so please use good safe Russian browsers.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact