This year, we’ve seen governments around the world try to change basic internet security for users. Much of this has been attempted through legislation, direct network intervention, or direct government appeals to internet governing bodies. On the other hand, we’ve also seen new anti-censorship mechanisms help people gain access to the wider world and offer hope in really dark times.
EU Digital Identity Framework
eIDAS of the European Union (eelectron IDaffiliation, Aidentification and trust Sservices) framework and law is not new and has been in force since 2014, a number of amendments proposed in the European Parliament have caused new conversations and concerns. As a prime example, there is an offer correction Article 45, we believe, could fundamentally change the web trust model as we know it. The fix would require web browsers to rely on government-appointed third parties without adequate security safeguards.
Eff went over the effects and concluded that there is a solution in search of a problem. The proposal would introduce expensive Qualified Web Authentication Certifications (QWACs) for websites, rather than cheaper or more expensive ones. free certificates as the safest option for communication on the Internet; and this could potentially leave users vulnerable to malicious activity by government-based Certificate Authorities (or Qualified Trusted Service Providers/QTSPs).
6 December 2022, Council of the European Union adopted the original amendment language despite suggestions from some committees In the wake of the security threat posed by QTSP in the European Parliament, it will allow browsers to protect users. The final decision rests with the Committee on Industry, Research and Energy (ITRE) and we call for a final vote to ensure that browsers continue to block certificate authorities that do not meet security standards, especially when the EU itself faces member states. various issues around democracy.
Internet in wartime
With Russia’s aggression in Ukraine, many problems have arisen related to government blocking, censorship and security risks inside and outside of Russia. Different across the country VPNs and anonymity protocols such as Tor was being blocked, which we believe is likely to discourage dissent and focus human traffic.
Heavy foreign sanctions were another layer that caused the fragmentation of the Russian Internet. As businesses cut ties, such as services certification bodies It stopped issuing new certificates to any website with a Russian top-level domain (such as .ru). This created room for the intervention of the Russian government and create your own “Russian Trusted Root CA”. Filling the gaps for these websites paves a permanent way “Splinternet” Russia is finally striving for it. Finally, a request came from the Ukrainian government to the Internet Corporation for Assigned Names and Numbers (ICANN) to completely cut Russian top-level domains from the rest of the Internet. ICANN is a US-based international non-profit organization that oversees the global system of Internet domain names and IP addresses. We have explained why this requirement does not affect the wrongdoers, but will have a negative effect Internet safety for everyone. Thankfully, ICANN denied the request.
Uprising in Iran
Mahsa Amini, a 22-year-old Kurdish woman who visited Tehran with her family on September 13, 2022 was arrested by “Akhlaq” policemen and died in prison three days later. Since then, protests in Iran have been continued by a large part of the Iranian people, and in response, blocked by the government many online services across the country. As in Russia, Iran’s efforts to filter domestic online traffic are not new and are part of an ongoing effort to suppress dissent and block critical information from the outside world. Again in March EFF signed the letter It joins more than 50 other organizations calling on the Iranian government to repeal its draconian “Regulatory System for Cyberspace Services” law. This bill violates fundamental rights to privacy and freedom of expression. Although it has not been ratified, it has already been questioned that some parts of it have been implemented already. With recent incidents of internet censorship proven, the government has already crossed this bridge into a series of human rights abuses.
Development of anti-censorship tools
As an example, we saw the new forms of Iran internet blocking of modern protocols and popular endpoints that support them; whom encrypted DNS and HTTP/3. While we are concerned about how governments are evolving to creatively block network traffic, we are optimistic about developments that will help activists get their message out and communicate with others.
One of the tools that has gained great popularity is Snowflake. This tool helps connect those in countries where Tor is blocked by helping to make user traffic appear harmless. You can learn to be a Snowflake and support censored people to connect to the open internet. our post. Speaking of Tor, Tor browser has also been added new automatic connection assistant A feature that connects to Tor bridges if Tor is blocked in your region. This feature allows you to seamlessly connect to Tor Bridges, including Snowflake.
As there were reports that the signal was blocked in Iran, Call Signal Proxies Meredith Whittaker, president of Signal, provided a very easy guide on how to create and host a Signal proxy and help people reconnect to the platform safely. While there are reports that these can be blocked if detected by government censors, there are ways to discreetly share the address of these proxies, as explained in the guide.
Finally, this year the Open Observatory of Network Interference (OONI) also appeared a new online lesson With Advocacy Assembly, a human rights training platform to use OONI tools to measure censorship and real-time data from various websites and services that are often blocked, such as WhatsApp. This effort can help open research efforts of more detailed cases that may have been missed around the world.
While government-level internet censorship is difficult to combat, we hope that innovation will continue to keep these technologies open and accessible to the public around the world. Part of that is keeping internet security strong everywhere, not just in countries traditionally considered authoritarian. Promotion and advocates end-to-end encryption and even where Internet security is the strongest in the world, ubiquitous encryption on the Internet will help where it is weakest.