‘Opinion Quick question number 1. Do you trust Google? The Movement for an Open Web (MOW) doesn’t. It’s taking Big G to the UK’s Big C – the Competition and Markets Authority – over the forthcoming Chrome IP Protection feature. Quick question number 2. Do you trust European governments? The Electronic Frontier Foundation (EFF) and hundreds of experts don’t, pointing out that elements of proposed revisions to EU regulations called eIDAS would exempt state-approved certificates from security action by browsers. Let’s take each story, both from the past fortnight, in turn. Google’s IP Protection is basically an anonymizing proxy that means Chrome passes your IP to a third-party anonymizer. This assigns random IPs that change often enough that nobody can use it to identify you across sites. This is bad, says MOW, because it means only Google can do the tracking, which is unfair on other ad tech companies – for whom MOW speaks. It also encourages fraud and, oh yes, won’t someone think of the children? The eIDAS regulation is about trust. The digital certificates that control the security of protocols like HTTPS are issued by Certificate Authorities (CAs) which are part of a chain of trust. A site with a valid certificate is who it says it is. If a CA is compromised or malevolent, it gets removed from that chain and browsers no longer use keys provided by sites with the bad certs. eIDAS wants this safety feature turned off for certificates issued by state-approved CAs. Even if the certificates falsely identify fake sites, users won’t be able to tell. This would give states, state-approved organisations, or anyone corruptly part of that particular chain of trust, the ability to make fake sites that monitor and decrypt Web traffic silently and at scale. This is another bite of the end-to-end encryption cherry, and for the same reasons – helping fight crime and terrorism, prevent abuse, and, oh yes, think of the children.’
‘Opinion Quick question number 1. Do you trust Google? The Movement for an Open Web (MOW) doesn’t. It’s taking Big G to the UK’s Big C – the Competition and Markets Authority – over the forthcoming Chrome IP Protection feature. Quick question number 2. Do you trust European governments? The Electronic Frontier Foundation (EFF) and hundreds of experts don’t, pointing out that elements of proposed revisions to EU regulations called eIDAS would exempt state-approved certificates from security action by browsers. Let’s take each story, both from the past fortnight, in turn. Google’s IP Protection is basically an anonymizing proxy that means Chrome passes your IP to a third-party anonymizer. This assigns random IPs that change often enough that nobody can use it to identify you across sites. This is bad, says MOW, because it means only Google can do the tracking, which is unfair on other ad tech companies – for whom MOW speaks. It also encourages fraud and, oh yes, won’t someone think of the children? The eIDAS regulation is about trust. The digital certificates that control the security of protocols like HTTPS are issued by Certificate Authorities (CAs) which are part of a chain of trust. A site with a valid certificate is who it says it is. If a CA is compromised or malevolent, it gets removed from that chain and browsers no longer use keys provided by sites with the bad certs. eIDAS wants this safety feature turned off for certificates issued by state-approved CAs. Even if the certificates falsely identify fake sites, users won’t be able to tell. This would give states, state-approved organisations, or anyone corruptly part of that particular chain of trust, the ability to make fake sites that monitor and decrypt Web traffic silently and at scale. This is another bite of the end-to-end encryption cherry, and for the same reasons – helping fight crime and terrorism, prevent abuse, and, oh yes, think of the children.’
‘Opinion Quick question number 1. Do you trust Google? The Movement for an Open Web (MOW) doesn’t. It’s taking Big G to the UK’s Big C – the Competition and Markets Authority – over the forthcoming Chrome IP Protection feature. Quick question number 2. Do you trust European governments? The Electronic Frontier Foundation (EFF) and hundreds of experts don’t, pointing out that elements of proposed revisions to EU regulations called eIDAS would exempt state-approved certificates from security action by browsers. Let’s take each story, both from the past fortnight, in turn. Google’s IP Protection is basically an anonymizing proxy that means Chrome passes your IP to a third-party anonymizer. This assigns random IPs that change often enough that nobody can use it to identify you across sites. This is bad, says MOW, because it means only Google can do the tracking, which is unfair on other ad tech companies – for whom MOW speaks. It also encourages fraud and, oh yes, won’t someone think of the children? The eIDAS regulation is about trust. The digital certificates that control the security of protocols like HTTPS are issued by Certificate Authorities (CAs) which are part of a chain of trust. A site with a valid certificate is who it says it is. If a CA is compromised or malevolent, it gets removed from that chain and browsers no longer use keys provided by sites with the bad certs. eIDAS wants this safety feature turned off for certificates issued by state-approved CAs. Even if the certificates falsely identify fake sites, users won’t be able to tell. This would give states, state-approved organisations, or anyone corruptly part of that particular chain of trust, the ability to make fake sites that monitor and decrypt Web traffic silently and at scale. This is another bite of the end-to-end encryption cherry, and for the same reasons – helping fight crime and terrorism, prevent abuse, and, oh yes, think of the children.’
