this post was submitted on 24 Aug 2023
56 points (98.3% liked)

privacy

363 readers
1 users here now

Rules (WIP)

  1. No ad hominem allowed
  2. Attack the idea, not the poster

founded 1 year ago
MODERATORS
 

In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN [sécuriser et réguler l'espace numérique] Bill would force browser providers to create the means to mandatorily block websites present on a government provided list.

--France’s browser-based website blocking proposal will set a disastrous precedent for the open internet

[Unfortunately one should no longer trust Mozilla itself as much as one did 10 years ago. If you do sign, you might want to use a fake name and a disposable email address.]

This bill is obviously disturbing. It could be that eventually they assume that .onion sites are all suspicious and block them, or something similar might happen, which would be bad news for privacy-oriented users including Monero users, for freedom of thought, and for freedom of speech itself. Note that the EU is going to ban anonymous domains too (in NIS2, Article 28).

For a regular end user, if something like this happens and if the block is domain-name-based, then one quick workaround would be using web.archive.org (or Wayback Classic), or ANONYM ÖFFNEN of metager.de (both work without JS). If this is France-specific, of course a French user could just get a clean browser from a free country too (perhaps LibreWolf or Tor Browser, or even Tails), provided that using a non-government-approved browser is not outlawed.

Mozilla, financially supported by Google, states that Google Safe Browsing is a better solution than SREN, but that too has essentially similar problems and privacy implications; especially Gmail's Enhanced Safe Browsing is yet another real-time tracking (although, those who are using Gmail have no privacy to begin with, anyway).

If it's DNS-level blocking, you can just use a better DNS rather than one provided by your local ISP, or perhaps just use Tor Browser. Even if it's browser-side, as long as it's open-source, technically you're free to modify source code and re-compile it yourself, but that may not be easy even for a programmer, since a browser is complicated, with a lot of dependencies; security- and cryptography-related minor details tend to be extremely subtle (just because it compiles doesn't mean it's safe to use), especially given that Firefox/Thunderbird themselves really love to phone home behind the user's back.

See also: Will Browsers Be Required By Law To Stop You From Visiting Infringing Sites?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago

1/2

Article 6 of the Bill to Secure and Regulate Digital Space (Espace Numérique). Here's what they're like (a rough and simplified translation from French, not really good but anyway):

(1) Article 12 of "Act n° 2004-575 of 21 June 2004 for Confidence in the Digital Economy" is replaced by the following provisions:

(2) I. - When a special agent confirmed that a website is clearly carrying out criminal activities, the administrative authority shall inform the admin of the website that the precautionary measure as in (4) is taken, and invite them to reply within five days.

(3) At the same time, the authority shall notify the address of this website to browser providers.

(4) When notified, browser providers shall, as a precautionary measure, take any useful action to show a warning message which says viewing this website is risky [while not yet actually blocking it].

(5) This precautionary measure is implemented for seven days.

(6) After looking at the website admin's reply, if the authority considers that the observation in (2) is no longer valid, they shall request browser providers to terminate the precautionary measures.

Comments: It's implicitly assumed that "browser providers" keep tracking user activities real-time and can quickly start showing a warning message when the user tries to open a certain website. Mozilla doesn't question this, either. Mozilla seems to think that, while browser-side blocking is bad, Google-side monitoring is good. That's actually even worse than blocking itself.