this post was submitted on 24 Aug 2023
56 points (98.3% liked)

privacy

363 readers
1 users here now

Rules (WIP)

  1. No ad hominem allowed
  2. Attack the idea, not the poster

founded 1 year ago
MODERATORS
 

In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN [sécuriser et réguler l'espace numérique] Bill would force browser providers to create the means to mandatorily block websites present on a government provided list.

--France’s browser-based website blocking proposal will set a disastrous precedent for the open internet

[Unfortunately one should no longer trust Mozilla itself as much as one did 10 years ago. If you do sign, you might want to use a fake name and a disposable email address.]

This bill is obviously disturbing. It could be that eventually they assume that .onion sites are all suspicious and block them, or something similar might happen, which would be bad news for privacy-oriented users including Monero users, for freedom of thought, and for freedom of speech itself. Note that the EU is going to ban anonymous domains too (in NIS2, Article 28).

For a regular end user, if something like this happens and if the block is domain-name-based, then one quick workaround would be using web.archive.org (or Wayback Classic), or ANONYM ÖFFNEN of metager.de (both work without JS). If this is France-specific, of course a French user could just get a clean browser from a free country too (perhaps LibreWolf or Tor Browser, or even Tails), provided that using a non-government-approved browser is not outlawed.

Mozilla, financially supported by Google, states that Google Safe Browsing is a better solution than SREN, but that too has essentially similar problems and privacy implications; especially Gmail's Enhanced Safe Browsing is yet another real-time tracking (although, those who are using Gmail have no privacy to begin with, anyway).

If it's DNS-level blocking, you can just use a better DNS rather than one provided by your local ISP, or perhaps just use Tor Browser. Even if it's browser-side, as long as it's open-source, technically you're free to modify source code and re-compile it yourself, but that may not be easy even for a programmer, since a browser is complicated, with a lot of dependencies; security- and cryptography-related minor details tend to be extremely subtle (just because it compiles doesn't mean it's safe to use), especially given that Firefox/Thunderbird themselves really love to phone home behind the user's back.

See also: Will Browsers Be Required By Law To Stop You From Visiting Infringing Sites?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago

2/2

(7) II. - If the website admin can't be reached or, although they replied, it still appears that the website is bad, then the authority may order browser providers to take any useful action to prevent access to the URL and to show a warning message instead, for a max period of three months.

(8) The blocking may be extended by not more than six months, if the advisory body in III agrees. The blocking may be extended again by another six months.

(9) For the purposes of (7), DNS means any person providing a service that converts a domain name to an IP address.

(10) This decision shall be notified to the said website admin.

(11) The authority may at any time request browser providers to terminate the blocking, when it appears that blocking is no longer necessary.

Comments: (9) implies DNS-level blocking is an option; a browser is then forced to use "compliant" DNS servers. This might be related to the so-called "thick whois" (simply put, domain-name KYC), planned in the EU-wide NIS2. If you get a European ccTLD (such as .fr), you might get KYCed to renew it in the future. (11) is funny: a bad website will be unblocked when it gets better, but how can they see that if they're blocking it?

(12) III. – The authority shall transmit the requests and orders referred to in I and II, to the advisory body of the National Commission for Information and Freedoms. The advisory body makes sure that everything (such as the block list) is justified. It may order the authority to stop blocking.

(13) When the website admin appeals, the website is temporarily unblocked while waiting for the final decision.

(14) A yearly block report shall be made public.

(15) IV. – Any failure to comply shall be punished.

(16) V. – The terms and conditions for the application of this article are specified by decree.

Comments: (15) is a bit scary. Freedom of speech can have difficult borderline cases. It's not like the website is proved guilty. Nevertheless, not only can they order you to comply, but also they can punish you if you don't comply.