EU Article 45 requires that browsers trust certificate authorities appointed by governments::The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from…
Great and in 2 -3 years we find out, that someone has actively abused this security hole for years and stole whatever master key is required, to create their own fake government CA and has been spying on everyone for years. Or political opposition was imprisoned before they could act. Best is, such man in the middle attacks allow for all sorts of things, including putting fake evidence on your computer.
Oh yes, no one would ever do that every, totally never happened and won’t. Nazis will also never come back. What, they soon are the biggest party in Germany, in other countries too? And will dictate rules in the EU? No one could see that happening…
Where there’s honey, there will be bears.
I just hope we can create a browser plugin to deny gov CAs automatically or a browser from outside EU to block that shit. …until your ISP is forced by law to block traffic from these.
One step closer to a great EU firewall and it sucks. Good old salami tactics. Because at some point it doesn’t even matter if there are ways to mitigate this spying, if the alternative are so complicated and uncomfortable to use, that 99,999% of the people won’t bother.
pastermil@sh.itjust.works 1 year ago
What the fuck is EU doing? Why are they trying so hard to participate in the enshitification effort?
MeanEYE@lemmy.world 1 year ago
Personal ID cards have certificates on them issued by the government. These certificates can be used for anything from digitally signing documents to logging in to government web sites without having yet another user/pass. So far situations was a nightmare.
Government provided tools and plugins for browsers to support logging in and signing, but it’s been a shitshow when it comes to support. Pretty much only Windows and only certain versions of it and even then it worked half of the time. You had to install certificate manually and trust, etc. Am assuming this is to make sure these services work but also so they can issue certificates for their own web sites.
pastermil@sh.itjust.works 1 year ago
Personal digital certificate sounds like an awesome concept. Too bad the implementation seems so narrow-minded. Typical beaureaucrats.
uis@lemmy.world 1 year ago
And they don’t even use custom crypto!