Apple, Google, Microsoft, and Mozilla have banned a root certificate deployed by the Kazakhstan government to spy on its citizens. Under the state’s surveillance, the root certificate intercepts and decrypt HTTPS traffic for Nur-Sultan city residents, the country’s capital.
Reports indicate that the certificate was active since December 6, 2020. The certificate allegedly blocked residents from accessing foreign websites like Google, Twitter, YouTube, Facebook, Instagram, and Netflix. The sites could only be accessed unless the certificate was installed.
Notably, the websites are among the most popular globally. State officials allegedly forced local internet service providers to block residents from accessing foreign sites. However, they were able to access most of the foreign websites apart from the highlighted ones.
No merit for spying on residents
The browser makers, however, find the state’s explanation lacking technical backing because certificates can’t prevent mass cyberattacks. Notably, certificates are for encrypting and safeguarding traffic from third-party observers.
Following the ban, Chrome, Edge, Mozilla, and Safari users’ data will not be compromised by the state.
The Kazakh government has a history of using the certificate to spy on residents. In August 2019, a certificate intercepted traffic for various Russian and English-speaking social media sites.