Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections
Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections
www.theregister.com
Europe prepares to break browser security with eIDAS 2.0
25 comments
-
-
Sorry, but this is on the level where I'll never trust EU... I rather liked this organization but this makes no sense.
Like, which children to protect are going to be manufactured this time?
-
If it is any reassurance, not even the EU trusts the EU to control internet security: Parliament voted this down in its position, but member states are trying to bring it back. MEPs are fighting to ensure control remains with browsers.
-
You can't trust your govt and you can't even trust the World Bank. Digital ID is being pushed globally, their excuse is to help people to get jobs and financing.
https://www.weforum.org/agenda/2021/04/digital-id-is-the-catalyst-of-our-digital-future/
-
I'm not an expert on this, but you should not make a one-sided argument on a topic that people are not familiar with.
-
Digital ID isn’t the problem here. No system is risk free and we should always think critical but the concept of digital id is a huge plus for privacy.
Most people receive important documents in their mailbox while a Mailaccount is actually very unsecure to keep your data safe. In some places in Europe official/important documentation goes to a special mailbox that can only be opened using a digital id. Its miles safer then a password.
The issue at hand could be a problem For digital id safety but that would be just one of many more negative effects from this bill. Id or not europeans be screwed.
-
Interesting ideas but still half baked
-
-
It does kinda depend on whether this manages to actually pass...
-
-
This is the best summary I could come up with:
Lawmakers in Europe are expected to adopt digital identity rules that civil society groups say will make the internet less secure and open up citizens to online surveillance.
Thus, using a proxy in a man-in-the-middle attack, that government can intercept and decrypt the encrypted HTTPS traffic between the website and its users, allowing the regime to monitor exactly what people are doing with that site at any time.
How that compares to today's surveillance laws and powers isn't clear right now, but that's the basically what browser makers and others are worried about: government-controlled CAs being abused to issue certificates to websites that allow for interception.
An authority purge of this sort occurred last December when Mozilla, Microsoft, Apple, and later Google removed Panama-based TrustCor from their respective lists of trusted certificate providers.
"Article 45 forbids browsers from enforcing modern security requirements on certain CAs without the approval of an EU member government," the Electronic Frontier Foundation (EFF) warned on Tuesday.
Mozilla and a collection of some 400 cyber security experts and non-governmental organizations published an open letter last week urging EU lawmakers to clarify that Article 45 cannot be used to disallow browser trust decisions.
The original article contains 965 words, the summary contains 196 words. Saved 80%. I'm a bot and I'm open source!
-
https://nitter.cz/Rob_Roos/status/1722304545676497141?t=SDb1qsGpMC8CtZmNdc70mQ&s=19
The European Parliament and Member States just reached an agreement on introducing the Digital Identity, #eID.
Directly afterwards, #EU Commissioner Breton said: "Now that we have a Digital Identity Wallet, we have to put something in it...", suggesting a connection between #CBDC and eID.
They ignored all the privacy experts and security specialists. They're pushing it all through.
-
CBDCs are one of the greatest threats to freedom and liberty over the next 50 years. People should be very skeptical about giving this much control and surveillance power over to the government.
-
-
-
Are we doomed? After 08/11/23, yes we are.
-
As far as I understand, the parliament must vote now, but it doesn't look good. You may write to your MEP.
-
We should organize manifestations in streets and make it visible if we don't agree. Writing an email that just gets ignored seems polite but it hasn't worked so far.
-
-
25 comments
Considering that this has been in the works for
a yeartwo years already and there haven't been any reports of banks and insurance agencies objecting, your version of "it can't happen here" seems less than fully convincing.Mozilla says that it's fairly close to passing though: https://last-chance-for-eidas.org/
I can only hope that this is what is going to happen. It's a stupid idea and I have no clue why noone things about the consequences and evaluates if it's for the better or worse..
Agreed. PwC, big banks and the internet as a whole would stand against such policy, giving institutions the power to destroy the very basis of internet trust is simply asking for the entire system to become discredited