Slashdot Mirror
In Kazakhstan, the Internet Backdoors You (csoonline.com)
itwbennett writes: Kazakhstan passed a law that would require citizens to install a certificate on their personal computers and mobile devices that would allow the government to snoop and capture web traffic, passwords, financial details. Telecom.kz posted the news to their website on November 30, but by December 4 the press release had been removed from the website. This is just the latest example of government overreaching. Recently we've seen the Turkish government attempt to block access to social media sites. And let's not forget Thailand's attempt to roll out their own man-in-the-middle implementation.
Well, then it's a good fucking thing nobody said Russia.
Also it was part of the former Soviet Union, so....
I bet that there, the government has the legal authority to do this, so what's the big deal? Here we have that pesky thing called the constitution, and the government still does the same even though they knew it was sketchy at best, but probably illegal.
Peter.
A moose bit my sister once ... it was very painful.
Lost at C:>. Found at C.
...but if I were a competent intelligence agency, I'd buddy up with a CA that has its root in all the major browsers, and MITM by redirecting traffic to my servers, once I'd obtained a warrant from a judge for targetted surveillance. IOW, I'd take a reasonable interpretation of the US Constitution's 4th amendment.
If, OTOH, I just wanted to spy on all my citizens, perhaps collecting data to make sure everyone can be identified as a criminal in future if needed, I'd do as described in the article. IOW, I'd be the Kazakhstan government.
if I were extremely incompetent, OTOH, I'd do something like only outlawing end to end encryption, and design some magic wand to enable myself access to all servers on the Internet across the planet. IOW, I'd be the UK government.
I am aware that Putin does not know his borders, but Kazakhstan is not Russia.
He knows his borders. Just in his mind if you are a former Soviet state then you are (or should be) actually part of Russia. He's kind of like China, in that the borders they think they have don't really line up with the maps everyone else is using.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
Ultimately, there's probably a more-than-just-implied idea that your ass will get dragged off to jail or shot if you fail to comply.
The same thing which happens in all such regimes, and the same thing the US is trying to achieve -- failure to comply with state security is a crime.
Make no mistake about it, this is the exact same direction Western countries are heading, because they all make the same argument that the state requires unfettered access to monitor us.
Lost at C:>. Found at C.
Typewriter sales took off as the last bastion of privacy left.
Kazhakstan has loads of advertisements on CNN trying to persuade businesses to locate there. Good way to screw that one up.
Yakov Smirnoff started this genre of jokes back in the 60s. At the time, Russia was usually conflated w/ the Soviet Union (just like England to this day is conflated w/ the United Kingdom). His usage of the term 'Soviet Russia' meant the USSR, rather than the RSFSR. Since Kazakhstan was a part of the USSR, this genre of jokes could remain relevant for this case.
At any rate, this is by no means the worst to hit Kazakhstan. Nor are Borak caricatures of that country. The worst thing that could ever hit Kazakhstan is if it becomes a hotbed for Jihadi activity, since it was in medieval times the playground of Muslim sultanates, and an Islamic revival like in neighboring Uzbekistan could end up screwing them up to no end
Read the fine print he he.... Only Android mac win etc. mentioned OS wise... Oh the wonders of politicians without a technical clue.... Yes I am aware of the nix like bases of Android and Mac.... But hey if they want to be OS specific... Then the year of the Linux Desktop has finally arrived ;)
MS, ALS, Aphasia ? http://globability.org - Me http://einarpetersen.com
The mistake that both Bush 41 and Clinton 42 made was that they allowed their State Departments to continue to keep Russia in the adversaries column, long before Putin surfaced. Letting Russia fester and supporting secessionist movements there like the Chechens was a bi-partisan sin. But the biggest issue w/ them is that they never realized that Islam replaced Communism as the free world's #1 enemy, and is even more lethal than either Nazism or Communism
Most of the stans are still pretty similar to their Soviet era regimes, and in their case, that's a good thing. This coming from someone who's normally anti-Communist. While personality cults like the late Niyazov was bad, the good thing about regimes of Nazarbayev, Karimov et al is that they've kept Jihadis in check, cracking down on them in the way they need to be cracked. Kyrgyzstan tried to be free but ended up having to deal w/ an Uzbek insurgency. Tajikistan is effectively in a civil war. Having Brezhnev like leaders in these countries is a good thing, since the alternative would probably be Taliban style regimes going right up to Russia's & China's borders, and a vast heartland for Jihadis
Choice 1b) you install the certificate, your traffic is snooped, but knowing this to be the case you tunnel a real TLS connection inside the MITM'd connection. (Secure TLS via a compromised TLS VPN.)
One of the nice things about encryption is that it's composable. Outer layer compromised? No problem; just add another layer inside. As long as they allow any information to be communicated, there will always be room for an encrypted communication channel, though it may need to be disguised with steganography.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
Borat Sagdiyev, after returning to KZ from trying to score Pam Anderson...is now in charge of certs for KZ.
Kazakhstan basically consists of northern part - Russian Southern Siberia and southern part - Kazakhstan proper - and has been separated from Russia by Stalin in 1936. The northern part was part of Russia and inhabited by Russians during about 400 years after fall of Golden Horde. If you look at Google Maps you see that northern part has mostly Russian names and the southern one - Kazakh ones.
Browser Learnings of Public Key for make benefit glorious nation of Kazakhstan!
"When information is power, privacy is freedom" - Jah-Wren Ryel
It could be made illegal, of course, but the communication itself was probably illegal anyway. It would only stand out if implemented poorly, however. Done properly it will just look like an unknown (proprietary) binary protocol, which isn't particularly uncommon. They can't possibly have the manpower necessary to reverse-engineer every unknown data format they happen to intercept, and it would be easier and cheaper to ban the Internet entirely than to enforce a rule that their subjects use only registered and documented protocols. Notice that they only added measures to intercept HTTPS, when they could have simply blocked it and/or banned encryption entirely. They know that they can't exercise effective control over the format of the traffic.
Even if they did, you could just encode your encrypted traffic as "noise" in a funny video of your cat, or any number of other innocuous-looking formats. Even text formats are possible carriers, albeit at much lower throughput.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
Sure there is criminals (and pseudo-criminals like me - as a teen I cracked software and hacked and just never got caught) always know how to rig the system. In this case, install the root certificate on your desktop. Bypass Method 1, use a VM: Download VirtualBox, create a Linux VM, and do all your browsing from in there, since that browser isn't rooted. You could even delete the VM when you're done and it may be possible to create a sandbox'ed browser. You've obeyed the law and bypassed it. Method 2, tunneling: find a partner outside of Kazakhstan and establish a VPN connection to it. Do all your browsing through the VPN on the non-compromised machine. Method 3, use hotspots and anonymizers to do your browsing. These can mask your MAC address and give you a different IPv6 IP (and you'll get a different IPv4 IP via NAT - you can set NAT retention to an extremely low number and it will delete any record of you being there). They can still trace you, but as soon as you go offline, you're someone else.
That was my 2 seconds of thought on how to obey the law and violate the intention of the law.