Apple, Google, and Mozilla have taken steps to prevent the Kazakh government from spying on its citizen. All three companies have condemned the steps taken by the government and have made changes to make sure their users are protected.
In case you didn’t know, the Kazakh government has been criticized recently for their implementation of a security certificate that lets the officials read anything users type or post in their browsers, including passwords. The government said it was just a test which has now been halted. The government defended its actions by saying that its goal was to protect Kazakh users from “hacker attacks, online fraud and other kinds of cyber threats”. Kazakhstan’s National Security Committee also noted that the system could be deployed again “if threats emerge to national security in the form of cyber- and information attacks”.
In the meantime, Apple, Google, and Mozilla have taken steps to block the use of the government’s root CA certificate. Mozilla went even further and implemented an error message that states that the certificate should not be trusted. Wayne Thayer, CA Program Manager, Mozilla said users should consider using VPNs or install Tor to prevent the government from spying on them. He also recommended changing the passwords and removing the certificate from the computer.
Apple believes privacy is a fundamental human right, and we design every Apple product from the ground up to protect personal information. We have taken action to ensure the certificate is not trusted by Safari and our users are protected from this issue.
– Apple spokesperson
We will never tolerate any attempt, by any organization—government or otherwise—to compromise Chrome users’ data. We have implemented protections from this specific issue, and will always take action to secure our users around the world.
– Parisa Tabriz, Senior Engineering Director of Google Chrome
People around the world trust Firefox to protect them as they navigate the internet, especially when it comes to keeping them safe from attacks like this that undermine their security. We don’t take actions like this lightly, but protecting our users and the integrity of the web is the reason Firefox exists.
– Marshall Erwin, Senior Director of Trust and Security, Mozilla
These new measures should go into effect immediately and there are no additional steps required from the user’s end to enable it. That said, it’s a good idea to check and make sure you have the latest updates installed.