In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments that will easily negate the existence of censorship circumvention tools.

While motivated by a legitimate concern, this move to block websites directly within the browser would be disastrous for the open internet and disproportionate to the goals of the legal proposal – fighting fraud. It will also set a worrying precedent and create technical capabilities that other regimes will leverage for far more nefarious purposes. Leveraging existing malware and phishing protection offerings rather than replacing them with government provided, device level block-lists is a far better route to achieve the goals of the legislation.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    I’m philosophically against this idea. But on the other hand why is this being implemented in the browser? Why isn’t France asking it’s ISPs to block the hosting address of the sites. Or the DNS. Going after the endpoints it seems silly. Because now every single browser in the country is going to have a list of the " good websites ".

    • Jomn@jlai.lu
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      France already does DNS blocking. It honestly has near to no impact, since targeted websites (usually digital piracy related stuff) just change the domain.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I think most governments who roll out censorship infrastructure don’t really care about whatever they’re actually censoring, they have some juicy target that will come along later like a political rival they miscategorize. To cut them off. They’re building the toolbox they don’t care about the excuse.

        So yeah pirate sites give them an excellent reason to say oh we need better tools, but they don’t care about piracy, not really

    • evilviper@beehaw.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I’d imagine it’s easier being the bad guy to a bunch of american browser companies rather then to all your local ISPs.

    • NeonPayload@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      because it’s easier to get around with a vpn, but if it’s at the software level it wouldn’t be as easy. They could make it so only France approved browsers could be downloaded.