Year of Internet Control and Stability. 2022
This year, we’ve seen a number of different ways governments have tried to change basic internet security for users. Much of this has been attempted through legislation, direct network intervention, or direct requests from government to Internet governing bodies. On the other hand, we’ve also seen new anti-censorship mechanisms help people regain access to the wider world, giving hope in really dark times.
The EU Digital Identity Framework
While the European Union’s eIDAS (eelectronic ID:confirm aidentification and trust S:services) framework and law is not new and has been in place since 2014, several changes have been proposed in the European Parliament, which have sparked new conversations and concerns. As a top example, it is recommended change to Article 45, which we believe could fundamentally change the web trust model as we know it. The change requires web browsers to trust government-appointed third parties without the necessary security guarantees.
EFF: passed the consequences and concluded that it is a solution in search of a problem. The proposal will implement expensive Qualified Web Authentication Certificates (QWACs) for websites for cheaper or free certificates as the safest way to communicate on the Internet; and it can leave users vulnerable to malicious actions by government Certification Authorities (or Qualified Trust Service Providers/QTSPs) in a worse-case scenario.
Council of the European Union on December 6, 2022 accepted the original change language despite suggestions some of commissions in the European Parliament to allow browsers to protect users in light of the security threat posed by QTSP. The final decision rests with the Committee on Industry, Research and Energy (ITRE) and we urge a final vote to ensure that browsers can continue to block certification authorities that do not meet security standards, especially when the EU is facing member states. diverse questions about democracy.
Internet in wartime
With Russia’s invasion of Ukraine, many problems emerged with government blocking, censorship, and security risks inside and: outside of Russia. Within the country, diverse VPNs and anonymity protocols such as Tor: they’ve been blocked, which we can assume is likely to curb dissent and track people’s traffic.
Harsh foreign sanctions were another layer that contributed to the fragmentation of the Russian Internet. As businesses cut ties, services are similar certificate authorities had stopped issuing new certificates to any site with a Russian top-level domain (like .ru). This created space for the Russian government to step in and create his own “Russian Trusted Root CA” fill the gaps in these sites, paving the way for lasting Splinternet Russia, after all, strives. Finally, requests from the Ukrainian government have been made to the Internet Corporation for Assigned Names and Numbers (ICANN) to completely disconnect Russia’s top-level domains from the rest of the Internet. ICANN is a US-based international non-profit organization that oversees the Internet’s global system of domain names and IP addresses. We have explained why this request will not only affect those who are wrong, but will also adversely affect safety on the web for everyone. Fortunately, ICANN denied the request.
Rebellion in Iran
On September 13, 2022, 22-year-old Kurdish woman Mahsa Amin, who visited Tehran with her family, was. was arrested by the “morality” police and died in prison three days later. Since then, protests have continued in Iran by large masses of the Iranian people, and in response, the government blocked it many online services within the country. As in Russia, Iran’s efforts to filter domestic online traffic are not new and are part of an ongoing effort to stifle dissent and block critical information from the outside world. Back in March The EFF signed the letter Iran’s government with more than 50 other organizations calling for the repeal of the Cyberspace Services Regulatory System Bill. This bill violates basic rights to privacy and freedom of speech. Although it has not been confirmed, it is already suspected that parts of it have been implemented already. With recent proven cases of Internet censorship, the government has already crossed that bridge into numerous human rights violations.
Advances in anti-censorship tools
Iran as an example, we saw new forms Internet blocking of modern protocols and popular endpoints that support them; Such as encrypted DNS and: HTTP/3. While we are concerned about how governments are evolving to creatively block network traffic, we are also optimistic about developments that will help activists spread their message and communicate with others.
One tool that has grown in popularity is Snowflake. This tool helps connect countries where Tor is blocked, helping users’ traffic appear harmless. You can learn how to ‘become a snowflake’ and support censored people to connect to the open web our post. Speaking of Tor, the Tor browser has also added a new automatic Connection Assist feature that connects to Tor bridges if Tor is blocked in your region. This feature ensures that you can now seamlessly connect to Tor Bridges, including Snowflake.
As it was reported that the signal was blocked in Iran, call signaling proxies Meredith Whittaker, president of Signal, provided a very easy guide on how to create and host a Signal proxy and help people safely reconnect to the platform. While there are reports that they may be blocked if detected by government censors, there are ways to share these proxies’ addresses, as explained in the guide.
Finally, this year, the Network Intervention Open Observatory (OONI) also rolled a new online class with human rights training platform Advocacy Assembly to use OONI’s tools to measure censorship and real-time data on various often-blocked websites and services such as WhatsApp. These efforts can help open research efforts around the world to more carefully identify cases that may be missed.
While fighting internet censorship at the government level is difficult, we hope that innovation will keep these technologies open and accessible to the public around the world. Part of that is keeping Internet security strong everywhere, not just in countries traditionally considered authoritarian. Promotion and supports end-to-end encryption and ubiquitous encryption on the Internet, even where Internet security is the strongest in the world, will help where it is weakest.