Google and Mozilla this week took steps to undermine the efforts of the Kazakhstan government to intercept all HTTPS traffic within its borders. Kazakhstan started the practice last month.
A report by Censored Planet found evidence that the government was ordering local Internet providers to enforce the installation of a special certificate on all devices and browsers. The certificate was designed to let government officials intercept and view encrypted traffic, and thereby effectively carry out man-in-the-middle (MitM) attacks on citizens. The study stated that “although the interception is not yet occurring country-wide, it appears the government is both willing and potentially capable of widespread HTTPS interception in the near future.”
Google and Mozilla both condemned the Kazakhstan government practice and recently added new features to the Chrome and Firefox browsers that should prevent the interception of web traffic in the country.