Hm, interesting - the page reports 404 if JS is disabled, but loads
otherwise. Thanks for the hint. Also sharing Mozilla's statement:
https://blog.mozilla.org/blog/2019/08/21/mozilla-takes-action-to-protect-users-in-kazakhstan/
Good to know.
RhinosF1 writes:
> link works fine for me Yury
>
>
link works fine for me Yury
On Fri, 23 Aug 2019 at 10:29, Yury Bulka
wrote:
> I'm getting a 404:(
>
> John Erling Blad writes:
>
> > Google, Apple, Mozilla move to block Kazakh surveillance system
> >
> >
>
I'm getting a 404:(
John Erling Blad writes:
> Google, Apple, Mozilla move to block Kazakh surveillance system
>
> https://www.reuters.com/article/us-kazakhstan-internet-surveillance/google-apple-mozilla-move-to-block-kazakh-surveillance-system-idUSKCN1VB17Q
>
Google, Apple, Mozilla move to block Kazakh surveillance system
https://www.reuters.com/article/us-kazakhstan-internet-surveillance/google-apple-mozilla-move-to-block-kazakh-surveillance-system-idUSKCN1VB17Q
___
Wikimedia-l mailing list, guidelines at:
Yaroslav
If there is no local chapter willing and able to take action, then
presumably it falls to WMF central to do so, as they have in the USA
and Turkey
The Turnip
On Tue, 23 Jul 2019 at 12:41, Yaroslav Blanter wrote:
>
> I do not think Kazakhstan has a chapter. In the past, some Kazakh
>
Seems like something happen early Friday morning.[1]
[1] https://censoredplanet.org/kazakhstan/live
On Sun, Jul 28, 2019 at 2:43 PM John Erling Blad wrote:
> You are right. “Firefox and Chrome disable pin validation for pinned hosts
> whose validated certificate chain terminates at a
You are right. “Firefox and Chrome disable pin validation for pinned hosts
whose validated certificate chain terminates at a user-defined trust anchor
(rather than a built-in trust anchor). This means that for users who
imported custom root certificates all pinning violations are ignored.” [1]
FYI, it seems Wikimedia is not being intercepted at the moment.
https://censoredplanet.org/kazakhstan
Of course, that may change.
It may also be relevant that Wikimedia uses HSTS, and that will make it
difficult for users to access the sites with intercepted certificates if
they have accessed
Correct me if I'm wrong but I believe browsers always ignored HPKP rules
when presented with a cert signed by a CA that is locally installed rather
than default.
On Sun, 28 Jul 2019, 12:58 John Erling Blad, wrote:
> The Kazakhstan MITM could be stopped by HTTP Public Key Pinning [1], but
>
The Kazakhstan MITM could be stopped by HTTP Public Key Pinning [1], but
Chrome seems to have dropped support for HPKP[2]? Dropping HPKP made the
MITM attack possible, by forcing the users to install the root certificate,
as many of the sites listed has been on the HPKP list. With HPKP in place
I don't see any position from Mozilla on this yet:
https://bugzilla.mozilla.org/show_bug.cgi?id=1567114
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/wnuKAhACo3E
Couldn't find anything about Google Chrome.
Meanwhile, I have emailed secur...@wikimedia.org with a link to this
I'm not in Kazakhstan and am not in directly touch with any of
wikimedians there, so I don't know their position.
However, I'm not sure how much freedom they have in expressing their
honest opinion about this publicly. Simply because it is always a
pros-and-cons calculation to criticise your
I do not think Kazakhstan has a chapter. In the past, some Kazakh
Wikimedians enjoyed close collaboration with the government (for example,
the Kazakhstani Encyclopedia has been released under a free license and
verbatim copied to the Kazakh Wikipedia, so that I do not expect much.
Cheers
Yury
What is the position of the Kazakhstan chapter on this?
The Turnip
On Sun, 21 Jul 2019 at 11:36, Yury Bulka
wrote:
>
> I'm sure many have heard about this:
> https://thehackernews.com/2019/07/kazakhstan-https-security-certificate.html
>
> Essentially, the government in Kazakhstan started
t; >
>> > > Yes, they can de-crypt the traffic. Hopefully browser vendors will
>> > > disallow the root certificate.
>> > > IMHO there isn't much WP can do, expect showing a warning if somebody
>> is
>> > > trying to login
>> > >
> > > Yes, they can de-crypt the traffic. Hopefully browser vendors will
> > > disallow the root certificate.
> > > IMHO there isn't much WP can do, expect showing a warning if somebody
> is
> > > trying to login
> > > from the country in question.
gt; ____________
> > Von: Wikimedia-l im Auftrag
> von
> > Yury Bulka
> > Gesendet: Sonntag, 21. Juli 2019 12:36
> > An: wikimedia-l@lists.wikimedia.org
> > Betreff: [Wikimedia-l] Universal forced HTTPS backdoor in Kazakhstan
> >
> &g
_
> Von: Wikimedia-l im Auftrag von
> Yury Bulka
> Gesendet: Sonntag, 21. Juli 2019 12:36
> An: wikimedia-l@lists.wikimedia.org
> Betreff: [Wikimedia-l] Universal forced HTTPS backdoor in Kazakhstan
>
> I'm sure many have heard about this:
>
> https://theha
Bulka
Gesendet: Sonntag, 21. Juli 2019 12:36
An: wikimedia-l@lists.wikimedia.org
Betreff: [Wikimedia-l] Universal forced HTTPS backdoor in Kazakhstan
I'm sure many have heard about this:
https://thehackernews.com/2019/07/kazakhstan-https-security-certificate.html
Essentially, the government i
I'm sure many have heard about this:
https://thehackernews.com/2019/07/kazakhstan-https-security-certificate.html
Essentially, the government in Kazakhstan started forcing citizens into
installing a root TLS certificate on their devices that would allow the
government to intercept, decrypt and
20 matches
Mail list logo
