Kazakh Government Implements Privacy Invasive Internet Monitoring Plan

  • The Kazakh government is moving forward with an old MITM plan that allows internet monitoring.
  • The regime is enforcing privacy and security bashing law and has the nation’s ISPs on their side.
  • People will either install the certificate on all their devices and browsers or lose access to the internet.

As we reported in June, when Kazakhstan elected a new president, the situation didn’t look very promising for the netizens of the country. A massive blocking of local news outlets, live video streaming services, and social media platforms signified an upcoming “internet censorship age” for Kazakhstan. Going a step further from blocking what they don’t like, the Kazakh government is now imposing unprecedented privacy-defiling measures. More specifically, all of the country’s ISPs (internet service providers) have been instructed to enforce the installation of a government-issued “man-in-the-middle” certificate to their customers, who are expected to use it on all of their devices and browsers. This happens according to a new law “On Communications”, paragraph 11 of the “Rules for Issuing and Applying a Security Certificate”.

kazakh certificate
image source: http://qca.kz/

This “Qaznet” certificate will enable government agencies to decrypt the HTTPS traffic on their citizens’ devices so that they know what they’re doing online. Now, ISPs are publishing web pages with detailed instructions for the people, as the certificate needs to be installed on a wide range of different devices, and there’s a different way to do it on each one. Besides the confusion and complexity, the main problem is the certificate itself, as it undermines all notions of user privacy.

Of course, both the government and the ISPs present the need for installing the “security certificate” as a crucial safety measure for the citizens, conveniently leaving out all details about HTTPS traffic monitoring and what its installation would entail for the privacy of the users. They tout this as a measure to help people stay protected against hacker attacks, fraudsters, and all types of cyber threats. The ISPs leave no margin for disobedience to their subscribers anyway, as the internet is blocked for all of those who haven’t installed the Qaznet certificate yet.

This is not a novel move by the Kazakh government, in the same way that the current regime is not a fresh one either. In fact, the rulers of the country tried to impose the installation of a similar certificate back in 2015, but the fact that several ISPs, banks, and foreign agencies sued the government back then put a brake on the plans. Even Mozilla was approached and asked to bundle the certificate in Firefox by default, but of course, the internet company denied to do such a thing. Now, however, it seems that the latest elections empowered the government even more, so no one could stop them this time.

Have something to comment on the above? Feel free to do so in the section below, or on our socials, on Facebook and Twitter.



Indian Banks and Finance Companies Targeted by Multi-Staged JSOutProx RAT Malware

Indian banks and financial institutions are being targeted by a multi-tier JSOutProx RAT that acts in two stages.The malware uses spear-phishing emails...

Mega Deletes 144,000+ User Accounts for Repeated Copyright Infringement

Mega has changed its policies and terminated over 144,000 accounts for repeated copyright infringement violations.The company says flagged data is taken down...

YouTube Creators Targeted With Phishing Scams Based on Cookie Theft Malware

Google discoverd a new Cookie Theft-based phishing scam that targeted channels belonging to YouTube creators.Actors were sending phishing emails and hijacking channels...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari