In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN [sécuriser et réguler l’espace numérique] Bill would force browser providers to create the means to mandatorily block websites present on a government provided list.
[Unfortunately one should no longer trust Mozilla itself as much as one did 10 years ago. If you do sign, you might want to use a fake name and a disposable email address.]
This bill is obviously disturbing. It could be that eventually they assume that .onion sites are all suspicious and block them, or something similar might happen, which would be bad news for privacy-oriented users including Monero users, for freedom of thought, and for freedom of speech itself. Note that the EU is going to ban anonymous domains too (in NIS2, Article 28).
For a regular end user, if something like this happens and if the block is domain-name-based, then one quick workaround would be using web.archive.org (or Wayback Classic), or ANONYM ÖFFNEN of metager.de (both work without JS). If this is France-specific, of course a French user could just get a clean browser from a free country too (perhaps LibreWolf or Tor Browser, or even Tails), provided that using a non-government-approved browser is not outlawed.
Mozilla, financially supported by Google, states that Google Safe Browsing is a better solution than SREN, but that too has essentially similar problems and privacy implications; especially Gmail’s Enhanced Safe Browsing is yet another real-time tracking (although, those who are using Gmail have no privacy to begin with, anyway).
If it’s DNS-level blocking, you can just use a better DNS rather than one provided by your local ISP, or perhaps just use Tor Browser. Even if it’s browser-side, as long as it’s open-source, technically you’re free to modify source code and re-compile it yourself, but that may not be easy even for a programmer, since a browser is complicated, with a lot of dependencies; security- and cryptography-related minor details tend to be extremely subtle (just because it compiles doesn’t mean it’s safe to use), especially given that Firefox/Thunderbird themselves really love to phone home behind the user’s back.
See also: Will Browsers Be Required By Law To Stop You From Visiting Infringing Sites?
That doesn’t sound well intentioned at all
How are people still assuming the state has any good intentions?
Their intentions are to know about and control everything that is being done and said.
Europeans always think their government has good intentions, which is ironically how Hitler happened. They still have yet to learn their lesson.
At least the French light shit on fire when they don’t like what the government is doing.
2/2
(7) II. - If the website admin can’t be reached or, although they replied, it still appears that the website is bad, then the authority may order browser providers to take any useful action to prevent access to the URL and to show a warning message instead, for a max period of three months.
(8) The blocking may be extended by not more than six months, if the advisory body in III agrees. The blocking may be extended again by another six months.
(9) For the purposes of (7), DNS means any person providing a service that converts a domain name to an IP address.
(10) This decision shall be notified to the said website admin.
(11) The authority may at any time request browser providers to terminate the blocking, when it appears that blocking is no longer necessary.
Comments: (9) implies DNS-level blocking is an option; a browser is then forced to use “compliant” DNS servers. This might be related to the so-called “thick whois” (simply put, domain-name KYC), planned in the EU-wide NIS2. If you get a European ccTLD (such as .fr), you might get KYCed to renew it in the future. (11) is funny: a bad website will be unblocked when it gets better, but how can they see that if they’re blocking it?
(12) III. – The authority shall transmit the requests and orders referred to in I and II, to the advisory body of the National Commission for Information and Freedoms. The advisory body makes sure that everything (such as the block list) is justified. It may order the authority to stop blocking.
(13) When the website admin appeals, the website is temporarily unblocked while waiting for the final decision.
(14) A yearly block report shall be made public.
(15) IV. – Any failure to comply shall be punished.
(16) V. – The terms and conditions for the application of this article are specified by decree.
Comments: (15) is a bit scary. Freedom of speech can have difficult borderline cases. It’s not like the website is proved guilty. Nevertheless, not only can they order you to comply, but also they can punish you if you don’t comply.
Firefox 115 can silently remotely disable my extension on any site
That’s one concrete reason why you can’t fully trust Mozilla Firefox. Still it’s much better—or much less worse—than Google’s WEI:
“Web Environment Integrity” is an all-out attack on the free Internet (FSF)
Web Environment Integrity (Wikipedia; Wikiless)
Comments to the actual commit (Github)
Not sure how a government is going to force hobby developers or end-users to implement a specific feature in a specific category of software. How is this different than just banning access to the website?
1/2
Article 6 of the Bill to Secure and Regulate Digital Space (Espace Numérique). Here’s what they’re like (a rough and simplified translation from French, not really good but anyway):
(1) Article 12 of “Act n° 2004-575 of 21 June 2004 for Confidence in the Digital Economy” is replaced by the following provisions:
(2) I. - When a special agent confirmed that a website is clearly carrying out criminal activities, the administrative authority shall inform the admin of the website that the precautionary measure as in (4) is taken, and invite them to reply within five days.
(3) At the same time, the authority shall notify the address of this website to browser providers.
(4) When notified, browser providers shall, as a precautionary measure, take any useful action to show a warning message which says viewing this website is risky [while not yet actually blocking it].
(5) This precautionary measure is implemented for seven days.
(6) After looking at the website admin’s reply, if the authority considers that the observation in (2) is no longer valid, they shall request browser providers to terminate the precautionary measures.
Comments: It’s implicitly assumed that “browser providers” keep tracking user activities real-time and can quickly start showing a warning message when the user tries to open a certain website. Mozilla doesn’t question this, either. Mozilla seems to think that, while browser-side blocking is bad, Google-side monitoring is good. That’s actually even worse than blocking itself.
Locking down the whole world because of the sniffles: no problem ✔️
Finding and arresting scammers on the clear web: not possible ❌️
What’s a petition going to do?
The only thing Mozilla and the rest can do is just not implement the features and pull any offices they have and employees out of France.