>If a proposal currently before the European Parliament and Council passes, ***the security of HTTPS in your browser may get a lot worse***. A proposed amendment to Article 45 in the EU’s Digital Identity Framework (eIDAS) would have major, adverse security effects on millions of users browsing the web.
>
>The ***amendment would require browsers to trust third parties designated by the government, without necessary security assurances***. But trusting a third party that turns out to be insecure or careless could mean compromising user privacy, leaking personal or financial information, being targeted by malware, or having one’s web traffic snooped on
>
>(…)
>
>This setup ***could also tempt governments to try “Machine-in-the-Middle”(MITM) attacks on people***. In August 2019, the government of Kazakhstan tried to require installation of a certificate to scan citizen traffic for “security threats.” Google Chrome, Mozilla Firefox, and Apple Safari blocked this certificate. They were able to take this stand because they run independent root stores with proper security controls. Under this new regulation, this would not be as easy to do. The EU has much more reach and impact than one country. Even though eIDAS wasn’t intended to be anti-democratic, it could open the path to more authoritarian surveillance
>
>(…)
2 comments
for the lazy: (taken from the r/privacy post of the same story)
[https://www.reddit.com/r/europrivacy/comments/rlbxdt/comment/hpes0ye/?utm_source=share&utm_medium=web2x&context=3](https://www.reddit.com/r/europrivacy/comments/rlbxdt/comment/hpes0ye/?utm_source=share&utm_medium=web2x&context=3)
>If a proposal currently before the European Parliament and Council passes, ***the security of HTTPS in your browser may get a lot worse***. A proposed amendment to Article 45 in the EU’s Digital Identity Framework (eIDAS) would have major, adverse security effects on millions of users browsing the web.
>
>The ***amendment would require browsers to trust third parties designated by the government, without necessary security assurances***. But trusting a third party that turns out to be insecure or careless could mean compromising user privacy, leaking personal or financial information, being targeted by malware, or having one’s web traffic snooped on
>
>(…)
>
>This setup ***could also tempt governments to try “Machine-in-the-Middle”(MITM) attacks on people***. In August 2019, the government of Kazakhstan tried to require installation of a certificate to scan citizen traffic for “security threats.” Google Chrome, Mozilla Firefox, and Apple Safari blocked this certificate. They were able to take this stand because they run independent root stores with proper security controls. Under this new regulation, this would not be as easy to do. The EU has much more reach and impact than one country. Even though eIDAS wasn’t intended to be anti-democratic, it could open the path to more authoritarian surveillance
>
>(…)
What is security measures