deleted by creator
No, that was different. eIDAS is certificate based - those that care will just use a VPN to download a non-EU compliant browser build and only surf with the VPN on. At least that’s my plan.
deleted by creator
But it’s not spyware. The eIDAS law proposes that governments can insert certificates that spoof the originator. A subtle difference.
I really hope Mozilla don’t comply
Still weakening encryption standards.
It would force the inclusion of a “trusted root” into browsers & OSs with the purpose of allowing government entities to spoof certificates. As certificate pinning is becoming mainstream, I would assume it’ll require browser & app vendors to weaken those controls too.
You’d hope ECHR’s prior ruling would block this too. For the exact same rationale.
deleted by creator
No… That’s spyware with less steps… Theres no cracking, hacking, Trojans etc. involved at all, it’s a direct and straightforward addition of the spyware under color of the states authority.
What would be a non-EU compliant browser?
I’m expecting browser companies to offer EU citizens a browser with the eIDAS cert acceptance baked in but outside the EU as they are now
deleted by creator
" Techradar " is not the best source for legislative journalism, and one could question their credibility about product reviews. Check trustpilot for example; 1 /5 rating.
Added: Afaik, EU institutions are developing a new legislation for a Euroepean digital future containing biometrics, digital identity and Internet safeguards. The GDPR is a basis for this legislation, so privacy safeguards shouldn’t be an issue. The existing discussion is about the interpretation/ backdoor abuse of the issuing and handling of (root)certificates.of websites, described in art 45.
Now these certificates are done by businesses and as per 2023 eIDAS EU proposal they should be done by EU and or memberstates. This latter regulation drew the concern of privacy watchdogs. According to the EU itself and the actors involved, it’s rather something more about finding the correct legislative terms, then about the intention to enabling " mass surveillance ". At this moment the new law hasn’t been adopted, as they are still in full discussion mode about the correct version. Also I’m happy about the privacy watchdogs which help contribute to a better legislation . It’s an ongoing discussion and (democratic) process.
here the new open letter with critique as per nov 2023 towards eIDAS 2.0
another letter per dec 2023 from the University KU Leuven.
What would be the best way to oppose / vote against this law proposition?
Think I can answer my own question.
Through this site of Mozilla:
https://last-chance-for-eidas.org/I stumbled upon this open letter:
https://eidas-open-letter.org/At the bottom of the letter there’s a link to this form,
which I’ve signed (1. Honorific “Developer”, 2. Institution “Independant”) to join the opposition:
https://pads.c3w.at/form/#/2/form/view/mc8X+BfJrv5J-y5Z3LfONA4mpLmD7owmnWizzoikNTw/
Nonetheless, experts expect the final agreement to be revealed by the end of March as the Parliament is pushing to close all the open legislative processes before the upcoming European elections scheduled in June.
So basically, the law’s unlikely to change much before being pushed to vote, which considering how stupid it is, it’s likely to be outright rejected like Chat Control by the Parliement.
Still, it’s good to raise awareness on the issue.
According to the EP legislative train digital age:
"The regulation also clarifies the scope of number of other notions such as the qualified website authentication certificates (used to verify the identity of persons or legal entities behind a website). This identity data has to be displayed in a user-friendly manner. In case of substantiated security concerns, web browsers are allowed to take precautionary measures related to these certificates
The text still needs to be formally adopted by the Parliament and the Council before it can be published in the EU’s Official Journal and enter into force. "
