EU eIDAS: VPNs won't protect Europeans privacy if law passes, experts warn - eviltoast
    • Sylocule@lemmy.one
      link
      fedilink
      English
      arrow-up
      9
      ·
      9 months ago

      No, that was different. eIDAS is certificate based - those that care will just use a VPN to download a non-EU compliant browser build and only surf with the VPN on. At least that’s my plan.

        • Sylocule@lemmy.one
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          2
          ·
          9 months ago

          But it’s not spyware. The eIDAS law proposes that governments can insert certificates that spoof the originator. A subtle difference.

          I really hope Mozilla don’t comply

          • NocturnalEngineer@lemmy.world
            link
            fedilink
            English
            arrow-up
            9
            ·
            9 months ago

            Still weakening encryption standards.

            It would force the inclusion of a “trusted root” into browsers & OSs with the purpose of allowing government entities to spoof certificates. As certificate pinning is becoming mainstream, I would assume it’ll require browser & app vendors to weaken those controls too.

            You’d hope ECHR’s prior ruling would block this too. For the exact same rationale.

            • aelwero@lemmy.world
              link
              fedilink
              English
              arrow-up
              6
              ·
              9 months ago

              No… That’s spyware with less steps… Theres no cracking, hacking, Trojans etc. involved at all, it’s a direct and straightforward addition of the spyware under color of the states authority.

        • Sylocule@lemmy.one
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          9 months ago

          I’m expecting browser companies to offer EU citizens a browser with the eIDAS cert acceptance baked in but outside the EU as they are now

          • the_third@feddit.de
            link
            fedilink
            English
            arrow-up
            7
            ·
            9 months ago

            Oh dear, I hope no one decides to offer a docker container that creates Firefox builds and takes a switch that turns that behaviour on and off.

  • Riddick3001@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    edit-2
    9 months ago

    " Techradar " is not the best source for legislative journalism, and one could question their credibility about product reviews. Check trustpilot for example; 1 /5 rating.

    Added: Afaik, EU institutions are developing a new legislation for a Euroepean digital future containing biometrics, digital identity and Internet safeguards. The GDPR is a basis for this legislation, so privacy safeguards shouldn’t be an issue. The existing discussion is about the interpretation/ backdoor abuse of the issuing and handling of (root)certificates.of websites, described in art 45.

    Now these certificates are done by businesses and as per 2023 eIDAS EU proposal they should be done by EU and or memberstates. This latter regulation drew the concern of privacy watchdogs. According to the EU itself and the actors involved, it’s rather something more about finding the correct legislative terms, then about the intention to enabling " mass surveillance ". At this moment the new law hasn’t been adopted, as they are still in full discussion mode about the correct version. Also I’m happy about the privacy watchdogs which help contribute to a better legislation . It’s an ongoing discussion and (democratic) process.

    here the new open letter with critique as per nov 2023 towards eIDAS 2.0

    another letter per dec 2023 from the University KU Leuven.

  • unautrenom@jlai.lu
    link
    fedilink
    English
    arrow-up
    4
    ·
    9 months ago

    Nonetheless, experts expect the final agreement to be revealed by the end of March as the Parliament is pushing to close all the open legislative processes before the upcoming European elections scheduled in June.

    So basically, the law’s unlikely to change much before being pushed to vote, which considering how stupid it is, it’s likely to be outright rejected like Chat Control by the Parliement.

    Still, it’s good to raise awareness on the issue.

    • Riddick3001@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      According to the EP legislative train digital age:

      "The regulation also clarifies the scope of number of other notions such as the qualified website authentication certificates (used to verify the identity of persons or legal entities behind a website). This identity data has to be displayed in a user-friendly manner. In case of substantiated security concerns, web browsers are allowed to take precautionary measures related to these certificates

      The text still needs to be formally adopted by the Parliament and the Council before it can be published in the EU’s Official Journal and enter into force. "