Serious New Privacy Issue
I recently got seriously worried when I became aware about the new AI firewalls these days, which monitors or inspect SSL encrypted packets, before the packets reach to the main website. These new AI firewall systems are installed in some countries by their governments to suppress free speech, or just spy on its people. These firewalls, as you may already know, uses DPI-SSL system, which decrypts packets traveling from user to the main website. To decrypt the HTTPS packets, these firewalls uses its own self signed CA certificates. So I am asking the firefox developers, that why you guys allow this privacy issue? Does the packets sent from a firefoxe browser to other websites are also decrypted, by these firewalls? If yes, then why you guys allow this? Firefox must ONLY allow a specific CA certificate made for firefox browser only. Firefox browser must never let other third party softwares, or any software, to decrypt its encrypted packets. This is a serious privacy issue. With these firewalls, they can see what users write in chats, or posts, they can see witch content we are watching on a website, they can see who we follow on social media platforms, they can see which content or posts we like and etc. Even passwords are not safe anymore, which e use for any website of platform. When passwords are not safe, so does our accounts of various websites. This is a serious privacy breach.
These firewalls is a weapon for those countries which want to suppress free speech or suppress opposition sides in a government or spy on its own people.
Please let me know if I am mistaken or my concerns are genuine.
Všetky odpovede (3)
What makes you think that we allow it? Please read "Certificate cannot be trusted" warning in Kazakhstan.
TyDraniu said
What makes you think that we allow it? Please read "Certificate cannot be trusted" warning in Kazakhstan.
You are talking about certificate installation on user device, but I am talking about self signed certificate installed on ISP server, for those new AI firewalls, which can decrypt packets, coming from user device and going to main website.
TyDraniu said
What makes you think that we allow it? Please read "Certificate cannot be trusted" warning in Kazakhstan.
OK, I now I understand what you said. The certificate must be installed on user devices too, to work properly. Thanks for clearing this issue. I was so much concerned about this issue.