this post was submitted on 18 Feb 2024
-9 points (33.3% liked)

Europe

8484 readers
3 users here now

News/Interesting Stories/Beautiful Pictures from Europe πŸ‡ͺπŸ‡Ί

(Current banner: Thunder mountain, Germany, πŸ‡©πŸ‡ͺ ) Feel free to post submissions for banner pictures

Rules

(This list is obviously incomplete, but it will get expanded when necessary)

  1. Be nice to each other (e.g. No direct insults against each other);
  2. No racism, antisemitism, dehumanisation of minorities or glorification of National Socialism allowed;
  3. No posts linking to mis-information funded by foreign states or billionaires.

Also check out !yurop@lemm.ee

founded 1 year ago
MODERATORS
poVoq@slrpnk.net
-9
Mozilla website pushes serious eIDAS misinformation to political decision makers and public (groups.google.com)
submitted 9 months ago* (last edited 9 months ago) by HowRu68@lemmy.world to c/europe@feddit.de
17 comments fedilink hide all child comments
 

Note: Since for more than a year I've been reading about the downsides of the eIDAS legislation. Their sources where mostly DOT.com US entities. The same stuff happened when the EU implemented the new GDPR and now similar things happen with the. upcoming eIDAS 2.0 and the the upcoming AI law. Here I outline the EU position to clarify the situation. This isn't news, but Since the anti e-IEDAS campaign keeps pushing the agenda it's still relevant imo.

"The discussion on the eIDAS Regulation has entered its most important phase in the European Parliament and Council. Mozilla has recently launched a campaign in the form of a website aimed at political decision-makers, but also the general public.

"As with the Google response, you are taking a very US-centric approach to lobbying that is only going to reduce the chance of influencing the outcome. EU politics are not the same as US politics."

Here( link ESD Experts support decision trilogue; answer to mozilla the overview fact sheet.

Edit 1 & 2: Sorry, no ill intent. It seems something went wrong while shortening & copying this link title:" ESD Experts Support Trilogue Compromise and Emphasize Necessity for Highest Security of the Internet

ESD is a European lobby group consisting of the CEOs of Europe’s leading trust service providers.

all 18 comments
sorted by: hot top controversial new old
[–] Vincent@feddit.nl 8 points 9 months ago* (last edited 9 months ago) (1 children)

I'm sorry, but all this fear-mongering about

This is just another example of US big tech companies trying to control all decisions about security to favor their own commercial interests

when referring to a non-profit is not really convincing. Especially considering that the open letter calling the proposed changes harmful has been signed by experts and organisations from all over Europe.

I'm not sure what commercial benefits they think Mozilla will get from not being forced to allow untrustworthy certificates, but it's clear that the certificate-minting orgs behind the ESD have a lot to gain if they would be.

(It's unclear to me why you referred to ESD, an industry lobbying group, as a "trilogue" BWT? In an EU context, that usually refers to the European Parliament, Commission and Council.)

[–] HowRu68@lemmy.world -1 points 9 months ago* (last edited 9 months ago) (1 children)

when referring to a non-profit is not really convincing

But Mozilla Corporation which is fully owned by Mozilla foundation is a multimillion dollar industry ( wiki info. So there is that.

There are many non-profit foundations, doesn't mean their sponsors don't have an opinion or agenda.

Also, its seems Google is its primary sponsor: " Most of the revenue of Mozilla Corporation comes from Google (81% in 2022 in exchange of making it the default search engine in Firefox.

Also your post orginated from Mozilla. org. People keep sending mozilla links in their remarks to prove their point; but it is actually validating my concern more and more, and this same observation on the web, was also the reason for my post.

It's unclear to me why you referred to ESD, an industry lobbying group, as a "trilogue" BWT

Very valid point, tnx. I screwed up while copy pasting and shortening titles. No ill intent. I edited the title, again, hopefully it's better now. Not my best day apperantly.

[–] Vincent@feddit.nl 3 points 9 months ago* (last edited 9 months ago)

But Mozilla Corporation which is fully owned by Mozilla foundation is a multimillion dollar industry

Yes, but that money is not going into shareholders' pockets. It can be used by the Foundation to support its mission.

Also, its seems Google is its primary sponsor:

Google is the primary customer. It pays Mozilla, and in return, Mozilla sends people to Google Search.

It also doesn't really matter, since you don't need that argument: Google is already a browser vendor as well. And the same question holds: what commercial benefit do they stand to gain, and how? I also still haven't seen an answer to that question about Mozilla.

Also your post orginated from Mozilla. org. People keep sending mozilla links in their remarks to prove their point; but it is actually validating my concern more and more

Are you saying that Mozilla lied, and that those European experts and organisations did not actually sign that letter? Because it's easy to just search for their name + eidas and verify their actual stance. For example, I just did that for EDRi, whose stance is here:

In the full paper we also explain how the proposal could break web security by forcing government access to the security systems of web browsers, which would have devastating consequences.

(That is not a Mozilla link, btw. Mozilla's website is just an easy place to link to since it has rallied people around the cause and aggregated their voices to a single place, but it refers to a very diverse group of actors, many of whom have no financial benefit to gain. Whereas the lobbying group you're linking to is just representing a group of CAs.)

[–] kbal@kbin.melroy.org 8 points 9 months ago* (last edited 9 months ago) (1 children)

EU trilogue answer to mozilla

That link is not to an EU trilogue as I gather the term is normally used. It is to some kind of lobbyist group representing industry participants who presumably stand to profit in some way from the legislation as proposed. It is full of disingenuous nonsense such as "Mozilla already accepts QWACS β€” so how can Article 45.2 be a problem for Mozilla?" It completely ignores the substance of Mozilla's complaint.

There is no need for problematic legislation interfering with everyone's web browsers in order to get them to accept these cert authorities: The makers of web browsers will absolutely be happy to do so, as long as they are not used for anything nefarious. If this is the best that "European Signature Dialog" can come up with, all it demonstrates is that there is absolutely no reason not to make the changes that Mozilla and others call for.

[–] HowRu68@lemmy.world 0 points 9 months ago* (last edited 9 months ago) (1 children)

I just saw my typo and I edited the name from EU ESD to European ESD.

I was looking for more context and information on the matter. Mozilla is a multimillion dollar US company and lobbyist too.

The ESD trilogue is an ( alternate) take on the mozilla concern, and one of the few I could find that isn't from mozilla origin.

Further on, I read mozillas position reflected in your remarks . They have been posted many times aleady on several communities. But, have you found any other new take or source on the ongoing e-iDAS 2.0 issues?

[–] kbal@kbin.melroy.org 1 points 9 months ago (1 children)
[–] HowRu68@lemmy.world 1 points 9 months ago (1 children)

Tnx, but I was hoping for a new take. Unfortunately it's an open letter signed byUS companies and institutions, like ICANN and the Internet Architecture Board. Also the letter adresses similar concerns about the same art 45 as Mozilla

It does somewhat validate my ealier point that it seems that the issue is also about the loss of digital power from US companies and institutions.

[–] kbal@kbin.melroy.org 3 points 9 months ago* (last edited 9 months ago)

Nothing much is new since then so far as I know. Here's more recent coverage from the EFF.

Edit: Further web browsing turns up the latest open letter which has signatures from "552 scientists and researchers from 42 countries, as well as numerous NGOs."

[–] Nighed@sffa.community 3 points 9 months ago (2 children)

Can I have an ELi5?

[–] kbal@kbin.melroy.org 5 points 9 months ago (1 children)

Some people want to legally compel your web browser to trust ssl cert authorities blessed by national governments, even if they become untrustworthy.

[–] HowRu68@lemmy.world 2 points 9 months ago (2 children)

Actually, it seems that eIDAS 2.0 won't do that for webbrowsers, as I recently learned from EU comments on that issue.

But you prefer that a commercial US company issues them likeDigiCert ?

[–] 2xsaiko@discuss.tchncs.de 1 points 9 months ago* (last edited 9 months ago)

Browsers aren't mandated by law to include DigiCert root CA. If they pull sketchy shit they'll get grilled faster than you can say "self-signed certificate": https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/heXVr8o83Ys

edit: ah, I just read the whole mailing list thread, I see the argument now

[–] kbal@kbin.melroy.org 1 points 9 months ago (1 children)

The Register has also covered it recently and specifically talks about the "2.0" version.

[–] HowRu68@lemmy.world 1 points 9 months ago (1 children)

" Lawmakers in Europe are expected to adopt digital identity rules that civil society groups say will make the internet less secure and open up citizens to online surveillance."

Also the Register literally quotes mozilla " As Firefox maker Mozilla put it:

This enables the government of any EU member state to issue website certificates for interception and surveillance which can be used against every EU citizen, even those not resident in or connected to the issuing member state. There is no independent check or balance on the decisions made by member states with respect to the keys they authorize and the use they put them to."

Why are you using US sites for EU legislation? Here the current state of affairs. Its an ongoing process.

Revision of the eIDAS Regulation – European Digital Identity (EUid)*

[–] kbal@kbin.melroy.org 3 points 9 months ago (1 children)

The Reg is not a USA-based publication. There are an abundance of non-Mozilla sources on this topic, some of which it links to. Mozilla is not some sinister conspiracy. I don't know what motivates your crusade against them. Possibly the same kind of disinformation that some of the more optimistic eIDAS proponents hope it can somehow prevent.

[–] HowRu68@lemmy.world 1 points 9 months ago

I don't know what motivates your crusade against them.

I am not. I just wonder why, mozilla seems to be the major source of most publications against the eIDAS.

I thought my intro was fairly nuanced and contextual. I was looking for other and new viewpoints towards the eIDAS discussion, which are not using or quoting mozilla and art 45. Or sources with a different opinion or take on the matter.

Mozilla is not some sinister conspiracy.

Never said it was. I like privacy that's why I'm concerned and interested.

But the ESD experts did say it was misinformation, and like they claim mozilla is being payed by Google according to wiki and pc magazine

But apperantly you trust mozilla more though they just follow a business model. So maybe its all about trust. I will remain critical and see how it develops.

[–] HowRu68@lemmy.world -1 points 9 months ago

Context and FYI, official eIDAS site

The eIDAS Regulation:

  • ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services available online in other EU countries;
  • creates a European internal market for trust services by ensuring that they will work across borders and have the same legal status as their traditional paper based equivalents.

There is and was also critique see this post and some reactions there. Especially, check the open letters ( eg. open letter ) from privacy watchdogs.