Privacy

31954 readers

458 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

eIDAS 2.0: Browsers VS European "Secret" Legislation (tube.kockatoo.org)

submitted 11 months ago by [email protected] to c/[email protected]

3 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 13 points 11 months ago (2 children)

Any summary or article, I'm not watching the video

[–] [email protected] 5 points 11 months ago

Here's the article from Mozilla explaining their position. There is also this random article from The Record that seems to give a bit more of a detailed explanation from what I skimmed.

[+] [email protected] 3 points 11 months ago (1 children)

[deleted]

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago)

Will you be notified and asked permission before the page is loaded?

I mean, even for self-signed/invalid certificates, most browsers allow you to optionally access the page anyway... it'll show some error page first, but it'll allow you to load it if you explicitly request to continue in the error page itself, right? and you'll get an eye-catching red icon indicating the website is untrusted... why can't browsers implement something similar to that? Just use a different icon and a different page/dialog to opt-in on first visit. Something that isn't as strong as the error page, but that makes it clear to the user which organization/government is responsible for authorizing the access.

But then again... why not simply have that website registered under .id.eu (for example) and have the EU use that DNS for registering/signing subdomains using eIDAS certificates? then there would be no risk for it to potentially poison other top-level domains if it's compromised. And imho, it would be great if when a citizen gets their eIDAS certificate it comes with a personal domain that they can freely use.

I feel I'm not fully understanding here neither what exactly is being asked nor the purpose for asking it.
Is there some more clear and unbiased information on this? ...the way they wanna call it "secret" is also very confusing to me, that smells of FUD... in which way is it "secret"? are there no public details about the request? "secret legislation" feels almost like an oximoron. I feel that what they want to say is that the controversial sections were introduced very late in the process, following some closed-door meetings, but that's no the same thing as the legislation being "secret"...