The certificate reportedly allowed the Kazakhstan government to intercept and decrypt HTTPS traffic – essentially monitoring citizens’ Internet usage. The government claimed that the certificates were being used as part of a cybersecurity training exercise. ZDNet explains, “The government’s explanation did, however, make zero technical sense, as certificates can’t prevent mass cyber-attacks and are usually used only for encrypting and safeguarding traffic from third-party observers.”
The big four browser-makers – Apple, Google, Microsoft, and Mozilla – have now blocked the certificate in their respective software. This means that after the ban, even if users in Nur-Sultan have the certificate installed on their device, the browsers will refuse to use them – meaning users’ data will remain secure, and out of the hands of Kazakh officials.
It’s not the first time the four companies have united to make the Internet a more secure place. Back in August 2019, a similar certificate used to intercept traffic for various Russian and English-speaking social media sites was also blocked in Kazakhstan.