7
Google decides it won't comply with EU fact-checking law
(www.engadget.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 17 Jan 2025
7 points (88.9% liked)
Technology
73606 readers
1526 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
It would likely be impossible to redirect google.com without either sparking a cyberwar or building something like the great firewall of China, quite possibly both.
Blocking is somewhat possible, but to redirect, they would have to forge google certificates and possibly also fork Chrome and convince users to replace their browser, since last I checked, google hard-coded it's own public keys into Chrome.
Technical details
I say blocking in somewhat possible, because governments can usually just ask DNS providers to not resolve a domain or internet providers to block IPs.The issue is, google runs one of the largest DNS services in the world, so what happens if google says no? The block would at best be partial, at worst it could cause instability in the DNS system itself.
What about blocking IPs? Well, google data centers run a good portion of the internet, likely including critical services. Companies use google services for important systems. Block google data centers and you will have outages that will make crowd-strike look like a tiny glitch and last for months.
Could we redirect the google DNS IPs to a different, EU controlled server? Yes, but such attempts has cause issues beyond the borders of the country attempting it in the past. It would at least require careful preparations.
As for forging certificates, EU does control multiple Certificate authorities. But forging a certificate breaks the cardinal rule for being a trusted CA. Such CA would likely be immediately distrusted by all browsers. And foreig governments couldn't ignore this either. After all, googles domains are not just used for search. Countless google services that need to remain secure could potentially be compromised by the forged certificate. In addition, as I mentioned, google added hard-coded checks into Chrome to prevent a forged certificate from working for it's domains.
There's probably a way to redirect without validation. Only respond to port 80 if needed, then redirecr. Sure the browser might complain a little but it's not as bad as invalid cert.
Maybe for some rando site, Google and any half competent site has HSTS enabled, meaning a browser won't even try to connect with insecure HTTP, nor allow user to bypass the security error, as long as the HSTS header is remembered by the browser (the site was visited recently, set to 1 year for google).
In addition, google will also be on HSTS preload lists, so it won't work even if you never visited the site.
That makes me realize, what kind of country doesn't cobtrol it's dns space's encryption certificates. That's a major oversight.
What? What do you mean "DNS space"? Classic DNS does not have any security, no encryption and no signatures.
DNSSEC, which adds signatures, is based on TLDs, not any geography or country. And it is not yet enabled for most domains, though I guess it would be for google. But obviously EU does not control .com.
And if you mean TLS certificates, those are a bit complicated and I already explained why forging those would be problematic and not work on Chrome, though it could be done.
Yes I mean tls certs as those control what dns records are considered valid. The Eu should control which tls are considered valid within its territory and that should be considetedpart of their security apparatus. It's crazy irresponsible to have left that up to unaccountable private foreign entities. This is what would make it difficult to control their own independant version of the dns namespace.
No. At the end of the day, I control which certificates I consider valid. Browsers just choose the defaults. There is no way I quietly let some government usurp that power, considering how easy to abuse it is.
No they don't. That is not what TLS really does. But I guess close enough.
Ok but my grandma can't
Even more reason to have relatively neutral organizations transparently curate the list of trusted CAs. While I am sure governments also closely monitor the process and would step in if they deemed it a threat.
Google is a threat. They should know they can be subverted if they continue in their ways with the questionably ethical human experimentation (for instance, undisclosed A/B testing including full context)
What does that have to do with TLS?
One of the reasons to create a domestic redirect of google.com
So we come full circle. The government having the ability to impersonate a site is exactly what I believe must not happen.
If the EU wants to create search.eu or any other search site, more power to them. I certainly wouldn't use it, but hey, if you want to trust them, you can.
If they want to block google search... Eeeeh... I guess that is fine?
But they shouldn't be able to create a fake certificate for google.com or any site for that matter, not only allowing them to impersonate the site, but also intercept encrypted traffic between users and that site.
So no. Governments should not control the TLS infrastructure.
TLS certificate infrastructure is a major national security concern. Sure, for religious reasons it can be controlled by a private entity but the governement is certaily already pullibg all the strings there. The problem in the EU is this control is in America now. So they need to wake up and have their own. Then the can enforce a google ban and seamless redirect to search.eu or whatever. The important thing is to both block google while not breaking the search button on everything that foolishly hardcoded google.com in the code.
You obviously have no idea what you are talking about. America does not have any more or less of an ability to forge certificates compared to Europe.
Not wanting to live in a surveillance state is not religious, it's common fucking sense.
There is 0% possibility the US gov cannot publish a certificate in all major browser that could usurp any dns from a registrar in a country under US dominance.
Just because they haven't used that card uet doesn't mean they can't. The clearnet is already a surveillance cesspit. There is no escaping state forces anywhere on it.
It's just the europeans being complacent about leaving this capability to the americans. For now they depend un US cyber command for it, and they won't do it to google for the sole benefit of europeans.
There is 0% possibility the US gov could do it covertly.
Sure, they could force it overtly but the rest of the world would have forks of Browsers like 15 minutes after it went through.
Besides, there is no need to go after the browsers. If you want a fake cert for a few days, EU has trusted certificate authorities just like the US that can issue a cert for any website (CAs are usually not restricted to specific TLDs). The CA would just get removed from browsers within days, same as browsers being replaced.
PS: Btw, iTrusChina is also a trusted CA. If the US is not concerned about their main adversary, China, forging certificates, why should EU be worried about an ally doing so?
Nah. Demanding the ISPs to block traffic to Google domains would be quite effective.
This isn't like the great firewall of chine where you want to prevent absolutely all traffic. If you make it inconvenient to use, because CSS breaks or a js library doesn't load or images breaslk, its already a huge step into pushing it out of the market.
Enterprise market would be much harder, a loooot of EU companies rely on Google's services, platforms and apps, and migrating away would take a lot of time and money.
Filter it based on what? Between ESNI and DNS over HTTPS, it shouldn't be possible to know, which domain the traffic belongs to. Am I missing something?
Edit: Ah, I guess DNS over HTTPS isn't enabled by default yet.
China blocks ESNI and DoH. You have to find a DoH server that is not well known and have to fake the host name.
But if you actually do that, lol
IP block it. Boom there goes eSNI and DNS.
Sure, it's crude, but again: it doesn't have to perfect, it just needs to create havoc with Google services to push away a regular user, who has no idea what DNS even is.
A better approach though is to fine Google, with a % of revenue increasing until compliance. They'll very quickly be incentivised to comply or shutdown.
The whole argument was about blocking search only, considering the damages suddenly completely blocking google would do. Yes, you can block google data centers completely, but dude, would that cause chaos.
I said that multiple times already.
Worthwhile chaos. It's exactly that fear of consequences that enables their power
Unnecessary chaos
Taking a stance against corporate overreach feels extremely necessary to me.
That is like saying standing up to authoritarianism is extremely necessary, while proposing to drop nukes on Russia. There are 100 better ways to do it.
Yes you're right, blocking a single corporation is totally similar to dropping a nuclear weapon on a civilian site, you've shown me the error of my ways.
Holy fucking hyperbole, Batman!
When looking at the relative difference between cost of your solution, it's benefits and cost of normal solutions, yes. It is extremely similar.
But go ahead nitpicking my exact choice of comparison instead of addressing the glaring issue with your argument.
What "normal solutions" are actually in progress with any real potential of happening? Be for fucking real.
Meanwhile what insane doomsday scenario do you think would happen if Google services were banned and people had the given period to find alternatives?
You're talking about a fantasy solution that doesn't exist then blowing the consequences of this possible action wildly out of proportion in gross hyperbole.
Fines.
Besides, your solution is in progress or "has better chance" of happening? Wake the fuck up.
Google runs 12% of all cloud services through google cloud. Yes, I expect a "doomsday scenario" if you just shut that down.
Sure, give people and companies 5-10 years to migrate and it will probably be fine in terms of chaos, though I would still be very interested to know how many billions of € would the migration cost.
I think people and societies are vastly more resilient that you're implying, and would survive an admittedly complex 6 month period to switch necessary services. Would it be hard? Yeah absolutely. But I've never accepted "but it's so hard!!" as valid reason to hold off positive progress.
Progress towards what? People migrating to equally scummy Amazon and Microsoft? What possible progress could blocking google bring, that it would be worth people potentially going without paychecks because accounting sw was not working. Or being unable to access services because they register with gmail they can no longer access. Factories shutting down because their logistics tracked everything in a google spreadsheet they can no longer access and have no backup.
Not to mention people who could outright die if some hospital software somewhere relies on some google service.
None that insane hyperbole doomsday scenario would happen. None of it.
Ok, I disagree, but let's say it wouldn't. You admit yourself it would still be hard. What is the advantage of doing it? What is that mythical "progress" of yours, that would be achieved by blocking google cloud, as opposed to just search and whatever other problematic service?
Step one in saving us from the oncoming corporate technocracy?
How does pushing people from google to Amazon/Microsoft cloud achieve that? Or do you expect people and companies will magically not need cloud services anymore?
My friend, you yourself have been implying this whole time that Google's infrastructure is too vital and important to remove - how do you not see that this means they are too powerful? Remember trust-busting? Remember anti-monopoly activism? Nobody thought that by breaking up the railroads people wouldn't need trains anymore, but they understood the danger of allowing a single company to have such market dominance and what it that would mean for consumers. Same thing here. And yes, I'm aware this requires continual diligence as the phone companies that were once PacBell are now bigger than it was, but that lacking of failure to continue enforcing anti-trust doesn't mean the concept is wrong.
No single company should be allowed to have such influence that very idea of them going away leads to the very doomsday considerations we've been talking about. That's what this is all about.
How do you not see, that banning one company would just increase the monopoly the remaining companies hold?
Google is not even the largest cloud provider. Amazon's AWS has 30%, Microsoft's Azure 20%, Google is third with 12%.
You can't "bust monopolies" by reducing the number of options. You need to increase the number of competitiors.
That's exactly what the US government did under Teddy Roosevelt when it forced by law these large entities to divest and break up into smaller ones not subsidiarized to each other. And yes, they should also do this to Amazon and Microsoft.
edit: I guess I should say I understand they can't force them to break up in this instance, but they can simply state they won't do business with the entities at present and recommend it. If that doesn't happen, I am confident other savvy investors will be happy to fill any hole left by these giants. The world will keep turning, I promise.
Right, so if you massively extend your proposal, it could maybe make sense to a nontechnical person. Congratulations. Your original idea of just blocking google is still stupid and counterproductive to your stated goal.
Anyway, the real issue isn't lack of competitors. It is vendor lock-in and lack of independent data backups. It would take significant effort for most companies to migrate from one cloud provider to another, since different providers use slightly different, incompatible technologies. And of course, if a cloud provider went down suddenly, a lot of data would be lost.