289
submitted 1 year ago* (last edited 1 year ago) by aranym@lemmy.name to c/technology@beehaw.org

In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments that will easily negate the existence of censorship circumvention tools.

While motivated by a legitimate concern, this move to block websites directly within the browser would be disastrous for the open internet and disproportionate to the goals of the legal proposal – fighting fraud. It will also set a worrying precedent and create technical capabilities that other regimes will leverage for far more nefarious purposes. Leveraging existing malware and phishing protection offerings rather than replacing them with government provided, device level block-lists is a far better route to achieve the goals of the legislation.

top 50 comments
sorted by: hot top controversial new old
[-] Hotzilla@sopuli.xyz 71 points 1 year ago* (last edited 1 year ago)

This is just plain stupid.

Forcing browser to block certain sites is like making car manufacturers make the car shutdown if you are trying to smuggle foreign cheese in to France.

Tech illiterates making the decision here.

[-] fear@kbin.social 16 points 1 year ago

Don't give France any ideas.

[-] mobyduck648@beehaw.org 10 points 1 year ago

As an Englishman I feel it’s my calling to smuggle cheddar and Wensleydale into Normandy.

[-] Morphit@feddit.uk 6 points 1 year ago

Liberté, égalité, fromagé ou la mort!

[-] otter@lemmy.ca 30 points 1 year ago

Could companies just refuse, and place a "this product is not available in your country" on the download page

If people download the incompatible browser anyways then ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

[-] aranym@lemmy.name 16 points 1 year ago

Theoretically yes, but I'd think that would just result in users switching to browsers which do comply with the law (Chrome, probably)

[-] Taleya@aussie.zone 10 points 1 year ago

...you do not understand users.

[-] aranym@lemmy.name 22 points 1 year ago* (last edited 1 year ago)

Do you genuinely believe an average computer user, when presented with a block page, would attempt to circumvent it?

Maybe a small minority would, but overall I find it extremely unlikely. It takes a lot less effort to just download an alternative.

[-] Taleya@aussie.zone 15 points 1 year ago

The average computer user is terrified of change so if they couldn't dl chrome they'd mass google 'how to download chrome when blocked ', then land on a reddit thread of people complaining they can't dl chrome where someone posts the exe or msi and leap on it.

[-] aranym@lemmy.name 12 points 1 year ago* (last edited 1 year ago)

We've already seen this play out in several countries where web blocking is widely implemented (eg Russia, China.) People (generally) flock to state-endorsed alternatives rather than going through the effort of finding bypasses.

(As an aside, Chrome would probably comply with it. It'd be a lot more damaging for them than smaller browsers to block the entirety of France.)

[-] Taleya@aussie.zone 9 points 1 year ago

China's a bit of a bad example as it's got extremely heavy cultural indoctrination that reinforces the tactic - and even then it's not entirely successful.

Russia is notoriously the home of lip service while violating the letter of the law in every way imaginable

load more comments (1 replies)
[-] gabe@literature.cafe 26 points 1 year ago

What in the ever loving hell is up with France's current government right now? It's like Macron has said fuck it, lets give the fascists a way to sneak in

[-] gaael@beehaw.org 13 points 1 year ago* (last edited 1 year ago)

It's not just right now : this president has been here since 2017 and most of the core ministers are the same since then.

They have been cracking down on civil liberties from the start, but they make it more and more obvious since 2022 (because there is no re-election possible after 2 terms). Using anti-terrorist special legislatilns against environmental and himan rights activists, making demonstrations repression ever more violent...

At the same time, to guarantee that pseudo-centrist (actually right wing) keep getting elected, they have worked to make the far right more powerful. This way, in every election, they can end up being the "rational" choice.

load more comments (1 replies)
[-] schnurrito@discuss.tchncs.de 4 points 1 year ago

Current government right now? I don't remember any time when French politicians were friendly to the free and open Internet. Used to be that copyright was the main concern, nowadays not anymore.

load more comments (1 replies)
[-] Nonameuser678@aussie.zone 25 points 1 year ago

This Macron guy is really trying to make people hate him isn't he. At this point it feels like he actually wants the French to burn shit.

[-] Mlkall@kbin.social 11 points 1 year ago

Macron is a malodorous shit stain fascist mother fucker. I'm ashamed of my fellow citizens who voted twice for this human error.

[-] noodle@feddit.uk 9 points 1 year ago

Disclaimer, I'm not French. But it seemed like the alternative was Le Pen and from what I've read she would certainly be more of a shitstain fascist, just with a populist tinge.

[-] Plume@beehaw.org 3 points 1 year ago

Yup. We voted for him in the second turn of the elections because, it was either that or facism... and we got facism-lite (less and less lite, with each passing day) laying the ground work and colluding with Le Pen and her cronies. Fucking wonderful.

load more comments (1 replies)

I've said it already, and I'm saying it again :

France politics have 3 paths :

  • Kinda extreme left ; anti vaxxers, anti nuclear, pro islam, pro immigration, anti NATO, anti Europe, pro-russia and pro-dictatorships overall (Mélenchon)

  • Extreme right : anti ecology, deeply pro-rich (anti union), overall neo-fascists as you would except, very much anti Europe, anti NATO, pro-putin and pro-russia. (le Pen)

  • Macron, who is pro-rich, but not pro-putin and kinda Nato-friendly and Europe friendly.

We need to build back guillotines.

[-] MonsieurPi@feddit.it 5 points 1 year ago* (last edited 1 year ago)

C'est tellement n'importe quoi comme généralisation que c'en serait presque drôle si ce n'était pas grave. Dire que ia France Insoumise c'est l'extrême gauche antivax, sérieux, un peu de culture politique ça ferait pas de mal, non ? Vous êtes à deux doigts d'écrire que ce sont des islamo-gauchistes. Et c'est quoi cette description toute gentille du macronisme ? Le macronisme est une nouvelle émanation de l'extrême centre comme on peut le voir depuis des années. Anti-syndicat, anti-peuple, neo-libéral etc.

Au moins vous avez bien décrit l'extrême droite, félicitations, 1 sur 3 c'est pas mal.

Edit: English version

It’s such an absurd generalization that it would be almost funny if it wasn’t serious. To say that France Insoumise is the extreme left antivax, seriously, a little political culture would not hurt, right? You’re about to write that they are Islamo-leftists. And what is this nice description of Macronism? Macronism is the new emanation of the extreme center as we can see for years. Anti-syndicate, anti-people, neo-liberal etc.

At least you described the far right well, congratulations, 1 out of 3 is not bad.

load more comments (3 replies)
[-] magnor@lemmy.magnor.ovh 4 points 1 year ago

Since when is our leftwing anti vax ? What have you been smoking ? And what the hell does pro Islam even mean ?? I'm baffled. This is inaccurate as all hell.

load more comments (3 replies)
load more comments (5 replies)
[-] nixnoodle@beehaw.org 22 points 1 year ago

While I could see maybe the larger companies operating in France agreeing to implement this, I don't think they would be able to legally force a smaller foreign open source browser developer into the same practice? Take qutebrowser for instance, the developer is from Switzerland. Unless their website is hosted in France, I don't see how French law applies to him, nor the site he is hosting the browser on? They would have to use ISPs to block the website, but even then, you could still get it through GitHub. Maybe GitHub could be forced into removing the browser as Microsoft probably have a French office, but it still seems like a legal and practical nightmare to actually enforce this through the browser. As someone else mentioned, pushing rules on ISPs seems like a more doable thing if you WANT to oppress people (which I am also against of course).

[-] styx@beehaw.org 5 points 1 year ago

While they may not be able to force small developers, they can force the users by deeming all browsers that do not implement this feature illegal. This possibly will not work on the tech savvy, but standard users (the majority) will be affected.

[-] nixnoodle@beehaw.org 13 points 1 year ago

That's true, I was just so baffled by how inconvenient and inefficient this suggestion was. I'm reminded of one of these photos, which I think have been used for many internet proposals/legislations in the past:

load more comments (1 replies)
[-] irasponsible@beehaw.org 4 points 1 year ago

Wouldn't it end up implemented somewhere inside Chromium?

[-] nixnoodle@beehaw.org 8 points 1 year ago

Probably, but in theory you would be able to take out in a fork. Inconvenient, but doable hopefully.

[-] lntl@lemmy.sdf.org 19 points 1 year ago

Ill compile Firefox if I need to

load more comments (2 replies)
[-] Plume@beehaw.org 17 points 1 year ago

Why does my country keeps doing shit like this! I wasn't even aware of that one, what the hell! ;-;

[-] moitoi@feddit.de 16 points 1 year ago

France is a fallen democracy. It became law after law more authoritarian in an Orban/Poland style. The last move of the government give some ints if the politics are still in power or if it become a police state. For those who aren't aware of this last move in the country, after nearly killing someone, a cop was preventively put in jail according to the law. Nothing wrong here. But, the police unions voiced this was not acceptable and made proposal so cops could not jailed preventively. The gov just said "we are going to look at the proposal" without rejecting them even if these proposal are against the rule of law and Principe of democracy.

More about this shitshow

load more comments (2 replies)
[-] lloram239@feddit.de 15 points 1 year ago

Why target the browser for fraud prevention? How about targeting banks? They are the middle man for almost all the online fraud that is happening and would have an relatively easy time to shut it off. Make them liable for all the money that leaves the bank account without the users expressed consent and it wouldn't take long until they introduce security measures that actually work.

[-] myrmidex@slrpnk.net 5 points 1 year ago

Ex-banker president targets banks... Now that'd be quite an unexpecred headline! Shame it'll never be.

[-] jonsnothere@beehaw.org 4 points 1 year ago

I have to disagree here. Disclaimer: I work for a bank but not super into the core financial stuff. Firstly, banks are already super heavily regulated; anti money laundering, terrorism financing, know your customer, etc. The reason crypto takes minutes for international transfers and banks can take days isn't because of technology, it's all of those checks on fraud happening. All the money leaving a bank account is, barring very advanced fraud, with the user's consent, but in fraud cases this is often done via social engineering (calling someone to get their codes from their bank card reader, or pretending to be a family member in need).

load more comments (1 replies)
[-] bbbhltz@beehaw.org 12 points 1 year ago

Interesting share. Thanks.

I live in France and we are more interested in the part of this law that wants to put age restrictions on pornographic websites, so this is the first I've heard of it.

Jean-Noël Barrot, a business school graduate, is Minister for Digital Transition and Telecommunications. He is the leader on this project.

As noted by Mozilla, it comes down to 2 paragraphs, but I've included the paragraphs before and after below. This law overlaps with European regulation too:

Article 6

  1. Article 12 of the aforementioned law no. 2004-575 of June 21, 2004 reads as follows:

  2. "Art. 12 - I. - When one of its specially designated and empowered agents observes that an online public communication service is clearly carrying out operations constituting the offences referred to in articles 226-4-1, 226-18 and 323-1 of the French Penal Code and article L. 163-4 of the Monetary and Financial Code, the administrative authority shall give formal notice to the person whose activity is to publish the online public communication service in question, provided that it has made available the information referred to in article 1-1 of the present law, to cease the operations constituting the offence observed. It also informs the offender of the precautionary measure referred to in the second paragraph of paragraph I of this article, and invites the offender to submit his or her observations within five days.

  3. "At the same time, the administrative authority notifies the electronic address of the service concerned to Internet browser providers within the meaning of Article 2, paragraph 11 of Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on fair and competitive contracts in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828, for the purposes of implementing precautionary measures.

  4. "As a precautionary measure, the recipient of a notification shall immediately take all necessary steps to display a message warning the user of the risk of prejudice incurred in the event of access to this address. This message is clear, legible, unique and comprehensible, and enables users to access the official website of the public interest grouping for the national system to assist victims of cyber-malicious acts.

source

[-] jarfil@beehaw.org 3 points 1 year ago* (last edited 1 year ago)

display a message warning the user

Do I understand correctly, that browsers would NOT BLOCK the access, but just have to display a warning?

If that's the case, then Mozilla's defense of using Google's services to decide when to display such warning, instead of allowing France to create non-Google mechanisms to achieve the same, seems like a mistake.

[-] bbbhltz@beehaw.org 4 points 1 year ago

I read through the entire thing, in French, and it references several other laws and European regulations. The browser part is only in those paragraphs of the bill, but those paragraphs are referenced throughout the bill so there might be more to it. The whole bill is 91 pages long.

It was adopted on 5 July, by the way...

The blog post from Mozilla does say, "France’s browser-based website blocking proposal will set a disastrous precedent for the open internet," so the precedent here is what they're worried about.

[-] jet@hackertalks.com 9 points 1 year ago

I'm philosophically against this idea. But on the other hand why is this being implemented in the browser? Why isn't France asking it's ISPs to block the hosting address of the sites. Or the DNS. Going after the endpoints it seems silly. Because now every single browser in the country is going to have a list of the " good websites ".

[-] evilviper@beehaw.org 5 points 1 year ago

I'd imagine it's easier being the bad guy to a bunch of american browser companies rather then to all your local ISPs.

[-] Jomn@jlai.lu 5 points 1 year ago

France already does DNS blocking. It honestly has near to no impact, since targeted websites (usually digital piracy related stuff) just change the domain.

load more comments (1 replies)
load more comments (1 replies)
[-] noodle@feddit.uk 9 points 1 year ago

This is how you end up with no browsers except Opera and Edge.

I'm just glad it isn't the UK proposing something this dumb. We're doing enough stupid shit as it is.

[-] Deceptichum@kbin.social 9 points 1 year ago

I vote sites block France.

On that note, how would one go about blocking all visitors from a geographic region?

[-] Excrubulent@slrpnk.net 9 points 1 year ago

GeoIP lookup. Pornhub did it recently to protest certain states' laws that would require them to check IDs of visitors.

[-] runefehay@kbin.social 5 points 1 year ago

It isn't very accurate. I live in Idaho, and my phone's geoip shows up all over the United States. Currently it says Utah, last time I checked.

[-] Excrubulent@slrpnk.net 4 points 1 year ago

Well, short of trusting the users themselves to volunteer their location, it's the best we've got.

[-] elfahor@lemmy.blahaj.zone 3 points 1 year ago

Think of us poor French citizens stuck with this shitty government

load more comments (1 replies)
[-] Im28xwa@lemdro.id 6 points 1 year ago

Hell no, what a fucking stupid idea

[-] simonced@lemmy.one 6 points 1 year ago

If they don't want browsers to access the site, why keeping the site open in the first place? And if only regulated people have to access it, they can just share a ssh key or something to grant access, I don't see big problems here. Am I missing something?

[-] Black_Gulaman@lemmy.dbzer0.com 4 points 1 year ago

It can be used by the state as a tool for oppression. Not necessarily to be used as proposed originally, like what the US did during their war on terror.

[-] sculd@beehaw.org 5 points 1 year ago

The article is not very clear about what exactly the proposal mandate. Create the means for browser to block websites, or forces browser to block certain websites by the geolocation they are operating in?

Because I don't understand how the later would work.

From the wording it seems like they are only asking browser developers to provide a function to block websites. (maybe byimporting a block list?)

load more comments (1 replies)
load more comments
view more: next ›
this post was submitted on 05 Aug 2023
289 points (100.0% liked)

Technology

37754 readers
306 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS