Thursday, 2 April 2015

Google's about to blacklist thousands of Chinese websites




China's relationship with America's tech firms is barely friendly, but things are about to get that little bit rougher. Google has announced that it'll stop trusting the security certificates provided by China's Internet Network Information Center. The dust-up between the two is pretty dry, but all you need to know right now is that if you visit a website that begins with https:// and ends with .cn, Chrome's about to bombard you with warning messages.


The trouble was caused by MCS Holdings, an Egyptian certification outfit that operated with CINIC's blessing. According to Ars Technica , the company issued certificates that could be used for man-in-the-middle proxies, enabling nefarious types to track otherwise private online activity. Google doesn't believe that MCS was acting maliciously, and blames CINIC for delegating its responsibility to an "organization that was not fit to hold it." According to Google's blog, both the search engine and the CINIC have agreed that the latter's security certificates will no longer be deemed trustworthy by Chrome. There'll be an as-yet unstated grace period for websites to re-certify with a new provider, but after that point, the browser will ask you if you're sure you want to visit a site it considers untrustworthy. Once CINIC has cleaned house, it'll be entitled to reapply for a trusted position in Google's hearts.

There's a little nugget of controversy here, too, since CINIC doesn't necessarily agree with Google's assertions. The Wall Street Journal is reporting that the Chinese agency disagrees with the act, saying that the decision is "difficult to understand and accept." Mozilla users, meanwhile, are also being taken care of, although the team behind the Firefox browser aren't ready to say what their plan is just yet.





No comments:

Post a Comment