The proposed alteration to how web browsers manage website authentications has raised significant industry concerns. Under the eIDAS regulation, EU member states would have the authority to issue certificates of trust, which web browsers must accept as valid. Additionally, browser providers would be prohibited from removing these certificates, even in cases of detected malicious activities, unless
Several months ago, we highlighted the EU's efforts to address internet issues, which experts predict could result in a privacy and security crisis for citizens. Now, according to TechRadar, even VPN services may not be sufficient to protect online anonymity if the proposed law passes in its current form.
Dubbed eIDAS 2.0, the controversial regulation is a revision of the EU's digital identity law, initiated in 2020 and nearing completion. It aims to alter how web browsers handle security and website authentication, while also introducing an identification app (EU ID Wallet) for all Europeans.
Ready, Set, Save! Explore Shurfshark Deals Today!
Security-focused entities like Mozilla and various experts including cryptographers, computer scientists, and privacy advocates have cautioned against the potential dangers posed by these proposed measures. Harry Halpin, CEO of Nym Technologies, expressed shock, emphasizing the perceived risks associated with the legislation.
Halpin, a computer scientist with firsthand experience of invasive government surveillance, criticized the proposed changes, describing them as "super dangerous" and questioning the understanding of the European Parliament. He highlighted the potential obsolescence of his efforts to enhance online anonymity through NymVPN.
The proposed alteration to how web browsers manage website authentications has raised significant industry concerns. Under the eIDAS regulation, EU member states would have the authority to issue certificates of trust, which web browsers must accept as valid. Additionally, browser providers would be prohibited from removing these certificates, even in cases of detected malicious activities, unless expressly permitted by the member state.
Discover Hot Deals on Nord VPN - Start Saving Now!
Carmela Troncoso, a computer engineer and EPFL professor, warned of the severe implications of this shift, arguing that it places undue security responsibilities on member states, endangering the integrity of the entire internet.
Halpin echoed these concerns, suggesting that the proposed legislation could enable extensive government surveillance, surpassing even regimes in China and Russia. He argued that not even the most secure VPNs would be able to prevent such interference, as governments could intercept traffic at the browser level.
While Halpin acknowledged potential benefits of VPNs, such as spoofing IP addresses to evade European restrictions, he emphasized the overarching threat posed by the proposed legislation.
Get More, Spend Less at Private VPN Today!
The European Commission, while dismissing security concerns, has only agreed to a provisional text at the time of writing. Opera's VP of IT and Security, Christian Zubel, expressed optimism that the final version may undergo revisions. However, experts anticipate the agreement to be finalized by the end of March, ahead of upcoming European elections in June.
Despite lawmakers acknowledging industry feedback by adding clarifications, concerns remain regarding the legislation's potential to increase surveillance, censorship, and cyberattacks. Halpin warned of the cybersecurity risks associated with conducting internet activities within Europe under the proposed regulations.
