In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments that will easily negate the existence of censorship circumvention tools.
While motivated by a legitimate concern, this move to block websites directly within the browser would be disastrous for the open internet and disproportionate to the goals of the legal proposal – fighting fraud. It will also set a worrying precedent and create technical capabilities that other regimes will leverage for far more nefarious purposes. Leveraging existing malware and phishing protection offerings rather than replacing them with government provided, device level block-lists is a far better route to achieve the goals of the legislation.
Could companies just refuse, and place a “this product is not available in your country” on the download page
If people download the incompatible browser anyways then ¯\_(ツ)_/¯
This is just plain stupid.
Forcing browser to block certain sites is like making car manufacturers make the car shutdown if you are trying to smuggle foreign cheese in to France.
Tech illiterates making the decision here.
Ill compile Firefox if I need to
I’m philosophically against this idea. But on the other hand why is this being implemented in the browser? Why isn’t France asking it’s ISPs to block the hosting address of the sites. Or the DNS. Going after the endpoints it seems silly. Because now every single browser in the country is going to have a list of the " good websites ".
France already does DNS blocking. It honestly has near to no impact, since targeted websites (usually digital piracy related stuff) just change the domain.
Why target the browser for fraud prevention? How about targeting banks? They are the middle man for almost all the online fraud that is happening and would have an relatively easy time to shut it off. Make them liable for all the money that leaves the bank account without the users expressed consent and it wouldn’t take long until they introduce security measures that actually work.
I have to disagree here. Disclaimer: I work for a bank but not super into the core financial stuff. Firstly, banks are already super heavily regulated; anti money laundering, terrorism financing, know your customer, etc. The reason crypto takes minutes for international transfers and banks can take days isn’t because of technology, it’s all of those checks on fraud happening. All the money leaving a bank account is, barring very advanced fraud, with the user’s consent, but in fraud cases this is often done via social engineering (calling someone to get their codes from their bank card reader, or pretending to be a family member in need).
While I could see maybe the larger companies operating in France agreeing to implement this, I don’t think they would be able to legally force a smaller foreign open source browser developer into the same practice? Take qutebrowser for instance, the developer is from Switzerland. Unless their website is hosted in France, I don’t see how French law applies to him, nor the site he is hosting the browser on? They would have to use ISPs to block the website, but even then, you could still get it through GitHub. Maybe GitHub could be forced into removing the browser as Microsoft probably have a French office, but it still seems like a legal and practical nightmare to actually enforce this through the browser. As someone else mentioned, pushing rules on ISPs seems like a more doable thing if you WANT to oppress people (which I am also against of course).
While they may not be able to force small developers, they can force the users by deeming all browsers that do not implement this feature illegal. This possibly will not work on the tech savvy, but standard users (the majority) will be affected.
That’s true, I was just so baffled by how inconvenient and inefficient this suggestion was. I’m reminded of one of these photos, which I think have been used for many internet proposals/legislations in the past:
Wouldn’t it end up implemented somewhere inside Chromium?
Probably, but in theory you would be able to take out in a fork. Inconvenient, but doable hopefully.