In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments that will easily negate the existence of censorship circumvention tools.
While motivated by a legitimate concern, this move to block websites directly within the browser would be disastrous for the open internet and disproportionate to the goals of the legal proposal – fighting fraud. It will also set a worrying precedent and create technical capabilities that other regimes will leverage for far more nefarious purposes. Leveraging existing malware and phishing protection offerings rather than replacing them with government provided, device level block-lists is a far better route to achieve the goals of the legislation.
While I could see maybe the larger companies operating in France agreeing to implement this, I don’t think they would be able to legally force a smaller foreign open source browser developer into the same practice? Take qutebrowser for instance, the developer is from Switzerland. Unless their website is hosted in France, I don’t see how French law applies to him, nor the site he is hosting the browser on? They would have to use ISPs to block the website, but even then, you could still get it through GitHub. Maybe GitHub could be forced into removing the browser as Microsoft probably have a French office, but it still seems like a legal and practical nightmare to actually enforce this through the browser. As someone else mentioned, pushing rules on ISPs seems like a more doable thing if you WANT to oppress people (which I am also against of course).
While they may not be able to force small developers, they can force the users by deeming all browsers that do not implement this feature illegal. This possibly will not work on the tech savvy, but standard users (the majority) will be affected.
That’s true, I was just so baffled by how inconvenient and inefficient this suggestion was. I’m reminded of one of these photos, which I think have been used for many internet proposals/legislations in the past:
Wouldn’t it end up implemented somewhere inside Chromium?
Probably, but in theory you would be able to take out in a fork. Inconvenient, but doable hopefully.
This is just plain stupid.
Forcing browser to block certain sites is like making car manufacturers make the car shutdown if you are trying to smuggle foreign cheese in to France.
Tech illiterates making the decision here.
Don’t give France any ideas.
I’m philosophically against this idea. But on the other hand why is this being implemented in the browser? Why isn’t France asking it’s ISPs to block the hosting address of the sites. Or the DNS. Going after the endpoints it seems silly. Because now every single browser in the country is going to have a list of the " good websites ".
I’d imagine it’s easier being the bad guy to a bunch of american browser companies rather then to all your local ISPs.
France already does DNS blocking. It honestly has near to no impact, since targeted websites (usually digital piracy related stuff) just change the domain.
I think most governments who roll out censorship infrastructure don’t really care about whatever they’re actually censoring, they have some juicy target that will come along later like a political rival they miscategorize. To cut them off. They’re building the toolbox they don’t care about the excuse.
So yeah pirate sites give them an excellent reason to say oh we need better tools, but they don’t care about piracy, not really
because it’s easier to get around with a vpn, but if it’s at the software level it wouldn’t be as easy. They could make it so only France approved browsers could be downloaded.
This Macron guy is really trying to make people hate him isn’t he. At this point it feels like he actually wants the French to burn shit.
Ill compile Firefox if I need to
What in the ever loving hell is up with France’s current government right now? It’s like Macron has said fuck it, lets give the fascists a way to sneak in
I vote sites block France.
On that note, how would one go about blocking all visitors from a geographic region?
GeoIP lookup. Pornhub did it recently to protest certain states’ laws that would require them to check IDs of visitors.
Take my vote too.
If they don’t want browsers to access the site, why keeping the site open in the first place? And if only regulated people have to access it, they can just share a ssh key or something to grant access, I don’t see big problems here. Am I missing something?
It can be used by the state as a tool for oppression. Not necessarily to be used as proposed originally, like what the US did during their war on terror.
Could companies just refuse, and place a “this product is not available in your country” on the download page
If people download the incompatible browser anyways then ¯\_(ツ)_/¯
Theoretically yes, but I’d think that would just result in users switching to browsers which do comply with the law (Chrome, probably)
…you do not understand users.
Do you genuinely believe an average computer user, when presented with a block page, would attempt to circumvent it?
Maybe a small minority would, but overall I find it extremely unlikely. It takes a lot less effort to just download an alternative.
The average computer user is terrified of change so if they couldn’t dl chrome they’d mass google 'how to download chrome when blocked ', then land on a reddit thread of people complaining they can’t dl chrome where someone posts the exe or msi and leap on it.
Chrome would probably comply with it. It’d be a lot more damaging for them than smaller browsers to block the entirety of France.
Besides that, we’ve already seen this play out in several countries where web blocking is widely implemented (eg Russia, China.) People (generally) flock to state-endorsed alternatives rather than going through the effort of finding bypasses.
Hell no, what a fucking stupid idea
Interesting share. Thanks.
I live in France and we are more interested in the part of this law that wants to put age restrictions on pornographic websites, so this is the first I’ve heard of it.
Jean-Noël Barrot, a business school graduate, is Minister for Digital Transition and Telecommunications. He is the leader on this project.
As noted by Mozilla, it comes down to 2 paragraphs, but I’ve included the paragraphs before and after below. This law overlaps with European regulation too:
Article 6
-
Article 12 of the aforementioned law no. 2004-575 of June 21, 2004 reads as follows:
-
"Art. 12 - I. - When one of its specially designated and empowered agents observes that an online public communication service is clearly carrying out operations constituting the offences referred to in articles 226-4-1, 226-18 and 323-1 of the French Penal Code and article L. 163-4 of the Monetary and Financial Code, the administrative authority shall give formal notice to the person whose activity is to publish the online public communication service in question, provided that it has made available the information referred to in article 1-1 of the present law, to cease the operations constituting the offence observed. It also informs the offender of the precautionary measure referred to in the second paragraph of paragraph I of this article, and invites the offender to submit his or her observations within five days.
-
"At the same time, the administrative authority notifies the electronic address of the service concerned to Internet browser providers within the meaning of Article 2, paragraph 11 of Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on fair and competitive contracts in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828, for the purposes of implementing precautionary measures.
-
"As a precautionary measure, the recipient of a notification shall immediately take all necessary steps to display a message warning the user of the risk of prejudice incurred in the event of access to this address. This message is clear, legible, unique and comprehensible, and enables users to access the official website of the public interest grouping for the national system to assist victims of cyber-malicious acts.
-
Why target the browser for fraud prevention? How about targeting banks? They are the middle man for almost all the online fraud that is happening and would have an relatively easy time to shut it off. Make them liable for all the money that leaves the bank account without the users expressed consent and it wouldn’t take long until they introduce security measures that actually work.
I have to disagree here. Disclaimer: I work for a bank but not super into the core financial stuff. Firstly, banks are already super heavily regulated; anti money laundering, terrorism financing, know your customer, etc. The reason crypto takes minutes for international transfers and banks can take days isn’t because of technology, it’s all of those checks on fraud happening. All the money leaving a bank account is, barring very advanced fraud, with the user’s consent, but in fraud cases this is often done via social engineering (calling someone to get their codes from their bank card reader, or pretending to be a family member in need).
