In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments that will easily negate the existence of censorship circumvention tools.
While motivated by a legitimate concern, this move to block websites directly within the browser would be disastrous for the open internet and disproportionate to the goals of the legal proposal – fighting fraud. It will also set a worrying precedent and create technical capabilities that other regimes will leverage for far more nefarious purposes. Leveraging existing malware and phishing protection offerings rather than replacing them with government provided, device level block-lists is a far better route to achieve the goals of the legislation.
This is just plain stupid.
Forcing browser to block certain sites is like making car manufacturers make the car shutdown if you are trying to smuggle foreign cheese in to France.
Tech illiterates making the decision here.
Don’t give France any ideas.
As an Englishman I feel it’s my calling to smuggle cheddar and Wensleydale into Normandy.
Liberté, égalité, fromagé ou la mort!
Could companies just refuse, and place a “this product is not available in your country” on the download page
If people download the incompatible browser anyways then ¯\_(ツ)_/¯
Theoretically yes, but I’d think that would just result in users switching to browsers which do comply with the law (Chrome, probably)
…you do not understand users.
Do you genuinely believe an average computer user, when presented with a block page, would attempt to circumvent it?
Maybe a small minority would, but overall I find it extremely unlikely. It takes a lot less effort to just download an alternative.
The average computer user is terrified of change so if they couldn’t dl chrome they’d mass google 'how to download chrome when blocked ', then land on a reddit thread of people complaining they can’t dl chrome where someone posts the exe or msi and leap on it.
We’ve already seen this play out in several countries where web blocking is widely implemented (eg Russia, China.) People (generally) flock to state-endorsed alternatives rather than going through the effort of finding bypasses.
(As an aside, Chrome would probably comply with it. It’d be a lot more damaging for them than smaller browsers to block the entirety of France.)
China’s a bit of a bad example as it’s got extremely heavy cultural indoctrination that reinforces the tactic - and even then it’s not entirely successful.
Russia is notoriously the home of lip service while violating the letter of the law in every way imaginable
I feel like Google isn’t likely to go with this, as someone could eventually attack their search engine which would be difficult to workaround.
What in the ever loving hell is up with France’s current government right now? It’s like Macron has said fuck it, lets give the fascists a way to sneak in
It’s not just right now : this president has been here since 2017 and most of the core ministers are the same since then.
They have been cracking down on civil liberties from the start, but they make it more and more obvious since 2022 (because there is no re-election possible after 2 terms). Using anti-terrorist special legislatilns against environmental and himan rights activists, making demonstrations repression ever more violent…
At the same time, to guarantee that pseudo-centrist (actually right wing) keep getting elected, they have worked to make the far right more powerful. This way, in every election, they can end up being the “rational” choice.
Exactly. Besides, I really do believe they are stupid enough to believe their bullshit will allow them to keep winning at the polls. I’m not so sure anymore… The fascists are ready and our state is turning a blind eye.
Current government right now? I don’t remember any time when French politicians were friendly to the free and open Internet. Used to be that copyright was the main concern, nowadays not anymore.
They have a president and government as US fanboys, importing the worse from this f’ed up country.
This Macron guy is really trying to make people hate him isn’t he. At this point it feels like he actually wants the French to burn shit.
Macron is a malodorous shit stain fascist mother fucker. I’m ashamed of my fellow citizens who voted twice for this human error.
Disclaimer, I’m not French. But it seemed like the alternative was Le Pen and from what I’ve read she would certainly be more of a shitstain fascist, just with a populist tinge.
Yup. We voted for him in the second turn of the elections because, it was either that or facism… and we got facism-lite (less and less lite, with each passing day) laying the ground work and colluding with Le Pen and her cronies. Fucking wonderful.
I’ve said it already, and I’m saying it again :
France politics have 3 paths :
-
Kinda extreme left ; anti vaxxers, anti nuclear, pro islam, pro immigration, anti NATO, anti Europe, pro-russia and pro-dictatorships overall (Mélenchon)
-
Extreme right : anti ecology, deeply pro-rich (anti union), overall neo-fascists as you would except, very much anti Europe, anti NATO, pro-putin and pro-russia. (le Pen)
-
Macron, who is pro-rich, but not pro-putin and kinda Nato-friendly and Europe friendly.
We need to build back guillotines.
C’est tellement n’importe quoi comme généralisation que c’en serait presque drôle si ce n’était pas grave. Dire que ia France Insoumise c’est l’extrême gauche antivax, sérieux, un peu de culture politique ça ferait pas de mal, non ? Vous êtes à deux doigts d’écrire que ce sont des islamo-gauchistes. Et c’est quoi cette description toute gentille du macronisme ? Le macronisme est une nouvelle émanation de l’extrême centre comme on peut le voir depuis des années. Anti-syndicat, anti-peuple, neo-libéral etc.
Au moins vous avez bien décrit l’extrême droite, félicitations, 1 sur 3 c’est pas mal.
Edit: English version
It’s such an absurd generalization that it would be almost funny if it wasn’t serious. To say that France Insoumise is the extreme left antivax, seriously, a little political culture would not hurt, right? You’re about to write that they are Islamo-leftists. And what is this nice description of Macronism? Macronism is the new emanation of the extreme center as we can see for years. Anti-syndicate, anti-people, neo-liberal etc.
At least you described the far right well, congratulations, 1 out of 3 is not bad.
Fi est très proche de eelv , et Jadot est un antivax, ça sert a rien de le cacher. Je crois que Mélenchon a déjà critiqué les vaccins par le passé, mais sur le coup je peux me tromper.
Par contre, globalement lfi est plutot pro-islam ( https://www.lefigaro.fr/politique/loi-separatisme-plutot-que-l-islamisme-les-deputes-insoumis-preferent-s-attarder-sur-le-christianisme-20210204 , anecdotique + lefigaro, mais bon)
Et oui pour Macron c’est 100% de la version simplifiée et gentille, j’ai pas mis qu’il transformait la France en état policier, que c’était un menteur et un destructeur de démocratie, c’est vrai.
Et merci pour le compliment pour notre extrême droite :p
Ça se voit que je déteste tout le monde sans exception ?
(Sorry for English viewers, I’m not translating that)
J’ai pour politique de ne pas échanger plus de 2 messages aller-retour sur Internet donc ceci sera ma dernière réponse.
Jadot est ouvertement anti-NUPES et anti-LFI, utiliser une hypothétique proximité entre LFI et EELV pour les associer à Jadot afin de justifier l’argument “LFI est antivax” c’est d’un ridicule sans nom. Ah, si, ça a un nom, ça s’appelle un syllogisme.
Ensuite, ça veut dire quoi “pro-islam” ? Pro “terrorisme islamiste” ou “pro laissons les musulmans tranquille, la France est un pays laïc dans le sens où le pays n’a pas de religion officielle et toute religion est acceptée tant qu’elle ne contrevient pas aux principes républicains et autres conditions” ? Si c’est le premier cas, c’est grave de dire ça, si c’est le deuxième cas, où est le problème ? Je vis dans une ville avec une grande communauté musulmane, je souhaite un bon Aïd à mes connaissances, ils savent que je suis athée et s’en branlent complètement et on vit très bien tous ensemble.
Détester tout le monde sans exception c’est dans le même ordre d’idée que “tous pourris”. Sauf que parmi les “tous pourris” on a eu ceux qui ont mis en place la sécu, les congés payés, la retraite solidaire, l’assurance chômage, l’abolition de la peine de mort, le mariage pour tous et toutes et bien d’autres évolutions sociétales (et ceci inclus en effet beaucoup de personnalités de gauche mais aussi des personnalités de la droite gaulliste). Et de l’autre on a ceux qui veulent le retour à l’état policier et la destruction du droit du travail et autres acquis sociaux. Mais sans aucune nuance et en disant “tous pourris” on se permet de cacher son inculture politique et son absence totale d’humilité face à celles et ceux qui ont eu et ont encore à coeur de faire de leur pays un endroit agréable pour toutes les personnes qui le composent.
En soit, ce n’est pas grave de ne rien savoir sur la politique comme vos différents commentaires le montrent, ce qui est grave c’est de penser que vous y comprenez quelque chose au point d’aller expliquer comment ça fonctionne à d’autres personnes qui n’y connaissent rien et auront beaucoup de mal à savoir que vous racontez n’importe quoi.
Petit conseil, arrêtez d’écrire pendant un certain temps et allez plutôt lire des choses sur “je sais que je ne sais pas”, “the more I know, the less I know”, Dunning-Kruger et autres principes assez important sur notre (in)capacité à évaluer notre savoir et sa pertinence.
Since when is our leftwing anti vax ? What have you been smoking ? And what the hell does pro Islam even mean ?? I’m baffled. This is inaccurate as all hell.
glances at Yannick Jaddot
You specifically called Mélenchon out. Honestly, I don’t have much love for the guy himself (he is antiquated and becoming a liability) but you can’t call the mouvement antivax. Jadot is another kettle of fish entirely.
You specifically called Mélenchon out. Honestly, I don’t have much love for the guy himself (he is antiquated and becoming a liability) but you can’t call the mouvement antivax. Jadot is another kettle of fish entirely.
Didn’t he say that NATO is braindead.
Though in that instance it’s not really about politics, he’s simply pushing long-standing French security doctrine which insists on strategic autonomy but also wants the whole of Europe to be strategically autonomous so a) the French don’t have to foot the bill alone and b) the US has less opportunity to klutz their dick around.
He said that in 2019, and it was a warning, not a statement, and I believe he was right.
But now that Russia did a moderate amount of tomfoolery, it’s back at full power.
I’m sorry but what the actual fuck is your political system? I’m been sitting here thinking France is one of the healthiest democracies because you actually protest. But now I see why all the protesting.
We don’t have a dual parties system (we used to but Macron destroyed it somehow), now it’s more like 3 parties and satellite. It’s not that much the democracy system that’s broken, rather politicians.
The problem is that they described the system in a wrong way. Mélenchon is not extreme left. But yes, we have big issues with the way politics are conducted under Macron, it’s the first time that the population is despised that much by the executive power.
-
While I could see maybe the larger companies operating in France agreeing to implement this, I don’t think they would be able to legally force a smaller foreign open source browser developer into the same practice? Take qutebrowser for instance, the developer is from Switzerland. Unless their website is hosted in France, I don’t see how French law applies to him, nor the site he is hosting the browser on? They would have to use ISPs to block the website, but even then, you could still get it through GitHub. Maybe GitHub could be forced into removing the browser as Microsoft probably have a French office, but it still seems like a legal and practical nightmare to actually enforce this through the browser. As someone else mentioned, pushing rules on ISPs seems like a more doable thing if you WANT to oppress people (which I am also against of course).
While they may not be able to force small developers, they can force the users by deeming all browsers that do not implement this feature illegal. This possibly will not work on the tech savvy, but standard users (the majority) will be affected.
That’s true, I was just so baffled by how inconvenient and inefficient this suggestion was. I’m reminded of one of these photos, which I think have been used for many internet proposals/legislations in the past:
Wouldn’t it end up implemented somewhere inside Chromium?
Probably, but in theory you would be able to take out in a fork. Inconvenient, but doable hopefully.
Ill compile Firefox if I need to
I won’t. I’ll have a fork I merge without the tracking and let a CI/CD pipeline compile a release for me! ;)
I think we’re on the same page
Why does my country keeps doing shit like this! I wasn’t even aware of that one, what the hell! ;-;
Why target the browser for fraud prevention? How about targeting banks? They are the middle man for almost all the online fraud that is happening and would have an relatively easy time to shut it off. Make them liable for all the money that leaves the bank account without the users expressed consent and it wouldn’t take long until they introduce security measures that actually work.
Ex-banker president targets banks… Now that’d be quite an unexpecred headline! Shame it’ll never be.
I have to disagree here. Disclaimer: I work for a bank but not super into the core financial stuff. Firstly, banks are already super heavily regulated; anti money laundering, terrorism financing, know your customer, etc. The reason crypto takes minutes for international transfers and banks can take days isn’t because of technology, it’s all of those checks on fraud happening. All the money leaving a bank account is, barring very advanced fraud, with the user’s consent, but in fraud cases this is often done via social engineering (calling someone to get their codes from their bank card reader, or pretending to be a family member in need).
Because France is so authoritarian they can get away with using such a flimsy excuse. The President pushed through the pension age change without letting Parliament vote on it, and nothing happened with that - why should anything happen with this? And even if something does happen, they’re starting a few steps below “think of the children!!” excuse so they’ve pre-emptively low-balled the negotiation.
France is a fallen democracy. It became law after law more authoritarian in an Orban/Poland style. The last move of the government give some ints if the politics are still in power or if it become a police state. For those who aren’t aware of this last move in the country, after nearly killing someone, a cop was preventively put in jail according to the law. Nothing wrong here. But, the police unions voiced this was not acceptable and made proposal so cops could not jailed preventively. The gov just said “we are going to look at the proposal” without rejecting them even if these proposal are against the rule of law and Principe of democracy.
France is a fallen democracy.
Both of the things you complain about are in discussion, not coded into law. Obviously, we want to oppose such proposals, more dangerous though is the “Child Sexual Abuse Regulation” (Chatkontrolle), a proposed EU law that would bring filters to all of Europe.
Interesting share. Thanks.
I live in France and we are more interested in the part of this law that wants to put age restrictions on pornographic websites, so this is the first I’ve heard of it.
Jean-Noël Barrot, a business school graduate, is Minister for Digital Transition and Telecommunications. He is the leader on this project.
As noted by Mozilla, it comes down to 2 paragraphs, but I’ve included the paragraphs before and after below. This law overlaps with European regulation too:
Article 6
-
Article 12 of the aforementioned law no. 2004-575 of June 21, 2004 reads as follows:
-
"Art. 12 - I. - When one of its specially designated and empowered agents observes that an online public communication service is clearly carrying out operations constituting the offences referred to in articles 226-4-1, 226-18 and 323-1 of the French Penal Code and article L. 163-4 of the Monetary and Financial Code, the administrative authority shall give formal notice to the person whose activity is to publish the online public communication service in question, provided that it has made available the information referred to in article 1-1 of the present law, to cease the operations constituting the offence observed. It also informs the offender of the precautionary measure referred to in the second paragraph of paragraph I of this article, and invites the offender to submit his or her observations within five days.
-
"At the same time, the administrative authority notifies the electronic address of the service concerned to Internet browser providers within the meaning of Article 2, paragraph 11 of Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on fair and competitive contracts in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828, for the purposes of implementing precautionary measures.
-
"As a precautionary measure, the recipient of a notification shall immediately take all necessary steps to display a message warning the user of the risk of prejudice incurred in the event of access to this address. This message is clear, legible, unique and comprehensible, and enables users to access the official website of the public interest grouping for the national system to assist victims of cyber-malicious acts.
display a message warning the user
Do I understand correctly, that browsers would NOT BLOCK the access, but just have to display a warning?
If that’s the case, then Mozilla’s defense of using Google’s services to decide when to display such warning, instead of allowing France to create non-Google mechanisms to achieve the same, seems like a mistake.
I read through the entire thing, in French, and it references several other laws and European regulations. The browser part is only in those paragraphs of the bill, but those paragraphs are referenced throughout the bill so there might be more to it. The whole bill is 91 pages long.
It was adopted on 5 July, by the way…
The blog post from Mozilla does say, “France’s browser-based website blocking proposal will set a disastrous precedent for the open internet,” so the precedent here is what they’re worried about.
-
I’m philosophically against this idea. But on the other hand why is this being implemented in the browser? Why isn’t France asking it’s ISPs to block the hosting address of the sites. Or the DNS. Going after the endpoints it seems silly. Because now every single browser in the country is going to have a list of the " good websites ".
France already does DNS blocking. It honestly has near to no impact, since targeted websites (usually digital piracy related stuff) just change the domain.
I think most governments who roll out censorship infrastructure don’t really care about whatever they’re actually censoring, they have some juicy target that will come along later like a political rival they miscategorize. To cut them off. They’re building the toolbox they don’t care about the excuse.
So yeah pirate sites give them an excellent reason to say oh we need better tools, but they don’t care about piracy, not really
I’d imagine it’s easier being the bad guy to a bunch of american browser companies rather then to all your local ISPs.
because it’s easier to get around with a vpn, but if it’s at the software level it wouldn’t be as easy. They could make it so only France approved browsers could be downloaded.
I vote sites block France.
On that note, how would one go about blocking all visitors from a geographic region?
GeoIP lookup. Pornhub did it recently to protest certain states’ laws that would require them to check IDs of visitors.
It isn’t very accurate. I live in Idaho, and my phone’s geoip shows up all over the United States. Currently it says Utah, last time I checked.
Well, short of trusting the users themselves to volunteer their location, it’s the best we’ve got.
Think of us poor French citizens stuck with this shitty government
Take my vote too.
This is how you end up with no browsers except Opera and Edge.
I’m just glad it isn’t the UK proposing something this dumb. We’re doing enough stupid shit as it is.
If they don’t want browsers to access the site, why keeping the site open in the first place? And if only regulated people have to access it, they can just share a ssh key or something to grant access, I don’t see big problems here. Am I missing something?
It can be used by the state as a tool for oppression. Not necessarily to be used as proposed originally, like what the US did during their war on terror.
The article is not very clear about what exactly the proposal mandate. Create the means for browser to block websites, or forces browser to block certain websites by the geolocation they are operating in?
Because I don’t understand how the later would work.
From the wording it seems like they are only asking browser developers to provide a function to block websites. (maybe byimporting a block list?)
I think they do not know this themselves. France had already implemented a black list on DNS level. F.i. library genesis links cannot be reached through standard DNS.
I figure they think that that’s not oppressive enough.