The French government has proposed a dystopian security measure to block websites inside the browser and hopes to compel browser providers like Mozilla and Google to implement a solution to enable this capability. Article 6 of the proposed SREN Bill would compel browser providers to block websites based on a government-provided list, aiming to combat online fraud. While the intention is to protect users, this action could disrupt long-standing content moderation practices and offer a blueprint for authoritarian governments to bypass anti-censorship tools. Instead of introducing such drastic measures, it would be more effective to enhance existing malware and phishing protections.
From the Mozilla Blog:
Browsers have played a critical role in the growth of the web by serving as user agents that mediate our experiences with the internet. This role, which Mozilla has been an integral actor in for over 25 years via Firefox, is based on some fundamental presumptions that enable browsers to focus on serving the interests of their users while keeping content regulation decisions further up the chain with either network intermediaries (such as ISPs) or service providers (websites).
The two most commonly used malware and phishing protection systems in the industry are Google’s Safe Browsing and Microsoft’s Smart Screen, where Mozilla (along with Apple, Brave, and many others) use Google’s Safe Browsing. The Safe Browsing service has been around since at least 2005 and currently protects close to half the world’s online population on various devices and software. It covers malware, unwanted software, and social engineering (phishing and other deceptive sites). It also has broad policies that are fairly robust and is also available via a free API, which makes it a more cost effective way for organisations to protect users.
Mandating browsers to develop features that allow website restrictions at the browser level can lead to unintended consequences. While its current use in France may be limited to combating malware and phishing, it establishes a framework that could be extended by any government to regulate or prohibit content based on their jurisdictional guidelines. The idea of browsers being compelled to embed a list of inaccessible websites, either regionally or worldwide, is alarming and poses significant challenges to freedom of speech. Should this become law, the established precedent could make it challenging for browsers to decline similar demands from other authorities.
In 2013, the US congress tried to propose the Stop Online Piracy Act (SOPA) which also aimed to block websites and would allow any company to take down any other website under copyright law. SOPA, along with its Senate counterpart, the Protect IP Act (PIPA), gained momentum due to concerns within the entertainment industry and other content creators about the economic impact of online piracy. The security community and several large organizations including Google, Wikipedia, Reddit, Craigslist and others launched opposition to the proposed bill and even went dark for a day to make the public aware of the danger of the law. If passed, the law would stifle free speech and innovation, as well as enabling turn-key censorship of the internet by the government and large private companies.
