Google has stopped officially trusting a Chinese internet regulator, potentially leading everyone using the Chrome browser to stop visiting them, as part of its response to a Chinese security lapse.
The search giant said yesterday that it would stop recognising security certificates issued by China Internet Network Information Center (CNNIC), which will mean that visitors heading to those websites could see a warning message or be unable to access the site. It is not known how many sites have certificates from CNNIC.
Security certificates are issued so that internet browsers, like Chrome, know that websites are trustworthy and safe for users to visit. But they depend on the trust of issuing authorities like CNNIC, which check that connections are secure.
CNNIC said in a statement that Google’ decision was “unacceptable and unintelligible”.
The certificates are particularly relied upon by shopping and banking sites, so that users know that they are accessing and giving their details to the right people.
CNNIC’s certificates came under scrutiny last week, when it emerged that Egypt-based called MCS Holdings was issuing certificates under CNNIC’s authority. Those certificates were then used to intercept internet communications, meaning that visitors to supposedly secure websites could actually have their data stolen.
Though Google and other browsers have stopped trusting MSC Holdings certificates, the new move is likely to hit many more Chinese websites.
Mozilla or Microsoft could also be planning to drop support for the Chinese regulator. Mozilla is said to be discussing the policy with its community and Microsoft has not yet released a statement.
Google’s statement said that “CNNIC will be working to prevent any future incidents”, leaving open the possibility that the authority will be re-instated as part of Google’s trusted issuers at some point in the future.
China and Google have had a long standoff after the company shut down its local search engine as a result of censorship. Many of Google’s services are now unavailable — with some coming under direct attack, apparently from Chinese sources.
Other US-based companies have been hit by problems from China, with code-sharing website Github being hit by a four-day cyberattack last weekReuse content