without either sparking a cyberwar or building something like the great firewall of China

You obviously have no idea what you are talking about. America does not have any more or less of an ability to forge certificates compared to Europe.

Not wanting to live in a surveillance state is not religious, it’s common fucking sense.

Progress towards what? People migrating to equally scummy Amazon and Microsoft? What possible progress could blocking google bring, that it would be worth people potentially going without paychecks because accounting sw was not working. Or being unable to access services because they register with gmail they can no longer access. Factories shutting down because their logistics tracked everything in a google spreadsheet they can no longer access and have no backup.

Not to mention people who could outright die if some hospital software somewhere relies on some google service.

So we come full circle. The government having the ability to impersonate a site is exactly what I believe must not happen.

If the EU wants to create search.eu or any other search site, more power to them. I certainly wouldn’t use it, but hey, if you want to trust them, you can.

If they want to block google search… Eeeeh… I guess that is fine?

But they shouldn’t be able to create a fake certificate for google.com or any site for that matter, not only allowing them to impersonate the site, but also intercept encrypted traffic between users and that site.

So no. Governments should not control the TLS infrastructure.

What does that have to do with TLS?

What “normal solutions” are actually in progress with any real potential of happening?

Fines.

Besides, your solution is in progress or “has better chance” of happening? Wake the fuck up.

Meanwhile what insane doomsday scenario do you think would happen if Google services were banned

Google runs 12% of all cloud services through google cloud. Yes, I expect a “doomsday scenario” if you just shut that down.

and people had the given period to find alternatives?

Sure, give people and companies 5-10 years to migrate and it will probably be fine in terms of chaos, though I would still be very interested to know how many billions of € would the migration cost.

Even more reason to have relatively neutral organizations transparently curate the list of trusted CAs. While I am sure governments also closely monitor the process and would step in if they deemed it a threat.

When looking at the relative difference between cost of your solution, it’s benefits and cost of normal solutions, yes. It is extremely similar.

But go ahead nitpicking my exact choice of comparison instead of addressing the glaring issue with your argument.

deleted by creator

That is like saying standing up to authoritarianism is extremely necessary, while proposing to drop nukes on Russia. There are 100 better ways to do it.

Unnecessary chaos

No. At the end of the day, I control which certificates I consider valid. Browsers just choose the defaults. There is no way I quietly let some government usurp that power, considering how easy to abuse it is.

Yes I mean tls certs as those control what dns records are considered valid.

No they don’t. That is not what TLS really does. But I guess close enough.

The whole argument was about blocking search only, considering the damages suddenly completely blocking google would do. Yes, you can block google data centers completely, but dude, would that cause chaos.

A better approach though is to fine Google,

I said that multiple times already.

What? What do you mean “DNS space”? Classic DNS does not have any security, no encryption and no signatures.

DNSSEC, which adds signatures, is based on TLDs, not any geography or country. And it is not yet enabled for most domains, though I guess it would be for google. But obviously EU does not control .com.

And if you mean TLS certificates, those are a bit complicated and I already explained why forging those would be problematic and not work on Chrome, though it could be done.

Maybe for some rando site, Google and any half competent site has HSTS enabled, meaning a browser won’t even try to connect with insecure HTTP, nor allow user to bypass the security error, as long as the HSTS header is remembered by the browser (the site was visited recently, set to 1 year for google).

In addition, google will also be on HSTS preload lists, so it won’t work even if you never visited the site.

Demanding the ISPs to block traffic to Google domains would be quite effective.

Filter it based on what? Between ESNI and DNS over HTTPS, it shouldn’t be possible to know, which domain the traffic belongs to. Am I missing something?

Edit: Ah, I guess DNS over HTTPS isn’t enabled by default yet.

It would likely be impossible to redirect google.com without either sparking a cyberwar or building something like the great firewall of China, quite possibly both.

Blocking is somewhat possible, but to redirect, they would have to forge google certificates and possibly also fork Chrome and convince users to replace their browser, since last I checked, google hard-coded it’s own public keys into Chrome.