In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments that will easily negate the existence of censorship circumvention tools.
While motivated by a legitimate concern, this move to block websites directly within the browser would be disastrous for the open internet and disproportionate to the goals of the legal proposal – fighting fraud. It will also set a worrying precedent and create technical capabilities that other regimes will leverage for far more nefarious purposes. Leveraging existing malware and phishing protection offerings rather than replacing them with government provided, device level block-lists is a far better route to achieve the goals of the legislation.
Why target the browser for fraud prevention? How about targeting banks? They are the middle man for almost all the online fraud that is happening and would have an relatively easy time to shut it off. Make them liable for all the money that leaves the bank account without the users expressed consent and it wouldn’t take long until they introduce security measures that actually work.
I have to disagree here. Disclaimer: I work for a bank but not super into the core financial stuff. Firstly, banks are already super heavily regulated; anti money laundering, terrorism financing, know your customer, etc. The reason crypto takes minutes for international transfers and banks can take days isn’t because of technology, it’s all of those checks on fraud happening. All the money leaving a bank account is, barring very advanced fraud, with the user’s consent, but in fraud cases this is often done via social engineering (calling someone to get their codes from their bank card reader, or pretending to be a family member in need).