Google stops trusting Chinese websites, China's authorities angry

Rift comes just days after a huge hacking attack, attributed to China

Andrew Griffin
Thursday 02 April 2015 05:38 EDT
Comments
An employee walks past the logo of Google in front of its former headquarters, in Beijing June 2, 2011
An employee walks past the logo of Google in front of its former headquarters, in Beijing June 2, 2011 (GOOGLE/EXPERT/ REUTERS/Jason Lee)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Google has stopped officially trusting a Chinese internet regulator, potentially leading everyone using the Chrome browser to stop visiting them, as part of its response to a Chinese security lapse.

The search giant said yesterday that it would stop recognising security certificates issued by China Internet Network Information Center (CNNIC), which will mean that visitors heading to those websites could see a warning message or be unable to access the site. It is not known how many sites have certificates from CNNIC.

Security certificates are issued so that internet browsers, like Chrome, know that websites are trustworthy and safe for users to visit. But they depend on the trust of issuing authorities like CNNIC, which check that connections are secure.

CNNIC said in a statement that Google’ decision was “unacceptable and unintelligible”.

The certificates are particularly relied upon by shopping and banking sites, so that users know that they are accessing and giving their details to the right people.

CNNIC’s certificates came under scrutiny last week, when it emerged that Egypt-based called MCS Holdings was issuing certificates under CNNIC’s authority. Those certificates were then used to intercept internet communications, meaning that visitors to supposedly secure websites could actually have their data stolen.

Though Google and other browsers have stopped trusting MSC Holdings certificates, the new move is likely to hit many more Chinese websites.

Mozilla or Microsoft could also be planning to drop support for the Chinese regulator. Mozilla is said to be discussing the policy with its community and Microsoft has not yet released a statement.

Google’s statement said that “CNNIC will be working to prevent any future incidents”, leaving open the possibility that the authority will be re-instated as part of Google’s trusted issuers at some point in the future.

China and Google have had a long standoff after the company shut down its local search engine as a result of censorship. Many of Google’s services are now unavailable — with some coming under direct attack, apparently from Chinese sources.

Other US-based companies have been hit by problems from China, with code-sharing website Github being hit by a four-day cyberattack last week

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in