Hackers have stolen the data of a large cosmetic surgery chain and are threatening to publish patients' before and after photos, among other details. From a report: The Hospital Group, which has a long list of celebrity endorsements, has confirmed the ransomware attack. It said it had informed the Information Commissioner of the breach. On its darknet webpage, the hacker group known as REvil said the "intimate photos of customers" were "not a completely pleasant sight." It claimed to have obtained more than 900 gigabytes of patient photographs. The Hospital Group, which is also known as the Transform Hospital Group, claims to be the UK's leading specialist weight loss and cosmetic surgery group. It has 11 clinics specialising in bariatric weight loss surgery, breast enlargements, nipple corrections and nose adjustments. The company has previously promoted itself via celebrity endorsements, although it has not done so for several years. Former Big Brother contestant Aisleyne Horgan-Wallace told Zoo magazine about her breast enhancement surgery with The Hospital Group in 2009. Atomic Kitten singer Kerry Katona, Shameless actress Tina Malone and reality TV star Joey Essex from The Only Way is Essex are also previous patients who have endorsed the clinic.

BMW has told Motoring Research its targeted billboard warranty adverts -- which are claimed to use number plate registration technology to tailor public adverts to BMW drivers -- do not actually draw upon vehicle warranty status. From a report: Rather, only publically available information is used. "There is no personalisation visible on the advert and no vehicle or customer data is stored or retained." The new initiative was originally claimed to focus on BMW drivers with an expired new or Approved Used warranty. Owners will receive personalised messages on electronic roadside billboards highlighting the fact they no longer have a valid warranty. They will be warned their vehicle is not covered for the cost of repairs, and invited to 'consider purchasing a BMW Insured warranty online.' The electronic billboards use Vehicle Detection Technology to pick out BMW owners with expired warranties.

The California Bar released data last week confirming that during its use of ExamSoft for the October Bar exam, over one-third of the nearly nine-thousand online examinees were flagged by the software. The Electronic Frontier Foundation is concerned that the exam proctoring software is incorrectly flagging students for cheating "due either to the software's technical failures or to its requirements that students have relatively new computers and access to near-broadband speeds." From the report: This is outrageous. It goes without saying that of the 3,190 applicants flagged by the software, the vast majority were not cheating. Far more likely is that, as EFF and others have said before, remote proctoring software is surveillance snake oil -- you simply can't replicate a classroom environment online, and attempting to do so via algorithms and video monitoring only causes harm. In this case, the harm is not only to the students who are rightfully upset about the implications and the lack of proper channels for redress, but to the institution of the Bar itself. While examinees have been searching for help from other examinees as well as hiring legal counsel in their attempt to defend themselves from potentially baseless claims of cheating, the California Committee of Bar Examiners has said "everything is going well" and called these results "a good thing to see" (13:30 into the video of the Committee meeting).

That is not how we see it. These flags have triggered concern for hundreds, if not thousands, of test takers, most of whom had no idea that they were flagged until recently. Many only learned about the flag after receiving an official "Chapter 6 Notice" from the Bar, which is sent when an applicant is observed (supposedly) violating exam conduct rules or seen or heard with prohibited items, like a cell phone, during the exam. In a depressingly ironic introduction to the legal system, the Bar has requested that students respond to the notices within 10 days, but it would appear that none of them have been given enough information to do so, as Chapter 6 Notices contain only a short summary of the violation. These summaries are decidedly vague: "Facial view of your eyes was not within view of the camera for a prolonged period of time"; "No audible sound was detected"; "Leaving the view of the webcam outside of scheduled breaks during a remote-proctored exam." Examinees do not currently have access to the flagged videos themselves, and are not expected to receive access to them, or any other evidence against them, before they are required to submit a response. The report goes on to say that some of these flags are technical issues with ExamSoft. For example, Lenovo laptops appear to have been flagged en masse for an issue with the software's inability to access the internal microphone.

Other flags are likely due to the inability of the software to correctly recognize the variability of examinees' demeanors and expressions. "We implore the California Bar to rethink its plans for remotely-proctored future exams, and to work carefully to offer clearer paths for examinees who have been flagged by these inadequate surveillance tools," the EFF says in closing. "Until then, the Bar must provide examinees who have been flagged with a fair appeals process, including sharing the videos and any other information necessary for them to defend themselves before requiring a written response."

Leaked Nintendo documents have revealed a frightening surveillance operation carried out against a hacker who was researching exploits for the 3DS handheld. TorrentFreak reports: During the past 24 hours, various Twitter accounts (1,2) have been posting snippets from documents that were recently leaked from Nintendo. While there are numerous items of interest, the most shocking revelations involve Neimod, a hacker who several years ago developed exploits for the 3DS handheld console. [T]he scale of the operation, which is revealed in detail in the leaked documents, shows just how far the gaming giant was prepared to go to stop his work. For example, the leak reveals personal profiling that dug deeply into Neimod's education status, listed details of his working life, while offering evidence of physical snooping on his daily lifestyle. What time he could be found at home, who came to see him there, and even when he visited places like banks and restaurants are all included. While this kind of surveillance is creepy in its own right, additional documents reveal a detailed plan to use the gathered intelligence to physically confront Neimod in order to pressurize him into complying with the company's demands.

According to Nintendo's planning, the operation would begin around April 15, 2013, with its team meeting at a local hotel to discuss and finalize their plans. Following a review of Neimod's movements of the previous week, the team would then decide where and when contact would be made -- after work or at home, for example. With an undercover investigator monitoring Neimod to discover what time he left work, Neimod was to be approached by a 'contact team,' who were instructed to approach their target "in a friendly, non-threatening, professional, and courteous manner." "Provide a business card," the instructions read. After Neimod had been engaged in conversation, the team was instructed to flatter the hacker by "acknowledging his engineering/programming aptitude." They were also told to reference his stated aim of not "facilitating piracy" with his hacks but point out Nintendo's concerns that a release of his hack could do just that.

Whether Neimod complied or resisted, Nintendo prepared for both eventualities. The following slide, posted to Twitter by Eclipse-TT, shows a flow chart that begins with instructions for the "Knock and Talk Team," details a staging area, rules of engagement, and plans for what should happen when things go to plan -- or otherwise. The Nintendo "Final Enforcement Proposal" document describes a "carrot and stick" approach, with the stick being a laundry list of potential offenses committed by Neimod under Belgian law and the carrot representing a number of sweeteners that might be of interest to the hacker. If cooperation was achieved, Nintendo suggested it could refrain from filing a criminal complaint. It may also enter into a "bounty" contract with Neimod with payments made for finding and documenting exploits. Within certain parameters, his discoveries could still be announced to the public, allowing him to retain "bragging rights." This could help Nintendo's image, the company wrote.

Russian lawmakers have approved a range of new measures that could further stifle dissent and allow tighter restrictions on online content -- including blocking websites like YouTube and Twitter. NPR reports: One bill would allow for the blocking of foreign websites that it says "discriminate" against Russian media. A second law would allow it to levy large fines against companies that don't take down content banned in the country. A third law would establish jail terms for those convicted of making slanderous comments online or in the media. A person found guilty of slander could face up to two years in jail and be fined up to 1 million rubles (about $13,300), Reuters reports. The bills were passed by Russia's lower house, the State Duma. If they become law, as expected, they would mean that Russia could block websites like YouTube, Facebook and Twitter that label content produced by Russian state media outlets as being just that. Under the legislation, Russian authorities will be able to block or slow down such sites.

An anonymous reader quotes a report from Bloomberg: With great fanfare last week, 44 attorneys general hit Google with two antitrust complaints, following a landmark lawsuit the Justice Department and 11 states lodged against the Alphabet Inc. unit in October. What's less known is that Oracle Corp. spent years working behind the scenes to convince regulators and law enforcement agencies in Washington, more than 30 states, the European Union, Australia and at least three other countries to rein in Google's huge search-and-advertising business. Those efforts are paying off.

Officials in more than a dozen of the states that sued Google received what has been called Oracle's "black box" presentation showing how Google tracks users' personal information, said Ken Glueck, Oracle's top Washington lobbyist and the architect of the company's antitrust campaign against Google. Glueck outlined for Bloomberg the presentation, which often entails putting an Android phone inside a black briefcase to show how Google collects users' location details -- even when the phones aren't in use -- and confirmed the contours of the pressure campaign. "I couldn't be happier," said Glueck about the barrage of lawsuits. "As far as I can tell, there are more states suing Google than there are states." Oracle has fallen behind the tech giants in the marketplace, yet is notching one legal and regulatory win after another against them, Google especially. In response, Google spokesman Jose Castaneda denounced Oracle's "cloak-and-dagger lobbying campaign," saying "while Oracle describes itself as the biggest data broker on the planet, we're focused on keeping consumers' information safe and secure."

chicksdaddy shares a report from The Security Ledger: The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports last month in The Security Ledger and elsewhere that the devices may give the company "back door" access to deployed sets, The Security Ledger reports. Speaking at The Heritage Foundation, a conservative think tank, Acting DHS Secretary Chad Wolf said that DHS is "reviewing entities such as the Chinese manufacturer TCL." "This year it was discovered that TCL incorporated backdoors into all of its TV sets exposing users to cyber breaches and data exfiltration. TCL also receives CCP state support to compete in the global electronics market, which has propelled it to the third largest television manufacturer in the world," Wolf said, according to a version of prepared remarks published by DHS. His talk was entitled "Homeland Security and the China Challenge."

As reported last month, independent researchers John Jackson -- an application security engineer for Shutter Stock -- and a researcher using the handle Sick Codes identified and described two serious software security holes affecting TCL brand television sets and would allow an unprivileged remote attacker on the adjacent network to download most system files from the TV set up to and including images, personal data and security tokens for connected applications. The flaw could lead to serious critical information disclosure, the researchers warned. Both flaws affect TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below, according to the official CVE reports. In an interview with The Security Ledger, the researcher Sick Codes said that a TCL TV set he was monitoring was patched for the CVE-2020-27403 vulnerability without any notice from the company and no visible notification on the device itself. In a statement to The Security Ledger, TCL disputed that account. By TCL's account, the patched vulnerability was linked to a feature called "Magic Connect" and an Android APK by the name of T-Cast, which allows users to "stream user content from a mobile device." T-Cast was never installed on televisions distributed in the USA or Canada, TCL said. For TCL smart TV sets outside of North America that did contain T-Cast, the APK was "updated to resolve this issue," the company said. That application update may explain why the TCL TV set studied by the researchers suddenly stopped exhibiting the vulnerability.

In his address on Monday, Acting Secretary Wolf said the warning about TCL will be part of a broader "business advisory" cautioning against using data services and equipment from firms linked to the People's Republic of China (PRC). This advisory will highlight "numerous examples of the PRC government leveraging PRC institutions like businesses, organizations, and citizens to covertly access and obtain the sensitive data of businesses to advance its economic and national security goals," Wolf said. "DHS flags instances where Chinese companies illicitly collect data on American consumers or steal intellectual property. CCP-aligned firms rake in tremendous profits as a result," he said.

France's top administrative court has backed privacy campaigners by imposing a ban on police use of drones for covering public protests in Paris. The BBC reports: The Council of State said Paris police prefect Didier Lallement should halt "without delay" drone surveillance of gatherings on public roads. The ruling comes weeks after MPs backed a controversial security bill that includes police use of drones. Its main aim is to regulate how people share film or photos of police.

Privacy rights group La Quadrature du Net (LQDN) has argued that the bill's main measures violate freedom of expression and that drones equipped with cameras cannot keep the peace but track individuals instead. The Council of State ruled there was "serious doubt over the legality" of drones without a prior text authorizing and setting out their use. LQDN said the only way the government could legalize drone surveillance now was in providing "impossible proof" that it was absolutely necessary to maintain law and order. The decision is the second setback in months for Parisian authorities' drone plans. In May, the same court ruled that drones could not be used in the capital to track people in breach of France's strict lockdown rules.

A user writes: MIT Electrical Engineering graduate and California Secretary of State Alex Padilla has been selected by California governor Gavin Newsom to replace Kamala Harris. He will join Steve Daines and Martin Heinrich as one of three U.S. Senators with engineering credentials currently serving in the Senate. "Padilla, 47, the son of Mexican immigrants, will be the first Latino from the state to hold the position," notes NPR. "Padilla has been California's secretary of state since 2015. Previously, he was a state senator and Los Angeles city councilman." Since Harris was first elected in 2016, Padilla will fill the seat by appointment until 2022 when an election will be held for the next full six-year term.

U.S. securities regulators on Tuesday sued cryptocurrency giant Ripple, and both its CEO and executive chairman, for allegedly selling over $1.3 billion in unregistered securities. Axios reports: Ripple on Monday had publicly disclosed that the lawsuit was to be filed imminently, and said it does not believe its tokens needed to be registered. XRP, the cryptocurrency created by Ripple in 2012, has the crypto industry's third-largest market cap at around $22 billion, behind only Bitcoin and Ether. In a separate article, Axios' Dan Primack writes that this lawsuit "could put a chill on some crypto industry investment, as Ripple has no interest in settling fast and moving on." He adds: "It also could mildly complicate the upcoming IPO for Coinbase, where XRP-to-dollar activity made up 15% of trading volume over the past 30 days (per Nomics)."

An anonymous reader quotes a report from Reuters: Dozens of email accounts at the U.S. Treasury Department were compromised by the powerful hackers responsible for a wide-ranging espionage campaign against U.S. government agencies, the office of U.S. Senator Ron Wyden said on Monday. In a written statement, Wyden's office said that Senate Finance Committee staff were briefed that the hack of the Treasury Department appears to have been a significant one, "the full depth of which isn't known."

Wyden, the most senior Democrat on the committee, said that Microsoft notified the agency that dozens of email accounts had been compromised and that the hackers also penetrated the systems at Treasury's Departmental Offices division, which is home to its top officials. "Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen," the statement said, although it added that the Internal Revenue Service said there was no evidence the tax agency was compromised or that taxpayer data was affected. A Wyden aide said the hackers were able to access the Treasury officials' Microsoft-hosted inboxes after taking control of the cryptographic key used by Treasury's "single sign on" infrastructure -- a service used in many organizations so that employees can access a variety of services with a single username and password. The aide quoted Treasury officials as saying Mnuchin's inbox was not among those affected. Wyden's statement contrasts Treasury Secretary Steven Mnuchin, who told CNBC earlier in the day that "the good news is there has been no damage, nor have we seen any large amounts of information displaced." He added: "I can assure you, we are completely on top of this."

Gov. Andrew M. Cuomo signed a bill Tuesday suspending the use of facial recognition and other kinds of biometric technology in schools in New York, also directing a study of whether its use is appropriate in schools. The legislation places a moratorium on schools purchasing and using biometric identifying technology until at least July 1, 2022 or until the report is completed and the state Education Department commissioner authorizes its use. The rule applies to both public and private schools in New York.

In a statement, ACLU said. "This is a victory for student privacy and students of color, who are disproportionately harmed by this flawed and biased technology. New York has led the way, and now other states should follow."

Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a safe haven for cybercriminals to attack their victims. From a report: The three services were active at insorg.org, safe-inet.com, and safe-inet.net before the domains were seized and replaced with law enforcement banners on Monday. The services have been active for more than a decade, are believed to be operated by the same individual/group, and have been heavily advertised on both Russian and English-speaking underground cybercrime forums, where they were sold for prices ranging from $1.3/day to $190/year. According to the US Department of Justice and Europol, the three companies' servers were often used to mask the real identities of ransomware gangs, web skimmer (Magecart) groups, online phishers, and hackers involved in account takeovers, allowing them to operate from behind a proxy network up to five layers deep.

Digital rights group Fight for the Future has unveiled an open letter signed by 2,000 parents calling on McGraw-Hill Publishing to end its relationship with Proctorio, one of many proctoring apps that offers services that digital rights groups have called "indistinguishable from spyware." From a report: As the pandemic has pushed schooling into virtual classrooms, a host of software vendors have stepped up to offer their latest surveillance tools. Some, like Proctorio, offer technologies that claim to fight cheating by tracking head and eye movements, without any evidence that their algorithms do anything but make students anxious (and thus perform worse). Others rely on facial recognition technology, which is itself rife with racial bias, and have regularly failed to verify the identities of students of color at various points while taking state bar exams, forcing the test to end.

Proctorio is one of a few companies that has come under scrutiny from privacy groups not only for invasive surveillance, but exhaustive data extraction that collects sensitive student data including biometrics. The company is perhaps unique in its attempts to silence critics of its surveillance programs. Proctorio has deployed lawsuits to silence critics, forcing one University of British Columbia learning technology specialist to exhaust his personal and emergency savings due to a lawsuit meant to silence his online criticisms of the company. Proctorio has also targeted students and abused Twitter's DMCA takedown process to further suppress valid criticisms of its proctoring software. Further reading: Proctoring Software Company Used DMCA To Take Down a Student's Critical Tweets; and Cheating-Detection Software Provokes 'School-Surveillance Revolt'.

An anonymous reader quotes a report from ZDNet: Firefox 85, scheduled to be released next month, in January 2021, will ship with a feature named Network Partitioning as a new form of anti-tracking protection. The feature is based on "Client-Side Storage Partitioning," a new standard currently being developed by the World Wide Web Consortium's Privacy Community Group. "Network Partitioning is highly technical, but to simplify it somewhat; your browser has many ways it can save data from websites, not just via cookies," privacy researcher Zach Edwards told ZDNet in an interview this week. "These other storage mechanisms include the HTTP cache, image cache, favicon cache, font cache, CORS-preflight cache, and a variety of other caches and storage mechanisms that can be used to track people across websites." Edwards says all these data storage systems are shared among websites.

The difference is that Network Partitioning will allow Firefox to save resources like the cache, favicons, CSS files, images, and more, on a per-website basis, rather than together, in the same pool. This makes it harder for websites and third-parties like ad and web analytics companies to track users since they can't probe for the presence of other sites' data in this shared pool. The Mozilla team expects [...] performance issues for sites loaded in Firefox, but it's willing to take the hit just to improve the privacy of its users.

Former Department of Health data manager Rebekah Jones has filed a lawsuit (PDF) against the Florida Department of Law Enforcement, saying the Dec. 7 morning raid on her house was a "sham" to retaliate against her for not altering COVID-19 data. Tallahassee.com reports: Jones was fired in May for failing to change COVID-19 data, and soon launched her own online data dashboard. Gov. Ron DeSantis said her firing was because she disobeyed superiors; she said it was because she wouldn't alter data to cast Florida in a more favorable light to justify the governor's plans to reopen the state's economy. In the lawsuit filed Sunday night against FDLE Commissioner Rick Swearingen, the department and several agents in Leon County Circuit Civil Court, Jones claims her constitutional rights were violated, including against unlawful search and seizure. She is seeking in excess of $100,000, according to the lawsuit's cover sheet.

She also claims she was unnecessarily roughed up. "We are trying to achieve some kind of redress," said Rick Johnson, the lead attorney in both the civil suit and a separate whistleblower case. "This is still America. This is the kind of thing that happens in tinhorn dictatorships in third world countries." Swearingen has defended the actions of the agents he said were "vilified" by the media. He blamed Jones for any risk of danger to herself or her family. He reiterated those comments in a statement released later Monday. "As I have said before, I am proud of the professionalism shown by our FDLE agents as they served a legal search warrant on the residence of Rebekah Jones. Our criminal investigation continues, and while I have not seen this lawsuit, I believe the facts will come out in court," Swearingen said.

An anonymous reader quotes a report from TorrentFreak: YouTube says it has found a "smoking gun" to prove that a class-action lawsuit filed by Grammy award-winning musician Maria Schneider and Pirate Monitor Ltd was filed in bad faith. According to the Google-owned platform, the same IP address used to upload 'pirate' movies to the platform also sent DMCA notices targeting the same batch of content.

In a motion to dismiss filed in November, Pirate Monitor said YouTube had provided no "hard evidence" to back up these damaging claims, demanding that the court disregard the allegations and reject calls for the right to an injunction to prevent Pirate Monitor from submitting wrongful DMCA notices in the future. YouTube now provides a taster of some of the supporting evidence it has on file. "Pirate Monitor devised an elaborate scheme to prove itself sufficiently trustworthy to use YouTube's advanced copyright management tools," YouTube begins. "Through agents using pseudonyms to hide their identities, Pirate Monitor uploaded some two thousand videos to YouTube, each time representing that the content did not infringe anyone's copyright. Shortly thereafter, Pirate Monitor invoked the notice-and-takedown provisions of the Digital Millennium Copyright Act to demand that YouTube remove the same videos its agents had just uploaded."

In all, YouTube processed nearly 2,000 DMCA notices it received by Pirate Monitor in the fall of 2019. All of the targeted videos had a uniform length, around 30 seconds each, generated from "obscure Hungarian movies". They had been uploaded in bulk from users with IP addresses allocated to Pakistan. [...] While the nature of the uploads is indeed suspicious, YouTube says that it also found what it describes as a "smoking gun", i.e evidence that the uploads and DMCA notices were being sent by the same entity. "After considerable digging, YouTube found a smoking gun. In November 2019, amidst a raft of takedown notices from Pirate Monitor, one of the 'RansomNova' users that had been uploading clips via IP addresses in Pakistan logged into their YouTube account from a computer connected to the Internet via an IP address in Hungary," YouTube explains. The opposition to Pirate Monitor's motion to dismiss can be found here.

An anonymous reader quotes a report from The Hollywood Reporter: Providing relief via direct assistance and loans to struggling individuals and businesses hit hard by COVID-19 has been a priority for federal lawmakers this past month. But a gigantic spending bill has also become the opportunity to smuggle in some other line items including those of special interest to the entertainment community. Perhaps most surprising, according to the text of the bill being circulated, illegal streaming for commercial profit could become a felony.

It's been less than two weeks since Sen. Thom Tillis (R-NC) released his proposal to increase the penalties for those who would dare stream unlicensed works. In doing so, the North Carolina senator flirted with danger. About a decade ago, Minnesota Sen. Amy Klobuchar made a similar proposal before it ended up dying as people worried about sending Justin Bieber to jail. This time, Tillis' attempt was winning better reviews for more narrowly tailoring the provisions toward commercial operators rather than users. That said, it's had very little time to circulate before evidently becoming part of the spending package. If passed, illegal streaming of works including movies and musical works could carry up to 10 years in jail. That's not the only copyright change either.

The spending bill also appears to adopt a long-discussed plan to create a small claims adjudication system within the U.S. Copyright Office. [...] Among the other parts of the omnibus bill of interest to Hollywood is an extension of Section 181, a tax provision that allows for immediate deduction of television and film production costs up to $15 million. That incentive was scheduled to expire at the end of the year, but would now get an additional five years.

A coalition of civil rights groups led by the American Civil Liberties Union have filed an objection to the proposed expansion of Customs and Border Protections facial recognition at land and sea ports. The National Immigration Law Center, Fight for the Future, and the Electronic Frontier Foundation are also participating in the motion, alongside twelve others. From a report: Filed in November, CBP's proposed rule would expand the biometric exit system, authorizing the collection of facial images from any non-citizen entering the country. But in a filing on Monday, the final day of the comment period, the coalition argued that those measures are too extreme. "CBP's proposed use of face surveillance at airports, sea ports, and the land border would put the United States on an extraordinarily dangerous path toward the normalization of this surveillance," said Ashley Gorski, senior staff attorney with the ACLU's National Security Project, in a statement to reporters. "The deployment of this society-changing technology is unnecessary and unjustified." The filing raises a variety of legal objections to the expansion, in particular arguing that Congress did not intend to authorize long-term facial recognition when it mandated biometric exit tracking in 1996. At the time, Congress left the specific method open to interpretation, but the technology for algorithmic facial recognition from a video feed was not yet developed enough to be considered.

Browser makers Apple, Google, Microsoft, and Mozilla, have banned a root certificate that was being used by the Kazakhstan government to intercept and decrypt HTTPS traffic for residents in the country's capital, the city of Nur-Sultan (formerly Astana). From a report: The certificate had been in use since December 6, 2020, when Kazakh officials forced local internet service providers to block Nur-Sultan residents from accessing foreign sites unless they had a specific digital certificate issued by the government installed on their devices. While users were able to access most foreign-hosted sites, access was blocked to sites like Google, Twitter, YouTube, Facebook, Instagram, and Netflix, unless they had the certificate installed. Kazakh officials justified their actions claiming they were carrying out a cybersecurity training exercise for government agencies, telecoms, and private companies. Officials cited that cyberattacks targeting "Kazakhstan's segment of the internet" grew 2.7 times during the current COVID-19 pandemic as the primary reason for launching the exercise. The government's explanation did, however, make zero technical sense, as certificates can't prevent mass cyber-attacks and are usually used only for encrypting and safeguarding traffic from third-party observers. After today's ban, even if users have the certificate installed, browsers like Chrome, Edge, Mozilla, and Safari, will refuse to use them, preventing Kazakh officials from intercepting user data.