Against the backdrop of China, Russia, and Iran working to sequester their own private, national internets, other countries like Kazakhstan have experimented with similar balkanization and internet-control initiatives. Kazakhstan first piloted a monitoring system in 2015 that would offer access to all web traffic within the country, even encrypted data. After fierce debate and some legal hurdles over the years, the government implemented a test of this draconian screening system in July. Now, Google, Mozilla, and Apple are incorporating technical protections into their Chrome, Firefox, and Safari browsers to fight back.

Today the three companies are announcing new defenses that block the Kazakhstan government's traffic-interception mechanism. When the browsers detect that this surveillance has been enabled, they will block the connection and display a warning. Users won't be able to bypass this warning even if they want to.

The Kazakh dragnet has faced intense criticism, and the situation continues to evolve. On August 6, about three weeks after the government began its mass-monitoring initiative, officials said that the program had only been a test of the potential impact on users and was being suspended. Researchers say that in practice the surveillance was only targeting certain popular sites for a relatively small group of internet users. But the capability exists for the government to launch a far more sweeping campaign if it chooses to in the future.

"The security test of the cybercrime program has demonstrated a high level of technical capability," Kazakh president Kassym-Jomart Tokayev tweeted (as translated by Google Translate and Reuters). "The most important thing is that there is no inconvenience for internet users in Kazakhstan. There are no grounds for concerns."

For Google, Mozilla, and Apple, along with data privacy and internet freedom organizations, the concerns are both major and ongoing. Encrypted web traffic—those HTTPS connections indicated by a green padlock—use special "certificates" to determine that web servers aren't misrepresenting themselves. But Kazakhstan's government required internet service providers to distribute full-access root certificates to all of their users and instruct the users to install the digital certificates on their devices and browsers if they wanted to access the internet. From there, researchers observed the government using this master key to surveil encrypted data being sent to and from dozens of well-known communication services and social media platforms like Facebook, Google, and Twitter.

"We believe that individual security and privacy is fundamental and cannot be treated as optional online," Marshall Erwin, Mozilla's senior director of trust and safety, said in a statement. "This certificate poses a significant threat to our users, which is why we are taking action to protect them."

An Apple spokesperson echoed on Wednesday that, “We have taken action to ensure the certificate is not trusted by Safari and our users are protected from this issue.”

Similarly, Google says it has fully blocked the invasive Kazakh certificates, issued by a so-called certificate authority known as the Qaznet Trust Network. "Chrome will be blocking the certificate the Kazakhstan government required users to install," Andrew Whalley, a member of the Chrome security team, wrote in a blog post shared with WIRED. "In addition, the certificate will be added to a blocklist in the Chromium source code and thus should be included in other Chromium based browsers in due course."

This trickle-down to other browsers based on Chromium is important, Google and Mozilla say, even though Kazakhstan's government claims to have suspended its mass surveillance for now. Given the government's longstanding dedication to rolling out some type of root-certificate-based traffic monitoring, it's entirely possible that the government will ultimately resume the activity. If so, Google, Mozilla, and Apple will have infrastructure in place to respond, and to add other certificates to their block lists if needed.