According to an article in ZDNet the government of Kazakstan is requiring all internet users in the capital to install government-issued certificates on their phones and computers. This will allow the government to eavesdrop on all otherwise secured https web communications by routinizing so-called man-in-the-middle attacks.
Starting today, December 6, 2020, Kazakh internet service providers (ISPs) such as Beeline, Tele2, and Kcell are redirecting Nur-Sultan-based users to web pages showing instructions on how to install the government’s certificate. Earlier this morning, Nur-Sultan residents also received SMS messages informing them of the new rules.
Kazakhstan users have told ZDNet today that they are not able to access sites like Google, Twitter, YouTube, Facebook, Instagram, and Netflix without installing the government’s root certificate.
Both previous attempts failed after browser makers blacklisted the government’s certificates.