The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from...
How does this get enforced? The article talks about browsers potentially coming in two flavors, one for the EU and one for the rest of the world, but what’s stopping someone in the EU from using a RoW browser? Additionally, what’s stopping someone from using a VPN to make it look like they’re outside the EU and then using a non-EU browser?
Like in the old days with two versions of Linux because of export restrictions on encryption.