Simplewall: Kazach IP in source? Potential security threat with Kazach government listening to all HTTPS traffic.

What's even more problematic is that since July, all Kazach providers are required to intercept HTTPS traffic for the government: any civilian has to install a root certificate in order to get access to the internet. This may (and probably will) also apply for the servers used as stated above.

I don't want to create a panic, but I _am_ worried. There's no documentation about this, so I'm unsure about the implications. I also doubt debugging like this is GDPR-proof.

What's even more problematic is that since July, all Kazach providers are required to intercept HTTPS traffic for the government

You are need to install 3rd-party root certificate to access KZ Web Sites? No?
I know it's not, because it's illegal. Use forced OCSP and does not install any 3rd party certificates if you worried.

Now, about your worries about these ip's in SW:
There is no reason for worry, because it used not for connect, but logging tests and on release it will be excluded at compilation time.

I think i am answer your question.

I'm not worries that _I_ have to install a 3rd party root certificate, I'm worried that anyone inside Kazachstan has to. So this could include the server the debugging info is sent to.

Could you show us an example of what debugging info is sent? 😃

Could you show us an example of what debugging info is sent?

Misunderstanding. Nothing is sent, it just dropped packets logging test, adds new entries into log file, thats all. This IP does not matter at all, it's defined just as example.

Thanks for the quick reply. I went through the code (not exactly used to C++ unfortunately) and I see what you mean. Thanks again for clearing that up!