[matthews2]

How will this be enforced? If Mozilla or Google added some hard coded certificate into a new browser version, what if a distribution like Debian patched it out? Or if a user can delete it from the certificate stores themselves?

[supriyo-biswas]

People get very hung up on what people can technically do, but the domains of the browser or OS that doesn’t follow these rules will simply be blocked at the DNS level so that you can’t download them any more. The relevant entities such as companies developing or using said non-compliant projects will be fined, and any natural persons jailed outright, à la Stallman’s The Right To Read.

[execveat]

You can't block a browser at the DNS level.

[supriyo-biswas]

I meant domains offering downloads of the non-compliant browser/OS; updated. Thanks!

[subbz]

Unfortunately the whole world population is addicted to ~5 sites/apps on the web who will play the game.

If Debian patches this out, you won't be able to access those sites. That's a living edge case for them.

[jonathanstrange]

I think the right way of dealing with this is to have a button to switch between secure mode and insecure/government mode.

[g-b-r]

the law can be interpreted as making it illegal, even for end users (it deals with "web-browsers", not "web browser vendors")