No choice of browser in South Korea

UPDATE: Marcis has kindly provided a Belorussian translation of this post – НЯМА магчымасці выбіраць браўзар У ПАЎНОЧНАЙ КАРЭІ

As has been in the news this week and mentioned on many Mozilla blogs, the European Commission is working with Microsoft and other browser manufacturers, including Mozilla of course, to launch the web browser ballot in the EC.

To those critics of the browser ballot who would rather the free market be left completely to Adam Smith’s invisible hand, I would present to you the example of South Korea. In short, South Korea is a sad example of a Microsoft monoculture where the course of history and the lack of anti-monopoly oversight have created a nation where every computer user is a Windows user and banking or ecommerce or any secure transaction on the Internet with South Korean entities must be done with Internet Explorer on a Windows OS.

The situation in South Korea has gotten markedly worse since the government, bowing to pressure from the citizens who wanted to use the smart phones that were sold elsewhere in the world, relaxed a rule that previously required a Korea-specific middleware called WIPI, that was never going to be implemented by smart phone makers outside of Korea. Now that the WIPI requirement was gone, manufacturers like RIM and Apple can now sell Blackberries in Korea and iPhones in Korea.

But as I suspected last fall when the iPhone’s official sales in Korea was announced, the browsers in these new smart phones (be it the browser in the iPhone, the Blackberry, or the Android devices that are on sale in Korea) can’t interoperate with the Active-X based security requirements that Korean banks and ecommerce stores require. So it’s not surprising to me at all that the news from Korea since the launch of these smart phones has been universally negative regarding the requirement to use Active-X for secure web transactions in Korea.

Here’s a selection of quotes from 3 recent articles in the Korea Times:

Korea Paying Price for Microsoft Monoculture (09-23-2009)

But the land of ubiquitous broadband, feature-happy “smart” phones and ultra-cool computing devices doubles as a crusty regime where Linux, Firefox, Chrome and Opera users can’t bank or purchase products online, and where Mac users buy Windows CDs to prevent their devices being reduced to fashion items.The bizarre coexistence of advanced hardware and an outdated user environment is a result of the country’s overreliance on the technology of Microsoft, the U.S. software giant that owns the Korean computing experience like a fat kid does a cookie jar.

It is estimated that around 99 percent of Korean computers run on Microsoft’s Windows operating system, and a similar rate of Internet users rely on the company’s Internet Explorer (IE) Web browser to connect to cyberspace.

Mobile Banking Monoculture? 01-10-2010

At the center of the controversy is the [Korean] Financial Supervisory Service’s (FSS) guidelines on the safety of financial services provided on smartphones, which were finalized and announced last week.The new rules can be summarized simply ― all financial transactions on these advanced handsets will be subject to the same security requirements that control online transactions on personal computers.

The problem with this, according to critics, is that the existing legal framework was precisely what allowed Microsoft to establish a virtual monopoly in computer operating systems and Web browsers here, which is now blamed for having computer users stuck with outdated technologies and exposed to larger security risks.

Rigid Regulations Retard Mobile Wallet Era 02-10-2010

In essence, the current law states that all encrypted online communications on computers require the use of electronic signatures based on public-key certificates. And since the fall of Netscape in the early 2000s, Microsoft’s Active-X controls on its Internet Explorer (IE) Web browsers remain as the only plug-in tool to download public-key certificates to computers.

So we can see in Korea today that the lack of choice of web browser (not to mention the lack of choice of computer operating system), indeed the lack of interoperability of Korea’s secure transaction protocol on the web, means that the smart phones of today, that don’t support ActiveX, are useless in Korea for secure transactions. That means if you are an iPhone/Blackberry/Android user in Korea, you cannot bank online with a Korean bank, you cannot trade stocks on the Korean markets, you cannot shop online with a Korean Internet site. You can’t do many of the key things that these smart phones were designed to do.

So when people ask you, “why is the choice of a web browser important?” tell them that in South Korea, people don’t get a choice of what operating system to use or what web browser to use.  After you explain to them that a place without choice is South Korea, ask them again if they’d like to not have a choice and why the choice of a web browser is important.

I hope to have better news from South Korea soon.  Please watch my blog for updates on this issue and other issues facing Mozilla and the open web in Asia.

In the meantime, please be sure to visit Open To where Mozilla’s Chair, Mitchell Baker and Mozilla’s CEO, John Lilly, explain why we at Mozilla believe that the choice of browser is a critical right for all Internet users worldwide.

Here’s a list of things that the Mozilla community is doing and which we encourage everybody to do:

• Comment on the open letter at;
• Follow @opentochoice on Twitter;
• Write a post on your blog;
• Use your favorite social network to spread the word;
• Write to bloggers that you know, to local media
• Start a thread in technology and OSS related forums and mailing lists about the browser choice screen;
• Offer to localize the open letter (send an email to contact -at-
• Are you participating in local events where you can talk about choice? Do a talk, organize a booth, distribute flyers in the welcome pack, put a banner on the event page;
• Become a browser choice screen watcher: did you see the browser choice screen pop-up on your screen? send us an email, post it on your blog, Tweet about it. Give details (country, time of day, choice of browser).

19 Responses to No choice of browser in South Korea

  1. Pingback: Mozilla in Asia » Blog Archive » No choice of browser in South Korea Tools

  2. This article is one of the most interesting I have read regarding browser choice. An infrastructure that requires Active X is scary indeed. I do think that this is the fault of legislation of a Government, not developers or the public.

  3. Pingback: 선택할 수 없는 대한민국 :: Channy’s Blog

  4. Pingback: Software Freedom | BitBot Software

  5. “since the fall of Netscape in the early 2000s, Microsoft’s Active-X controls on its Internet Explorer (IE) Web browsers remain as the only plug-in tool to download public-key certificates to computers.”

    Is that true or did I misread? Public-key certificates can only be downloaded via ActiveX controls, really? :-? If Gecko browsers (and Opera, and Konqueror, and Safari, and…) don’t support it, isn’t it a bug in each of them?

  6. Pingback: Mozilla in Asia » Blog Archive » No choice of browser in South Korea | Drakz Free Online Service

  7. “To those critics of the browser ballot who would rather the free market be left completely to Adam Smith’s invisible hand, I would present to you the example of South Korea.”

    Except the situation in Korea is created by regulation, not the markets, so suggesting the situation proves free markets can’t function is abject nonsense.

    South Korean users are still free to use whatever browser they choose, a minority of local sites will not support anything other then IE would be a far more honest way of explaining the issue.

    Far from this falling in the “Microsoft are evil” camp it falls squarely on poorly informed regulation in South Korea. Perhaps rather than targeting your ire at Microsoft, and indeed those of us who think the ballot screen is both pointless and an egregious violation of Microsoft’s property rights, you should target it at the government responsible for forcing a monopoly situation.

    As a final note I would like to make the point that by pushing for the ballot screen in the first place Mozilla, and indeed the other browser makers, are not asking to freely compete – you are asking for government to force an organisation to advertise for you for free. I am a Mozilla user because the feature set is more to my liking then the alternatives but misguided and unethical strategies which the foundation has seen fit to recently make use of will make me reconsider my choice of software even if that means sacrificing functionality.

  8. Gen, I have two quibbles with an otherwise excellent post:

    1) The third passage you quote seems incorrect on the technology. the keygen tag is supported fine in Gecko-based browsers, if nothing else.

    2) The Korea situation is not precisely an example of free-market failure; it’s an example of highly-regulated market failure. The failure is a combination of network effects (a common issue, and plaguing free markets) exacerbated by high barriers to entry imposed by the government (which makes the problem even worse). At least as far as I can tell from the coverage.

  9. Mark T. Tomczak

    It’s an interesting article, but it seems to be predicated upon the assumption that basing sensitive financial transactions upon proprietary, closed-source ActiveX executables that must be run client-side is a bad thing. How do the software developers in the South Korean financial industry feel about being able to code to a monoculture? They know they have the necessary hardware in-house to test all of the software that could feasibly be used to access their services. That’s a win for them in terms of both security and control of the user experience, too very important issues in the realm of online finance.

    The obvious downside (that new devices are unlikely to function with the existing infrastructure) is a source of friction that could translate to lost revenue for business in South Korea, and that’s an issue. But we have a web infrastructure where I have to trust that, for example, my web client has correctly implemented same-origin policy so that hostile third-party sites can’t do my banking for me. South Korea’s regulators appear to have solved this problem (based on this article) by standardizing the client, which allows them to hold that standard client responsible (and should allow them to require the client be vetted for compliance with the law). There is some logic to that.

  10. Adam Smith’s Invisible Hand is completely misunderstood.

    Adam Smith said “if conditions A, B and C are met, then you don’t need a planned economy”. Correct conclusion is “let’s regulate to make A, B and C happen”, not “let’s not regulate”.

    Antitrust laws are exactly that. They are enforced *to create* Invisible Hand, they’re not against it.

  11. Pingback: Mozilla takes another poke at South Korea - IDN Forums - Internationalised Domain Names

  12. @sysKin: I fully agree with you. Adam Smith would be shocked to learn how he’s been misinterpreted by so many people to justify a jungle capitalism where everybody fights against each other without any rule or whatsoever.

    @Mark T. Tomczak : would you be happy if your transaction records are transmitted in clear text? There’s no way to know what is transmitted encrypted or what is transmitted in clear text over http if you do the online banking in Korea unless you run a local packet sniffer yourself. And, some banks in Korea transmitted the transaction details and a lot of other sensitive information in clear text until a few years ago.

    As for ‘the standardized’ client, well, there’s no such thing as ‘the’ standardized client. If you do online banking and online shopping, you’d end up installing a dozen different ActiveX controls before long.

  13. @Boris, regarding your point #1, it’s true that there are many other ways to donwload a client-side certificate including keygen.

    What the author of the article he quoted meant is that in Korea, using an ActiveX control has been the only way available for certificate download/maintenance since the downfall of Netscape in early 2000′s. Note that when Korean online banking took off in late 1990′s (before the export ban on high-grade cryptography was lifted by the US government), there was a Netscape-plugin (even today, one can find a remnant of that in the html/javascript used at some banks) although even that only supported Windows.

    What Gen failed to mention is that it’s not just PKI but a host of other ‘things’ that Korean regulators requires banks/online commerce sites to offer to users. They include ‘anti-virus, anti-spyware’, ‘keylogging prevention tool. And, all of them are distributed as AciteveX controls. Don’t ask me why they should be distributed that way, let alone why they’re not necessary or mandatory in the first place. That’s the way it is in Korea !!
    These “ancillary” requirements by Korean regulators are much more in the way of cross-platform/cross-browser online banking/commerce than anything else.

    Each and every bank and online commerce sites seem to use different products/versions/combinations of the above. As a result, if you bank online and purchase a few things at a few different places, you end up installing over a dozen Activex controls

  14. @Tony: ph’s comments above this one address your question.

    @Boris: re: your second comment, yes that is true and I’ll see if I can clarify my statement in the body of the blog post.

    @Mark: that logic fails when Microsoft themselves are moving away from Active-X as a technology.

    @sysKin: I am not a student of economics so I will defer to your understanding but my point is that the market for both operating systems and web browsers in Korea is not open.

    ph: thank you for taking the time to explain the details of the implementation in Korea. It is a very complex subject and is hard to explain simply.

  15. Mark T. Tomczak

    I stand corrected. If the South Korean government hasn’t taken advantage of the monoculture to enforce strict, specific compliance policies for the software, then the situation isn’t gaining anybody an advantage except Microsoft. Microsoft gaining an economic advantage isn’t inherently a bad thing, but the South Korean consumers should be aware that it’s an advantage coming at the expense of their ability to embrace new, nifty technologies.

  16. Pingback: Where's Walden? » Correcting a few misconceptions

  17. I’m Korean and things you are writing are all true. 99% of Korean use Windows XP and IE and almost every people even don’t know that they can browse the Internet by other browser. Many of us thinks there are only Windows and IE. It is a very disappointing fact but nowadays, some people(including me) are starting to use and spread about other browser and OS. However, it will be not changed if the mind of Korean government is not change…

  18. Although I don’t know that it is any result of legislation (esp. since I read some research sponsored by the government here was deploring the situation), there are similar problems as far as banks not working in Firefox, etc. here in China.

    I started a small group at in the hopes of working with other Chinese developers to promote awareness and use of web standards (as well as learn Firefox development). Thoughts or contributors welcome…

  19. @GenKanai “my point is that the market for both operating systems and web browsers in Korea is not open.”

    Exactly, there is no free market in Korea, so it’s not an example of happens in a free market situation, but rather the opposite. Free markets require good regulations and protections for all who want to participate in that market. Clearly South Korea fails to create those conditions in the browser and OS market.

    The European Commission on the other hand is doing its best to create a free and fair market in the European Economic area, making that a much better example of a free market, currently the only market in the world where an OS monopolist can no longer abuse it’s monopoly to dominate the browser market.