return to table of content

Signal: Will leave the EU market rather than undermine our privacy guarantees

somenameforme
133 replies
12h52m

That Tweet links to this [1] description which, in glancing at the text, seems to indeed be accurate:

----

According to the latest draft regulation dated 28 May (Council document 9093/24), which is presented as “upload moderation”, users of apps and services with chat functions are to be asked whether they accept the indiscriminate and error-prone scanning and possibly reporting of their privately shared images, photos and videos. Previously unknown images and videos are also to be scrutinised using “artificial intelligence” technology. If a user refuses the scanning, they would be blocked from sending or receiving images, photos, videos and links (Article 10). End-to-end encrypted services such as Whatsapp or Signal would have to implement the automated searches “prior to transmission” of a message (so-called client-side scanning, Article 10a). The initially proposed scanning of text messages for indications of grooming, which is hardly being used to date, is to be scrapped, as is the scanning of voice communication, which has never been done before. Probably as a concession to France, the chats of employees of security authorities and the military are also to be exempted from chat control.

----

Strange times we live in. Entertaining, but strange.

[1] - https://www.patrick-breyer.de/en/majority-for-chat-control-p...

yard2010
42 replies
10h32m

Yes. There are people with problems. Instead of helping them fix their problems it's just easier to prevent nice things from everybody.

Strange times indeed.

benfortuna
41 replies
9h43m

TBF what else are governments going to do to prevent child exploitation and other bad stuff on these platforms?

Perhaps if the platforms made more of an effort to block the bad behaviour there would be an argument against laws targeting this kind of stuff..

Krasnol
9 replies
9h7m

Neither Whatsapp nor Signal can do anything about it, since they don't know the content of the messages. That is the whole point of their protocol. That is the whole point of privacy.

Nobody falls for that crap. We all know that CP is being presented as a scapegoat here because, "how can you be against something that MIGHT help against CP!?!?!" while in fact and in the end it'll be used to spy on everything.

xorcist
8 replies
7h2m

Nonsense. Whatsapp owns both endpoints. They could know perfectly well what you write, when you write it, to whom, and anything their heart desires by way of their analytics. The messages themselves contains no business value to them. They could send it by carrier pigeon for all they care as long as the client is their product.

Hizonner
4 replies
4h45m

No. A user owns each endpoint. Whatsapp provides a service to the owners of the endpoints.

Yes, Whatsapp is in a position to act unethically and steal information, but that does not make Whatsapp the owner of anything.

xorcist
1 replies
3h57m

Whatsapp is not something you can compile or inspect easily. They own the endpoint, in that specific meaning. They may not have root access on the device, but inside the client nothing is out of scope.

It is their client. Any data you enter into the client is data they 0wn.

sunshowers
0 replies
40m

You can definitely decompile WhatsApp on Android to inspect it. I'm sure security researchers do this regularly, including those looking for a bug bounty that could be life-changing.

benfortuna
1 replies
3h33m

They don't have to steal information in order to block inappropriate content. The app itself can detect and block without external intervention.

hellojesus
0 replies
1h32m

Presumably they would use edge based hash scans or ai models to detect unsavory content. But if the content is so extreme as to be unsavory, likely they will be legally required to report it to leo.

The next steps are leo seizing your device(s) or leo having WhatsApp start sending all your messages to them for review.

What happens when leo adds the hash of a state-loathed meme?

Krasnol
2 replies
6h25m

They "could" maybe. But since you seem to not have more information, we have to remain on the assumption that they're still using Signal protocol and can't see what the messange contents are.

tcfhgj
0 replies
4h58m

They could use the signal protocol AND see the contents

hellojesus
0 replies
1h28m

Signal could still see the contents of your messages. Anything you enter into their app could be scanned or sent back in plaintext to some server, all prior to actual transmission via their protocol.

The only way to ensure that can't happen is to inspect the code and compile it yourself, or at least validate the hash of the binary you're installing. But we've also recently learned with the xz fiasco that you'll need to be sure to add checks all the way down.

Of course, you could always encrypt before entering the text into signal, but at that point why use signal?

throwaway290
6 replies
9h8m

You're right. But apparently every time this topic comes up we cry that this is abuse of our freedom.

Tech is not good or bad but it does have unintended consequences and open new ways for abuse. This is tough to swallow for us who work in tech but is obvious to everyone else. If we stay in denial and do not volunteer to help use tech smartly to compensate for bad side effects, they will vote in some dumb law and some bad guys will exploit it for surveillance later.

Hizonner
3 replies
4h40m

There is in fact no "smart" way to compensate for this particular "bad side effect".

Either your communications are spied on to weed out unapproved material, or they're not. And there is no way to make the system architecture care about which material is allowed to be "unapproved".

The right answer here is just to accept that, beyond a certain point, further reducing the amount of circulating child porn requires unacceptable tradeoffs. Then stop whining and wishing for impossible technical solutions.

benfortuna
2 replies
3h35m

There is in fact. You could build AI directly into the app to detect inappropriate content and block it.

The app has thus not violated end-to-end encryption, nor has that content been exposed to external parties.

Platforms could definitely do more.

shinryuu
1 replies
1h44m

And how do you deal with all false positives. That will just be deemed collateral damage?

hellojesus
0 replies
1h26m

To add to your excellent point, who gets to validate the models efficacy? How do we know the state hadn't trained it to report users talking about maga, or Isreal, or for those with Chinese national lovers?

BurningFrog
1 replies
7h46m

Government recording all our conversations also has have "unintended" consequences.

The track record of such societies is rather terrifying.

throwaway290
0 replies
7h42m

You think I disagree? My point is almost exactly the same, we should stop that (by promoting a saner solution).

effie
4 replies
8h2m

what else are governments going to do

One way that would put down lots of exploitation and support privacy of adults would be video and online surveillance of all children when not alone, using a parent-controlled computer to detect bad things happening. This could start in kindergarden and school and gradually expand to all spaces that are not home. Children have some right to privacy, but not as strong as adults.

On the 16-th year, if the child wants so, surveillance gets turned off and he/she is granted more privacy. Like with age limits on car driving or working, at some point the state says, you are old enough to take responsibility, we won't protect you from harsh life anymore.

This is a targeted, reasonable solution with little collateral damage, that upholds the right to privacy for adults. It's what parents would want, instead of the bureaucrats. And who really, actually cares about safety of the children, parents or bureaucrats?

Jensson
2 replies
7h50m

support privacy of adults

video and online surveillance of all children when not alone

So, you want children to have no privacy just to get a tiny bit more privacy to adults? Are adults really this horrible towards children, do you really think you would like this as a child?

Children have some right to privacy, but not as strong as adults.

Why the hell not? Do you really think it is ok that your daughter gets constantly video surveilled all throughout puberty? Do you really think that is a lesser evil than your text messages being scanned for some keywords? Would you be happy if there was a camera constantly watching you as you jerked off as a kid?

effie
1 replies
2h10m

Are adults really this horrible towards children, do you really think you would like this as a child?

Only parents would have access to surveillance records. Children often do not like stuff their parents make them do, and their power over them, this would be one more thing, with great benefits.

Why the hell not?

Because they are children, they do not have full responsibility for their actions, and they are more vulnerable to abuse, and protecting their safety is more important than protecting their privacy. I want to keep the status quo, where children are protected, and adults have rights. The way stuff is going, we're all getting more like children with one parent called Big Brother.

Would you be happy if there was a camera constantly watching you as you jerked off as a kid?

That is not what I'm suggesting. I'm talking about public spaces (including online) where adults are present. If the kid wants to jerk off, or two or more kids want to make love, they can go home or use some private space like a bathroom.

sunshowers
0 replies
42m

Being under constant surveillance during the most formative years of your life can leave you extremely mentally unwell.

Hizonner
0 replies
5h10m

I hope you're not a parent.

mtlmtlmtlmtl
3 replies
8h49m

The bad stuff will just move somewhere else as it always has done.

Compromising everyone's privacy will eventually mostly affect innocent people. Or even cause the platforms to cease existing altogether, which looks like a real possibility with Signal. Pedos will just move on to whatever service isn't compromised yet. You can outlaw or hamper secure encryption in some jurisdictions, but due to the generic nature of computers you can't in principle stop people from using secure encryption.

generic92034
2 replies
7h42m

but due to the generic nature of computers

This might only be a temporary state, though. Smartphones are, in that sense, not generic. PC might follow.

scrps
0 replies
26m

mtl is saying computers are big boxes of math and you can't ban math.

Though given how incredibly clueless politicians have become I wouldn't be shocked if they tried.

LocalH
0 replies
1h14m

Smartphones are general-purpose computers with a bunch of little digital locks, that while strong, are not impervious. Such locks, when used to protect a device owner, are good. The same type of locks, when used to deny a device owner full rights to use their device as they see fit (absent harm done to others), are evil.

bitcharmer
3 replies
9h5m

Your argument makes as much sense as banning knives because they are sometimes misused to attack people. What about alcohol? Some people drink and drive, we should ban alcohol too!

cuu508
2 replies
7h15m

Banning sale of alcohol in gas stations would not be unreasonable.

bitcharmer
1 replies
5h35m

It would

fuzzfactor
0 replies
37m

Lots of them will probably be selling alcohol years after they are no longer selling gasoline.

gherkinnn
2 replies
8h55m

CP is a pretext to grab power, the same way terrorism was 20 years ago. If a government actually cared, they would start dismantling the catholic church. Risking a slippery slope fallacy, I see no way governments won't expand the scope of this intrusion. Before you know it, being critical of a certain foreign government [0] or teachers criticising the department of education [1] will be limited.

0 - you know what conflict I mean. Will we have to resort to coded messages wherever we go?

1 - https://www.theguardian.com/politics/2023/oct/21/uk-governme...

jiggawatts
0 replies
6h22m

The Australian government enacted the same type of "protect the children" laws, and then immediately used it to surveil journalists critical of their policies.

Aerroon
0 replies
2h12m

Didn't the UK's web filter contain political websites too?

xorcist
1 replies
7h9m

This argument is more thought provoking than people may think.

What we see is a shift of power. Electronic communications started out as private enterprises, then mostly taken over by states because of the need centralization, and now almost completely taken over by private enterprises one layer above. Governments are still trying to make sense of what happened and find their role in this new world.

Platforms are centralization at work, and it's not that far fetched to think that states could do a better job than Twitter or Facebook. Platforms have immense power. After all, we mostly agree that Facebook very literally facilitating genocide was not good for society. What we disagree on is how much they knew and how much was circumstantial.

There is also this idea that jurisdictions matter for platforms. The Chinese connections with Tiktok owners are problematic since we know for a fact that they have the power to influence elections. The American ownership of Facebook is not similarly problematic, largely because the CIA and other institutions interests mostly align with ours.

It would not surprise me if the Saudi money financing Twitter/X would turn out to be just as important as the financing of 9/11.

In light of that, it should not be surprising that EU states wants to play the game too, even if it will have very little practical effect.

hellojesus
0 replies
1h36m

States can already play the game. But this isn't playing the game via competition. This is just stealing data via lawfare

a0123
1 replies
6h39m

We keep having "anti child exploitation" measures, like all the bloody time. It's been decades by now.

And the problem keeps getting worse.

So either it's just not working whatsoever and this is useless and should stop. Or it's never really about child exploitation.

Just like "temporary measures" against terrorism which have been temporary for 30+ years now (no, it didn't start on 9/11).

Almost like it was never about terrorism.

Hizonner
0 replies
4h20m

And the problem keeps getting worse.

You're swallowing the propaganda. The problem hasn't changed to speak of.

_rm
1 replies
5h23m

Why do you take their motives at face value?

Obviously, the moment these platforms lose privacy, the criminals cease communication on them immediately. So they're the last group this is aimed at.

The solution to crime is the same investigation and detective work and anonymous tip offs and so on that it's always been. People going undercover and infiltrating these groups and then bringing them down.

By chasing the criminals off this platforms, all that happens is the detective work gets harder. Now they've got to go find where to start their infiltration, all over again.

This outcome is so obvious that the only conclusions available are that the lawmakers are either IQ 60 morons, or that they have malicious intent.

okr
0 replies
37m

I read it somewhere, but most of the crime is done by people with low IQ. So it makes work for the police actually easier.

Well, we went in billions to these chat apps. The state just follows.

As sceptical as i am, i think, i want the state to resolve online crimes.

lenkite
0 replies
7h54m

Why should everyone have to suffer so that state's job in catching criminals is made dead easy ? Such criminals are a microscopic minority of the population. Governments - esp in the west - have disinvested in traditional investigation and moved to using mass surveillance as their default operating strategy. And citizens are being made to pay the price.

einpoklum
0 replies
6h16m

Just put the entire population in jail, I'm sure you'll be able to prevent a lot of crime that way.

zer00eyz
28 replies
11h24m

I hope this passes.

I want to see the riots when EU cell phone consumers have to pay for text messages again.

Some men just want to watch the world burn...

beardyw
19 replies
11h8m

Does anyone have to pay for text messages?

isodev
12 replies
11h0m

People often forget just how much we get from the EU that's taken for granted. Everything from practicalities like no roaming costs and consumer protection, all the way to freedom of movement, peace and overall stability.

mytailorisrich
5 replies
10h19m

I don't think the EU says anything about how much texts should cost...

Edit: I am *obviously* not talking about surcharges for roaming but cost in plans, which I think is the point of the OP when he asks who pays for texts. Pricing is not regulated and has nothing to do with the EU.

isodev
4 replies
10h13m

It does, quite a lot. For example, it says you should pay the same regardless where you are in the EU (roaming), it also says you get a clear and transparent pricing for your mobile service, it also says all kinds of things about your rights to cancel, change providers, get refunds etc... you should look it up.

mytailorisrich
3 replies
10h12m

Why the snark? Especially since you're beside the point, so let me rephrase with the help of my lawyer: the EU does not say anything about how much consumers should be charged for text messages by their operator (i.e. "cost"). This was clear from my previous comment...

vasco
2 replies
9h46m

If you continue to spend more time abroad than you do at home and your roaming consumption continues to exceed your domestic usage your operator may start charging you extra for your roaming use. The surcharges (excluding VAT) are capped at:

€0.022 per minute of voice calls made

€0.004 per text message

€2 per GB of data (cap in 2022, decreasing over time to €1 / GB, which will be the maximum surcharge from 2027 onwards) https://www.google.com/amp/s/europa.eu/youreurope/citizens/c...
mytailorisrich
1 replies
9h28m

So where does it say how much operators can charge in their plans? Nowhere.

They are free to say texts are free (included in plan), or texts are charged at 10 euros each, whatever.

The EU only limits surcharges when roaming to other EU countries.

Jeez, guys.

Edit:

I am not backing away from anything, I was rephrasing to sustain your strange cross-examination. You guys are being unecessarily aggressive and argumentative over a simple point.

"Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith."

"don't cross-examine."

It's Sunday, guys. Do something positive with your time. Bye.

vasco
0 replies
9h14m

So you're backing away from your original stance of:

"I don't think the EU says anything about how much texts should cost."

Into a weaker form of "The EU only limits surcharges when roaming to other EU countries.". This was my only comment because your first position is factually incorrect, there are situations in which the EU defines how much texts can cost.

edit: not sure where you see the aggressiveness

user32489318
2 replies
10h2m

Yes, but also the (1) push of PNR to keep a complete record of your travel and movements within the EU. Dutch train operator NS is operating in spirit of the future “PNR” already and makes it harder and harder to buy “anonymous” train ticket (even for local 15min journeys). The so called anonymous card, is linked to your bank account used to top it up. What if you prefer to use cash in your daily life (2), for envelope-style budgeting? Well, your bank will let inform the authorities of your anomaly. You will start receiving monthly questionnaires asking to backup your behavior and why you might want 2-3-4K eur in cash every month.

xorcist
0 replies
6h59m

This is part of the trans Atlantic trade agreements. They have a certain responsibility, having negotiated them, but they clearly feel they are beneficial in some way.

vasco
0 replies
9h51m

All that people have to do is vote for the Pirate Party. There are people holding the line in Europe, but the population is worried about war and immigration instead of net neutrality and encryption. These are understandable priorities but it'll not be good.

JonChesterfield
2 replies
9h27m

Crediting the EU with peace while Israel and Ukraine are actively at war is a bit much.

input_sh
0 replies
8h31m

Oh come on, France and Germany were basically in a perpetual war for hundreds of years before, and now there's not even a theoretical chance of any two EU states fighting each other.

Occasional war here and there not directly involving any of the member states is incomparably better than what came before.

chgs
0 replies
8h50m

Are Israel and Ukraine EU members? Are they fighting members of the EU?

zer00eyz
2 replies
10h40m

If you have to run every image and text through some sort of "filter" you cant turn off... Yes.

Thats a LOT of compute.

vaylian
0 replies
10h5m

Yes. The phone batteries across the EU are going to hate this.

Jensson
0 replies
7h43m

That is already happening though, this just says it should also happen to e2e encryption by scanning on device. If it was that expensive costs would have appeared a long time ago.

n_ary
1 replies
10h58m

In Germany at least, unless you opt for a super cheap package(e.g. sponsored free or less than EUR 6/-), calls and texts are unlimited in local(country level) networks, only data volume is limited. Not sure about other EU neighbors.

SSLy
0 replies
9h28m

In Poland, 4.70€/mo will get you unlimited calls and texts. Can be purchased on pre-paid plans as a 30-day package, no need for post-paid plans.

lambdaxyzw
0 replies
9h54m

I pay ~0.10€ for a text message - but I don't know anyone who uses text messages for communication so it's not a problem. I could buy a cheap plan for unlimited text messages, but I don't want a fixed monthly fee and prefer prepaid.

usrnm
5 replies
10h56m

There won't be any riots. This is the scariest part, most people just don't care

hnbad
2 replies
10h12m

While it's a fun meme, if you actually look at the list, the inciting incidents are usually (accusations of) police violence/overreach, reforms to cut labor protections, welfare or public education, and Israeli military operations in Palestine.

In fact, most of the protests seem to neatly fall into the "police violence" (usually against minorities) and "austerity" buckets.

tetris11
1 replies
8h34m

I think the parent meant that France is a country that actively protects its rights via violent protest as opposed to other countries that merely sit and suffer.

immibis
0 replies
2h31m

And yet France is talking about turning off the internet during these protests so that protestors can't communicate.

cal85
0 replies
8h55m

A lack of rioting doesn’t mean people don’t care.

jasonvorhe
1 replies
10h52m

When was the last time public outcry actually impacted policy?

huygens6363
19 replies
10h44m

What do they do if I send: AFBC67CEDA7AD?

Ban all “non-intelligible” content?

Who can stop me from hiding information in very normal looking sentences?

If you want privacy, there will always be a way.

Freak_NL
15 replies
10h24m

This is not about preventing you from doing that, it is about preventing services with many users from providing that service to you without a backdoor.

You can just send anyone you want an encrypted e-mail or message, but Signal can't facilitate that without the required provisions set out in those laws. If these dumb laws get enacted, Signal cannot get away with just pretending you are sending gibberish whilst providing true end-to-end encryption without any client-side scanning or whatever to you, but you are well within your rights do so yourself on top of Signal (if that's even possible); they just can't provide an automated means to do that for you.

eterps
7 replies
9h59m

> they just can't provide an automated means to do that for you

What I'm wondering is whether two separate applications can be set up to communicate automatically, with one handling messaging and the other being responsible for encrypting and decrypting the data.

What would be against the law in that case? The messaging app? The encryption app? Or the interaction you are doing in that moment?

Freak_NL
3 replies
8h40m

Step one would be determining if anyone actually uses those two apps together. A handful of people? No one cares. Is it now the default way you install Signal (or its two components) and do hundreds of thousands of users do this? Then the next question asked is who is facilitating it and how is that done? Does the backdoored Signal have a plug-in that allows this kind of use? Does Android facilitate that? Those people will likely find themselves in legal trouble.

Of course these laws are dumb, but that doesn't mean they can't be (mis)used to get the desired effect.

temac
1 replies
8h29m

Does Android facilitate that?

Does Android facilitates IPC and services?

Freak_NL
0 replies
8h7m

That's not what the law cares about. Being able to encrypt stuff end-to-end, is not what is being targetted — it is not realistically possible. What is being targetted is millions of people getting private, true end-to-end secure communication with no content scanning of any kind through some service. Are you providing that service to millions like Signal is? This law applies. Are you the size of Meta and are you implementing some 'clever' two-component solution to sidestep this law? Expect legal trouble.

You can already install a mail client with PGP-support. Will K-9 Mail get in to trouble if a million users in the EU started privately exchanging keys and using GPG with K-9 Mail? Who knows. These laws are not about such practical details. This is about unlocking massive amounts of signal intelligence to do… who knows what, and those large communication platforms are juicy targets. All it needs is a law to coerce them to cooperate.

Don't expect reasonable arguments from the proponents of such laws, and don't expect to be able to avoid them for millions of users with clever tricks; you'll still fall foul of the spirit of the law, if not the letter.

effie
0 replies
7h37m

A handful of people? No one cares.

Actually police and various agencies do, because when most people aren't encrypting, the few that do are suddenly interesting. Some of them will turn out to be organized crime, but some of them are just adults who want to communicate privately.

mfiro
2 replies
9h12m

The encryption app?

That might be the next step. Banning encryption. We live in a strange world right now.

Freak_NL
1 replies
8h34m

The EU does not want to ban encryption, because it is the backbone of e-commerce and banking. There are plenty of public references that show the EU's explicit support of strong encryption.

What some law-and-order types (globally) want, is the means to scan, peek, or otherwise access private communication, especially if that communication is provided by a service used by millions. You can encrypt all you like, but if you use WhatsApp or Signal, laws like these force those services to create a way to eavesdrop. How is probably not defined in the law. Client-side scanning before encryption, having those services act as men-in-the-middle for each conversation; this is all fine, and can use encryption as usual. As long as certain agencies get to have a peek somewhere between those strongly encrypted tunnels.

effie
0 replies
7h32m

Neutralizing encryption is real; it is not about forbidding websites and clients using TLS, it's about getting in the middle.

huygens6363
6 replies
9h16m

I am using a special keyboard that outputs these sequences automatically. Must my keyboard driver send the keypresses to the EU? Fine, here are they: AFC628BCF627.

I understand Signal is handicapped now, but I couldn’t care less about Signal. I only care about being able to communicate in private. Why don’t we implement this stuff at a lower layer?

Surely the guys on top must see this is an endless game that they will never win? It’s not an arm’s race, it’s fundamentally impossible.

Freak_NL
4 replies
8h45m

You don't seem to understand the point of these laws. It is not about stopping anyone with enough technical know-how from encrypting their communications. This is possible today, and not something which can be easily legislated away without resorting to a much heavier class of draconian laws (at which point you won't be living in a democracy any longer in any case).

This is about making it hard (or impossible) for some perceived group of miscreants to communicate privately. People sharing CSAM (however you define that) or dealing drugs, and stuff like that. Anyone can encrypt their communication, but most people don't do this consciously; the masses just use WhatsApp and Signal and what have you.

You and your special keyboard are not of interest, and unless you start selling these along with a service to route the encrypted messages to thousands of users, you are not the target of this legislation. Take away Signal and WhatsApp and sending an end-to-end encrypted message to your drug dealer without exchanging keys and agreeing on a protocol suddenly isn't as easy as just opening an app. That's the point of this law.

It's a dumb law, but you won't make it go away by playing silly semantic games.

huygens6363
2 replies
3h12m

Criminals are using specialty phones or should I say, were using, because this was recently cracked and thus became useless. Catching Taghi in NL was a famous result of that.

Point is that dangerous people will use specialty devices/services and being legal is certainly not one of the requirements.

Freak_NL
1 replies
2h19m

Again, not what this law is about. This is all about wanting to gather signal intelligence on millions of people automatically. About being flagged when someone uploads CSAM or uses certain keywords. They know it won't stop anyone with the skills and means to use some other encrypted solution.

huygens6363
0 replies
1h55m

So they explain it to people as being able to catch criminals, but they known it won’t work against that?

How can you maintain such a position? At some point you’ll have to explain your reasons for draconian measures like this.

That’s why I’m spamming people with “it won’t work” because so many seem fooled by this. You will catch exactly zero people with this. The only people you’ll catch will be the ones that you would have caught anyway, because of their nonchalance.

I don’t know anything about law but I know tech.

effie
0 replies
7h47m

without resorting to a much heavier class of draconian laws

They may be coming down the pipe, after the soft version gets people macerated.

at which point you won't be living in a democracy

But you will be hearing from talking heads that you are, and Russia and North Korea are the real dictatorships.

And maybe they will be right, because what is democracy? The word has different meanings to different people, and it won't be difficult to shape the discussion about what our liberal democracy is all about. Maybe it's about accepting who has power now and about protecting the vulnerable. We have seen a bit of this stance and real capabilities in recent years.

xorcist
0 replies
6h53m

If you sell your keyboard as a service to people in questionable lines of business, then yes, you will need to comply with these laws. You can probably also expect a visit from three letter agencies. Which these targeted platform companies also do.

xorcist
0 replies
6h57m

"We kill people based on metadata"

effie
0 replies
7h23m

What do they do if I send: AFBC67CEDA7AD?

If this sort of surveillance stuff gets accepted, in time, you're gonna get noticed, put into database, and maybe called for questioning. Why are you using encryption, people that have nothing to hide do not use it.

dhx
0 replies
8h49m

A timely reminder that 9/11 hijackers communicated in the clear. Examples:

“The semester begins in three more weeks. We've obtained 19 confirmations for studies in the faculty of law, the faculty of urban planning, the faculty of fine arts and the faculty of engineering.” — Mohamed Atta

“Two sticks, a dash and a cake with a stick down. What is it?”[2] — Mohamed Atta

“The first semester commences in three weeks. Two high schools and two universities. ... This summer will surely be hot ...19 certificates for private education and four exams. Regards to the professor. Goodbye.”[2] — Abu Abdul Rahman

Even in China with extreme surveillance and censorship in place, Chinese people have been quite creative in their ways of circumventing censorship. An example approach is cutting and pasting official political videos together in a way that changes their meaning ever so slightly. Automatic censorship algorithms are fooled, and human analysis and censorship are necessary and very expensive to carry out. Other examples are playing with the sounds of words, or using memes or rapidly-changing euphemisms.[3] It's too difficult to automatically censor stuff where people have taken a normal word such as "chair" and send each other images of chairs as a sign of protest. An image of a chair and a birthday cake with a number of candles could indicate a date of protest. Or a chair in a picture with a number of ducks in the background, or a number of chairs stacked on top of each other. And if censors start blocking all chairs, everyone just shifts to buses, or pieces of paper, or bananas, or whatever.

[1] https://community.apan.org/cfs-file/__key/docpreview-s/00-00...

[2] https://www.nytimes.com/2004/12/20/business/technology/on-th...

[3] https://en.wikipedia.org/wiki/2022_COVID-19_protests_in_Chin...

heroprotagonist
11 replies
11h39m

Seriously, who are they expecting to pay for that? AI vision detection run against _every image every person sends to anyone_, among other things, will get ridiculously expensive.

Half of the reason Microsoft is pushing "AI PCs" with special hardware is so they can push their spying to on-device and reduce all the extra costs the data processing they're imagining for things like automatic-screenshot-analysis-every-x-seconds will need.

And they're pretty much experts on spying on users. They've been collecting so much data for so long that apparently they've found a way to utilize what they collect in a way that makes the costs balance out in the end. Whether thats with government access, preferential antitrust treatment, or some actual financial method that directly affects the bottom line, I don't know. Somehow it's worthwhile for them. BUT -- when even Microsoft is looking for more efficient ways to spy on people, and forcing new hardware to support that effort, you know the data collection and analysis technique is definitely not ready to be made a legal mandate.

It doesn't make sense at all for some EU decision makers to decide it's acceptable for their citizens to bear the cost of so much data processing.

....wait, how much do large players in AI contribute to these politicians campaigns? Or if not them, who is really pushing this? It seems like someone should really try following the money on this one.

yard2010
4 replies
10h25m

Let me take the other side here. The western world couldn't make it without sovereignty. I do realize that it sounds bad that few states would have such power. But make no mistake - if they won't do it, other actors would, I think that your interests reconcile with a democratic state much more than the other crooked actors.

It's just a matter of lesser evil in my humble opinion.

lynx23
2 replies
9h46m

Implemented mass-surveilance is proof that democracy is dead.

immibis
1 replies
2h32m

What if the overwhelming majority of voters want surveillance?

Aerroon
0 replies
2h3m

Then put it to a referendum. It's certainly an important enough protection considering that correspondence is usually constitutionally protected.

rightbyte
0 replies
9h21m

E2E encryption would prevent anyone from intercepting texts by mathematic certainty.

At least on a mass scale, if we worry about back doors.

This SaaS fad is the underlying technical enabler of the spying and need to go away.

I guess Google is the main culprit by making P2P coms hard.

Asking faceless corps to open their users' mailboxes willy nilly is way easier then asking the voters to.

pjerem
3 replies
10h40m

You answered yourself : remember Apple’s implementation of CSAM detection.

We don’t own our devices anymore and we now have very limited control of what is executed or not so there is nothing stopping developers to run those legal spywares on the device since our only option if we don’t like what an app does is to not use it.

throwaway290
0 replies
9h29m

Apple's proposed algorithm was probably the best so far.

The problem is not going away, we in tech are partly responsible and we should promote good ways to deal with it. If we don't then a solution will be found anyway, it'll just be a bad one.

qludes
0 replies
10h10m

A trusted app running on arm execution level 3 could make use of the NPU to offload some of the work?

hellojesus
0 replies
1h22m

I don't know how to help folks that didn't treat the apple csam fiasco as a massive wake up call to ditch the ecosystem.

We have linux phones these days, caly, and grapheneos. There really isn't reason to give up on general computing. (Ignoring the propriety baseband blobs.)

threefiddy
0 replies
10h59m

vry good take

thefz
8 replies
10h6m

I will quit using all these platforms then.

Finally, free from WhatsApp voice notes, stickers and images clogging my phone storage. Adieu.

Longhanks
7 replies
9h33m

If those are what's bothering you, nothing stops you from quitting right now.

thefz
6 replies
9h1m

For now I have a Tasker job routinely deleting WhatsApp's media directories. Unfortunately everyone is using it so I have to stick with it. Hate WhatsApp with passion.

If this law passes, bye bye.

redeeman
2 replies
8h25m

"want to stick with it"..

dont misrepresent

immibis
1 replies
7h48m

"have to stick with it"..

dont misrepresent

redeeman
0 replies
1h41m

you admitted yourself you dont have to, as you will leave it if the law passes. Why are you not willing to admit that it is a "WANT" ?

stavros
0 replies
5h52m

Do you imagine that people will stop chatting if this law passes? If you hate it so much, why not just stop using it now?

hellojesus
0 replies
1h18m

As others have stated, just uninstall it now. Even at my work, my manager wanted us to use WhatsApp to communicate with our offshore teams. I let her know that I would be happy to do so with a company provided phone, but I don't install spyware on my devices, and furthermore don't have an app store so would need to be able to build it from source. But I'd be happy to use signal or email.

drexlspivey
0 replies
8h19m

Everyone will be using it when the law passes so it’s no different.

lynx23
7 replies
10h5m

Frankly, GB was totally right in leaving, and if I had the ability to vote for stay/leave right now, I'd want to go. But this position is totally unwanted. You're being called Nazi or at least extreme-right the minute you utter it. This way of dealing with supposed democracy is what makes me want to leave even more. The EU has become a strange beast. The current election ads make that pretty clear. It basically reduces to "vote us, we're cool, we are deocracy" which is almost dystopianly void of real content.

lambdaxyzw
2 replies
9h45m

Where are you living, if you don't mind sharing? I don't know about any place where expressing eurosceptic views would get you called "far right", let alone a Nazi.

And I disagree. You take for granted all the good regulating and all the things enabled by the EU, and focus on the one bad regulation we're discussing, which is not even a law yet. I, personally, am not looking forward to the future without EU (I remember my country before it joined and the progress is immense).

effie
0 replies
7h17m

I don't know about any place where expressing eurosceptic views would get you called "far right", let alone a Nazi.

I think elsewhere online this may happen.

Also, some public broadcasters use the "far right" word group suspiciously often, almost as if it was some kind of effort to softly suggest to people how not to vote, but I must be imagining things, because they would never do that:)

Longhanks
0 replies
9h30m

Where are you living, if you don't mind sharing? I don't know about any place where expressing eurosceptic views would get you called "far right", let alone a Nazi.

Try the largest German-speaking subreddit, for example.

Jensson
0 replies
7h23m

Yeah, UK left because they thought EU wasn't draconian enough.

dflock
0 replies
8h25m

England's government already passed essentially the same thing.

astrobe_
5 replies
9h20m

Article 12 of the declaration of Human Rights :

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Bugging communications by investigators with special approval is already an exception to this principle. Government bodies that make sure that laws conform to the constitution should veto any exception broader than that, so this draft should basically be pointless.

It feels like there are social/political mechanisms at work that allow that to however happen. They pave the road to Hell little by little, one stone at a time, and this is neither strange nor entertaining. To me, the beginning of this century has similarities with the beginning of the previous, which is quite worrying.

billywhizz
3 replies
6h18m

agreed. i feel the real motivation is much more sinister and much more to do with the geopolitical situation than anything else.

the reality is, if anyone is seriously determined to commit what they know are crimes then there are many solutions, of admittedly varying quality, for having private communications outside of the mainstream apps available on the app store. even signal itself has an apk you can install on android from their website.

so, it's unlikely this will indeed help in the fight against CSAM or whatever else is purportedly motivating this legislation. the end result will be mass surveillance 24/7 on the vast majority of the population who aren't commiting any crimes at all. it seems to me like big brother's wet dream. ironic that this is exactly the thing the US/EU political leadership have been bashing the chinese for since forever.

t0lo
0 replies
5h57m

governments having low level dirt on their populations feels like manufacturing excuses to send people to war and remove their autonomy

jjmarr
0 replies
15m

Any intelligent criminal will just meet face-to-face to discuss their criminal activities. None of these apps protect against someone taking a photo of the screen and snitching to the authorities about what was said in exchange for less jail time.

exe34
0 replies
3h42m

ironic that this is exactly the thing the US/EU political leadership have been bashing the chinese for since forever.

there's a good reason for that. it's not controlled by and for the benefit of our oligarchs.

faeriechangling
0 replies
5h1m

Yeah I truly don't see how this is all that ambiguous of a violation of privacy.

riedel
3 replies
10h32m

Will my email client using SMIME have to implement this? Seems kind of ridiculous.

Seems to be targeting platforms. Will it be illegal to send encrypted texts, what is keeping anyone from using crypto on top of existing messaging?

While I do not want to dive into any details on adverse effects of such stupidities, the EU seems to be actually taking a strange road to tech dependent overengineered regulation. It seems that this mostly driven by lobbyists that want to sell compliance services. Also it seems that there is more value in creating regulation rather than making sure it is enforcible.

xorcist
1 replies
7h24m

If you are in the business of selling SMIME clients as a service to other people, then yes, you would need to implement this if the law passes.

Maybe there's an unintended upside to all this regressive business legislation. With all the focus on the "platforms", then maybe, just maybe, this will be yet another nail among the thousands of nails needed to finally kill them off.

riedel
0 replies
3h20m

Signal is not selling anything. So my guess is that distribution is enough. So my guess this would also apply to e.g. Thunderbird then.

DEADMINCE
0 replies
10h22m

Will my email client using SMIME have to implement this? Seems kind of ridiculous.

Seems about right for the EU.

jamesponddotco
0 replies
5h38m

The law says "images, photos, videos and links". What about simple encrypted or password protected zip files?

As far as I know, most messaging platforms allow you to send regular files too. Wouldn't "the bad guys" simply use that as a loophole and continue with their day?

I know the real reason behind the law isn't to actually protect children, but, you know...

ein0p
0 replies
2h5m

When apps created for overthrowing governments in other countries begin to backfire amid record low approval ratings, it all of a sudden turns out that “human rights” are merely a cudgel to beat others with.

isodev
61 replies
12h42m

The EU elections are just around the corner. It's a good moment to make an informed decision and stop electing alt-rights who'd do anything under the slogan of "protecting the children".

t0bia_s
29 replies
12h33m

We should seriously ask, if being part of EU is beneficial or not. Electing left or right is just a game to keep system working. But it serves to scrap responsibility from us and lead to slavery with every new regulation.

spockz
9 replies
12h17m

Yes, at this point I see no way forward except with the EU. Unless each individual country wants to go at it alone and eventually end up working as a Vasal state to either USA, Russia, or China.

The cost of products and manufacturing is so low that a significant part of the final price is made up of overhead costs such as tax, tariffs, and transport. All of these will go up by stepping out of the EU due to increased friction.

If anything, we should go a lot further into embracing the EU. In the current political landscape we are committed.

t0bia_s
3 replies
12h2m

Current nonEU members like Switzerland or England are vasals of who?

Prices of energy and basically everything in EU is so ridiculous high. Free marked is crippled because of centrally planed economics pushed by EU grants.

ako
1 replies
10h52m

Other countries have also seen inflation of prices of energy and other things. I doubt any of this would become cheaper if you leave the eu.

t0bia_s
0 replies
8h36m

Oh yes, EU has a solution! Its called CBDC. No cash, no different currency, just digital numbers. Im sure they solve inflation made by fiat money.

Vespasian
0 replies
11h26m

Switzerland applies many many EU-regulations without having a say in it.

They also pay towards EU funds.

They are also part of Schengen.

ekianjo
3 replies
12h0m

you can have an economic community without the political aspect of it

ako
1 replies
10h46m

Unfortunately, these days economic community is not enough. With the US slowly falling apart due to internal polarization, rusia and china trying to grap as much power as they can, Middle East far from stable, and the disrupting impact of climate change, focusing only on the economy ignores our biggest problems.

t0bia_s
0 replies
8h24m

If you put ideology on first place, competition will crush you easily. China don't care about environment and they make high fortune on it, like other countries did previously.

What frustrate me most is how EU sponsor their business from our taxes in name of care about environment. Ie grants on photovoltaic panels that are made from 95% in China or donated EV's that ruin traditional car manufacturing in EU.

hgomersall
0 replies
11h45m

What does that look like? Let's say you have a large exporting country that decides its exporting needs are more important than the employment needs of other countries in the block, how do you handle that without political alignment? Economic community is political community. The only question is what flavour of economic community, which IMO is where the EU has gone well off track.

rocqua
0 replies
11h54m

I think the widening of the EU that we have seen precludes the deepening of the EU that you advocate. This is a difficult balance. we should want deeper coordination within the EU. But we should also want to help and integrate our neighbors, rather than seeing them languish and become, as you put it, vassal states. And those goals are at odds.

This is partially because coordinating more countries is inherently more difficult if everyone can veto. But cultural diversity also plays a role. Deepening coordination means letting the EU decide more. Letting a more similar culture decide more will feeo better. beyond that, they are probably more likely to decide what you would have decided anyway. That is how a wider EU works against a deeper EU.

ohmyiv
8 replies
12h9m

If you leave the EU who are people in your country going to vote for? Most likely, either the right or the left.

Leaving the EU doesn't automatically make a country not right/left/whatever. Even before the EU most countries had the same thing. The UK left and still have left/right/whatever. You need to change a lot more than EU membership status to avoid the whole left/right issue.

mantas
3 replies
11h0m

It’s funny that those chat censorship laws seems to be mostly at EU level. Very few countries have something similar going on locally.

ohmyiv
1 replies
9h1m

I don't know if youre trying to imply I said any thing about the censorship law, but all I was pointing out was that leaving the EU doesn't change anything about parent's idea about voting left/right/whatever.

mantas
0 replies
31m

What I'm saying, it looks like those are pushed at EU level seemingly by bureaucratic apparatus regardless of ruling parties. Yet such ideas seem to be nowhere to be found at home, again regardless of ruling parties.

I'm probably wrong, but my gut feeling is that euro bureaucracy is playing it's own game. And it has little in common with democracy, citizen rights and citizen will at large. Infamous Juncker's phrase about how to push through unpopular regulations is the modus operandi of those people.

aembleton
0 replies
9h22m

Probably because they know it's not politically popular. As members of the EU, they can work with their commissioners to bring in unpopular legislation and then blame the eu if anyone complains. The UK used to do this a lot, and I expect other countries do it too.

t0bia_s
1 replies
8h48m

Centralised government and power is much more dangerous for society, than decentralised nations.

Im not sure why someone in Brusell should vote about regulations for entire Europe.

You cannot imply same rules for entire nations like all are the same. They are not. They have different cultures, different values, different taxes, different wealth, etc...

ohmyiv
0 replies
3h43m

You cannot imply same rules for entire nations like all are the same. They are not. They have different cultures, different values, different taxes, different wealth, etc...

I'm not implying anything. I'm stating the fact that partisanship is not only dictated by EU membership. Maybe you're correct, maybe not, I dont really care, but it has nothing to do with my comment. Please try again with someone else who cares as much as you do.

csomar
1 replies
9h35m

Leaving the EU, however, triggers competition. These small European countries will compete for talent/money/knowledge and that means more freedom and less taxes.

But hey gotta deny the EU is not working even after hitting the wall and your face is dangling from the other side right?

ohmyiv
0 replies
9h17m

I didn't say anything about it working or not, did I? The only thing I pointed out was that that leaving the EU isn't going to change parent's idea about leaving the EU to avoid voting left or right. Your comment doesn't apply or mean anything to me. I don't live in Europe nor do I follow all their politics enough to have a skin in the game.

rocqua
4 replies
12h3m

We shouldn't leave, we should reform!

That means power taken from the committee and brought to parliament. So the decision-making becomes more politicized, and thus more public. Politicizing isn't great, but without it the committee van fly under the radar. Moreover, without it the committee is fully beholden to the national governments, who won't be held to account for their decisions.

zo1
3 replies
11h11m

I've stopped taking the whole "change it from withing / reform" arguments seriously when it comes to anything larger than a village or small community. The entire system has gotten to this point because the rules, processes and incentives all aligned and co-evolved to get it here. Every single one of those "memes" (borrowing from Dawkins here) will fight very hard for its own survival. And their survival depends on the status-quo staying as is without change.

The only way forward is to not participate and/or burn it all down and start from scratch. And we all know what a polite and neutered society we are currently because things are relatively "okay" for us, so we're not at threat, so we're not willing to do the drastic measures necessary for correction here. That includes me, as I will not be sending my sons to the slaughter.

lambdaxyzw
2 replies
7h21m

The only way forward is to not participate and/or burn it all down and start from scratch.

You can't honestly suggest that. From where? "village or small community" level?

zo1
0 replies
7h0m

It's not a perfect answer, and one can "not participate" in more ways than one. Also, it depends on the individual and what makes sense for them and their family.

It's also a case of "picking your poison". So if the recent war wasn't happening, I'd be moving straight to Russia as right now it seems to be the sanest when it comes to these specific things. But that comes with dealing with some of the "negatives" as I'm sure you all can imagine.

If money wasn't a problem, personally I'd fund some sort of island or floating-island community to promote self-sustainable practices whilst staying as far as practically possible from the craziness going on in the west.

Jensson
0 replies
7h12m

You can still legally leave the EU. But this draconian law has not passed yet and has been up many times before, most likely it wont pass.

weikju
3 replies
12h24m

Leaving the EU hasn’t really been helping the UK either

t0bia_s
0 replies
12h7m

Sure, voting system remains same.

personomas
0 replies
12h1m

It hasn't really been hurting them either. By the way, UK had GDP growth by .6% in first quarter of this year, which is a lot more than a lot of other EU countries.

mike_hearn
0 replies
10h45m

Presumably Signal will remain available in the UK. At least, it could.

cataphract
0 replies
11h39m

It's the governments of the EU countries that are agreeing to this in the Council (apparently it's going through because France is lifting its veto). If enough people cared about this, they would put pressure on their governments to scrap this. But this is not ever talked about except in these circles (unlike, say, the migration pact).

ornornor
8 replies
11h46m

I wish they made it easier to vote in these EU elections. I live abroad. For me to cast my vote I’d have to physically travel to my country’s embassy which is several hours travel away return during the voting hours. Or give proxy to someone living there (don’t know anyone since I’ve never lived in that city).

Meanwhile, Canada lets me vote by mail, no fuss, and they even send the ballot to my home address automatically every election.

Would that really be so hard to do for EU or national elections?

praseodym
2 replies
11h30m

The Netherlands does allow citizens living abroad to vote using mail-in ballots, so it’s something that your country has to arrange.

ornornor
0 replies
11h17m

I can only hope… but won’t hold my breath.

awelxtr
0 replies
10h41m

Spain too

arianvanp
1 replies
11h11m

The EU elections allow you to either vote in your country of residence or in your country of birth. You just need to register beforehand and you'll just be able to vote at a local ballot.

Here in Germany they even actively inform you of that choice. I got a letter both from the dutch government and the German government that I can make a decision to either vote in Germany or in Netherlands

ornornor
0 replies
9h47m

Yes, I’m not saying it’s impossible. I still need to travel to my residence country’s capital which is several hours away and not free to get to in order to cast my vote in person. That’s quite a hurdle and I’m not surprised that participation is so low as a result.

timeon
0 replies
10h32m

You can vote at embassy? I need to travel back to the actual country.

darkwater
0 replies
10h15m

I'm in the same situation because I forgot to change the country, but you totally have the right to vote for the EU country of residence.

Strom
0 replies
9h22m

It's up to your country to determine how tedious they want to make it. For a counter example, as an Estonian citizen, I can vote in these EU elections via the internet using my private, government certified, P-384 key.

tsimionescu
5 replies
12h14m

This proposal is coming from the EU council, which has nothing to do with this election (it is made up of PMs or Presidents of the EU countries).

The EU election is important though to ensure that the EU Parliament doesn't enact such a horrid proposal into law.

hcfman
2 replies
12h2m

Who should we vote for then? That’s very hard to decide without a lot of research. I would say the pirate party is a safe bet. But if there are multiple candidates you need to be sure your vote goes to a strong candidate to increase your chances of success. But just figuring out who this might be is already hard.

Then of course there’s the non-democratic structure of the union itself where the non voted commission decide the laws.

tsimionescu
0 replies
11h57m

It varies from country to country who you can vote for to oppose such legislation. You need to investigate your local representatives.

Also, the Commission only proposes legislation, it doesn't enact it. Only the EU Parliament can enact legislation. The comission is similar to the Government of most democratic countries, also in the fact that it's not directly democratically elected. However, you still have plenty of democratic control over it, just not in EU specific elections, but in your own country's elections.

Edit: mistook the Council for the Commission. Corrected in line.

isodev
0 replies
9h29m

This is not reality TV, it's important that you cast a vote aligned with your views, not who is most likely to win or loose. If you're unsure which party represents your views, you can use tools like https://euandi.eu/

The EU structure is democratic, you can see a summary of each body and how its formed at https://european-union.europa.eu/institutions-law-budget/lea...

mike_hearn
0 replies
10h36m

It originally comes from the Commission, not the council:

https://fortune.com/europe/2023/10/26/eu-chat-control-csam-e...

Back in May last year, the European Commission proposed what security maven Matthew Green described as “the most terrifying thing I’ve ever seen”—a law that would force everyone from Facebook to Signal to scan everyone’s messages

isodev
0 replies
11h8m

Parliament's involvement depends on the policy area and may imply (a) being consulted, (b) giving consent or (c) co-legislating on an equal footing with the Council (ordinary legislative procedure). In case of "chat control" (actually called CSAR or COM/2022/209), we are in case c) - it was Parliament rejecting big parts of the proposal [0].

The OP refers to a document discussed during ST 9093 2024 INIT, it's part of the same package of legislation priorities (2022/0155(COD)) and it's currently awaiting the opinion of Parliament [1].

I know these make for very click-baity titles, but this is the moment when one can follow the feed and publications of their MEPs and contact them when one doesn't agree with some of their positions. Logs of all meetings are available online.

[0] https://en.wikipedia.org/wiki/Regulation_to_Prevent_and_Comb...

[1] https://oeil.secure.europarl.europa.eu/oeil/popups/ficheproc...

paganel
3 replies
11h10m

You’re correct, these elections are pretty important, as we can vote for the parties/people that would bring this thing called the EU a little bit closer to disintegration, i.e. vote for the Nigel Farages of your countries. At this point the ghouls in Brussels are un-reformable.

timeon
1 replies
10h27m

Are you even EU citizen? You seems to be posting mostly Russian POV.

paganel
0 replies
6h17m

What type of question is that?

If you’re so curious, yes, on top of being pro/Russia I’m also a Mets fan. LGFM! How does knowing more about me help bring this conversation forward? Should I in turn ask about your favorite MLB team?

omnimus
0 replies
10h12m

Yes the best solution to democratic process is to vote for famous populist alt right politician whose politics is build around saying whatever generates most clicks/hate at the time. Best part is once in power these people are as corruptable if not more because they just dont care and will sell their votes to the highest bid. Snakeoil sellers.

plasmasheep
2 replies
11h51m

Alt rights? You realize this is being driven by the heads of state from mainstream parties, yes?

isodev
1 replies
10h38m

Yes, I know how the EU works.

These heads of states also got elected in their respective countries. You don't want to see "chat control" proposals coming from the council of Europe? Then don't elect the likes of Orban/Melonie/Geert Wilders!

Next week we're voting for the EU Parliament where MEPs are responsible for discussing and accepting/rejecting proposals from the EU Council.

mike_hearn
0 replies
10h18m

Wilders only formed a coalition about two weeks ago, and he isn't the prime minister so wouldn't be in the Council anyway.

As for the others, why do you think these laws come from the council? EU law never comes from the council, it's always proposed by the Commission. There's a list of people who are most responsible for this specific law here:

https://www.reddit.com/r/europe/s/Q4fRGd1a2e

None of the people on the list are heads of state, as per usual. They are senior members of the Commission and the usual assortment of lobbyists who feed them ideas.

Proven
2 replies
12h22m

That is ridiculous.

Both the commission and the parliament are controlled by socialists (of various kinds).

isodev
1 replies
9h43m

It doesn't work like the US - it's not binary "left or right".

mardifoufs
0 replies
4h8m

So why did gp talk about the alt right?also I disagree, there is a binary left right in Europe too. Unless it's for social stuff then most parties are on the right in Europe lol

l33tman
1 replies
9h7m

The ChatControl2.0 proposal was put forth by Ylva Johansson who is from the left in Sweden. She literally says "But think of the children" in every interview she made after this. There has been many accusations of corruption, for example the council was in contact with the AI companies that stand to gain from getting this in law.

https://www.svt.se/nyheter/ylva-johansson-ifragasatts-om-lob...

I don't like mass-surveillance or "dragnets" which are actually considered unconstitutional in the US (see https://en.wikipedia.org/wiki/Dragnet_(policing) ), where you make an extraordinary amount of people suspects in order to catch a single suspect.

In medicine there is a number called NNT (Number Needed to Treat) which is a really good comparision to this. It's how many you have to treat with a medicine or procedure in order to help one patient. If that number goes up too large it's a bad sign, like if you would have to feed 1 million people a pill every day to avoid 1 heart attack per year.

Here you have mass surveillance and an incredible breach of privacy of 500M citizens, in order to catch how many pedos? If they would even be caught by this at all to start with.

lambdaxyzw
0 replies
8h6m

If they would even be caught by this at all to start with.

I doubt it. Teenagers sending each other naked pics, maybe (but after the law passes they will know they have no privacy and will stop doing that. I fear what awareness of constant surveillance does to a young brain). The actual pedophiles were always on top of their opsec game. In this case it sounds like they just need to opt-out of scanning and send each other obfuscated links or base64 encoded encrypted zip files in text? This is child's play, there were highly sophiasticated pedophile groups using tor-only infrastructure with forced opsec and rotating identifies every month. They never trusted mainstream chat apps, and they won't be affected. This only makes it possible to track regular people.

oxygen_crisis
0 replies
12h27m

do anything under the slogan of "protecting the children".

This is far too forgiving a representation, they are surveillance wolves disingenuously wearing the sheeps' wool of protecting children to further their eventual thought-policing goals of "total information awareness."

Doing anything to protect children is difficult to object to. Using the children as their pretense for monitoring dissidents is really the heart of the matter. It's important to differentiate between the two.

I get that this difference could be subtly implicit in that comment, but let's please make it explicit.

mike_hearn
0 replies
10h30m

These laws, as required by the EU constitution, do not come from the people who are elected, so changing who gets voted in will have zero impact on whether such laws appear or not.

Moreover the EU Parliament is controlled by social democrat (left) parties. There currently a bunch of stories in the press freaking out over the possibility that the EU Parliament might actually become majority right wing for the first time ever, example:

https://www.google.com/amp/s/ecfr.eu/publication/a-sharp-rig...

So it's very unclear how you reached your conclusions about who people should stop electing and what effect that would have.

bun_terminator
0 replies
11h11m

I hope there'll come a time where the idea that these events that distribute ultimate power might not be flawlessly executed and maybe even partially fraudulent is seen with merit. It's certainly not the time yet, as always seen when this comes around.

123yawaworht456
0 replies
12h24m

that's such a hilarious /r/politics-tier take, I literally can't even.

ggm
42 replies
12h53m

Good. Stick to your position. No irony or sarcasm, there is only one reason to use signal and these rules undermine it's integrity and purpose.

newaccount74
41 replies
12h15m

I don't agree with this. Encryption is a feature of Signal, but it's not the only reason to use it. The bigger reason to use it is that it is independent from Meta, so you can use it without having Facebook track you.

I don't rely on Signals encryption, since there is no way to verify that it works in the way that it does, and even if, there is no way to know that the recipients are as careful as you are. If there is something I don't want others to find out, I just don't write it down. No encryption is fool proof.

adastra22
29 replies
11h56m

If you just want to be independent of Meta, send an SMS. They’re free and built into every phone. Signal is about privacy.

DrSiemer
26 replies
11h40m

SMS is far less convenient and lacks many important features, like groups, emojis, speed and presentation.

Independence from known data harvesters is the only reason I got pretty much all of my contacts to switch.

baxtr
23 replies
11h24m

What are you afraid of? What can happen?

This is a serious question

wafflemaker
5 replies
11h5m

Companies harvesting the data and using it to build extremely correct psychological profiles, which will then be used to successfully manipulate election results.

It has already happened btw.

dfawcus
2 replies
8h44m

Which elections would those be, in which country, and which candidate benefited?

adastra22
1 replies
3h55m

Look up Cambridge Analytics and the Trump campaign in 2016.

doublepg23
0 replies
47m

I think you missed the firmware update from 2020 when we decided American elections are not rigged.

baxtr
1 replies
10h50m

Thanks, that’s very specific and actually happened.

Good point

newaccount74
5 replies
11h1m

Is that a joke? Any data that is stored about you can be used against you.

We know that Meta tracks everything you do in a pretty invasive manner. We know they use this data to target ads, and while they claim not to share data with advertisers, we do know that people have figured out ways to leak some of that data.

Since they share data with a lot of 3rd party tracking companies, we would have to trust all of them to keep our data safe. It is highly likely that some of these companies employ malicious actors.

Now, maybe you think you have nothing to hide. But the political landscape changes all the time, and things that were legal one day might be criminalised the next day, or some terrorist organisation gets a hand on your data and figures that you are an enemy of their god for some reason, ...

The only way to protect against these things is to not store the data in the first place.

baxtr
4 replies
10h52m

No it’s not a joke. Outside of tyrannies it’s ok to ask questions.

Specifically, I am interested in tangible examples.

The one thing I got from your post is: Meta can target you to deliver better ads.

If you have other specific examples of what else can happen, please elaborate. I am curious

anonzzzies
1 replies
10h40m

I worry about future use of my data. If it’s not e2e encrypted, future despots (or, less extreme, insurance companies, which tend to be only slightly less evil than despots anyway) can mine it (with not very good AI) to see if I am a good servant to the state , even though my remarks might be from 15 years ago and not related.

baxtr
0 replies
10h32m

Ok understood, so a vague fear of being punished for what you said today in the future by governments or insurance companies.

I can see that happening in the future albeit with a low probability in the Western World at least. Of course you never know

realo
0 replies
6h31m

There is no such thing (for me) as a "good" ad.

I want no ads in my life, ever.

When I need to buy something I look for research, reviews, competition, people who actually used the thing for some time and comment on the thing's weaknesses.

I want to control when I start being interested in something, and when I stop also.

When I need to buy something I need knowledge (weaknesses) and control. Advertisements are exactly the opposite of that.

So... no ad can ever be a good ad for me. Period.

lambdaxyzw
0 replies
9h32m

Outside of tyrannies it’s ok to ask questions.

Ok, a specific example: by a weird twist of fate, my country outlawed abortion (in most cases). Currently it's easy for affected women to travel somewhere and get help. Some people don't like it. With widespread tracking, it will be possible to target and punish women for breaking the law by getting abortion.

inamorty
5 replies
11h15m

Do you have a front door to your house? Why? What can happen?

baxtr
4 replies
11h14m

Just answer the question if you have the answer.

stoperaticless
1 replies
10h22m

Parallel with front door was appropriate answer:

1. This is default expectation (to have privacy, to have doors)

2. If you go abstract, it’s not too useful (its good to have of control of information sharing/ it’s good having control who access your house)

3. It seems impractical to go into details, due to very many different scenarios, details, expectations. Take a set of different “motivations” (incompetence+personal gain+for terror+for ideology push), multiply it by types of actors (phone manufacturer, government, enemy state, criminals), mix in the possibility that law and approach can be changed/ expanded, while keeping in mind that motivations and actors will change year to year. (One thing when such tool is available for consertive gov., other thing when such tool is available for extreeme right/left gov.)

Parallels do diverge eventually, with door if somebody breaks it you most probably can see it immediately. While negative effects of privacy breach can take years to surface.

baxtr
0 replies
10h12m

For me it’s a very bad analogy avoiding to give an answer.

Doors and how they’re used is highly cultural and has evolved. There’s nothing “fundamental” you can derive from your mental model of today.

Same goes with bike locks and the like. I used to live in a student town where people simply never locked their bikes. It was a custom of that time and place.

freetanga
1 replies
10h26m

I remind you Turings fate by his own government for being gay not 60 years ago. Today being gay or straight is a non issue in most countries, and Turing life would have been different.

My take is the following: we have governments because we tolerate them. Constitutions are nothing more than a social agreement, and they could be torn apart and remade at any point in time.

Politicians are our employees - we hire them, we pay them, we can fire them. Sadly in the past 80 years we have started seeing them as our saviors and forgot their power emanates from us.

I don’t want my employee (the government) telling me what to do and tracking me. It’s irrelevant whether I have or not something to hide.

baxtr
0 replies
10h9m

I understand this stance and it makes sense.

The OP, and that’s how it started, said he switched to signal due to “data harvesters” like Meta.

I feel like the conversation here diverged from that to something different.

PS: I absolutely follow the logic of restricting politicians. Unfortunately these people are versed with power and how to use it. Otherwise they would have not ended at the top…

n_ary
1 replies
10h45m

Well, nothing interesting can happen in short-term, but not sure about long-term given how much surveillance is being built under our noses.

Currently, only issue I face is, due to unlimited text/calls benefit in Germany, I also receive a lot of scam/phishing sms or random sales sms about some random agency offering digital marketing, webdev, wordpress etc irrelevant service unsolicited. I noticed that, somehow when such sms arrives, I am very proactive in immediately blocking those numbers, but may be by evening, I start seeing adverts all around the web creepily related to those same sms(mostly different vendors but related business area).

Thanks to the garbage that LLM is, now I suspect Google SMS as well as other Android based sms apps are also scanned and profiled to feed to advertisers, which I can't prove but my experience above is definitely not the Frequency Fallacy.

baxtr
0 replies
10h39m

Thanks. So short-term: annoying spam and phishing calls/sms

Long-term: hard to say.

Makes sense

internet101010
0 replies
10h33m

It isn't about being afraid. The interaction between two people is nobody's business except the two people.

af78
0 replies
10h10m

I’d like to add that it is not just about governments (democratic or otherwise). Large corporations wield disproportionate powers, in comparison with individuals, and may have a presence across countries and continents. Even if they don’t use the data directly, they may pass it to some other entity. I’m not comfortable with the idea that anything I read or write today may be made available one day to my current or future employer, customers, providers etc. ... In a way I have already internalized this idea. These days every time I use an electronic device I behave as if an unintended recipient was peeking above my shoulder. So my behavior isn’t as free is it was, say, in the 90s, before networked communication was so ubiquitous.

FMecha
1 replies
59m

Also, is SMS even that secure anyway? There are security attacks surrounding SMS (hence why SMS is looked down as an OTP method from security standpoint).

djaychela
1 replies
11h18m

Rich messaging with images and videos is not universally available without signal or WhatsApp etc... And it's very easy (at least here in the UK) to end up sending an mms message which still costs an arm and a leg.

adastra22
0 replies
3h51m

Interesting. In the USA at least MMS is zero cost on every plan I’m aware of, and the user experience of Signal is pretty much the same as MMS on iOS. Usually the rest of the world is ahead of North America on these sorts of things, so I thought the era of being charged for a SMS/MMS was behind us.

illiac786
4 replies
11h2m

How do you deal with passwords? You got to have a lot of critical passwords which are hence not written down, it’s really hard to memorise this.

newaccount74
2 replies
10h52m

I use iCloud Keychain for passwords. It's a trade-off between security and convenience.

Passwords aren't as critical in my opinion, because I can always change them. Sure, it would suck if someone broke into my hosting account or my bank account, but I could probably fix it somehow. I was more thinking about secrets that I don't want people to find out, because there is no way to make people forget something they learned about me that I wanted to hide.

illiac786
1 replies
10h31m

Some secrets are worthless without communications. Think of the poor extortionists. They took a compromising pictures, they would have to sent it via mail without proper encryption. How retrograde.

I’m joking around but I did get your point. I just think secrets cannot be categorised simply in “stuff I don’t want anyone ever to learn about” (why would someone use signal for that though) and “stuff I don’t care if anyone learns about”. 99% of the information I send over signal is actually neither, it’s in-between. I don’t want the whole world to see pictures and names of my family. I do want other members of my family to have them. Hence I use Signal for this, because I trust them most (or I distrust them least, depending on the point of view).

It’s all about trade-offs, as you said.

newaccount74
0 replies
6h27m

I agree. What I was trying to say was that encryption was not the most important part for me. Facebook or Twitter DMs would be secure enough for family photos in my opinion, if they didn't use invasive ad tracking. The fact that Signal is independent is why I use it, not because of superior encryption.

slowmotiony
0 replies
10h38m

That one's easy, he just gives all his passwords to Apple Inc.

saulrh
2 replies
11h51m

there is no way to verify that it works in the way that it does

Since we're specifically talking about Signal, I think that it's worth mentioning that Signal is uniquely predictable here. They published their entire cryptosystem, it's been extensively inspected by the cryptography community, there are multiple open-source implementations that agree with the published mathematics, and I strongly suspect that more than a few people have sat down to verify that the bytes coming out of the app are actually produced by the published protocols. Claiming that that's not "working the way it does" is reaching out into territory along the lines of Trusting Trust, the unproven existence of trapdoor functions, and the Problem of Induction.

nullc
0 replies
19m

there are multiple open-source implementations

No. Signal locks not not just third party software but also builds of their own "open source" code via timebombed forced updates. It's somewhat impractical to use signal except via blinding accepting updates from them.

As a result every signal user is sadly quite vulnerable to getting pushed a bad update, particular since app store policy changed to require the app store itself being able to sign updates.

Signal could mitigate this by allowing third party clients and/or not timebombing support.

newaccount74
0 replies
6h16m

Right. There is no way for me to verify that the Signal app isn't actually a trojan created by a US agency with a clever marketing team. It sounds far fetched, but it wouldn't be the first secure messenger that was later revealed to be a covert spying device.

I still use the app, because I trust Signal more than Facebook, but the encryption isn't why I trust them.

superb_dev
1 replies
11h28m

Matrix, IRC, Discord, Telegram, SMS, etc. You’ve got plenty of options to get away from Meta. Privacy and E2E encryption are Signal’s killer features

lambdaxyzw
0 replies
9h38m

I agree, and that's a major part of why I use Signal, but I just want to say that most of my friends (and even family) use Signal, so at this point it's also a network effect for me.

prophesi
0 replies
10h13m

I don't rely on Signals encryption, since there is no way to verify that it works in the way that it does

Totally. Not everyone is a cryptographer to review the code and ensure the app they're downloading is what was compiled by the aforementioned vetted code. That's what F-Droid and cybersecurity audits attempt to solve (and Apple's vetting process, though I think their mandatory $100/yr developer license is what drives malware off the platform).

The one reason to use Signal is privacy, and its replacement of Meta apps is under that umbrella.

EGreg
31 replies
12h41m

First they came for crypto, and you guys laughed and cheered them on because “crypto and web3 sucks”

I told you then, that end-to-end encryption is far more worrying for politicians, than mere cryptographic signatures. And that they’ll be coming for it next. Because it can hide billion-dollar transfers, or CSAM, or gasp seditious material against the king.

Well, it’s not just Europe, it’s all over the world:

https://community.qbix.com/t/the-global-war-on-end-to-end-en...

The above chronicles many cases even in your own country!

Today regular people are just as clueless about end-to-end encryption as many on HN are about web3 and decentralized network innovations. Think of the children!

And then they will come for the regular person, and by then there will be no one left making tools that could have helped them.

As for me and my views, I have come to believe that end-to-end encryption vs state actors is a band-aid, that if you are reduced to sneaking around then your government and agencies need fixing. Whereas digital signatures and smart contracts and decentralized networks are useful as they allow everyone to be in control of their own identity, voting, balances etc. without relying on a third party. It’s done in the open. But the difference is that it can be limited to “benign” things and enforces the rules, while everyone gets to make their own decisions and one party can’t corrupt the system.

To me, the transparency and resilience to corruption is the main thing. The sneaking around, I can see how governments can declare war on that.

JumpCrisscross
27 replies
12h28m

First they came for crypto, and you guys laughed

Crypto has probably done more to undermine privacy than Hoover’s FBI. Its proponents are ambitiously unlikeable, relishing their distastefulness to burnish outsider credentials. Its damage is easy to quantify in a way troublesome speech is not. And because a broad set of the population either doesn’t like it or, much more prominently, doesn’t care, it serves as a stalking horse for advancing general anti-privacy laws.

Signal is a great example. They should be a unifier for the notoriously-apathetic privacy crowd. But it isn’t. In part due to its crypto crossover. I genuinely can’t seriously take Signal as a canary of anything, because it’s unclear what motivates its leadership.

TeMPOraL
16 replies
12h21m

Also conflating and confusing "crypto" as in cryptocurrency and web3 bullshit with cryptography, which was arguably done on purpose by the "crypto" side, is making the problem worse. A niche but very important domain is, in general consciousness, mixed up with the scammers, and tarnished by association.

EGreg
15 replies
12h16m

It’s all using cryptography.

Cryptographic signatures are heavily used in these networks. People sign the transactions using elliptic-curve cryptography (or they are moving to some quantum-resistant thing). Then a blockchain or other decentralized network stores the transactions while a programming language is used to make sure that everyone and every node is following the rules.

Being able to finally trust the code instead of a middleman has the potential to be extremely useful despite your insistence that it cannot possibly have any uses because you personally don’t like it. Because trust is costly, and being able to reduce the attack surface enables much larger coordination and larger value to be managed collectively, with far less corruption.

tsimionescu
14 replies
12h5m

There is no way to do commerce with physical goods without trusting either (a) your trading partner, (b) a middleman, or (c) your government. Crypto only solves the postmen of trading crypto without trust. Everything else still needs a trusted middleman.

And for things like voting, it is hundreds of times easier to verify if a paper ballot election is rigged than it is to verify if a crypto based election is rigged.

EGreg
13 replies
11h51m

That’s wrong

First of all, there are many more applications than commerce with physical goods. There’s global payments for services, recurring subscription models, gated access to content, contests, voting, governance, UBI, and much more. Check out https://intercoin.org/applications for a more comprehensive list.

I wrote this article in 2020 after multiple voting debacles in Iowa etc. Paper ballots and hand counting is what lost Al Gore the election for instance and George W Bush got elected, leading to a lot of wars and destruction. With all those paper butterly ballots and other things, it was actually NOT easier at all. People had to recount throughkut multiple days until the Supreme Court simply stopped them:

https://www.coindesk.com/in-defense-of-blockchain-voting/

And now a large proportion of the country believes the 2020 election was rigged due to mail-in ballots arriving and being counted in the middle of the night. Go tell them they’re wrong. You may think they’re crazy but cryptographic signatures and valid IDs could have made it FAR more secure. Unlinkability is the only thing that is hard, for that we could have given everyone a token and used a zero-knowledge proof mixer.

In fact, that is what Google now does with its “privacy sandbox”. But you have to trust Google :-)

JumpCrisscross
7 replies
11h41m

cryptographic signatures and valid IDs could have made it FAR more secure

No it wouldn’t, it would make attacks at scale easier. The gold standard is physical ballots with electronic scanning.

EGreg
6 replies
11h29m

Seems completely the opposite.

With paper ballots around the world there are already attacks at scale. Take the latest national election in the USA. Republicans claim that Democrats shipped in fake mail-in ballots or harvested them from old people, and said “trust us”. Democrats claim that Republicans closed polling stations and disenfranchised many voters at scale in districts that historically voted Democratic.

Witness all the rigged elections around the world, some strongmen getting 99% of the vote at scale. What good are the paper ballots in, say, Belarus if Lukashenko says he won? Is an average person going to be able to somehow know what happened in their own pollung station after they left, let alone across the entire country?

Having mutually distrusting parties have access to each other’s work is the very thing that enforces byzantine consensus but it can be checked and verified on-chain as each party signs off on the result, so anyone can check that 1) they looked at it and 2) they were satisfied. That’s far far better than hearing someone say “it went fine” about paper ballot recounts.

Furthermore, everyone being able to make sure their vote was counted by eg checking Merkle Proof is far more secure.

None of the above failure modes would be an issue if everyone who wanted to, could vote from their computer, scanned the QR code with their phone to verify their choice, and signed with their private cryptographic keys derived from their IDs.

JumpCrisscross
5 replies
11h23m

Republicans claim that Democrats shipped in fake mail-in ballots or harvested them from old people, and said “trust us”. Democrats claim that Republicans closed polling stations

Claims won’t change with a tech fix.

The point is there still isn’t evidence of wide-scale disruption. Electronic-only voting changes that from a verifiable problem to an inherently-unverifiable one. You only know the code voted, not the person.

What good are the paper ballots in, say, Belarus if Lukashenko says he won?

Crypto ballots wouldn’t change this. If anything, I expect crypto voting to soon feature in authoritarians’ elections.

EGreg
4 replies
11h4m

Yes you massively mitigate both systemic problems with a tech fix.

People in rural areas whose polling station closed thanks to Republicans, and who can’t drive 30 miles to the next one wanted to use the mail-in ballots. And Democrats were very happy to allow it. But then Republicans pointed out all the ways the mailing system and ballot harvesting was very unreliable. And both sides have a point. Taken to the extreme, both disenfranchisement and physical mail suck for voting.

In contrast, people could have an option to vote from their computer and use their phone to scan the QR code and confirm their vote and sign it. They can then verify their vote was included correctly!

I have explained at length how crypto would make it a lot more verifiable and reliable.

Everyone would be able to check:

1) their own vote was counted in their district

2) their own district was counted in the total

3) the number of votes and turnout in each district, matching the number of signed checkins

4) mutually distrusting parties in each district saw each ballot being cast (or a random sample) and were satisfied that the electronic record matches whatever receipt was generated

None of these can be directly verified by nearly anyone participating in a paper election.

effie
2 replies
4h51m

This seems very naive.

1) even if so, can I check my vote recorded at the district vote collection center is the same as the vote I meant to send?

More importantly, can I check the resulting numbers announced on TV/radio/online are the same as the sum of all legitimate votes, and not influenced by illegitimate votes, and not doctored?

This is all impossible, in any system of voting.

tsimionescu
1 replies
2h41m

It is very much possible with paper voting, or at least you can personally inspect every step of the way in the process for a small slice, and you can understand how others like you verify things in other slices.

Ultimately, you do need to rely on your co-citizens to help verify that the elections are valid (in a simple to verify system, i.e. paper voting), just like you need to rely on them to vote coherently and to abide by the results of the election.

effie
0 replies
2h1m

I agree the believability is much better with paper trail. Paper creates hard-to-forge records that can be checked later, electronic communication is too complicated and hard to audit, especially origins of electronic records.

JumpCrisscross
0 replies
10h22m

people could have an option to vote from their computer and use their phone to scan the QR code and confirm their vote and sign it. They can then verify their vote was included correctly!

Besides destroying the secret ballot, you can do this now! You look at the paper and the electronic count. If you’ve been a poll worker or observer, you know there are hundreds more checks a well-designed system has.

Everyone would be able to check

Few people would be able to check any of this. (Fewer than can observe a poll today.) And it’s much easier to invent a “hack” that makes people distrust an electronic ledger than a paper one folks can audit ex post facto [1].

There is no similar audit capability for a blockchain. Did the person actually vote that way? Or was their phone hacked? Short of re-polling everyone, you cannot know.

Remotely coordinating a poll attack on paper ballots where every precinct has its own system is impossible. Crypto voting is a textbook tragedy of trying to solve a social problem with a band-aid of technology.

[1] https://en.m.wikipedia.org/wiki/2021_Maricopa_County_preside...

tsimionescu
4 replies
11h32m

Commerce with software goods, or even exchange for digital traditional currencies, suffers from exactly the same problem as physical goods: there is no possible way to use the block chain to guarantee that a payment on the block chain will result in a good or service being provided outside the block chain. You can try to build more things onto the block chain itself, but that quickly becomes un scalable.

And for elections: if you think for a second that a crypto voting machine wouldn't have been cast doubt on by the people who brought you "Hugo Chavez stole the election through Dominion voting machines", then I have no idea on what planet you live.

On a separate topic, the USA is almost uniquely bad in the world, at least for rich democratic countries, in having such problems carrying out elections.

In my own, incomparably poorer, country, with a 50% rural population, we just don't have these problems. You have a 90% physical voting system: you come to the polling station, they check your ID in an electronic system to make sure you meet the voting age and haven't voted before in this election, they give you a stamp and a ballot, you stamp the ballot in a private booth, typically in a local school. You fold the ballot, and put it in a big urn. At the end of the voting day, representatives of all parties and anyone else who registered as an observer opens the urn and they all count the votes. They report the counts higher up electronically, and safely store the physical ballots. Elections happen on a Sunday, from 8 AM to 8 PM, sometimes with local extensions where a polling station is still full at the close. Preliminary results from exit polls are announced immediately at 8PM by the media. The electoral officials announce the first official preliminary results by 22PM, and then throughout the night. By 12 PM the next day, the vote count and official final results are typically out.

No "hanging chads", etc. There are plenty of other electoral issues (busing, paying for votes, strong local cliques where even representatives of different parties conspire to steal votes for a single party, bad education leading to people not knowing their rights or who to vote for, etc). But not procedural problems, and no machines that make it easy to hide systematic stealing.

EGreg
3 replies
11h16m

At the end of the voting day, representatives of all parties and anyone else who registered as an observer opens the urn and they all count the votes. They report the counts higher up electronically, and safely store the physical ballots.

What you describe is exactly what happens in byzantine-fault-tolerant networks, and much more. But because it is done by machines, the cost is brought down by orders of magnitude so now many groups can have decision making and votes about many things every day, rather than spending billions once every few years and manually counting. This technology is made available to all, as opposed to, say, trusting the operators of a StackExchange site to not rig the periodic elections for moderators and those who will run the site. And it allows the communities eg DAOs to collectively manage larger amounts of money without worrying some director will abscond with it.

The REAL conflation has been by crypto-haters of decentralized protocols with centralized entities like FTX or Celsius. The only thing they have in common with crypto is that you can send crypto to the address they control. And then, they pinky promise they’ll take care of it. Crypto has been developed exactly to remove the need for such middlemen! While FTX fell, UniSwap and Aave Protocol didnt miss a beat. No one worries a UniSwap smart contract will rugpull then one day. Government regulation isnt needed when the code has been battle tested with billions of dollars. Just like government regulation of HTTP isnt needed even though it was needed for physical mail delivery. That’s the kind of building blocks we need for a future system — for voting too. Cheaper faster better.

It is a bit like arguing email and the world wide web is worse than the gold standard of regular mail. Look at how much innovation it has unleashed once given the chance to build on top. Sure we had chain letters and scams and phishing etc. But we also enabled trillions of dollars in ecommerce and SaaS and much more!

tsimionescu
2 replies
10h57m

It is impossible for all but maybe 10 humans in the entire world to make sure a machine implements the algorithm it purports to implement. It is impossible for all but the best programmers + mathematicians to verify that the algorithms that they purport to implement achieve the safety/security goals they hope to achieve.

EGreg
1 replies
4h10m

And yet, with crypto, it is possible for people to verify that the code matches exactly what was written, and it was publicly audited by multiple companies and battle-tested with billions of dollars in value.

UniSwap is a great example. No one ever worries that a UniSwap instance will do something nefarious. That's how the decentralized software SHOULD be. We don't need everyone to verify, but just allow ANY AUDITORS IN THE WORLD to do it.

tsimionescu
0 replies
2h45m

This is trust in a middleman - the auditors. There is noting trustless about this system. For money, that's probably good enough - it's no less trustworthy than a bank. But it's FAR from enough assurance for national voting.

EGreg
7 replies
12h22m

The same people who say they can’t take Signal seriously as a canary for anything because they did something with crypto are total cheerleaders for OpenAI even after it disbanded its ethics and alignment boards and did a lot of shady stuf. “Because crypto sucks in every way possible” and “because AI is awesome”. What about nuance and substance? This is HN.

If you ask the average person, they’d say that people on HN and their snarky attitudes are far more unlikable than the people building decentralized networks that empower people.

Vitalik Buterin. Tim Berners-Lee. Ian Clarke. The teams at IPFS, MaidSAFE, Freenet. I have interviewed many of them and spoken w them. They are humble, good people trying to make the world a better place. You just enjoy shitting on anything that has the word “web3”. Actually that keyword attracts automatic downvotes on HN since 2021, as in 3 seconds after you post.

Try visiting, say, https://forum.autonomi.community/ or https://ethereum-magicians.org/ and see now nice, courteous and constructive nearly every participant and post is. They are solving hard problems. Not shooting down snarkily anything in a cargo-cult fashion.

Here is an interview I made with Ian Clarke for instance. Unlikeable? https://www.youtube.com/watch?v=JWrRqUkJpMQ

JumpCrisscross
5 replies
12h14m

If you ask the average person

I don’t know Europe’s polling. But in America, the majority is against [1][2]. (The only ones showing marginal favour ability are industry polls [3] by low-quality pollsters [4].)

You just enjoy shitting on anything that has the word “web3”

I’ve made a lot of money from investing in companies that do things around crypto. Its users are a population willing to pay high fees for nebulous ideological points, almost uniquely so outside religion and politics.

[1] https://www.cnbc.com/2022/12/07/just-8percent-of-americans-h...

[2] https://www.pewresearch.org/short-reads/2023/04/10/majority-...

[3] https://projects.fivethirtyeight.com/pollster-ratings/ Harris

[4] https://www.businesswire.com/news/home/20240507551232/en/DCG...

EGreg
4 replies
12h11m

Now show me what the majority thinks of “tech bros” commodifying everything and taking away everyone’s jobs, including and especially with OpenAI.

Oh wait that part is awesome and people should just atop worrying and learn to love the bomb…

I just don’t like the selective double standard of these arguments. Far less people are worried about blockchain than about AI, and the public is CORRECT. Because with Web3 even with the shittiest of shitcoins people only stand to risk what they voluntarily put at risk. While AI can harm millions of people who never opted in, and wanted nothing to do with it, across the entire world, their lives are going to change kicking and screaming, and you say “they should get used to it”.

It is the politicians and banks looking to ban things because they are worried about competition to, say, CBDCs. And if you cheer them on then don’t get upset when they ban end to end encryption by the same reasoning. People actually want the freedom to choose their own digital assets. They aren’t sneaking around, they just want choice and the Republican party has come around to supporting crypto for instance. Even DT.

JumpCrisscross
1 replies
12h7m

Now show me what the majority thinks of “tech bros”

Declining but better than crypto, though the recency of the polling leaves much to be desired [1][2].

taking away everyone’s jobs, including and especially with OpenAI

Honestly, an AI that writes and launches web3 projects would be hilarious.

Also, I’d single out AI—and Altman, specifically—as demonstrating that same unlikeability. The two industries currently clamouring for harsh regulation are AI and crypto.

politicians and banks looking to ban things because they are worried about competition to, say, CBDCs

Banks lobby for crypto. It’s insanely profitable compared to regulated fare.

Who do you think has been pushing the ETF and custody rules?

While AI can harm millions of people who never opted in

The entire thread is about crypto trashing everyone’s privacy.

[1] https://news.gallup.com/poll/329666/views-big-tech-worsen-pu...

[2] https://www.brookings.edu/articles/how-americans-confidence-...

EGreg
0 replies
11h39m

Agreed about Altman, and once again I am trying to point out the key difference: AI can impose massive negative externalities on billions of people who have never opted in, whether they like it or not — while even the shittiest of shitcoins in crypto can only lose you what you voluntarily chose to put at risk. For many people that was under $1000, and for even more it was $0.

To me that is why I consider AI far more dangerous than cryptocurrnecies of any kind. And smart contracts can do far more than cryptocurrencies… while decentralized byzantine-fault-tolerant networks can do even more.

The public fears AI far more than they fear Web3. As for the banks, they couldn’t have exposure to these assets until the ETFs came about, because of laws. And these assets only became interesting because millions of regular people around the world bought into that ecosystem and started using it. The innovation in DeFi was far greater than in regulated FinTech, and without all the arcane needs for interoperability with legacy stuff that still uses fax machines and COBOL. Similarly to how packed switched decentralized VoIP completely eclipsed switchboard operators and legacy telephone networks and trusting the operators like Ma Bell! The costs dropped nearlh overnight to zero and the quality increased, while decades of government antitrust couldn’t achieve anything close to that!

throwaway22032
0 replies
11h7m

Thank you for articulating this and fighting the good fight.

EVa5I7bHFq9mnYK
0 replies
11h0m

> AI can harm millions of people who never opted in

has harmed

fauigerzigerk
0 replies
11h49m

I support (some forms of) cryptocurrencies and I support end-to-end encrypted messaging, but combining both in the same app is so obviously unintelligent that questioning the motives is inevitable.

Cryptocurrencies are taxable assets. While private communication enjoys some legal protections in many countries, trading taxable assets does not.

If an app allows you to trade taxable financial assets, it means that tax authorities have every right to demand access, even if it's just to confirm your claim that you didn't use the feature.

123yawaworht456
1 replies
12h7m

Its proponents are ambitiously unlikeable, relishing their distastefulness to burnish outsider credentials.

and that was the perfect opportunity to use it as a stepping stone to dictate what consenting adults can and can't do in the privacy of their own computing devices.

now encrypted communications ("think of the children!") and local AI ("think of the environment!", which is exactly the same angle they've been using with crypto) are next, and within a few decades - general purpose computers. a few years of propaganda in the media, a cyberpandemic or two, and I'll be reading essayesque comments around here about why is it actually a good idea to ban those unethical, unsafe, environmentally-unfriendly machines and let us all subscribe to a cloud offering instead.

EGreg
0 replies
11h59m

Exactly. If web browsers weren’t as big of an ecosystem as they were, they’d have pushed for OS makers long ago to ban them. After all, they can load abitrary content including copyrighted information and CSAM! And they can circumvent the 30% that Apple charges in the app store.

The Web was the one anomaly in the Matrix. Where it’s just too big for more countries (except China, North Korea, and soon Rusia) to bring to heel.

Browser makers are really your last line of defense. And rather than making MORE decentralized ecosystems, the geeks on HN spent a decade fighting against anything that smelled of decentralized encryption and digital signatures. Which is sad! We could have had far more innovation and reached critical mass same as the Web did. Instead, small teams working on Freenet or MaidSafe (Autonomi) are our best hope for a privacy future.

And it can be banned at the protocol level.

I guess Matrix and Tor might be considered the only successful projects for privacy, and Tor kinda sucks for real privacy because it’s basically still a web host.

yard2010
1 replies
10h18m

You make the politicians here the bad guys. And they are. But can you compare these assholes to terrorists?

If the states aren't the bigger fish, the bad actors would be.

BriggyDwiggs42
0 replies
9h25m

I mean, politicians who push bad wars do far, far more damage than a terrorist ever could. Politicians who push authoritarian domestic policies instill fear into the hearts of more people than a terrorist ever could.

kristiandupont
0 replies
11h2m

Ah yes, if we had all just listened to you instead of laughed. How the tables have turned!

hcfman
26 replies
11h56m

I guess the only good news is that we won’t have to suffer it long as we will all die in the coming nuclear war that the authorities have been gunning for with a fury.

And we will all have our glorious leaders to thanks for that. All the idiots that have been frothing at the mouth for war instead of putting all their efforts into peace.

sunaookami
17 replies
9h51m

You can see in the replies here and everywhere else that the people want war. Because surely this time it is different. Governments and media made the EU citizens ready for war in the span of a few weeks. It"s truly scary.

throwaway473825
8 replies
8h43m

Have you been living under a rock? There already is war in Europe. Ignoring Hitler didn't end well for Europe, and Putin won't be any different.

Jensson
7 replies
7h16m

Hitler conquered several countries in under a year and there were no signs of that slowing down, Russia has been at a stand still in Ukraine for over 2 years now. Current war is closer to ww1 than ww2.

effie
6 replies
4h14m

And why was Hitler's Germany able to conquer several countries and kill millions? Because big powers felt "we're afraid of repetition of the 1st war" and "peace in our time" and "let's make deal with him againt the others". Those policies caused utter disaster.

When you find a scorpion at your doorstep, even if it talks smoothly, and proposes to share the room as mutually advantageous, you don't negotiate with it.

protomolecule
5 replies
33m

"When you find a scorpion at your doorstep"

Oh, now I see what meant by "with russian-compatible thought processes". Dehumanizing other people by likening them to insects and attributing incompatible 'thought processes' sounds familiar. The last time the USSR lost 26 million people because of European invasion.

effie
1 replies
28m

You misunderstood. I meant the dangerous poisonous nature of the scorpion, not that I hate the insect; I am fascinated by scorpions, but I don't bring them home. I can rephrase - when Russian state official is at your doorstep, and makes suggestions that part of your space will now be his, don't negotiate.

protomolecule
0 replies
27m

When you find yourself in a hole, quit digging.

effie
1 replies
25m

USSR lost many people not only because of the German invasion, but also because they had a terrible leader who co-started WW II and misjudged Hitler. And Europe and America made sure USSR won that war.

protomolecule
0 replies
21m

Tell me, how long other countries on the European continent fought Nazis?

Europe and America made sure USSR won that war

That's funny, almost all of Europe fought along with Nazi with small exceptions like Greeks. And no one in Europe was in position to "make sure the USSR won the war"

mopsi
0 replies
13m

The last time the USSR lost 26 million people because of European invasion.

No - it lost them because it allied with Hitler in destroying Europe as it existed then. From the Winter War against Finland, to invading Estonia, Latvia and Lithuania, to invading Poland with Hitler and jointly holding a victory parade as the rest of Europe looked in horror. https://en.wikipedia.org/wiki/German%E2%80%93Soviet_military...

lambdaxyzw
5 replies
8h41m

I want the war in Ukraine to end, and. There are two options: to let Putin get what he want and risk my country being next, and to help Ukraine. Do you have other suggestions? Of course I would love it if Russia tomorrow decided to say "whoops sorry that was an accident" and retreated, but I find this highly unlikely.

lambdaxyzw
3 replies
5h28m

I appreciate the downvotes, but I'm honestly looking forward to hearing a better alternative (than helping Ukraine financially and with weapon shipments). I imagine people expressing "anti-war" opinions live far away from the frontline, don't have to worry about their country being next, and it's easy for them to say "just end the war". But maybe I'm wrong. So please when downvoting also spare a minute to share what your preferred solution is.

effie
2 replies
4h30m

I didn't downvote. There are alternative approaches. For example, U.S. can cease support as loss of Ukraine is not really a big problem for them, as long as Russia stays in non-NATO countries; Europe+UK can then say we won't be able to keep this together without U.S. and say Ukrainians, if you want, make a deal with Russia, and who wants to flee, you're welcome in Europe. Russia gets Ukraine and the small part of population there unable to leave or those with russian-compatible thought processes. No further war necessary for some time (in other words, we get some pause, which we will use to arm the f up).

This scenario sucks, shows weakness, it has its own risks, russian-controlled Ukraine is a big security and money problem for neighbouring states, and is not necessary while Ukraine can fight with western weapons, and thus nobody relevant wants to try it as of yet. But anti-war naives do not think that far ahead.

If Ukraine runs out of soldiers, or U.S. backs out, some variant of this may however get on the table and we will be subjected to massive militarization.

protomolecule
1 replies
36m

"with russian-compatible thought processes"

What's the supposed to mean?

effie
0 replies
32m

Those people who think the things Russians do in Ukraine are good for them.

protomolecule
0 replies
37m

What makes you think your country will be next?

effie
1 replies
4h44m

Most people do not want war, but we have the war regardless, it has been imposed on us. In such situation, people want to keep the war as far away as possible. Hence support of Ukraine.

protomolecule
0 replies
38m

What makes you think that your country is threatened?

EVa5I7bHFq9mnYK
6 replies
11h19m

Yeah, only pootin is allowed to wage war, all the rest should put their efforts into peace by surrendering to him.

protomolecule
5 replies
10h13m

That's similar to how Putin thought when the US 'midwifed' a coup in the Ukraine in 2014. [0] He escalated instead of 'surrendering' and look where that all got us.

[0] https://www.bbc.com/news/world-europe-26079957

effie
4 replies
4h0m

Those are incomparable. One is a political influence via civilized methods, money and propaganda. The other is a brutal military aggression.

The proper acceptable course of action for Putin & Co. was to compete economically and propagandistically, not invade with soldiers. They tried before with Yanukovich, but in 2014 these russian collaborators lost grip on power, and Putin & Co., instead of folding up graciously, or trying with another helper later again, went insane and tried to force their interests with military methods. That is an escalation that has no moral justification.

protomolecule
3 replies
40m

Overthrowing a democratically elected government in a foreign country is hardly a civilized method.

And yes, Putin was competing economically and propagandistically, but when he won and Yanukovich declined to sign a bad [0] agreement, the US, instead of "folding up graciously" like the EU did, said "Fuck the EU" [1] and went ahead with the escalation and supporting the 'revolution'.

"has no moral justification"

Of course, only Western escalations are always morally justified.

[0] http://europe.newsweek.com/german-official-says-it-was-wrong...

[1] https://www.bbc.com/news/world-europe-26079957

effie
2 replies
38m

It can be, if done nonviolently, like financial and propagandist support of existing movements. Did American helpers shoot people like Russians do?

protomolecule
0 replies
27m

Yeah, then why all the whining about alleged "Russian meddling" in American and European elections?

effie
0 replies
3h52m

It is unlikely that all people will die in the nuclear war.

Anyway, it makes no sense to put down a discussion on privacy or other human disagreements as trivial just because there is a big bomb that can wipe us out. This risk is present for many decades, and we are not able to affect it in a meaningful way. Nukes are here to stay, and eventually will be used. The important thing is to use your time until you die.

t0bia_s
20 replies
12h27m

Centralised service is weaker against surveillance than decentralised solutions. Signal should adopt selfhosting and federation.

vaylian
7 replies
9h16m

This ignores the problem of client-side scanning of private messages.

t0bia_s
6 replies
8h43m

Your hosting, your rules.

MarcScott
3 replies
7h5m

Most of my family use my brother's Matrix server, but it's the Element app that makes it appealing to us all. Client side scanning could be enforced in the app, regardless of the server's protections.

xorcist
2 replies
6h36m

However there is a whole ecosystem of clients, and they can't all be back doored. You are also free with write your own client, and many do (which is why we have so many in the first place).

Protocols, not platforms, people!

tcfhgj
0 replies
4h53m

But if in a group only one person uses a compromised client, all communication is compromised, isn't it?

immibis
0 replies
2h25m

Not in the Matrix ecosystem. The protocol is so brittle there's only one real server and one real client, probably intentional, since the designers of the protocol make money from that server and that client.

sneak
1 replies
4h35m

Not on iOS.

trolan
0 replies
3h1m

Your choice

slt2021
7 replies
12h2m

jabber/xmpp is open standard and supports e2e encryption and can be self-hosted, has mobile clients

Hoodedcrow
2 replies
11h29m

I use XMPP with OMEMO for my main encrypted messaging, and I don't get why Matrix got popular instead of XMPP (aside from a big marketing budget). Even a lighter server implementation takes up several times more resources than an XMPP server, plus the concerns about the enormous central instance.

XMPP FTW.

zx8080
1 replies
8h38m

Last time I checked (2018) the support for media&file sharing was in a quite bad shape in all available Android clients. Even without e2e encryption enabled. Is it good now?

Hoodedcrow
0 replies
6h40m

For Android - Conversations is in a very good shape now.

rocqua
1 replies
11h52m

How does it support e2e?

rakel_rakel
0 replies
11h46m

By clients having support and/or plugins for things like OMEMO and OTR.

lifty
0 replies
10h29m

Matrix supports e2e encryption, so it would be a good candidate for self hosting. I already do.

jamesponddotco
0 replies
5h31m

Another vote for XMPP with OMEMO here. I use it my wife, family, and a few friends and haven't heard any complaints yet[1] (aside from the lack of stickers, which are apparently important).

[1]: But like I said in another thread, who knows if they would directly complain to me.

growse
2 replies
10h23m

Making this argument whilst ignoring the trade-offs of federation (that Signal has historically addressed) is somewhat disingenuous and a little fundamentalist.

wuiheerfoj
1 replies
10h7m

do you have any breakdown on the trade-offs? Most HN commentary focuses on FUD around the signal founder rather than technical reasons why it shouldn’t be federated and would love to understand them better

jmprspret
0 replies
6h34m

Moxie wrote an extensive blog post outlining the reasons they were not going to make use of a decentralised system.

I believe its this post here, but someone correct me if this is the incorrect link: https://signal.org/blog/the-ecosystem-is-moving/

sneak
0 replies
4h33m

On iOS app distribution and censorship is and will remain centralized.

It doesn’t matter if the relay service is centralized or federated. Apple can ban apps that don’t comply with the new law. Even self-distributed apps under the new sideloading provisions of the DMA can be censored by Apple by revoking the notarization.

j-pb
19 replies
12h35m

Heck. I'd leave the EU too if this passes. No clue where to go though.

philippta
15 replies
11h16m

Switzerland

stakhanov
13 replies
11h2m

Because Switzerland is so immigration-friendly?

wuiheerfoj
5 replies
10h5m

Over a quarter of the country are immigrants, so they’re indeed immigration-friendly

stakhanov
3 replies
9h7m

Last time I heard (which was indeed a long time ago, so maybe things have changed), if you wanted citizenship, then your village had to take a vote, so you were well-advised to join the volunteer fire department and that sort of thing, if you wanted citizenship.

Now, with an eye toward the social dynamics of village life, I've always found the notion quite alienating to try to immigrate in a country where petty grievances held against me by my fellow villagers might block my path towards naturalization.

The picture is probably slightly different in more urbanized places, but, in those, it probably boils down more to a question of money.

I'm not sure what to make of your "a quarter are immigrant" statistic. Do you mean they live there, without being citizens? Is that number high precisely because the path to naturalization is so difficult? The number of non-citizen permanent residents, for example, is also extremely high in certain rich Arab countries (like the UAE), but they are effectively an underclass of indentured servants. So "immigration-friendly" is not what that kind of a statistic is saying at all.

mft_
2 replies
8h26m

(From personal experience) there's a large proportion of people living in the big Swiss cities as 'ex-pats', working for (mostly large) employers who support/sponsor their immigration and ongoing employment. (Such people are well-paid and equally-treated, and certainly not "an underclass of indentured servants".)

If one stays employed in the long term, citizenship is not needed, and IME only a small proportion of ex-pats attempt to achieve it - either because their career and life plans are likely to eventually lead them to move elsewhere, or because there's no incentive in their personal case, or disinterest, or because of the perceived difficulties.

You're right that parts of the system for achieving citizenship may sometimes be problematic, and the Swiss have somewhat of a reputation for racism, especially in the less metropolitan areas. (Of course, you could also say the same for many countries.). There have been anecdotes of people repeatedly failing to achieve citizenship through exactly the issue you originally raised.

That said, the overall approach to citizenship taken by the Swiss is mostly praiseworthy, as some of the more impressive aspects of Switzerland (e.g. its direct democracy, and the engagement of citizens in politics and the democratic process) are embedded within the shared culture of its citizens, and the citizenship process takes a decent shot at preserving this culture - requiring, for example, proof of significant language skills and knowledge of current affairs and politics.

mtrovo
1 replies
5h31m

Reminds me of a friend that married a German. In order to become himself a German citizen he had to pass an integration exam with questions about history, law and culture. He passed the exam, his German partner tried the same set of questions and failed it.

orhmeh09
0 replies
2h39m

Such an exam exists also for America, the USCIS Civics Test.

npteljes
0 replies
7h56m

Qatar has 300.000 Quatari citizens for 2.500.000+ migrants and foreign workers, and yet, not considered to be migrant friendly.

popcalc
3 replies
10h49m

If you have the means, yes.

_zoltan_
2 replies
9h45m

you don't have to have any means, just a job, albeit your employer must prove that they couldn't fulfill the job within Switzerland (and within the EU, if you're from outside the EU)

popcalc
1 replies
5h13m

Magyar?

johnisgood
0 replies
15m

Based on username, probably.

_zoltan_
1 replies
9h45m

it is for highly skilled/specialized workers coming from the EU. I've emigrated to Switzerland more than a decade ago and couldn't be happier.

johnisgood
0 replies
15m

Could you give me an outline as to how you managed to do that (presumably from Hungary)?

mytailorisrich
0 replies
10h14m

If you are an EU citizen you have free movement rights to move to Switzerland.

samastur
2 replies
9h48m

And who will you message then? I assume most of your contacts will stay where they are.

Longhanks
1 replies
9h28m

You can message anyone using the internet.

vaylian
0 replies
9h15m

but not securely

KingOfCoders
18 replies
13h2m

Is there an alternative? (I currently only use Signal).

Also something where features work? Since this week my Signal "Something went wrong with you username, it no longer is connected to you. You can try to get a new one"

egberts1
6 replies
12h32m

Despite Swiss "neutrality", it is also a member or E.U. and must comply with GDPR (and thusly the new EU rules)

EDIT: Switzerland is not a member of E.U.

trustno2
3 replies
12h31m

what

switzerland is NOT in EU

egberts1
2 replies
12h27m

Well, I goofed. Nonetheless, Threema is claiming GDPR-complaince:

Excerpt from their main web page:

Threema is 100% Swiss Made, hosts its own servers in Switzerland*, and, unlike US services (which are subject to the CLOUD Act, for example), it is fully GDPR-compliant.

jurip
0 replies
12h15m

GDPR is about not storing information about people without their consent and has nothing to do with the encryption legislation.

anonzzzies
0 replies
12h18m

Yes, everyone wanting to serve clients in the eu (even if they are on vacation in non eu) must comply with the gdpr; this article however is not related to the gdpr though.

slau
0 replies
11h55m

GDPR doesn’t mean you follow “new EU rules”.

It just means you only store the data you need, you track how the data is used, and you allow data subjects the possibility to modify/remove said data.

hcfman
0 replies
12h21m

I expect applies to any app on a phone that is registered in the EU. If you wanted to and were able to buy a Swiss phone with Swiss number you might be okay.

Developers could start to employ software activism and dis-allow licenses for software they develop by European governments citing the reasons.

Perhaps Signal can deploy a version for Europe that is licensed for use only by governments and scans the hell out of them looking for corruption using AI.

senectus1
3 replies
12h35m

This is short sighted.

They poke a hole in signal and all secure messaging /communication is screwed. it wont matter what "other" product you use.

hellojesus
2 replies
12h33m

You could always roll your own protocol that you use to interface with contacts, basically replicating Signal's algo. The gov wouldn't be able to stop that.

herewulf
1 replies
11h59m

The Signal client and (irregularly) the server are published as open source. You can run your own Signal instance. If you want to complicate your life, of course.

Hoodedcrow
0 replies
11h22m

There is an easier way - going with a selfhostable, federated solution. And at least XMPP is now commonly used with an encryption protocol that is based on Signal's.

rustcleaner
0 replies
8h10m

I second Session though for Android users I always recommend Briar primarily, if to fill simple text and photo messaging needs.

joker99
0 replies
10h33m

Wire. Open source, self hostable

jksflkjl3jk3
0 replies
12h43m

simplex.chat fits my needs and doesn't require a phone number or even email address.

cy6erlion
0 replies
12h27m

Is there an alternative?

Decentralized protocols

_Microft
17 replies
13h10m

And we still can’t backup our chats on iOS [0]. Does that mean that we might lose the history of all our messages?

Signal developers really seem to have some misconceptions about the priorities of their users…

[0] It‘s not a limitation of iOS itself but that Signal doesn‘t want to allow to store data and keys in a way that would ‚leak’ them to Apple - not even if I, the user, wouldn’t mind that.

MattGaiser
6 replies
13h5m

Signal is primarily used by people sensitive to privacy concerns, so I’m not sure they are misconceptions.

Signal without the privacy obsession has no reason to exist. If you don’t value privacy, it is just a niche, hard to use messenger.

p4bl0
3 replies
12h14m

How is it "hard to use"? It's really as simple as WhatsApp or Telegram.

MattGaiser
2 replies
11h22m

No web interface and constant need to link to other devices.

p4bl0
1 replies
10h56m

There is a desktop application that works really well you only need to link it once. Exactly like the WhatsApp web app.

MattGaiser
0 replies
10h44m

Might be something with my system them. I keep having to link every month or two.

Not a serious WhatsApp user either, so my comparison is FB messenger.

cess11
0 replies
12h55m

What do you mean, "hard to use"?

Hackbraten
0 replies
12h37m

I daily drive a Linux phone. I use Signal because there is no iMessage or WhatsApp client for Linux that works for me.

rmdes
4 replies
13h4m

perhaps, backups, even encrypted, hosted at Apple or Google doesn't fit the values of Signal and many if not most of their users?

jksflkjl3jk3
1 replies
12h53m

Not being able to back up app data to another device that I own because its encrypted with a hardware-tied key that I can't access is a terrible design that plagues modern mobile devices. It's my device; I should be able to access any data on it.

There are plenty of viable security models where the app data could be securely protected from Apple or Google by using a key that I own and can use on other devices.

nickff
0 replies
12h46m

That sort of feature is dangerous, and very likely to cause at least one vulnerability. If I were running signal, I would be very reluctant to, and careful in implementing it.

alwayslikethis
0 replies
9h38m

Then it doesn't respect the users enough to be considered free software. The user must be free to do whatever he wants, even sending a plaintext copy to Google.

_Microft
0 replies
12h7m

Anytime you use a device you need to trust the manufacturer itself is not malicious. The difference between storing and decrypting a database on an internet-connected Apple device and storing it in Apple’s iCloud is minuscule.

mikojan
4 replies
12h57m

Just use WhatsApp then…

egberts1
1 replies
12h30m

Maybe he is tired of enabling the secure checkbox for each messages under WhatsApp.

WA
0 replies
11h29m

Seems like you are talking about Telegram, not WhatsApp?

jksflkjl3jk3
0 replies
12h49m

Maybe he doesn't want Meta/government having a full map of all his contacts and messaging metadata?

_Microft
0 replies
12h21m

I would have to trust Meta on top of Apple for that (and there is no way that you do not have to trust the manufacturers of your devices anyways, imo).

darkwater
13 replies
10h17m

Next week we have the European Parliament elections. Any tip on any "mainstream" party which is strongly against this? I know for sure the Pirate Party but they would never get a seat, at least in my country

qludes
3 replies
9h58m

EPP is pushing for this, ALDE is probably mixed depending on the country. So if Greens/EFA and parties like Volt or pirates stand no chance you could still not vote EPP.

vasco
0 replies
6h5m

Volt has way more political stances, so it's a less neutral choice. If you care most about internet freedom the ones to go for are the Pirates.

tremon
0 replies
6h0m

It's indirect, but in their policy programme (https://volteuropa.org/storage/pdf/eu-elections-2024/volt-eu..., page 45) they mention:

Transform the Declaration on European Digital Rights and Principles for the Digital Decade into a binding legal instrument, so that the Declaration is upheld at every step of policy making.

The Declaration that they mention is not from Volt, it's from the EU itself and can be found here: https://digital-strategy.ec.europa.eu/en/library/european-de...

Privacy and individual control over data

17. Everyone has the right to privacy and to the protection of their personal data. The latter right includes the control by individuals on how their personal data are used and with whom they are shared.

18. Everyone has the right to the confidentiality of their communications and the information on their electronic devices, and not to be subjected to unlawful online surveillance, unlawful pervasive tracking or interception measures.

Of course, given that this Declaration is signed by the same parties that are currently pushing the ChatControl measures being discussed doesn't fill me with much confidence.

0rzech
1 replies
8h46m

Just don't get guided by the tables with only those Alliance members, who actually made it into the European Parliament, on this page. For instance, only Sylwia Spurek is mentioned there for Poland - a terrible choice IMHO [1], while there's the Pirate Party in Poland (https://polskapartiapiratow.pl/) too.

[1] For example, while being the Vice Commissioner for Human Rights (vice ombudswoman) in Poland, she stated that "It is worth, first of all, stating a few facts. First, violence has a gender, whether we want it to or not. Women and children are the victims, and men are the perpetrators." (video transcript translated with https://www.deepl.com, source in Polish: https://wiadomosci.onet.pl/kraj/dr-sylwia-spurek-przemoc-ma-...).

effie
0 replies
7h4m

In Poland, women are probably more often the victim than men, but in U.S., reported statistics are very surprising.

men and women were equally likely to experience nonconsensual sex, and most male victims reported female perpetrators. [1]

[1] https://www.scientificamerican.com/article/sexual-victimizat...

stakhanov
0 replies
8h48m

If I correctly understand the linked materials by Patrick Breyer [1], then the parliament (which is the piece of the E.U. where we are presently asked for our vote), is opposed to this pretty much in its entirety: It says "Parliament has positioned itself almost unanimously against indiscriminate chat control." So, it seems, the way you vote here doesn't much affect that outcome at all.

Also, if I correctly understand this table [2], then "Renew" (formerly "ALDE") is also opposed, so you don't need to adopt the leftist political ideology of the Greens as a package, just to get pro-privacy representation in the European Parliament. "Renew" does seem to be a viable "libertarian" alternative there. They also make some pro-privacy representations on their website. I don't follow European politics much, so I may be mistaken here. For example, I haven't looked into their voting record.

[1] https://www.patrick-breyer.de/en/posts/chat-control/ [2] https://www.patrick-breyer.de/en/posts/chat-control/#negotia...

fisian
2 replies
6h27m

You can look at the votes of the members of European parliament. For example, here for a vote on "chat control" [1] (from 2021) and a recent one [2]. You can filter to your country to see how each party (or even each member) voted.

[1]: https://mepwatch.eu/9/vote.html?v=134463

[2]: https://mepwatch.eu/9/vote.html?v=167712

However, its not that easy to find these results. I was looking quite a while to find this one.

flawn
0 replies
1h8m

Volt being valid as always with Damian Boeselager

darkwater
0 replies
3h27m

Thank you very much! I will definitely need to remember to vote in my country of residence next time, because my country of birth has almost nobody representing a good chunk of my views :(

vasco
0 replies
9h48m

Not getting a seat doesn't matter, it can still signal growing voting in that party and give people confidence to vote for them on the next go around.

pixelpoet
0 replies
9h42m

I'm feeling inclined to vote for them this time.

EGreg
10 replies
12h33m

No, you’re not fine.

They can ban that as well.

The only way anything can continue working in practice is if it’s decentralized, and served by different websites secured bu https rather than one app in one app store. Hard to take them all down.

Perhaps Moxie Marlinspike now better appreciates decentralization behind messengers. I have written here years ago as a response to him exactly this scenario: https://community.intercoin.app/t/web3-moxie-signal-telegram...

The thing with https of course is that the governments can insist that browsers include their backdoored certificates. But the browsers are large enough that it’s difficult to get them to do it. China’s Great Firewall probably can. But in order for that to happen they have to prevent packets encrypted with the non-backdoored certificate chain from being routed. That requires serious control over all the networks.

This is partly why I started Qbix. So people can host whatever they want on computers of their choice. Without this decentralization, the governments are two steps away from mandating ALL your voice conversations are scanned, transcribed and analyzed by AI at the edge. Microsoft Recall + message and voice scanning = 1 step away from total panopticon of everyone everywhere. And with superintelligent AIs doing precrime based on everyone’s conversations!

hellojesus
8 replies
12h29m

If CAs start to get backdoored, people can operate a la web of trust or other asymmetric protocol where the public key is posted on a public board and the server can verify its ownership of the private key without a third party other than the public notice. More work but should be doable.

EGreg
6 replies
12h27m

They won’t be able to operate that over public networks in China, because the routers will drop their packets.

You’d need to roll your own mesh network — definitely doable in local areas but the question is how to connect them over wider distances without going through the Great Firewall. Satellites?

Hoodedcrow
3 replies
11h21m

There are methods to bypass the Chinese Firewall though. the issue is getting people to use them.

EGreg
2 replies
11h13m

How can people use them for long if they get a knock on the door, from authorities who noticed an anomaly?

Hoodedcrow
1 replies
10h15m

What anomalies are they looking for? There are protocols that make traffic look like something mundane.

EGreg
0 replies
6h36m

Have you seen what classifier AI can do?

Go make a protocol that fools all the AIs from every angle, that are scanning 24/7. They can get you on the metadata pattern alone, nevermind even the content.

hellojesus
1 replies
12h22m

I suppose you could use stenography or something to embed chats in pictures that are client-side scanned.

I use grapheneos and can create storage scopes so that the scanning app would only have access to files I deliberately allow.

Doesn't solve traffic analysis. Maybe some more advanced methods that encrypt over https could work.

EGreg
0 replies
11h49m

Unless a lot of people are using it, they’ll just go after anyone who is doing suspicious things like using grapheneos

Hoodedcrow
0 replies
11h22m

We already have this - it's called Tor and I2P.

hcfman
0 replies
12h14m

Could there be a way to do everything in JavaScript? I imagine the problem would be in the anchors of trust.

wojciechpolak
8 replies
12h5m

If such a law is introduced, will it still be possible to download the application from the website and use iOS sideloading as an alternative scenario? (I'm not talking about the convenience or ease of such a solution)

SheinhardtWigCo
7 replies
11h49m

No because Apple still has to “notarize” the app before it can be sideloaded

wojciechpolak
6 replies
11h28m

So there is no way to overcome this by installing an unapproved app (unverified, unsigned, etc.)?

popcalc
3 replies
10h50m

You could just change your App Store region to any country outside the EU. For example all you need to change to US is an American phone number and credit card.

immibis
1 replies
2h23m

Except you can only sideload in the EU.

fingerlocks
0 replies
31m

For free. Side loading costs 8 bucks a month in the US but you can self-sign the binaries.

grishka
0 replies
10h45m

You don't even need a credit card if you don't plan to pay for things. I changed my Apple ID country to US with just a fake address.

grishka
0 replies
10h46m

No unless you jailbreak your iPhone (good luck with that) or re-sign the app every week because that's your only option without a $100/year developer account.

egberts1
8 replies
12h25m

So cannot wait for GNUtella (and its floating peer-to-peer cloud concept) to come back but retrofitted with Signal protocol.

Vespasian
4 replies
11h22m

It's almost impossible to solved political issues using only technology.

Laws can be ammended faster than implementations.

logicchains
1 replies
9h25m

It's almost impossible to solved political issues using only technology.

It's extremely possible to solve political issues using technology. If you consider the government infringing people's right to put whatever substance they want into their body to be a political issue, it's been pretty much entirely solved by crypto and darknet markets for drugs.

immibis
0 replies
2h23m

Which are technical aspects of a fundamentally social problem. It's not the market platform itself that dodged the government - it's the people on the market.

effie
0 replies
6h31m

Solving the political issue is a different matter and very ambitious. Meanwhile, tech mitigation would be nice.

Hizonner
0 replies
4h59m

It's almost impossible to solved political issues using only technology.

True.

Laws can be ammended faster than implementations.

Really, really false.

omeid2
1 replies
11h32m

The problem with GNU and Gnome is, to put it in the words of Steve jobs about Microsoft, "lack taste". They are too distant from the mainstream to cater to them.

postnote: this comment was Authored on Firefox under Wayland running on Linux 6.

doublepg23
0 replies
49m

I don’t think Gnutella is related to the GNU Project or GNOME in any way. It was initially going to be GPLd but I don’t think that came to pass.

As far as the mainstream I believe Gnutella, the protocol, had massive success with the LimeWire client.

vaylian
0 replies
10h13m

You are missing the point. Us hackers will always find ways to circumvent the surveillance. But the rest of the population is not that fortunate. A solution has to include general awareness and mobilization of the non-tech population against this law.

hcfman
6 replies
12h7m

Looks like we are going to have to move to two phone solutions.

The second phone will be very basic with open source hardware and self installed open source software, simple enough that you could build it yourself if you wanted. Its sole purpose will be secure communications and it would just use your phone as the communications medium.

Hoodedcrow
3 replies
11h27m

I just gave up on smartphones altogether. It is much easier to make a laptop/desktop private instead and limit your private messaging and activities to it.

jenadine
1 replies
11h7m

But that doesn't fit in a pocket.

effie
0 replies
6h8m

Keeping stuff in pockets is overrated. There are ridiculously small portable laptops though.

https://www.gpd.hk/gpdmicropc

karma_pharmer
0 replies
7h18m

This Is The Way.

Bonus: you get a real keyboard.

zolbrek
0 replies
9h3m

What phones on the market have open source hardware?

ornornor
0 replies
11h43m

It’s already a difficult to convince people to use signal instead of WhatsApp, FB messenger, iMessage, etc… if it requires a new phone with sideloaded software etc, I won’t have many people to text anymore.

Klaus23
6 replies
10h49m

So far, the law doesn't have a majority. Even if they manage to push it through the Commission and Parliament, it's very unlikely to survive contact with the European Court of Justice.

RedShift1
5 replies
10h32m

We shouldn't count on that though.

vaylian
4 replies
9h58m

and the court of justice typically takes a looooong time to come to a conclusion

knallfrosch
3 replies
9h8m

Plus the court can simply be ignored when it comes to data protection. See:

- Safe Harbour - Privacy Shield - Data Privacy Framework

MyFedora
2 replies
7h5m

In case you didn't know, the court retroactively voided these agreements. EU-US data transfers have been illegal for around 25 years or so thanks to that. People can sue you and win, even though the data protection authorities don't do much.

effie
1 replies
6h38m

Wait, so the data transfers still happen, disrespecting the court decision?

h4ckerle
0 replies
2h27m

Yes. The court voided privacy shield in a ruling known as Schrems-II. The commission then created the Data Privacy Framework which is esentially the same as privacy shield against the will of the parliament, re-enabling transatlantic data transfer.

mmmmmbop
4 replies
13h13m

Oh no! - How will I be able to buy crypto in my messenger if Signal leaves the EU?

jksflkjl3jk3
3 replies
13h11m

Telegram is far more heavily used in crypto circles in my experience.

mmmmmbop
2 replies
13h2m

Signal introduced its MobileCoin integration in 2021. It was completely pre-mined, with the majority of coins distributed to its founders and investors. Moxie sold out his reputation with that disingenuous cash grab.

Now, three years later, Telegram is following in Signal's footsteps with another shitty crypto integration. I don't know the details of that one, but I wouldn't be surprised to learn that its another cash grab.

geekpowa
1 replies
12h49m

Mobilecoin doesn’t use mining

Their stated design goal was to create an actual usable payments system; not a speculative asset .

Edit : Urrgh got that wrong . Fixed distribution of coins and yes the founders control most of them

fauigerzigerk
0 replies
12h32m

The problem is that it's still a taxable asset and therefore gives the authorities a legitimate reason to look into people's Signal data.

Any privacy protections for speech are unlikely to apply to financial transactions anywhere in the world.

This is a disastrous mistake.

k1t
4 replies
11h45m

Is this the same Signal that threatened to "absolutely, 100% walk" away from UK if the Online Safety Act "undermined" their privacy?

So I guess it didn't, and they'll find a reason why this won't either.

All meaningless talk.

MadnessASAP
3 replies
11h35m

My understanding is that the UK removed clauses that would undermine Signals security. Regardless of which, Signals didn't, and was never going to make concessions to the UK that would compromise it's users privacy.

Their strategy then as it seems to be now, is to do nothing but say they disagree and wait for the regulators to forcibly remove them from the market.

That is if they did themselves non-compliant with a countries laws, they'll do nothing and wait to be evicted rather then comply or voluntarily leave.

fauigerzigerk
0 replies
9h42m

>My understanding is that the UK removed clauses that would undermine Signals security.

My understanding is that the law empowers the regulator (Ofcom) to require the use of accredited scanning technology if they consider it necessary and proportionate. No further changes to the law are necessary for that to happen.

But as of now, no such accredited technology exists. It seems likely that any client-side scanning technology that the EU mandates would also get accreditation in the UK.

https://www.gov.uk/government/publications/end-to-end-encryp...

dfawcus
0 replies
8h30m

Nothing changed in the UK Online Safety Bill before it became an Act, the troublesome clauses are still there.

All that happened is the government accepted that it was not currently practical to implement what they desired. So 'promised' not to require any providers to do so yet. If they deem it practical one can expect them to instruct providers.

Hence Apple and Signal both ignored their prior statements, and continue to provide their respective encrypted message and speech services.

siilats
3 replies
5h35m

It’s the easiest thing for intelligence agencies to scan all your messages. They just need to submit a few million fake “content id” hashes and automatically your phone will share the images that match. Nobody can tell if content id has is of a photo of a document or a photo of a person it’s just a 256byte hash. This is so easily abused. I bet the way it’s implemented it doesn’t have enough resolution to read text so one evil content id hash will match any photo of any document or screenshot you have taken. So essentially your WhatsApp client will send every screenshot of a text document to nsa.

stavros
2 replies
4h53m

A few million fake "content id" hashes still gives them a 1/100000000000000000000000000000000000000000000000000000000000000000000000000000 chance that any one of those hashes will match. 256 bits are a lot, besides, what are they going to do? Sift through random vacation photos that happened to match this "ten jackpots in a row" chance?

gorbypark
1 replies
3h28m

I think OP is saying that the algorithm is designed in such a way it can match “visually similar” photos/content. The idea is you can’t just rescale, crop or otherwise slightly change a photo as you could if this was just a regular SHA hash of the file. Now they are saying that it might be possible to create an “evil hash” of a document that could match a large percentage of documents, because the hash algorithm obviously doesn’t have enough bits to actually represent the content. So if you have a hash of “white document with some black text” (for example, if looking for image scans of documents) and add this to the db of “watched” hashes, you could in theory hoover up documents.

A quick search didn’t lead me to any proof of concepts about this idea but on the surface (I don’t have any knowledge of the hashing algorithm used in these content filters) it seems like a plausible idea, depending on a lot of factors.

stavros
0 replies
3h5m

I'm not sure that this would work, mainly because it would mean that all the documents would have the same hash, rendering the content ID system useless. I don't know how many bits a content I'd contains, though, but I imagine it's enough to avoid having too many collisions (as that would reduce the usefulness of the system).

croes
3 replies
10h18m

They try to prevent people from sharing links?

Oh no, I wish there was a way to obfuscate links

//news .ycombinator .com/item?id=40551260

vaylian
2 replies
9h59m

They try to prevent people from sharing links?

They try to surveil people. You can post all the links you want, but you can't be sure that they will only be seen by your intended recipient.

croes
1 replies
9h46m

Have you read the article in the tweet in the tweet?

If a user refuses the scanning, they would be blocked from sending or receiving images, photos, videos and links
vaylian
0 replies
9h10m

Thanks. I missed the "links" in that list while I was wondering why "images" and "photos" are included together in that list.

Thorentis
3 replies
11h58m

This is why Signal needs to decentralise. There is no such thing as "leaving the EU market" if it can obtained from anywhere on the internet.

The EU has shot itself in the foot with demanding alternate app store exist, and then Signal has shot itself in the foot by not being open enough to be distributed on any app store by anybody.

The answer to these encryption laws, is to use their other laws against them. You want the iPhone to be an open platform? Great, here's a bunch of open platform chat apps that cannot be banned because they are decentralised.

Perhaps Matrix will be the future after all?

goodpoint
1 replies
11h31m

This is why Signal needs to decentralise

They have been building a walled garden for a decade. They talk about "market": they want to make Signal profitable.

lambdaxyzw
0 replies
8h14m

Right now they live off donations (including mine) and I won't donate if they commercialize. Also, there's no easy way to monetize on users without ads, and I'm pretty sure signal users are one of the last demographics to fall for "privacy preserving ads".

mikhael28
2 replies
11h29m

How do they even make money? No ads, no subscriptions - what ‘market’?

olieidel
1 replies
11h28m

Donations via in-app purchases. This is not hard to find out.

yard2010
0 replies
10h20m

Oh, please. Such a behemoth business and only one channel of income?

This is ridiculous.

bambax
2 replies
10h24m

I absolutely support Signal's position and abhorre the whole security circus with cries of "think of the children".

But, I'm in Europe (France) and I wonder who actually uses Signal? There was a move a couple of years ago to quit WhatsApp and go to Signal. Some groups did make the move, and then everyone went back. Today I have dozens of WhatsApp groups, and just one Signal group (and it's dying).

If no one uses Signal in Europe then obviously this threat is moot.

rsolva
1 replies
9h7m

The network effect js real, but I have managed to move some groups to Signal. But you need to spend some social capital convincing people to make the move.

swores
0 replies
6h21m

Same here, have got a bunch of family groups and a few friends on Signal now, but lots still on more popular apps like WhatsApp.

_ink_
2 replies
10h59m

Good. Meta should do the same.

LtWorf
1 replies
10h34m

But the only reason meta exists is to spy on people.

aembleton
0 replies
9h45m

Spying for meta and the nsa, not for the eu

freddealmeida
1 replies
11h38m

Somehow however the NSA was reading Signal chats...

effie
0 replies
5h59m

Source?

elchief
1 replies
13h10m

Is this Europe's plan? Pseudo tarrifs via regulation to boost local industry?

dimensi0nal
0 replies
9h24m

Nah, the people who force you to put your home address on your blog just care about individual privacy and consumer rights.

yard2010
0 replies
10h36m

Yes please. Then leave the rest of the world. Too bad Merkel is not in charge anymore. She would make herring from such bullies

sed3
0 replies
13h21m

Either you agree to have your chats scanned or you can no longer share&receive pictures/videos and links!
rvz
0 replies
1h48m

But we love the EU though? /s

rdm_blackhole
0 replies
6h28m

Well, there is only one thing left to do. I am going to self host my own XMPP server and try to move my friends and family to it.

Signal has been great but they won't be able to stop it.

Or we could encrypt the messages before pasting them in the messaging app so the CSS will be neutered.

Either way, I won't have the EU stasi look over my shoulder each time I send a message to a loved one.

raspyberr
0 replies
5h45m

Don't implement the scanning for images, photos, videos, links.

Just send the image as a base64 encoded text string.

Decode when received.

lencastre
0 replies
10h42m

SMS 2FA should end like backup recovery email. One is not safe, the other is a loop hole. If breaking encryption is too expensive, then either use the hammer approach, or compromise one of the terminals (or both). Computation will get so cheap and so good, that unless cryptography evolves pari pasu real freedom will be affected.

lakomen
0 replies
4h44m

The EU is progressively turning into a Faschist dystopia. And this is coming from the not elected council, not the elected parliament. The EU in its very design is an autocracy, that wears the mask of democracy. And right now it's acting as the puppet of the USA, supporting its world domination plans.

lakomen
0 replies
4h35m

Oh and just today I've banned yet another pedophilia fediverse instance with no easy way od reporting it the any authority.

I'd have to give my name and address and potentially put me with 1 foot in jail because I have viewed the images and have them in my browser's cache.

If they really wanted to protect children from sexual abuse, they would've created easy to report online services. But it's not and never was about pedophilia.

g15jv2dp
0 replies
12h29m

I am very skeptical about this statement.

froddd
0 replies
11h23m

users of apps and services with chat functions are to be asked whether they accept the indiscriminate and error-prone scanning and possibly reporting of their privately shared images, photos and videos

I take it this should apply to any web comments and messaging platform, and therefore require that all websites and web services comply if they can be accessed within the EU?

I’m not sure how that’s even remotely doable.

egberts1
0 replies
12h23m

All you have to do to circumvent this new pending EU rule is to apply muLaw encoding of your data stream into the audio file, or something.

Terrible Shannon's Limit although.

echoangle
0 replies
5h20m

How is that going to be enforced in practice? Isn’t someone going to write a messenger PWA without client side scanning which everyone will be able to use? Are they going to block the domain?

anonzzzies
0 replies
12h13m

Seems they will reconsider this after the elections. So there is time, depressing as it is. As has been said here before : every country will eat away at privacy every few years with similar proposals that failed a few years before. Until they succeed.