36 replies
1d9h
A bit off topic, but I was thinking recently if EU ever deregulates anything? Do they only add new laws and paragraphs? Are they rewarded in LoC? What are examples of laws they removed or deregulated?
35 replies
1d9h
"the chats of employees of security authorities and the military are also to be exempted from chat control"
So the two major fields where you really want to snoop their private chats to see if they are up to no good, are excempted?
12 replies
1d9h
I'm astonished that the chats of EU officials and politicians are not exempt. A mistake, no doubt, one which will be corrected shortly
7 replies
1d7h
Always surprised why politicians get exempted from these kind of rules. You would think they would set the good example
3 replies
1d4h
There are both good and bad reasons.
The bad is obviously that they’re immune to their own legislation.
The good is that it prevents incumbents from using this data as part of their campaign. It would be Watergate all over again.
There is also data that probably shouldn’t be public. Locations and status of missile silos, troop locations, etc. In an ideal world, all of that would be on secured channels that are managed by appropriate entities. In the real world, it seems like a struggle to get troops to stop posting selfies with sensitive data on Facebook; I don’t doubt much more exists in private messages.
I’m also about 95% sure our politicians (globally) are incapable of managing the OpSec of having 2 devices, one secured and one not, and using them appropriately. They’ll forget one or the other exists.
2 replies
1d3h
"Laws for thee and not for me" is one of the root tenets of totalitarianism.
1 replies
1d2h
To be clear, I think this law is bad, and I don't think these exclusions are the right way to go about it.
I just also think that it's worth considering that there are some communications where the cost of leaking data is higher than the cost of a very low chance of catching CSAM. These exclusions are overly broad in my opinion (the cost of most of these comms leaking is low to non-existent), but there are good reasons for some limited communications to either be excluded or have an alternative system.
A Watergate scenario weakens shared belief in the government/democracy. Leaking nuclear secrets is obviously bad. Leaking troop locations/movements is also very bad. A prosecutor getting access to communications between a defendant and their lawyer would be very bad.
My preferred solution would be to not have the scanning, for various reasons including that exclusions would either be so broad that practically nothing gets scanned or too narrow and we'd eventually have some kind of crisis.
0 replies
1d2h
I predict the scanning will be worked around by all parties except for the ones who really don't need to be scanned.
2 replies
1d7h
Always NOT surprised why politicians get exempted from these kind of rules. You would think they would set the good example.
They're not stupid, and they're NOT example-setters (very few exceptions) - for myself.
#never voted, and very proud of it.
1 replies
1d6h
I'm afraid there's nothing in your behaviour to be proud of
0 replies
1d5h
"History is made by those who show up." (Disraeli) is the quote that springs to mind.
1 replies
1d9h
They are also exempt. We are not dealing with amateurs here...
https://european-pirateparty.eu/chatcontrol-eu-ministers-wan...
0 replies
1d8h
- "As O'Brien passed the telescreen a thought seemed to strike him. He stopped, turned aside and pressed a switch on the wall. There was a sharp snap. The voice had stopped."
- "Julia uttered a tiny sound, a sort of squeak of surprise. Even in the midst of his panic, Winston was too much taken aback to be able to hold his tongue."
- "'You can turn it off!' he said."
- "'Yes,' said O'Brien, 'we can turn it off. We have that privilege.'"
0 replies
1d9h
The ones pushing this probably think the secret police and military are firmly on their side.
0 replies
1d7h
It's also going to be fun when it comes to communication of medical providers or lawyers. Both groups can be expected to be legally privileged and commonly come into contact with material they're legally required to process that will trigger (false) positives. The whole idea so braindead it can only come from a politician with a voyeurism fetish unburdened by any subject matter expertise.
11 replies
1d9h
How is this supposed to work in reality? Do we really want to provide Meta, Apple and Google with a list of phone numbers of accounts of militarly and security personell in order to have their feature-flags for sharing links/photos enabled?
4 replies
1d8h
The cellular carriers very obviously already have a system like this for location tracking.
Their tower dumps contain enough metadata to determine all the people who spend most workdays at office buildings in McLean Virginia. And then, of course, where those people sleep (i.e. charge their phones) at night. It takes positive effort to erase that data, and believe me, it's being erased. The powerful people don't want it to exist.
So yeah, there is already a system for doing this kind of thing. It will be extended. Plebs like you and me don't get to use it.
1 replies
1d8h
The carrier, for example Vodafone Germany, might have that data. How does that help to enable a feature-flag in US-based Meta's WhatsApp?
0 replies
1d8h
facepalm
0 replies
11h11m
The powerful people don't want it to exist.
Good on those powerful people then, because this data should not exist.
0 replies
1d6h
Unless you have positive evidence, I'm gonna guess that the "powerful people" aren't that organized or that on top of things. But, sure, they'd like to be.
2 replies
1d8h
Apple and Google could provide devices or OS versions that disable these features, which could be issued as work phones to military and security personnel.
Not saying it’s a perfect solution, but they might consider it a “95% good enough” solution.
1 replies
1d8h
But it's the other way round: people in those industries (can) have those features enabled!
Unless by 'feature' you mean the mandatory scanning?
0 replies
1d7h
I mean “software feature” [1]. It is an “anti-feature” for sure, but I’d still call it a “feature” as well when someone has to write a new blob of code to perform a new task.
1 replies
1d8h
They already have those lists because those are US companies that famously assist US intelligence. Those flags will be used in multiple incompatible ways, depending on who's asking.
0 replies
1d5h
A company assisting the US intelligence will get assigned some contact. They will not get a list of the intelligence staff. That's not the way the information is expected to flow.
0 replies
21h27m
Dunno. The exception is a security breach in it-self.
5 replies
1d8h
So the two major fields where you really want to snoop their private chats to see if they are up to no good, are excempted?
As far as I can tell from the article, the justification for the proposed rules is "won't someone think of the children".
Those two major fields you mention might do well with more oversight in general. But I doubt they are especially prone to dealing with children?
4 replies
1d8h
I'm a software developer. How much interaction do you think that I have with children?
And if the discussion is concerned with what one does outside of work, well, presumably those exempted industries also have time outside of work.
3 replies
1d7h
I don't see your point, sorry?
I was merely arguing against this remark:
So the two major fields where you really want to snoop their private chats to see if they are up to no good, are excempted?
Those two major fields aren't especially prone to dealing with children. (They probably aren't any less prone than eg software development, sure. But that wasn't the point.)
2 replies
23h22m
> Those two major fields aren't especially prone to dealing with children.
1 replies
23h2m
I think you are missing the point, all fields should be exempt as this law should not exists, but those two fields are not very special terms of how much we should want them not to be exempt.
It is not about arguing that only they should be exempt.
0 replies
13h55m
> all fields should be exempt
1 replies
1d5h
They are claiming that it is privacy preserving, since it uses AI and not humans, and only for catching csam
Assuming those claims are true(I know, that is a big ask, but they claim it) what function do exceptions provide unless they are purposely giving those exceptions for the production and distribution of csam by those groups?
More likely their claims of the privacy and/or purpose are false.
0 replies
1d2h
Assuming those claims are true(I know, that is a big ask, but they claim it)
They may even be true today. The problem is that if true, it won't stay true.
Interested parties find ways to tap into stuff like this once it exists. Given enough time, they create a legal framework to justify it.
0 replies
1d9h
I haven't gone in detail on the draft, but what is nuts is that those are exempt, as well as everyone who uses a service not-for-profit.
So, if you self-host [1], you don't need to adhere to the legislation.
But, wait… Are you telling me that security officials are allowed to use not their self-hosted infrastructure, but use public one to send (I assume, based on their exemption) confidential data?
And, as @WA proposed, will be a list of contacts of these officials given to all for-profit organisations?
What a stupid joke it is!
[1]: See third row at https://www.patrick-breyer.de/en/posts/chat-control/#current... .
0 replies
1d7h
Could the platforms the authorities use decide to not exclude them and treat them the same anyways (ie scan them like everyone else's) or are they codifying that that kind of scanning only applies to the common people?
19 replies
1d9h
On a positive note, the backlash will inspire a new generation to consign fossils to the dustbin of history, https://youtube.com/watch?v=-wntX-a3jSY
The more you tighten your grip, the more star systems will slip through your fingers.8 replies
1d9h
One can only hope, though given how much more authoritarian everyone (in the US, at least) has gotten, I am not holding out much hope. Good luck fighting this; I mean that sincerely.
4 replies
1d8h
Ignoring the fact that TFA is about the EU and not the US, can you elaborate on what you mean by that? Everyone is more authoritarian?
2 replies
1d1h
The MAGA movement in the USA (~30%) has taken on a dangerous cult-like and fascist tendencies and ignore critical thinking, democracy, and facts, and instead glom onto a cult of personality. It’s not enough to believe 95% of what they (the cult) believe, it’s 100% or you will be excommunicated. It’s pretty scary times over here actually
1 replies
1d1h
~30% of the US population is into the 'MAGA movement'? Got a source on that?
0 replies
21h18m
Even if that's not the case, in many political races in the US, MAGA politics is the only option for conservative voters, even those who wouldn't consider themselves a part of the MAGA movement.
Of course, it's pretty messed up that the rationale to continue voting Republican is apparently, "well, I don't like Trump and dictators and the erosion of democratic values, but... man, that Biden guy annoys me".
0 replies
1d8h
Authoritarian politics is way more popular than, say, around the turn of the century.
1 replies
1d8h
It's even worse in Europe from what I can tell. The shift took me by surprise, but a decade or so a go I noticed people around me were becoming increasingly authoritarian and pro-surveillance.
Today I'm in a very clear minority today and I think for now that trend will only continue.
0 replies
1d8h
> authoritarian and pro-surveillance
Whether by accident or design, the "smartphone" (package of sensors) manufacturing revolution made surveillance cheap and pervasive. Those atop a wealthy hill of deregulated inequality may be attracted to a mirage of tech-enabled control, powered by harvested signals and McKinsey dashboards. But all observations affect the observer, so observe.. wisely.
0 replies
1d9h
Every action has an opposite reaction. Thanks to Apple's refusal to cede even a little bit of central control over their ecosystem, to enable decentralized innovation, members of their star silicon design team departed to start afresh with Nuvia.
Now we have Windows Arm PCs with UEFI and upstream Linux support, "close enough" to Apple Silicon perf/watt. PC OEM price competition and enterprise volume buys will yield affordable Arm laptops in a few years. Framework has proven that laptops can be modular. Did they inspire Lenovo to make a more repairable Thinkpad? If Framework releases a modular Arm laptop based on Qualcomm/Mediatek/Nvidia, watch out.
On the software front, the sold-out "Local First" conference recently wrapped in Berlin, https://www.localfirstconf.com/. If HTTP can be extended to support synchronization, it could dramatically lower the cost of cooperative infrastructure, including offline (think Cuba sneakernet) sync, https://stateb.us/what & https://news.ycombinator.com/item?id=40480016, tearing down big walls of tech and lobbyists.
Some conflicts are won by making them irrelevant.
5 replies
1d8h
This is a naive view of the matter.
These proposals keep returning because there are legitimate concerns that are being left unadressed by industry self-regulation.
When nobody wants to have a conversation about good measures, politicians are going to try again, even the new ones.
It is sincerely horrifying what the reckless deployment of generative AI is doing in this space. And it's all dismissed as "Well you can't stop math anyway so we're not going to do anything" and (implicitly) "The ends justify the means, sacrificing a few children is worth it to get AGI". These are terrible optics.
If tech does not hold itself accountable, privacy is going to die sooner or later. The politicians need only win once.
2 replies
1d8h
there are legitimate concerns that are being left unadressed by industry self-regulation
This is a bit silly. Apple tried to do this and it was deemed overwhelmingly anti-consumer. This is like wanting private phone calls, but also blaming phone companies for sex lines. This isn't a fine line for companies to walk. It's a line of negative width.
1 replies
1d7h
This is like wanting private phone calls, but also blaming phone companies for sex lines.
What are you on about? This is precisely the kind of situation where a best-effort can be done.
Though let us swap your example of "sex lines" for something legitimately harmful. Scamming callcenters.
Should they stop all scams? No, they can't. Inspecting phone call traffic to monitor for scams would be extremely invasive. Should they disconnect the firm they and everyone else knows are scammers? Yes.
Thus the point. When these companies don't make a best-effort, the government gets involved.
The only added complexity here is that the chat apps themselves can't do anything. But the big tech giants could stop making the problem infinitely worse, big platform holders who already monitor publicly-posted content could work to ensure their reports are actioned upon.
0 replies
1d7h
Should they disconnect the firm they and everyone else knows are scammers?
On what basis? There's no "everyone knows". If police in a jurisdiction report something, it can get taken down. That's not a matter of "self-regulation". That's you thinking unelected tech company middle managers should do what the police are paid to do, and many countries are structured to only allow the police to do.
1 replies
1d8h
> privacy is going to die sooner or later. The politicians need only win once.
If privacy dies, it ends creativity, civil society and funding for politicians. That scenario would be painful, but self-correcting. On the other side, something new can be born.
Note: "privacy" is not a car that can be stolen once. Like freedom, it is infinitely divisible, and even those who have lost 99% will keep fighting for what little remains. There are countless examples in history, independent of temporal technology minutiae.
0 replies
1d8h
Note: "privacy" is not a car that can be stolen once.
I'm not talking about "all of privacy" being lost in one go, I had assumed this would be obvious to all readers.
I'm talking about the specific matter at hand; Message scanning, with the point of how this failure mode poses a threat for further and further infringements of privacy down the line.
If privacy dies, it ends creativity, civil society and funding for politicians.
Cute poetry, but the aftermath of 9/11 clearly shows otherwise.
Consider for a moment how even these "anti-terrorism" measures are seeing shockingly little pushback. Despite al-Qaeda being an ocean and continent away.
You're a fool if you think any politician would risk their career to revoke message scanning once implemented. The attack-ads write themselves, "[POLITICIAN] wants to let pedophiles sextort your children".
1 replies
1d8h
Or we could end up like a variation of Putin's Russia where power screws were tightened gradually till putin got absolute power
0 replies
21h15m
The thing that encourages me a bit about the US's situation here is that we're still decentralized enough. I'm not a "state's rights" guy by any means, but it's significant that we have state-run election systems. It's much harder for an authoritarian executive to run sham elections here.
But still, I feel like this property only slows down the march toward authoritarianism. It won't stop it.
1 replies
1d6h
the backlash will inspire a new generation to consign fossils to the dustbin of history
Most of what I've seen of "a new generation" leads me that, on average, they're disturbingly willing to comply with any kind of authority on any kind of pretext. And some of the rebellious outliers are kind of Naz-ish.
Not wildly different from any previous age groups, of course, but definitely not some giant anti-authoritarian wave.
... and people of any age will only reliably "backlash" if they're actually inconvenienced. Most people will just accept the spying and go back to sharing stupid memes. Until it's too late, anyhow.
0 replies
23h17m
> some giant anti-authoritarian wave
Fortunately for human civilization, our options are not limited to "authoritarian" and "anti-authoritarian".
Societal change may conclude with mass movement of followers, but it begins with individuals who create new choices and incentives.
17 replies
1d9h
While this is being put forward by the council, there still is a way to influence the end result by voting for a party not involved in this turd to get it rejected. The EU Pirate Party is still on the ballot in some places.
If it ever gets promoted to law, my predictions is: ASCII art is back.
12 replies
1d9h
Nah, this plan is outright evil. We all learned from the cookie banner madness that everybody just opts-in to everything all the time, just to make the thing go away. This proposal gives us a fake choice, because so many coordination of real life activities happen in WhatsApp in the EU that you have to opt-in to still participate in a meaningful way.
I'm not talking about sharing vacation photos with your friends, but stuff like:
- here is a link that explains how to do taxes for your nonprofit
- here is our new school logo
- this is a link to the soccer tournament schedule
and so on.
5 replies
1d8h
everybody just opts-in to everything all the time, just to make the thing go away.
I actually bother to decline those things.
So, not everybody. Your statistics are off by at least one.
1 replies
1d8h
Usually consent is one click and decline is a lot of extra clicks, if at all available. I just consent to everything and employ a Firefox extension that clears all cookies and site data when a tab is closed.
0 replies
1d8h
You can also try Consent-O-Matic, a plugin that will tell cookie banners whatever you pre-define. I set it to refuse everything. Doesn't work for all sites, but most that have industry standard banner software installed work.
0 replies
1d1h
Irrelevant.
0 replies
21h23m
When someone says "everybody", they generally don't mean literally every single person, they usually mean "most people". In that light, I believe the GP's assertion is correct. Most people -- really the vast majority of people -- will just click on the default option, or whatever gets the annoying pop-up out of their way.
0 replies
1d8h
Do you think words all/most matter in the context of this discussion?
4 replies
1d8h
Is there any hard data on what you refer to as "the cookie banner madness"? Personally, I click 'refuse' on every banner that pops up. They're not all that annoying, so I'm not sure that "everybody" opts-in to "everything all the time"
0 replies
1d1h
All you need to do is sit down for a while with people who aren't in our tech bubble and watch them use their stuff. I used to do on-site tech support for people, and I have seen tons and tons of people constantly click dialog boxes without reading them or knowing what they are clicking on. They just want to dismiss them because they are annoying.
I had a person who was having a printer problem close a dialog box telling exactly what was wrong with the printer. It came up every single time they tried to print. This is not abnormal behavior.
People regularly just click on the default boxes, and you know it's true otherwise there wouldn't be so many dark patterns on the internet. Dark patterns work because people don't read what's on their screen.
0 replies
1d7h
To counter your anecdote, I was doing something on my boss's computer and clicked refuse all on the google prompt. My boss was surprised and said she thought the site wouldn't work if you refused. We're software engineers.
0 replies
1d8h
Way to derail my argument. This is not about literally everybody accepting everything, but that the vast majority of people will accept the default option. This has been studied over and over. The cookie banner madness is that so many cookie options are implemented as dark patterns: consent is easy, rejection is not.
0 replies
1d1h
They are extremely annoying in my estimation. That’s why I have 2 extensions running that automatically click opt out 95% of the time. I remember what it was like before that.
0 replies
1d1h
You would think Europeans would have learned from the likes of the SS and Stasi where this stuff leads. It gives too much power to government and especially the police. It wasn’t that long ago since the SS and their ilk were putting people in ovens and nerve gas showers because they had unlimited power and you had to have your papers in order or off to prison. Why is it that Americans remember it better than the ones who suffered it (or their ancestors)
3 replies
1d9h
If it ever gets promoted to law, my predictions is: ASCII art is back.
Actually 99.99% of users won't give a single fuck and will just allow scanning. People don't care at all in case you didn't notice.
0 replies
1d8h
I'd replace "don't care" with "are intentionally misinformed / not informed enough" or "don't understand the consequences".
It's hard to have time to think about these issues when you have zero free time, barely manage to make ends meet, don't have techie friends and are bombarded with propaganda. It's possible, but it's hard, especially when that very propaganda uses the main thing you work your ass off to scare you into submission.
0 replies
1d9h
That's exactly what's going to happen, and the few people who actually care will end up in a list. It's all for your own good though, as terrorist and pedos will obviously be like "damn gotta find something else to do now as this is forbidden!".
0 replies
1d9h
It was a sarcastic comment, and I guess you are right.
If the detector has a false positive rate of 0.01% that still means ~50000 false hits every day, if every one sends one image daily. And my guess is it's WAY more than that in volume and false positive rate.
14 replies
1d9h
Incredible that they think this will even slow anything at all. Some of these laws you can see a trade-off between safety and freedom, which you can decide where to position yourself. But in this one I really have a hard time seeing what even gets harder to do for criminals.
If I'm sharing nasty stuff through one of these platforms and I can send text, I can send a link. In any platform "that doesn't allow links" you see people sharing them anyway through normal text, even if they have to create some new conventions. And you can also just use different platforms anyway, so where is the deterrent?
This is just annoying based on people legislating for technologies they don't understand.
8 replies
1d8h
I think you overestimate the technical knowledge and skills of many people. For every crafty career criminal there's a dumb idiot doing dumb stuff on account of being a dumb idiot. And even crafty career criminals can and do make mistakes.
Of course it won't catch 100% of it, but very few laws or measure do that (and those that do almost always come with very high amounts of false positives). Also links are not hard to scan for either, and you can't "just" upload CSAM to anywhere either and not expect troubles sooner or later (unless you know what you're doing, in which case we're back to the previous paragraph).
I think it's very hard to deny that of course it will catch a non-zero number of people, although it's hard to determine exactly how many beforehand. That doesn't mean it's a good law, it just means that all these type of "it won't even catch anyone!" argument are just bad arguments.
4 replies
1d8h
I think you're making my argument out to be something else. I'm not saying we can only have laws that are bulletproof. But the fact they think links and text are different things, makes me _know_ they don't understand what they are doing. So I know their interpretation of the risk/reward is also not good and it's annoying to have freedoms taken away by dummies. If I get the impression they are smart and looked into it I'd swallow it way easier.
3 replies
1d7h
the fact they think links and text are different things
I don't think anyone really thinks that.
2 replies
1d7h
Maybe I have some misunderstanding from the draft legislation. Can you explain how one can prevent users from sharing links while keeping them able to share text?
1 replies
1d7h
You can't. But like I said: of course it's not 100% foolproof. Going from that to "they think links and text are different things" is quite a leap.
0 replies
1d7h
First message: p 0 r n, s i 7 e Second message: dot Third message: come on over. Forth message: Sorry my mistake, organising the house.
After a while the second, third and fourth won't be required.
Jeeze...we learned obfuscation fucking years ago (torrenting was punishable then, probably is still, and a few people may be made examples of, by ip tracking etc as subscribing becomes more disliked).
2 replies
1d6h
I think it's very hard to deny that of course it will catch a non-zero number of people,
Sure, but it is still completely valid to argue that it won't quantitatively be effective enough to justify its cost, either in money or in creating-the-infrastructure-for-a-fucking-police-state. "Non-zero" isn't necessarily an acceptable level of effectiveness.
1 replies
1d4h
Yes, but that is a very different argument than "it doesn't work at all". Then we can start discussing what the balance ought to be and all of that, rather than just a "Njet! It won't work!"
0 replies
1d3h
It will work maybe somehow the first time. Predators will adapt and start using obfuscation same like thiefts adapt - burgler expect that most doors will be locked and might have camera and will bring balaclava and crowbar to their 'workplace'
0 replies
1d7h
The goal is money and control. They enact a partial "solution" so later on they'll say they need more access to private data because of the loopholes. Meanwhile the industry of surveillance and compliance grows providing more paper pushing jobs to the establishment. Power-tripping politicians also get the ability to spy on opponents and basically anyone they please.
0 replies
1d8h
Having the bad content hosted "elsewhere" is still a good gain for any service provider. It reduces the number of safe harbors for harmful actors.
Outside public content can be scanned as part of "defense in depth" too.
0 replies
1d8h
This is just annoying
That's the most positive take you can have on this.
0 replies
21h28m
Incredible that they think this will even slow anything at all.
They don't, or they don't care. Measures like these have two purposes:
1. To make it seem like someone is doing something. Constituents don't accept the idea that their representatives are powerless to fix certain hot-button issues. Even if a new law or regulation will have minimal or no effect on a problem, as long as legislators (or whomever) can pay some "experts" to say good things about it, many constituents -- most of whom don't understand the issues involved -- will be (somewhat) satisfied.
2. Continuing to establish and normalize surveillance technology and make it a part of normal life. The more that government types can mandate that people can't do in private, the easier it is for them to do... well... whatever they want to do.
0 replies
1d7h
But you don't even need to use a link! You could just convert and send the image as base64 or you could compress and encrypt it with 7z. I am sure there are many other methods. How accessible that would be on a phone though is another story, but I dont think it would be that hard.
14 replies
1d9h
I wonder if they are going to kill open source chat applications.
8 replies
1d8h
Very likely, and self-hosting too. I imagine some sort of licensing system eventually.
7 replies
1d8h
I doubt it. The day it fucks state level companies with issues accessing the Telegram API or libre/FLOSS APIs/services such as GUIX under Inria using XMPP/VoIP tools, the working days of these EU bureaucrats are numbered.
6 replies
1d8h
Why? In Germany anonymous (self) hosting is already illegal. KYC for chat is only one further step, really not that big.
5 replies
1d7h
I'm from Spain, no issues with Germany. Also, is not illegal to self-host, but anonymous self-hosting.
Anyway, most people will just set external pages under international hosts anonymously, or under i2pd and yggdrasil.
Also, any German can just use SDF with a validated account and call the US law on hosting (and maybe content) instead of the German one.
4 replies
1d7h
Also, is not illegal to self-host, but anonymous self-hosting.
I think that is what I said.
Anyway, most people will just set external pages under international hosts anonymously, or under i2pd and yggdrasil.
"Make yourself a criminal" is not good advice.
I don't know what you are trying to tell me. I know that there are technical means to circumvent this, just like there will be technical means to circumvent chat filters. That isn't the issue, the issue is that it is criminal to do so.
3 replies
1d7h
In Spain we say 'hecha la ley, hecha la trampa' ( [as soon] the law it's made, a trick its made). So Germans will find lots of loopholes to be covered, such as not using a German hosting first, and not stating their Web/Gopher/Gemini site as a commercial service, with no data collecting at all.
2 replies
1d7h
So Germans will find lots of loopholes to be covered, such as not using a German hosting first, and not stating their Web/Gopher/Gemini site as a commercial service, with no data collecting at all.
Again, this is criminal. Again, I am aware that there are numerous technical means to circumvent this, yet all of these are criminal.
I still don't get what your point is.
1 replies
1d7h
Exploiting loopholes aren't criminal per se; what I mean it's that you can comply with the law by just stating you are not a commercial entity and privacy it's a right granted by the European Union. Thus, most German web/gopher/gemini hobbyists could just call the European Human Rights Court and sue the German goverment branches en masse. Better if that was done under a civil rights supporting NGO, because of legal advice. Once the bigass fines stack up at Berlin, the law wouldn't last for long.
0 replies
1d7h
Such a bizarre position. None of this is relevant for the legality in this moment or the legality of the chat monitoring.
Also I think it is extremely unlikely that the court will agree. There are many, many more egregious laws in existence in the EU, this effects very few people and is a big sovereignity issue.
3 replies
1d9h
If and how :)
2 replies
1d7h
The how is simple, all devices will be required to be as locked as iphones. No apps on your device unless approved by the vendor. Open source is fine as long as you jump through the hoops to submit it for review.
1 replies
1d7h
so disable dev mode for all phones? This solution is far from simple.
0 replies
1d3h
As if one can just grab a PlayStation and start developing for it. The limiting tech already exists.
0 replies
1d8h
Yes, ChatKYC is in the works.
14 replies
1d9h
I know this might not be what you're expecting to hear, but my reading is that the proposed law is pretty balanced.
If I take pictures and never share them, no scanning is done. If I copy private pictures to my wife's phone when we are meeting in person, no scanning is done. Similarly, I can archive pictures to my PC or print them out and all of that respects my privacy.
Only if I use a public service, like Facebook, WhatsApp, TikTok, is there the possibility of my pictures being sent to authorities if (and hopefully only if) the local scanning was inconclusive. But in that case, Facebook, WhatsApp, TikTok can (and probably do) already spy on me and my pictures. I don't think it's all that draconian for authorities to take a look, too, after you have already voluntarily !!! sent them to a for-profit corp with questionable morals.
And I feel like the proposed law design also matches with the real risk profile. Pretty much all of the blackmailing scams that drove teenagers to suicide were being perpetuated from outside the country that the victim was living in, e.g. [1]. So it makes a lot of sense to more tightly control cross-country online messaging on almost anonymous platforms than in-person photo sharing.
[1] https://www.bbc.com/news/world-australia-68720247 "Two arrested in Nigeria after Australian boy's suicide"
EDIT: In case anyone wonders, here's the 100+ page EU report that presents their opinion of the facts and then makes suggestions, some of which are now being discussed: https://www.europarl.europa.eu/RegData/etudes/STUD/2020/6527...
Section 3.5.1. is about the scanning of your private pictures that Facebook is already doing, meaning regardless of how the EU decides in this case.
2 replies
1d8h
Pretty sure Signal currently can't look at my photos that I send to friends. So that part is wrong. AFAIK WhatsApp is also encrypted. But I don't know if they can see the photos server side.
1 replies
1d8h
If you give an app access to your photos, it can do whatever it wants with them. Even if the normal operation is end-to-end encrypted, the app could still upload straight from your photo library to servers.
I'm not saying this is happening. In Meta's case, I simply assume that they at least collect meta information on your photos, such as GPS coordinates to build a better ad profile of you. I might be wrong, but maybe not. That's why I don't give WhatsApp access to my photo library.
0 replies
1d7h
In that case I would not have send it voluntary. Which was what thread OP was talking about.
1 replies
1d8h
It’s absurd to suggest that users of an e2ee chat service can reasonably expect the government to “take a look” at the pictures they share. Software should have no such backdoors. This law does nothing to dissuade criminals but it does degrade the privacy expectations of regular people who are not suspected of any wrongdoing.
0 replies
1d8h
I somewhat agree with you. Also:
It’s absurd to suggest that users of an e2ee chat service can reasonably expect the service provider to “take a look” at the pictures they share.
But sadly, that's already happening. It's probably best to avoid sharing any private pictures on Facebook, WhatsApp, TikTok or any public cloud. Because you never know who might have access or gain access in the future. And isn't Google actively scanning their Drive user's files and removing presumed adult content, too? And didn't Dropbox one tweet about the X-th file uploaded being a cat photo? How did they know?
1 replies
1d9h
I know why you were voted down, and I don't think it's fair.
But the problem with your example is:
-criminals CP-sharing etc use end-to-end encryption -> politicians: encryption must be weakened, but that doesn't work...damn opensource
-Now we need local scanners on every phone, but damn those Linux laptops the criminals use still have no scanner.
-And now we need an authorized operating system ...., but damn those open source guys.
-So now there is a full file system scanner chip in every router, laptop and phone. If you get caught using a device without this chip -> straight to jail.
It goes on and on, and next we have to leave the laptop on so gov can always inform us about important stuff ;)
0 replies
1d8h
Yup. The road to hell is paved with good intentions.
0 replies
1d9h
"It's a bad thing that is already happening, so why not make it worse by mandating it on government level" is not as good a take as you think it is.
0 replies
1d9h
I don't think it's all that draconian for authorities to take a look, too, after you have already voluntarily !!! sent them to a for-profit corp with questionable morals.
You don't have to send the photos to a for-profit corp though. E2E encryption is entirely possible. What the law should be enabling is for people to sue companies that claim to do E2E encryption then compromise it by independently sending things to law enforcement.
0 replies
10h15m
You and I probably have quite a different meaning of balance, although I am indeed not sure what there is to balance. Freedom and security? What do you mean by this? There is a false perception that this is big tech vs the EU, but instead it is big tech and the EU against you.
This is not an issue where there can be much of a compromise. My chats are private and not to be surveilled by a central authority. This isn't a policy that faces the challenges of new technology, this is something that should have stayed in the last century.
The internet did raze down quite a few borders and despite some risks, it is very much worth it to keep it in this form.
If the EU wanted to be constructive in strengthening and protecting users, it would have created legislation that big tech cannot screen user content with impunity. Instead it now forces them to do so and report "wrongdoings" to something that isn't even a real police force.
0 replies
1d
Please be aware that even if you choose not to share pictures and decide not to use end-to-end encryption services, the installation of the CSS software will still be mandatory.
The control over the scanning of your device remains with them, and the likelihood of this power being exploited is almost guaranteed.
0 replies
1d9h
Not to downplay the very obviously tragic suicides, I still disagree with the premise that stuff like that would be reduced or our general safety would be improved by mass scanning.
TSA for example is one of the most invasive security screenings most people endure on a quasi-regular basis and it's been the source of overreach and still does not catch much of anything whatsoever.
Criminals are incentivized to get around this scanning, regular users are not. Who really bears the burden here?
0 replies
1d9h
Several of these apps currently have end-to-end encryption, which means that no, they aren't scanned. Even if they were, what a state can do with them (falsely accuse me of heinous crimes) is a lot more dangerous than what a corporation is likely to do with them (show me different ads).
Pretty much all of the blackmailing scams that drove teenagers to suicide were being perpetuated from outside the country that the victim was living in
The recent cases in the Netherlands (where I live) were all Dutch perpetrators.
Anyway, this technology won't catch that -- sending nude pictures is, after all, both perfectly legal and very common. The scanning software can't know that the picture is sent to somebody only acting as a boyfriend rather than an actual boyfriend.
I can see the point of a database of known child porn pictures. The phone app could keep a database of hashes of those exact files, and check for them.
Other than that, I don't see what good automatic scanning can possibly do, and there is a HUGE potential for abuse.
0 replies
1d6h
If I take pictures and never share them, no scanning is done. If I copy private pictures to my wife's phone when we are meeting in person, no scanning is done. Similarly, I can archive pictures to my PC or print them out and all of that respects my privacy.
"We'll only beat you on Tuesdays" is not balanced.
13 replies
1d9h
Well well, time to vote for the anti-EU party.
4 replies
1d9h
This is surely the wrong conclusion to draw from this.
1 replies
1d6h
Why? The EU is inherently anti-democratic IMO. Most people have no idea what is going on, what laws are being discussed and so on. Why should the EU have power over stuff like this to begin with? It's stupid.
0 replies
1d6h
I agree that the EU is not perfect. But it's not anti-democractic. The European Parliament is elected democratically. Sure, there are ways we need to improve the legislative processes, but this doesn't mean the best thing to do is to disband the EU.
0 replies
1d8h
I imagine the idea is that smaller-scale authoritarianism is better than larger-scale.
0 replies
1d4h
The EU is a socialist project since its inception, a third way between the excesses of capitalism and comunism
2 replies
1d8h
Alas, the anti-EU parties are typically even more insane.
I suggest voting with your feet. The only vote that actually makes a difference.
1 replies
1d6h
Voting with my feet?
0 replies
1d5h
It's a metaphor for moving.
1 replies
1d9h
The anti-EU parties are generally in favor of this kind of stuff.
0 replies
1d6h
Not in my country, here it's the reverse.
Even though, it's far easier to change peoples opinion in one country than in 28.
1 replies
1d8h
Here anti-EU parties want even more draconian laws against privacy.
0 replies
1d6h
Not where I live. Where I live it's the pro-EU people that are generally for this and is actually the people behind chat control (Sweden, Socialdemokraterna).
They are a horrible, horrible party that desires power over all else.
0 replies
1d9h
Or kill the potential victims, that will prevent future crimes too!
13 replies
1d9h
Relevant comment from a previous time a link to this site was posted:
https://news.ycombinator.com/item?id=40523902
tl;dr the title is misleading. This comes from the European council (which consists of representatives of member countries) and is not a fact until the European Parliament has voted on it. It is likely that the EP will reject this proposal like earlier attempts.
Yes, we should fight this , but it’s not the ‘EU’ who says this.
10 replies
1d9h
European parliament has no real power, it's a democratic illusion, just like the elections in USSR. You don't believe me? Then explain me how the EP repels an already voted law. It can't.
4 replies
1d9h
EP rejected ChatControl once already. So what the heck are you going on about?
3 replies
1d8h
EP is a fundamentally a weaker body than its name suggests. The European Council can keep proposing pretty much the same law over and over again until they get a pliant EP that will accept it.
Once accepted, it's almost impossible to repeal the law by the EP because they will need the approval of the EC and Council of the EU, both of which have members that are not directly elected by the people. EC and Council of the EU is also that body which so far has proven to be far more authoritarian in it's approach.
So, the parent is largely correct.
1 replies
1d8h
To be fair, most executive bodies of most countries are not directly elected. You don't vote for your Finance Minister or your Secretary of State in any country I know of. It's true that the EP has uniquely little power compared to the legislative bodies of most democratic states though.
0 replies
1d6h
... but the executive bodies of most countries aren't the only ones who can propose legislation. If the EP can't act sui iuris, either to change legislation or remove Commission members, that's a really qualitative disability.
0 replies
1d8h
But it does have the right to reject any such law before it's accepted.
Which is the relevant part here, not muddying the water by bloviating about something else, right? Having a body that can only vote on/debate on proposals is absolutely not rare across western democracies.
2 replies
1d9h
Last time this came up Parliament stopped it. It’s popular for certain YouTubers and politicians to pretend there’s no accountability but it’s not the case at all.
1 replies
1d8h
Not sure how to cross-post here but I think it's a losing game. EC can keep proposing the same law once every year and at some point they will get an EP that approves it. Repealing is impossible unilaterally by the EP. It's an every tightening rachet.
See my comment here: https://news.ycombinator.com/item?id=40560873
0 replies
1d1h
The price of freedom is eternal vigilance
Ultimatly the popular Parliament and the government council can block it, and the leaders of each member government can of course nominate commissioners who do not wish such laws passed
The reality is that democracy if governments want this type of law - hell large numbers of the people do. It’s the problem with democracy.
Certain interests dont like the EU as it’s harder to manipulate than a typical national government and people.
0 replies
1d9h
It has real power, it has to approve almost all legislation before it becomes law. It has no initiative and can only act on proposals from the European Commission (for new laws, or repealing old laws, or amending them), which while not directly democratic, has all its members nominated by the governments of EU member states (themselves elected) and confirmed by the EU parliament.
Democracy can be slightly more complex than direct democracy without being a sham like "elections in the USSR".
0 replies
1d9h
I wish they European Parliament had all the power. Most of the bullshit comes from the Commission, which is the least democratic body of the EU.
1 replies
1d9h
And for the 3rd time people confuse the Council with the Commission ;)
0 replies
1d8h
In this particular case, the Council is still debating and amending a proposal by the Commission before it is sent to the EP to actually vote on. So I don't think anything there is truly wrong.
11 replies
1d9h
When responsible people with power feel powerless carrying out their responsibilities they tend to panic and force the innocents into an uncomfortable or damaging situation, endangering everyone instead of catching the comparably very few perpetrators doing the trouble. I seen too many of such examples throughout the years, bigger the public outrage, bigger the damge to the whole public instead of the very few involved or responsible. Who mostly thanks, carry out slightly differently in overall. But the public gets f'd.
4 replies
1d8h
For me it feel just like smoke screen rather than genuine intention to help child abuse. Is child abuse from predators such a big problem to variant all population being under radar? Most likely predators are not even 0.1% of population.
It would be better instead to empower and educate parents with tools to protect their children rather than outsourcing to government or public companies.
1 replies
1d8h
It would be better instead to empower and educate parents with tools to protect their children
Do we think that CSAM comes from poor parenting? That the parent's didn't do enough?
0 replies
1d8h
Not all of it, for sure, but certainly some amount of it. Most perpetrators of child sexual abuse are close to the child, either family members or authority figures (priests, teachers, etc). I expect at least some amount of CSAM originates from these places as well, that the child's parents absolutely had the power (and responsibility) to stop.
Of course, a lot of it comes from major organized crime networks that parents are powerless against. But that then falls under the incidence of more regular police investigations to stop and curtail. You don't need to monitor everyone's chat history to be able to find and dismantle a crime ring.
0 replies
11h6m
No, and they already said it will be used against copyright infringement as well. The child abuse angle was a lie.
Officials supportive here are either naive, extensively lobbied or have an authoritarian streak. Nothing really redeeming about their plans.
0 replies
1d7h
Of course it's just another pretext to enable snooping on the public, now that e2e encryption is prevalent.
1947: commies
2001: terrorists
2021: pedos1 replies
1d8h
They're aren't responsible. They've convinced a lot of people to pay them a fortune over their lives to be responsible, but they aren't. The perpetrators are responsible.
0 replies
1d8h
Responsible persons = public officials, in this regard. Responsible for public affairs and regulations, carrying out duties of the society as their position mandates. Not for the crimes, that's obviously someone else.
1 replies
1d8h
When responsible people with power feel powerless
In other words, the problem is these peoples' insatiable power addiction.
0 replies
1d8h
Don't forget the voters.
0 replies
1d9h
I'd say the big problem with catching those perpetrators online is that they will most likely not be inside your country.
0 replies
1d1h
It’s “policing” ’s job to enforce laws and catch criminals in the modern world. They don’t care about rights, Constitutions, or morals and they never will. Thus it’s up to the people who elect those who pull these stunts to fire the politicians the next chance they get and let them know why they got fired. Police are just scorpions and the scorpion will do what is in its natural. Fire the bums who make the laws they enforce, they are the real source of the new laws not the police.
9 replies
1d9h
A gentle reminder that this week we're voting in EU election so it's a great time to check who supports Chat Control and to vote accordingly.
The last attempts of this have been stopped by European Parliament so we need to make sure the new one stops it as well.
5 replies
1d9h
A gentle reminder that this week we're voting in EU election so it's a great time to check who supports Chat Control and to vote accordingly.
Any idea where we can find that information (those who proposed and voted on it)?
1 replies
1d8h
The first proposal got rejected on the commitee stage, see https://edri.org/our-work/eu-parliament-committee-rejects-ma... and https://www.europarl.europa.eu/news/en/press-room/20231110IP...
The might be a list of votes there somewhere.
0 replies
1d8h
Votes can be seen here (second page): https://www.europarl.europa.eu/cmsdata/277893/Vote%20results...
0 replies
1d9h
It’s not, as I understand it, something that the European Parliament has even debated yet. Nobody in the Parliament has proposed or voted on it, unless I have misunderstood.
This measure is still being developed by the European Council, which is a non-legislative body.
https://en.wikipedia.org/wiki/European_Council
It would have to be submitted to and taken up by the Parliament for the information you want to exist in a meaningful form.
Parliament is not keen:
https://en.wikipedia.org/wiki/Regulation_to_Prevent_and_Comb...
0 replies
1d7h
You can see who voted for "Amending Interim Regulation on a temporary derogation from certain provisions of the ePrivacy Directive" at https://mepwatch.eu/9/vote.html?v=167712, which from what I understand is about extending the duration an earlier version of chat control (1.0) [1] where the scanning is only done by tech companies on platforms such as Xbox and Facebook Messenger [2]. So not quite what is being talked about in the article in this post but definitely related.
[1]: https://www.patrick-breyer.de/en/chatcontrol-1-0-pirates-con...
[2]: https://www.patrick-breyer.de/en/european-parliament-o-exten...
0 replies
1d9h
In Sweden we have this: https://chatcontrol.se/status/
Hopefully other EU countries has similar sites. If you have a local Pirate Party, that might be a good place to start. I'm guessing they would link such a site.
2 replies
1d9h
They all do, even if they say they don't.
0 replies
1d9h
The parliament already rejected the first proposal so no, there are a lot of MEPs against this.
0 replies
1d9h
I'm not sure why you spread this kind of crock when EUParl already stopped it once.
7 replies
1d9h
It's weird how some parts of EU departments are so privacy friendly and forward thinking, and others are so incredibly backwards.
4 replies
1d9h
Nothing weird, that's just how governments work when they are not united under a strong leader like Putin or Erdogan.
Different organisations have different goals and those into "security" just want to delegate their jobs to computers when they chill, get paid and prized for their success. Some more cynical ones are also plotting for political control, I'm sure.
I'm very annoyed by this trend of government organisations really really desire to look into our stuff all the so they don't have to do their jobs the hard way like finding suspects and investigating them. Bunch of wankers and nothing more, aren't they?
If aligned government bodies is desired then a dictator is needed. EU isn’t suited for this.
1 replies
1d9h
Hmmm... I can assure you people doing security in the Putin's world also just want to delegate stuff to computers and collect salary
0 replies
1d9h
I’m sure they will but you won’t have some governmental organizations trying to protect the privacy when others are trying hard to invade it. They will be aligned.
1 replies
1d8h
I'm seriously surprised by seeing Erdogan and "strong leader" together.
0 replies
1d8h
Why is that
0 replies
1d9h
It's not wierd at all because you assume the same mental framework. What's been obvious for EU politics for years now is that they do not assume government/security privacy violations as same kind of violation as private person/company violating privacy.
Remember that GDPR has carveouts for governement as well.
Everyone speaks like "privacy" has a common, shared meaning across all people and it couldn't be farther from truth. And we need to keep that in mind - for governments, online posters and even organizations like Signal.
0 replies
1d9h
It's not weird, minimal data for corporations maximal data and control for the states, i think it's disgusting but hey they say the EU is democratic so at the end of the day it's our fault.
3 replies
1d9h
EU officials are very afraid of the people. But if they aren't doing anything wrong, why are they so afraid?
2 replies
1d8h
Officially, they are worried that something bad might happen to the kids.
But if they aren't doing anything wrong, why are they so afraid?
I would be afraid of eg a would-be assassin, even if I never did anything wrong in my life. So this is a weird argument to make.
1 replies
1d2h
EU officials are afraid because they know they're doing things a lot of people would want to kill them for.
0 replies
12h18m
The same could be said about people who fight organised crime.
3 replies
1d8h
I give it 6 months before someone goes to trial for sharing AI-generated CP and is acquitted.
1 replies
1d8h
I'm pretty sure that in the EU (and the USA), even fictional CP is illegal. That is, even drawings or stories of CP are illegal, and certainly AI-generated images would fall under that banner.
0 replies
1d8h
Probably yes, although in some EU countries having CP is below the level of a criminal offence, with the circumstances being that the images are artificially created even the minimum of three months of jail might not be considered.
0 replies
1d8h
Late stage sexual revolution.
3 replies
1d9h
The amount of identity verification we have to do in Germany is already obscene
EDIT: Weird to downvote for this, I suppose that people here are in favour of removing privacy
2 replies
1d9h
I thought Germany was pretty big on privacy protection. What exactly do you mean?
0 replies
1d9h
Yes but the state should know everything.
0 replies
1d8h
To get a SIM card, open a bank account, do any kind of investments, etc. you need to do a pretty extensive ID check, which involves going on a video call with an agent and holding up your passport and moving it around in all kinds of ways to show that all the reflections are there and stuff. It's pretty laborious and intrusive
Basically you must have your identity fully checked by a third party whenever you do something that can be used for terrorist reasons, which currently includes having a bank account and using a phone. Adding instant messaging in general to that list would not be surprising.
There is an entire industry in Germany and Europe in general built around supplying this service of checking people's identities.
2 replies
1d9h
That is the kind of mess you get with such laws:
https://mjtsai.com/blog/2022/08/22/google-account-deleted-du...
0 replies
1d8h
And without any protections Google would be a massive host and facilitator for CSAM. Let's not be naïve about this.
Google support is notoriously non-existent and/or obtuse, and that's the real problem here. Combined with that it's a "ban for life" black/white type thing, that it's not really possibly to appeal anywhere reasonably independent, and that type of stuff. There's tons of innocent reasons your account can get banned, and this is just one o them.
Doing anything that allows random people to upload or send stuff is being flypaper for the worst of the worst of dickheads. You really do need some kind of protection.
I'll go a step further and say that providing such a large platform which ties in to so many aspects of life (whether you want to or not) means accepting some responsibility. This means having at least vaguely helpful support. And also means not being a massive host for CSAM.
I remember a time when I worked as a repair tech and randomly clicked something on the frontpage of Google Video just to test if Flash Player was working without really looking what it was, and it was some guy blowing his brains out. And "young 12-year old Alice proudly shows her small tits" type stuff being quite common to just come across without looking for it on Kazaa, "warez" sites, and the like.
Where do you strike the balance on all of that? Good question. But pretending the balance doesn't exist is not helpful.
0 replies
1d8h
It is really concerning that I probably need to ask my parents to stop sharing any photos and videos of my young son digitally (privately via WhatsApp) when he's staying at their place and they are teaching him to swim in their swimming pool. False positives like these can ruin your life.
2 replies
1d9h
Wait for the first hundreds of false positives and the stories in the news and the effects on the next elections (some parties will campaign over that.)
0 replies
1d9h
But by then it'll be too late. They will promise they'll tweak the filters and whitelists, but in the end, the scanning will stay. They only have to succeed once to implement this law, and it's here to stay... we have to succed in repealing it every time and must never fail.
0 replies
1d9h
Per earlier news the scanning is said to have a 10% false positive rate[1].
[1] https://www.reddit.com/r/privacy/comments/voaicx/10_error_ra...
1 replies
1d9h
Wont anyone think of the children!!!
Absolutely insane orwellian legislation being written by, at best, some of the least introspective forward-thinking EU drones... What the actual fuck.
0 replies
1d9h
Ye it is surrealistic to watch.
It seems like all it takes is to point to a credible external threat and sane people are pushed down by 'lurker' insane people in a heartbeat.
1 replies
1d8h
There’s a deeper goal here.
Europe has no obvious path for staying relevant in the near future since colonialism is long gone.
EU prides itself on its institutions and their control over international trade and relations such as banking and insurance etc.
This is the only way they can assert some kind of authority over primarily US internet businesses.
0 replies
1d4h
Colonialism except for few colonies here and there was a big source of cost for european Nations. Buying raw goods from cashstrapped Kleptocracies is a lot more efficient / cheaper
0 replies
1d5h
We should all support this law, just with one addition:
All data shared by politicians, public servants and all of their family members within the EU has to be shared, analysed for corruption + stored forever.
If we are all considered pedophiles, then all politicians are criminals.
Yes, a few people will be wrongly accused and we all loose our freedom.
HOWEVER, with every election we will get a small chance that the previous administration will get audited and corruption and other crimes will get uncovered.
Seems to be worth it.
0 replies
1d9h
Morality police. Now with AI!
0 replies
1d8h
Because you know, AI never gets an image wrong, right?
https://arxiv.org/pdf/2401.15817
Quite long paper, but rich in examples that speak for themselves, like AI mistaking a Starbucks logo for a Ferrari one, or an airplane for a baby stroller, etc. CSAM producers will always find a way to poison images or use other tricks to conceal them. There was one in fact years ago that involved appending a .rar archive to a .jpg image without renaming the image (including the .jpg suffix): an image viewer would correctly show the image ignoring the following data, while a .rar unpacker would ignore anything preceding the .rar header, thus the image, and would extract the archived file anyway without errors. One wonders if the capability was intentional and how many times this trick has been used to exfiltrate from somewhere sensitive data disguised as kitten pictures.
0 replies
1d6h
This is really bad. I rather send no images and links, but find another way of sharing, like partial links as text.
What a stupid implementation, also one could harm others by sending them things anonymously.
0 replies
1d7h
how about... no? these regimes have ZERO legitimate authority to do any of this. They will of course disagree, as all criminal organisations do.
At this point they really just qualify as enemy of the people
0 replies
1d9h
I think the same article was posted some 3 times this weekend in different forms
I'm all for discussing the issue, but at some repetition exhaustion is a thing, updates without anything significant are not really updates and maybe Patrick should be aware of crying wolf (and it's also a campaign issue)
At what point can we say HN is just going round and round? Or is it just pleasure with suffering?
0 replies
1d9h
I love how Europe with all it's GDPR laws (even binding on the government in many cases) and specifically Germany and it's Datenschutz-fixated citizens is sleepwalking into DDR era authoritarianism. Stasi's wet dreams couldn't think about this much control
0 replies
1d8h
Useless. Pedos will encode cp as text.
As everybody knows this is not about the children but concerns how to snoop on the public in not so obvious ways.
0 replies
1d8h
What’s unfortunate is that a lot of folks here will cheer on regulation of tech if branded as “pro-consumer.” Anything with the keywords pro-privacy, and right-to-repair, Reddit/HN types will eat up uncritically. “This is great!”
But people don’t seem to understand, if you cheer when governments use their power to “protect” you, they don’t suddenly decide to stop doing it.
Just because phase 1 was friendly to your pet interests, doesn’t mean phase 2 will be.
I wish folks would look at all regulation with a much more critical lens, and be much more humble about implementing it.
Decentralization brought on by the internet is messy, complicated, and scary. But it’s a direct transfer of power from central authorities to individuals. So whenever you bypass the messy, decentralized way of solving problems in favor of the easy centralized way (regulation), you have given up your power. You reap what you sow.
0 replies
1d9h
Previously unknown images and videos are also to be scrutinised using “artificial intelligence” technology.
Can't see any way this could go wrong at all, none whatsoever.
0 replies
1d9h
This lasts until every single major app decides to exit the market and they are forced to remove this nonsense.
At the end of the day Europe is not even the place where most apps are created, just a bureaucratic nonsense.
If you though the cookies law were bad just wait.
0 replies
1d7h
Maybe some people will come back to PopcornTime (app, torrent-based movie sharing), Usenet etc and start to self-host more, witch might be a NICE BACKFIRE for surveillance capitalism...
0 replies
1d6h
They really want to push this don't they?
But you will stop what you are doing to spread awareness, write articles, send letters to your representatives and raise hell doing activism so you can stop it. You might be able to stop this authoritarian proposal.
And then they will just push it again with a different name and rewording. But while you need to devote your time and effort they are being paid for this and with your tax money (ha!) plus whatever those AI companies lobbying are putting into the table. And they just need to get it approved once before they move to the next thing-of-young-sebastian draconian law.
0 replies
1d1h
So this is against pedophiles whatsapp groups or what? This is absolutely bizarre inefficient solution.
They can't destroy tor pedo sites, or stop them from sending data in archive with passwords? These people are willingy inserting spyware into phones while constantly harrasing big tech for this. Clown world.
0 replies
1d3h
If this passes, I’m hoping it follows the gpdr malicious compliance route.
In particular, the csam detector could false-positive on anything involving the currently ruling party’s political platform and on the face of any elected official.
0 replies
1d1h
It says I’ll be prevented from receiving images too. I’ll be refusing, and hopefully frustrating everyone who tries to send me an image. I can then explain why that feature is broken, which (with enough people) would put the spotlight on how unfair, dangerous, and ill thought out this is.
0 replies
1d8h
Again, easily circumvented by piping photo/image data stream into muLaw encoder then over voice stream/file.
Effective but terrible Shannon's Limit though.
0 replies
1d8h
So what about our fundamental rights, article 7?
CHARTER OF FUNDAMENTAL RIGHTS OF THE EUROPEAN UNION
(2012/C 326/02)
Article 7
Respect for private and family life
Everyone has the right to respect for his or her private and family life, home and communications.
0 replies
1d3h
Can ascii art QR codes be made using available fonts in the various EU messenger apps?
0 replies
1d6h
You really have to commend Ursula von der Leyen. She failed in Germany and moved up the ladder just to push this bs through and it looks like it could work this time
0 replies
1d8h
So if i want to keep my information private, i'll just have to revive my usage of GPG. Scan all you like.
0 replies
1d
Can you prevent other people from using your devices?
Do they actually need anything to accuse you? Who is to check the false positives and who checks the checking?
Possibly worse than loss of privacy is that this would require computers to be entirely controlled by someone other than their owner. It rules out the pc like open ecosystem for phones.
0 replies
1d9h
EU produced tens of billions in lawyer fees. A regulatory superpower.
0 replies
20h18m
Dumb question: How is it possible to stop people from sharing links if links are text. For example, what will prevent someone from sharing a link in a form that might not be "clicklable" but still communicates the location of the linked resource.
I think it's no surprise that it might appear like that.
For me, I found the way EU handles food safety as opposed to the US to be a great summary of their philosophies: in EU a food needs to be proven to be safe to be allowed, while in the US the food needs to be proved unsafe to be banned.
But EU states have more lax food safety laws than the US?
See e.g. how Germany handles milk compared to the US.
They have different standards for some things.
Eg in Germany minced pork has to be safe to eat raw, because that's what Germans do. Not because they are necessarily any stricter in general.
In the US eggs have to refrigerated. In Germany they are typically sold at room temperature. (I'm not sure whether refrigeration of eggs would be legal for shops in Germany?)
Sure, but I fail to see how this means that in general EU laws on foods are much stricter.
Especially when to comes to the dichotomy of proven safe vs. not proven unsafe.
Yes, I was mostly agreeing with your stance on that. I just wanted to add some extra details.
The eggs can be kept that way because they aren’t washed like they are in the USA and that process removes a valuable layer that keeps eggs shelf stable for quite a while; in the USA it washed away and to keep the eggs fresh they’re refrigerated instead. I have no idea which way is best.
Yes, that was my point: they have different standards, but it's in general hard to say which one is 'stricter' or 'better', if that applies at all.
In Germany, the irradiation of almost all foods (except dry spices) is banned. There's no good reason for this, just pseudoscientific paranoia. Irradiation is a great way to safely sterilize food.
You're probably thinking to the hormone beef issue where EU has stricter standards than the USA.
On the other hand, EU allows cheese made from raw milk while most of the US states disallow it.
On both issues and as a cheese lover I'm glad to live on the right side of the Atlantic.
I believe that's because Europeans showed that it's possible to have safe cheese made from raw milk (since it's quite ingrained into several cultures).
My comment also includes many additives, pesticides and other lots of food-related components which are allowed in the US but not in the EU.
Yes, I can roam freely in all the Union's states, use the same currency in most of them, use my cellphone with no roaming costs, have access to health care if needed... that's the result of imposing less regulation, not more.
All of these are cases where EU was removing state regulations in favor of their own regulations. I don't think this falls under deregulation at all, it's just centralization.
It effectively removed a great number of pages of laws/regulations/contracts that need to be applied to my life.
I never need to think about import/export restrictions, immigration law, visas, exchange rates, phone contracts or medical insurance contracts.
It certainly deregulated my life. I feel less regulated on what I can do. It removed barriers. And that's really the only thing that matters.
But this is a case of countries removing legislation from you.
I think it is extremely hard to argue that this was a case of the EU deregulating anything. What happened was the EU started to regulate more, which invalidated the regulations of states.
No, it's a case of the countries which are in the EU all making their legislation equivalent because they all agreed to let the EU be the place where they figure out how to do that.
The EU is specifically the mechanism by which the countries streamline their legislative differences.
Sure, but what does that have to do with anything?
I mean... technically that is a new regulation. Some Polish providers already didn't have roaming fees in EU before that.
If you make a law that cancels a previous one, it's still a new law, but if you want to measure "regulation", it is less?
Yes, I don't see how the EU mandating free roaming is a case of deregulation?
Perhaps I'm missing something.
Consider that for the small convenience of using the same currency and health service of other countries those very fee times that you travel, your country has given up sovereignty. It seems like the capricious desires of cheap-flight digital nomads have been traded for something as fundamental as sovereignty.
Is deregulation desirable?
In general, yes.
Though you seldom get deregulation by just deleting laws. Most of the time deregulation means replacing one regulation with a different set (that is hopefully simpler, but not always).
Eh, I disagree, in general. I see little benefit.
Deregulation is great when the law is unfounded or unfair. There is much to little “revisiting” of laws to see if they actually did what they said they did. Otherwise said regulation is useless and just costing society wasted energy and time. I think we need more government agencies studying such things to create a feedback loop so that if it’s failing it gets removed.
They self identify as a "regulatory superpower", the EU officials see their primary strength not in the economic and social strengths of their member states, but in the gigantic bureaucracy that they have created.
EU economies have benefited greatly from the removal of barriers between countries. The EU officials didn't see that as a sign that the strength of the EU lies in their members freedom, but as a sign that now every single issue should be regulated by EU officials.
That is why you have laughable things like the recent AI regulations. An entire continent with barely a single AI company wants to tell the rest of the world what to do. The cause is pretty clearly in the delusional minds of EU officials who genuinely believe that their regulation are worth more than the paper they are written on.
It tells "the rest of the world" what to do when they operate in the EU.
Which is exactly what governments are made for. AI companies do whatever they like outside the EU, and it's not the EU's concern.
That is not the ambition of the EU. Their ambition is it to create a framework how AI is handled globally. That is what they mean by "regulatory superpower".
They don't want to create laws which only effect how AI companies handle operating in the EU, they see European contribution to AI as offering a legal framework of how it should be operated and legislated worldwide.
Lawyers and regulators are the strongest and most cutting edge sectors of the EU economy
Its the reason why we only can compete with the US in legislation heavy businesses, which in the US is also slowed down by bureaucrats such as making planes and cars.
Any other market and any developed country will have us beat.
As a counter-example: Europe is pretty good at artisanal luxury items for rich people. Those are generally fairly lightly regulated.
I guess you haven't spent much time in Europe recently. Deregulation is considered a swear word over there. I do not advise using it around Europeans.
Also, if you say something that sounds like "free speech" their heads explode. It's quite spectacular to watch.
I'm not sure you need to put 'recently' in there.
I don't know who first said it.. but something something "they call them lawMAKERS, what do you expect them to do, remove laws? OF course they'll just make new laws"
Even deregulation is of course some kind of regulation, but what comes to my mind is:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32...
A summary is here: http://publications.europa.eu/resource/cellar/c56fbf1c-97bd-...
It abrogated the various national laws concerning product quantities, ie. in France you could sell shampoo in 250ml or 500ml bottles, but not 295ml. Or you could sell mushrooms in 250g and 500g boxes, but not 230g or 490g.
This is now allowed, which made this in effect a deregulation enabling shrinkflation.
Alas, the EU isn't special in this regard.
Deregulation isn't really popular these days. But it has happened from time to time here and there.
That depends on what you mean by deregulate. There's a lot of simplification through the single market and free movement of labor.