this post was submitted on 18 Jun 2024
546 points (98.8% liked)

Privacy

31872 readers
401 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

What you can do: https://www.patrick-breyer.de/en/posts/messaging-and-chat-control/#WhatYouCanDo

Contact your MEP: https://www.europarl.europa.eu/meps/en/home

Edit: Article linked is from 2002 (overview of why this legislation is bad), but it is coming up for a vote on the 19th see https://www.patrick-breyer.de/en/council-to-greenlight-chat-control-take-action-now/

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 58 points 4 months ago (5 children)

My point being, what are they going to achieve with this? Ask WhatsApp to pass over their encryption keys?

It should be pretty obvious that you shouldn't be sharing sensitive stuff on chat apps controlled by the NSA. Use element with encryption or something, maybe Briar etc. What are they going to do if you insist on using apps which use asymmetric client-side encryption, break TOR? Force you to use symmetric encryption and give the government your decryption keys?

I don't see how they are going to spy on sensitive details of Europeans with this. They might as well ban phones completely if they want to limit communication.

[–] [email protected] 2 points 4 months ago (1 children)

As far as I know, Prism is able to read encrypted messages.

[–] [email protected] 8 points 4 months ago (1 children)

Prism has broken AES-256???

It is more likely that Prism can use android exploits to read data before it is encrypted by the client

[–] [email protected] 2 points 4 months ago* (last edited 4 months ago)
[–] [email protected] 10 points 4 months ago* (last edited 4 months ago) (1 children)

When the endpoint is controlled the keys are published

[–] [email protected] 4 points 4 months ago (1 children)

I'm wondering, what are EU politicians doing dirty jobs using?

[–] [email protected] 5 points 4 months ago
[–] [email protected] 50 points 4 months ago* (last edited 4 months ago) (1 children)

It’s literally in the article: They want to use client-side scanning. The client already has the data decrypted. This is much like what Apple wanted to introduce with CSAM scanning a while back. It’s a backdoor in each client and it’s a matter of time until it will be abused by malicious entities.

[–] [email protected] 13 points 4 months ago (1 children)

Yea, it is clear if there is just one closed-source app. But if we're talking XMPP/Matrix - they have multiple open-source clients, even if some of them does introduce scanning, no way it wouldn't be forked to remove it.

[–] [email protected] 7 points 4 months ago (3 children)

If a messaging service is non-compliant, the government could theoretically take action with court orders against domain owners, server owners or pursue anyone hosting a node in case of a distributed setup. In a worse case scenario, they might instruct ISPs via court orders to block these services (e.g. The Pirate Bay in some countries)

[–] [email protected] 7 points 4 months ago (1 children)

Yeah let's have them block github. I kind of want to see a federated git hosting platform integrated with the fediverse

[–] [email protected] 5 points 4 months ago

They literally will do that. GDPR shows that they will go after big American companies (That’s the point, a huge chunk of this is protectionism to build a tech industry in the EU that they control)

[–] [email protected] 3 points 4 months ago

And if an app like Signal bypasses blocks, having it installed could become a crime.

[–] [email protected] 2 points 4 months ago

Where I live, a lot of popular services, including major foreign social media and torrents everyone uses, are blocked - yet they still have a massive userbase.

And since the scanning is supposed to be client-side, how would a server check if the scanning was really performed? What if the server does receive and log the needed responses, just to be safe, but the client actually just sends them automatically while lacking such functionality?

[–] [email protected] 22 points 4 months ago (1 children)

You are 100% right.

They can't ban encryption, yet they can make it difficult. If all noobs don't use encryption, only the pros are left. That means they only have to spy on 10 instead of 100 people. Those that don't use encryption aren't interesting.

The problem is that they can't spy on the 10 and hence they spy on the 90 and wait for the 1 guy making a mistake and becoming one of the 90.

[–] [email protected] 2 points 4 months ago

Fairly sure my good Eastern Europeans don't give a fuck about what France and Germany think and will pirate and TOR and I2P their merry life away (or so I'd like to think - you tell me)

[–] [email protected] 98 points 4 months ago* (last edited 4 months ago) (2 children)

These laws are being passed by politicians who generally don't understand technology. What they will achieve is a reduction in privacy and liberty for every citizen in the EU and easier methods to clamp down on dissent. Just because it's not technically perfect or difficult to implement fully doesn't mean it's not a threat. It's one step closer totalitarianism, and what's stopping totalitarianism is everyday people, one step at a time, battling it back.

[–] [email protected] 51 points 4 months ago* (last edited 4 months ago) (2 children)

A more cynical take is that they understand very well, but are being compensated by big tech for looking the other way.

Good people often can't comprehend how evil people work, and they say "everyone makes mistakes", or "they don't understand fully". Because we want to think that everyone is mostly good.

It's not like that. :/

[–] [email protected] 5 points 4 months ago

It was found that johannson was lobbied by non-profit funded by ai startup that develop csam detect and groom detect and other bullshit. startup from the us

our politician now get bribed by us company. what the fuck?

[–] [email protected] 5 points 4 months ago

This is the unfortunate but absolute truth.

[–] [email protected] 16 points 4 months ago (1 children)

Well I get that they are stupid, but unless it's their fetish to catch 14 year olds trying to spread rubbish propaganda, I doubt they're going to get much. Any reporter, activist and consumer knows that anything they put on these apps goes straight to the NSA's and MI6's AI algorithms at the very least, and now they're going to go to the rest of Europe.

Yes, we should be protesting against this. Does Europe have an equivalents of the EFF to fight for such rights?

[–] [email protected] 10 points 4 months ago

I have to strongly disagree, you overestimate what people know/can/want to do. Some, sure, but not the majority. They either stay ignorant or are too lazy. Just look at add blocker usage. I can not even imagine to live without them, but here we are, I am the tiny minority! Most either do not care or are too stupid or somehow happen to not know about them.