I like to compare this to mandating surveillance cameras in every home. It would certainly make detecting and investigating many crimes easier. And the government might pinky swear to never watch without a warrant. They may even keep that promise. But that slippery slope is far from the only issue. Even more damning is that as long as this exists, whether used in official capacity or not, it will be the most sought after thing by hackers from crime organizations and hostile nations. Espionage, blackmail, you name - no person or organization would ever be safe, everybody's privacy and security is undermined.
There is a reason why they added exemptions for themselves. Either they believe it is unsafe or perhaps there is a problem with child abuse on the EU legislator level which they want to cover up.
We are at a point where we shouldn't have to justify opposition to it. Just hold legislators of the EU accountable. If that isn't possible, hold the whole EU accountable and if that isn't possible, the EU has no legitimacy for such laws in the first place. Back to those responsible on a national level and repeat.
I don't think comparing it to something like camera surveillance inside your home is a good idea.
You kind of own your home – if someone places camera in your property, you can just remove it / obstruct vision / sound etc. If doing that will send you to jail then the level of dystopia around is so big it's irrelevant anyway – you're a slave with no rights and you will do that the shocking stick tells you to do.
Phones are different - you kind of don't own them by default because bootloader is locked so you are not free to execute the code you want on the device, as well as app store exists which it tells you what you can install and what you cannot install. The only leverage they have is to make Apple/Google remove certain apps from the EU stores.
Yes, exactly. This proposal is just free riding on the sadly enstablished conception that you don't really own your device: it doesn't work in your interest but in those of the manufacturer, the developer of the programs you use and, if this becomes law, your government.
If we really want to stop chat control and all the other proposals that will inevitably come after, we should really work hard to try to reverse this. I think asking "don't break encryption, please" is really the wrong way to go about it.
How about we compare it with something more realistic? Like https://en.wikipedia.org/wiki/ECHELON. Since 1971, the 5 eyes countries have been spying on people en masse and scanning communications.
You probably don't like the comparission because you want to be an alarmist who is acting like this is new. All the fears you have, have literally been proven to be...
TextSecure (which later merged with RedPhone to become Signal) had existed since 2010. So it would be interesting to know if there were many other end-to-end encrypted services and products at the time since this was pre-leaks.
I only mentioned one program. A program that is literally comparable because it's literally what is being replaced. That program has been public knowledge in media such as TV shows and movies for decades. So when we're fear-mongering, we should only compare with that, and we should see what effects it had and the nonsense being used for fear-mongering.
Also, Signal was released not because of end-to-end encryption but because the founder sold WhatsApp and wasn't happy with the direction.
You're confusing the founding of the Signal Foundation with the release of Signal. Textsecure/Redphone which Signal came from existed in some part around 2010 or thereafter. Their merging and re-release as an all-in-one IP-based encryption app also came before WhatsApp was sold to Facebook.
> You need to provide some statistics to demonstrate it was a common knowledge.
It was referenced in popular media for decades... So people knew about it and it was public knowledge. The reason no one cared is that the outcome of it wasn't the horror story being repeated constantly.
The funny thing is, if you think this law would affect you, it will probably reduce the amount of data they get. Why? Because they still spy on you with end-to-end encryption, it's just more work and they hack the shit out of you.
> “The fact that the EU interior ministers want to exempt police officers, soldiers, intelligence officers and even themselves from chat control scanning proves that they know exactly just how unreliable and dangerous the snooping algorithms are that they want to unleash on us citizens,” commented Pirate Party MEP Patrick Breyer. “They seem to fear that even military secrets without any link to child sexual abuse could end up in the US at any time. The confidentiality of government communications is certainly important, but the same must apply to the protection of business and of course citizens communications, including the spaces that victims of abuse themselves need for secure exchanges and therapy. We know that most of the chats leaked by today’s voluntary snooping algorithms are of no relevance to the police, for example family photos or consensual sexting. It is outrageous that the EU interior ministers themselves do not want to suffer the consequences of the destruction of digital privacy of correspondence and secure encryption that they are imposing on us.”
Well, the list of exempts is the list of defense contractor employees, and the negative list of non-exempts subtracted from the list of everyone is list of high-value targets.
The locations where exempts are gathered, locations where there are high commerce traffic and/or verified sent-in data, but no sent-out data, or abnormally low traffic altogether, those are all high-value targets as well.
No matter how you slice it, they're creating a list of airstrike targets and means to aid literal foreign spies. If the affected locations and people are as obvious and well guarded as the US DoD headquarters and uniformed guys there, fine, otherwise, they're just creating doors in the wall exclusively open for "enemy" uses.
They probably have internal chat systems (cough matrix cough) that don't go above 50 M MAU which afaik is the threshold of applicability of this law. So this particular is a non-issue, unfortunately.
But then it begs the question, why politicians feel the need to use public (>50MMAU) chat systems to conduct the protected (official) business?
I'd like to know how that exemption would even work in practice. Many politicians happily use WhatsApp etc. on their personal devices with no VPN for official business.
Maybe when they see private conversations with their colleagues being leaked because someone stupidly used their personal account, they'll see the light.
Of course they don't need to spy on themselves. The goal is to stop targeted attacks against politicians and any attempts to overthrow the government. The government is uniquely unlikely to overthrow itself.
Empirically that’s absurd. The US is currently undergoing an internal struggle that’s exemplified by the agents of change being part of the government AND dangerously hostile to opposition.
the theater that is US Dem-Rep politics would never threaten its own existence regardless how much one side screams the other will be the end of democracy when the stage changes. Maybe bookmark this thread and come back next term when the next play hast started.
If the EU, a supposed bastion of human rights, forces this through, what argument do we have when more authoritarian countries demand the same thing from Apple, Google, or Meta?
Just because the EU is not as egregiously awful as some other places does unfortunately not make it a bastion of human rights. The same forces are at play there as everywhere else in the West.
Whenever I look at these proposals I am never sure if the people that wrote that law are not aware that you can’t tap one person without making spying on everyone really easy very quickly, they don’t care or they actually want it.
Although this seems like a slightly more sensible version of what they proposed years ago (which was essentially adding the government to every chat).
I always find it very ironic people apply the "don't attribute to malice what can be explained by incompetence" principle to politicians, who are part of the government.
Have you ever had a really great mentor or teacher who was excellent at explaining things to you? Good news, you've now got a budget to hire several of them in full-time exclusively for yourself.
Unsure about something? Just ask and a huge apparatus of several departments, featuring dozens of expert panels with hundreds of domain specific experts each will sift through huge databases, many of them not available to anyone else but the government, of state-of-the-art research, current events, historic events, standards, whatever ..., they will analyze your problem from every possible perspective and make the result of these efforts available to you, together with several recommendations of actions according to the guidelines you provided.
I highly doubt that there are more than a hundred people on this planet who could be incompetent under these conditions. What we're observing is not incompetence, but a conflict of interests, between what they want and how often they need to throw you a little bone to keep you obedient.
You assume everyone is interested in the facts. Many, perhaps the majority are more interested in swaying opinion, loyal coworkers and possibly a grift or two on the side. In no particular order.
I think they are not in a position where they have to actually solve the technical problem, but rather in a position where they decide what they believe is best for the society.
"If you were able to break encryption only for criminals, it would increase the security of the people. Please try to break encryption only for criminals" is not completely unreasonable.
The problem, of course, is that it's not possible. But for those politicians, cryptography is pretty much magic. Why wouldn't it be possible?
Same thing happens for climate change: instead of understanding the problem and facing reality, politicians (and honestly most people) stop at "scientists just need to find a way to remove CO2 from the atmosphere efficiently". That's not how it works, but it doesn't prevent them from behaving as if it was possible. "It's magic, just do this one more spell".
> "... Please try to break encryption only for criminals" is not completely unreasonable.
And the engineers' response is "not our job, it's yours. Please invent and patent such thing yourself, then we MAY execute". As it stands, it is in fact completely unreasonable.
My point isn't that "no the devils advocates are wrong", but that there's a hot potato flying across between "them" and "us" as to which side is responsible for inventing a breakable secure encryption.
More substantial parts of discussion regarding Chat Control and similar regulations always had to do with philosophical, almost syntactic level feasibility of such implement, against which beyond fusion reactor level of unilateral skepticism had been constantly cast from engineers, combined with negativity coming from its generally unethical nature, rather than mostly about ethics or freedom.
You're saying it's reasonable that they want warp cores today for coming winter, and I'm rolling eyes, that's not directed personally at you.
Unfortunately, it is not the point of government to do what is best for society. It is to organize what individuals want but cannot by themselves (emphasis on want). They are not there to “give us the best” but to give us the “minimum”.
The government is emergent behavior of evolutionary pressures.
For most of human history, war of aggression was a matter of a cost-benefit analysis which often have more benefit than cost. That has changed (relatively) recently because of how destructive it is that even the winner does not gain from it.
Point being, hierarchical authoritarian structures are very good at war (and other kinds of competition). That's why they exist. But they should no longer be needed.
They are entrenched and we need to evolve away from them.
> The problem, of course, is that it's not possible. But for those politicians, cryptography is pretty much magic. Why wouldn't it be possible?
Few, if any, politicians are nuclear physicists, and I'd argue nuclear physics is far more complex than cryptography, yet I haven't seen any of them ask the weapons industry to manufacture a nuke for just the bad guys.
Let's not attribute blatant malice to stupidity. People in these positions have the resources and advisors to know exactly what the consequences will be.
This is an interesting comment, because you are making exactly the same mistake as those politicians:
- They think it's easy to just ask engineers to magically make safe backdoors.
- You think it's always easy to know what is right and what is wrong. "We should just punish those who harm society". Sure, we should! And we should have safe backdoors!
> I'd argue nuclear physics is far more complex than cryptography
We're not talking about "being able to do it" but "being able to understand what it can do". Nuclear weapons are a lot easier to grasp than cryptography in that sense: it is a thing that explodes. It is absolutely obvious to everybody that a bomb destroys whatever is in the vicinity.
> Let's not attribute blatant malice to stupidity. People in these positions [...]
It's not people in these positions: the vast majority of the population doesn't understand the limits of cryptography.
> have the resources and advisors to know exactly what the consequences will be.
Seems to me like you haven't been in contact with lobbies and expert advisors. Many times, politicians will have to ask experts from the industry. They would not contact an average engineer for advice, but rather the company itself. If there is money to be made, the CEO or some executive will give their advice. This advice is systematically beneficial for the company. It's not necessarily malice: a CEO has to believe in what they are doing, even if it is objectively bad for society.
It is very hard to find unbiased experts to help you forge policies.
> I am never sure if the people that wrote that law
No. Much of the legislation that gets introduced is provided as "model legislation" by political action groups (such as ALEC). This is why so many states seem to introduce the same legislation all at once.
The party whip tells them what to vote for. Sometimes, sensible people stop deranged legislation from getting out of committee (such as banning all mRNA vaccines (ID in 2024 & 2025, KY in 2025) or requiring blood banks to provide "pureblood" (from people who never had covid vaccines) at no additional cost to anyone requesting same (ID & KY in 2025). Or the one from ID in 2024 that would have made providing blood from a person who had a covid vaccine a felony.
For example, HR 22 passed the House of Representatives along party lines. The Senate has not scheduled the bill for hearing/vote yet. This bill is only 2 pages long, but I would like you to read it and take a guess at who they are trying to ban from voting in Federal elections. It has never been legal for non-citizens to vote in federal elections.
> A form of identification issued consistent with the requirements of the REAL ID Act of 2005 that indicates the applicant is a citizen of the United States.
This is called an Enhanced Driving License and only 5 states (MI, MN, NY, VT, and WA) issue these. From the front, they look just like the REAL ID compliant ID/DL from that state but with a cute little American flag on the front. The back has the funny OCR text like the page in your passport that has on the page with your picture.
They are trying to ban the following from voting in Federal elections:
1. Transgender people.
2. Non-citizens.
3. Women who took their husband's name upon marriage.
4. People who changed their name.
5. People who can't afford the $200 for a US Passport (if you never had one before, or lost yours like I did, this is about what you have to pay, otherwise it runs $110).
Ylva Johansson (the creator) didn’t get into the EU by being popular in Sweden, she was appointed by the Social Democratic government in 2019, and commissioners aren’t elected anyway. For Brussels the boxes she ticked (party loyalty, decades of ministerial experience, gender balance in von der Leyen’s Commission) mattered more than domestic approval. In fact, governments often use the EU to park politicians who’ve lost their shine at home. Now she’s mostly known for pushing “chat control” (mass scanning of private messages), which only makes the disconnect clearer: an unpopular figure at home ends up driving some of the EU’s most controversial policies.
> In fact, governments often use the EU to park politicians who’ve lost their shine at home
For whatever it's worth, as an European, I will emphasize this as one of the most frustrating facts and the largest barrier to me having any serious form of respect for the EU. I have no doubt there's honest and good people there, but in my country it's well known that fuckups just get to "retire" and get out of the spotlight by shifting to EU positions. Not only does this devalue the EU, but also the original country itself, since politicians have less fear of career-ending consequences. It's a lose-lose situation for the collective.
I can only hope that experiences in my country do not reflect Europe as a whole.
Breaking encryption to stop criminals and CSAM-sharing bastards does not work. Breaking encryption will only harm honest, law-abiding citizens. Criminals will just use “illegal” real encryption. It’s easy, the implementation details are everywhere.
The EU knows this.
They’ll always include “CSAM” as a validation, but the true underlying desire is surveillance.
It’s funny — Chat Control is not aimed at people who actually care about privacy. Those will always find a way to keep using encryption. The math doesn’t vanish because a law says so, and the open-source projects aren’t going away.
What it really does is push "regular" people back into surveillance by default. Most already assume their chats might be scanned or their phone might be listening, so they self-censor anyway. The law just bakes that into the mainstream tools, while the rest of us will keep using the same workarounds we always have.
Funny thing is, my private conversations of sexual nature with my 28 years old girlfriend could probably flag "their" system as CSAM. It has happened to a couple of people before from what I recall.
If this passes, just stop using anything inherently insecure. You may want to stop using WhatsApp, Instagram, Facebook, etc. for private conversations. I already do this.
There are alternatives that will not be affected by this, stick to these. I would give you a list, but I should better be quiet about it.
> There are alternatives that will not be affected by this
An app, in an official app store no less, is not going to be a solution for long. If you want an actual technical attempt at a solution you first need to regain ownership over your computing devices.
It does today but not for long, Google is planning to add developer ID verification system for apps installed from any source, just like Apple's notarization, which will give them the technical ability to revoke their distribution on demand. It won't matter if the APK is distributed via F-Droid, Github, self-hosted servers, or in any other way.
By pure coincidence the walls are closing in from all sides.
i know this is amazing concept but you can just.. not follow the law, and use 'illegal' encrypted communication.
Steganography to do key exchange on any compromised channel using DH, and then you just send normal encrypted messages - their magical idea is to do client side scanning.
this does require control over your device, but such regulations would just spring up black market for such devices.
The alternatives I have in mind, indefinitely (ideally forever the way they work). You could also just continue using older versions, whereas you need to update WhatsApp to continue using it, for example.
In any case, Signal is not what I had in mind. Telegram is not what I had in mind either, and in fact, Telegram still has no E2EE on desktop so whatever.
Yes, but any phone number will work. That’s irrelevant to the crypto part.
EDIT: (I’m throttled and can’t reply to the child reply) - I said ANY phone number will work. You can get a number from any country, or a VoIP number, or a landline. It doesn’t need to be a sim card from the country you’re in. It doesn’t need to be a sim card at all. Any number will work.
If your country requires details to get a number, get a number from a different country. Unless you’re in China or Russia, we’re on the same internet with the same access to jmp.chat and others.
It is irrelevant to the crypto part, but not when it comes to privacy because as you may know, you cannot just get a prepaid SIM card without your details in many countries, so yeah Signal is not something I would choose.
If they can be private indefinitely, then you wouldn't need to keep them secret.
These attacks on freedom will continue until every computing device is mandated to have an ML system tracking your every input. And no communication method is safe from that.
Not even steganography would save you because more and more people would do it and they'd make it illegal too.
---
EDIT: Technology can give us tools to fight it but this has to be defeated at the political level, likely by enshrining privacy is a core human right.
> until every computing device is mandated to have an ML system tracking your every input
Well, in that case yeah, that would suck. OTR, OMEMO, etc. would not help then. Collectively not buying new hardware and pushing against it collectively might.
One problem, if I'm being honest, is that whatever you try to do, you will have a vocal group of people who will explain why it will destroy life as we know it. And everybody in that group of people will genuinely believe that it is absolutely insane to not share their beliefs.
Obviously, some groups are more right than others. If you are into cryptography, you know about the risks coming from Chat Control. But politicians are not part of your group. And what they see, from their point of view, is what I said above: whatever they try to do, there will be a vocal group of people who will genuinely believe that it is completely unreasonable.
That, to me, explains why it keeps coming back: because really, if we could break cryptography only for the bad guys, it would help a lot. "Okay, those people say that it is stupid, just like for everything else we try to do. What makes this group of people more right than the others?"
“The fact that the EU interior ministers want to exempt police officers, soldiers, intelligence officers and even themselves from chat control scanning proves that they know exactly just how unreliable and dangerous the snooping algorithms are that they want to unleash on us citizens,” commented Pirate Party MEP Patrick Breyer.
This is everywhere, in every Western country, somehow all at the same time. Real identities for social media, electronic IDs, electronic currencies run by the government, backdoors in encryption
This is dystopian. Who is behind this coordinated attack?
The politicians from all sides. It appears they want to solidify their power for years, and no matter how ridiculously this may sound like - also introduce some caste system where they're above law and we won't do anything but spend money and consume certified media because anything else is against the law.
We enjoyed a peaceful 'air pocket' in tech, but this is over. And it makes sense. Technology is rendering regular people useless. And when they eventually get destitute they will rebel. If I were the ruling elite I too would move fast to increase my control over the masses.
Something rarely mentioned in these discussions of EU's proposed "Chat Control" is that it only applies to certain "platforms"
Encrypted messaging not sent through one of these third party "platforms", i.e., "social media", would arguably be outside the scope of EU "Chat Control"
In other words, this proposed legislation does not require monitoring any internet user engaging in encrypted chats with any other internet user(s) as long as they avoid using a third party "platform" like the one run by Meta that is subject to the "Chat Control"
If a person believes that such encrypted chat is impossible/infeasible without the involvement of a third party such as Meta, then IMHO, this person has a more serious impediment to private conversation over the internet than EU proposed "Chat Control". But I would not trust any internet forum comment demonising the EU when what the EU is doing is regulating Big Tech
This proposed legislation may be detrimental to Meta's bottom line and so one can expect the usual public disinformation campaign where the problem is portrayed as "government surveillance" when in reality
(a) the problem is using third parties such as Meta to communicate, creating an easy partner/target for any government that wants surveiillance data
and
(b) Meta, not the government, is actually doing all the surveillance
and the EU keeps fining them for it. Big Tech companies like Meta need to ignore privacy norms in order to make money. That is the "business model". Surveillance. I cannot think of a worse choice of a third party through which to route private conversation
They haven't stopped trying continuously since late 2021. You don't hear about it for a few months only because some countries are more aggressive about it than others.
it's not that I didn't hear about it, it's that I did hear about Germany and other countries standing in opposition to it, and the EU requires unanimity
- Going one after another for EU presidency since 2022 these countries were in favor: Sweden, Spain, Belgium, Hungary. Poland didn't want to include encrypted communication. Denmark wanted to include everything (text, links, videos, images, calls) but dropped text and calls after criticism (for now).
- EU doesn't require all countries to support it on the council level (or parliament level). You just need at least 55% countries (at least 15) that represent at least 65% of citizens. To block it you need at least 4 countries that represent at least 35% of citizens, we are at ≈22%.
Let me be reasoned and measured and say fuck the entire gallery of those assholes. I only use Signal now, but I'm fully willing to give that up as well if this goes through and go full GPG-encrypted e-mail with keys exchanged IRL. The only thing I use the smartphone for other than Signal is navigation and OSMand works offline perfectly, I'll just pop my simcard into the cheapest dumbphone I can find and occasionally connect my phone to wifi to download new vector maps.
The opposition to chat control is really missing the point: chat control does not break encryption, the law is about mandating client-side scanning, not weakening cryptography so law enforcement can break it more easily or introducing backdoors. If you say "don't break encryption", they will just respond that this will not break encryption, which is true, but also completely irrelevant.
What we should be advocating instead is the freedom of doing whatever we want with our computing devices, which include rejecting the sort of crap companies and various government like to impose on ourselves.
Yes, it doesn't "break" encryption, it just defeats it.
The client-side scanning means that some amount of your communication will be uploaded in clear text to the government. And unless the government keeps it completely secure (spoiler: they won't) this will leak. Therefore it defeats the point of the encrypted channel.
So sure, it isn't as bad as just removing encryption from these apps. But it is very similar to giving the government a backdoor key to all messages. Maybe you see it as slightly better because only the messages flagged by the automated scanning are made vulnerable or maybe you see it as slightly worse because previously you would need both the backdoor key and access to the original messages and now all of the data you want is in a single location.
But the point is that this significantly weakens the security properties that these E2EE messengers provide if implemented.
I'm not saying it's better because it doesn't break encryption, that doesn't matter, I'm saying we shouldn't be fight it by framing it as an attack on encryption. What I think chat control is, is yet another attempt to force our devices to act against our interests.
It is sort of both. It is attacking encryption by bypassing it (by demanding a plan-text copy of the data) and it is using our devices to act against our interest. I think both are pretty bad.
Assuming there's a tradeoff between safety and privacy (which might be a false dichotomy pushed onto people), I am perfectly fine with the current level of safety. I feel zero need to give up privacy for more safety.
I feel:
- The most danger in my life is from deranged people like some rando homeless person who decides to push me under the subway out of the blue. The second biggest danger is unemployed drug-using losers who might try to rob me in the street. The third danger is aggressive groups of teenagers (which happen to usually be a certain minority where I live) who might try to beat my up because somehow that is how they gain status among each other.
- If I was a woman, the fourth would probably be getting raped. Most probably by an immigrant, usually from a Muslim country. This might be incredibly controversial to US people but in the EU, we hear about these cases regularly. I am not saying every immigrant or Muslim is a rapist. I am not saying they rape at a much higher rate than the native population. This is why I prefaced everything with "I feel" because these 4 reasons are the narrative I see from the media. OTOH I would be surprised if there wasn't _some_ measurable correlation - I would love to see this quantified but at the same time it's the kind of thing where you get accused of being an -ist or -phobe no matter which result you get.
Anyway, taking away people's privacy does not help with any of these.
But that's not the point.
The most danger to a politician's life is from:
- Terrorists.[0]
- Non-deranged (sane) people who are so ideologically opposed to the politician's views and actions that they decide the only way to stop them is to attack them physically.
Taking away people's privacy helps with both of these. If performed by a group of people, there's the obvious need to communicate and organize. If performed by a single individual, then he still has to perform reconnaissance and acquire tools, both of which are likely to be done online to some degree.
---
So you see, it's not about people's safety. It's about politicians' safety.
[0]: Terrorism is by definition the intention to cause fear among the population. It was later redefined as trying to affect political change through violence, which is stupid but it serves the purpose of politicians using terrorists as a source of fear, despite the average person being incredibly unlikely to be hurt by one.
The second link is a series of sensational tweets wrapped in New York Post grade "journalism".
While crime has gone up significantly in Britain in the last 10 years, many other dramatic events have also occurred, including voting itself out of the largest regional trading block and losing out on financial markets to the middle east.
https://web.archive.org/web/20240101011830/https://blog.mozi...
Looks like it was removed around Nov 2024, ie around the time it became clear American politics was turning tides and Trump would get elected.
Regardless of political position, I have no respect for people or companies that have no principled position and pander to $CURRENT_POLITICS.
I don't think it's a matter of lack of principles or pander to $CURRENT_POLITICS.
This article is simply about justifying political repression. Then the repression proved ineffective, the article became needless, and since justifying political repression is a rather toxic activity, the article was removed.
Breaking encryption of private messaging is not the same as not letting propaganda run rampant and to try to equate them is bad-faith propaganda itself.
I like to compare this to mandating surveillance cameras in every home. It would certainly make detecting and investigating many crimes easier. And the government might pinky swear to never watch without a warrant. They may even keep that promise. But that slippery slope is far from the only issue. Even more damning is that as long as this exists, whether used in official capacity or not, it will be the most sought after thing by hackers from crime organizations and hostile nations. Espionage, blackmail, you name - no person or organization would ever be safe, everybody's privacy and security is undermined.
There is a reason why they added exemptions for themselves. Either they believe it is unsafe or perhaps there is a problem with child abuse on the EU legislator level which they want to cover up.
We are at a point where we shouldn't have to justify opposition to it. Just hold legislators of the EU accountable. If that isn't possible, hold the whole EU accountable and if that isn't possible, the EU has no legitimacy for such laws in the first place. Back to those responsible on a national level and repeat.
>We are at a point where we shouldn't have to justify opposition to it. Just hold legislators of the EU accountable.
I have no idea what this means.
I don't think comparing it to something like camera surveillance inside your home is a good idea.
You kind of own your home – if someone places camera in your property, you can just remove it / obstruct vision / sound etc. If doing that will send you to jail then the level of dystopia around is so big it's irrelevant anyway – you're a slave with no rights and you will do that the shocking stick tells you to do.
Phones are different - you kind of don't own them by default because bootloader is locked so you are not free to execute the code you want on the device, as well as app store exists which it tells you what you can install and what you cannot install. The only leverage they have is to make Apple/Google remove certain apps from the EU stores.
That's exactly the thing. Legally you own your phones. You are responsible for what they do.
We are now kind of a the crossroad. Either we expand the SaaS model to everything, or we enforce the until-now rules of ownership of the law.
Yes, exactly. This proposal is just free riding on the sadly enstablished conception that you don't really own your device: it doesn't work in your interest but in those of the manufacturer, the developer of the programs you use and, if this becomes law, your government.
If we really want to stop chat control and all the other proposals that will inevitably come after, we should really work hard to try to reverse this. I think asking "don't break encryption, please" is really the wrong way to go about it.
You own your home, but there are still laws regulating what you're allowed to do in your home.
That really depends on the phone. There's definitely phones where you can unlock the bootloader. It's not as common as it should be though, for sure.
How about we compare it with something more realistic? Like https://en.wikipedia.org/wiki/ECHELON. Since 1971, the 5 eyes countries have been spying on people en masse and scanning communications.
You probably don't like the comparission because you want to be an alarmist who is acting like this is new. All the fears you have, have literally been proven to be...
... well founded and spurred the widespread adoption of end to end encryption?
No, it didn't. It took decades for that to happen.
These programs really entered the public consciousness with the Snowden leaks in 2013. Signal was released in 2014.
TextSecure (which later merged with RedPhone to become Signal) had existed since 2010. So it would be interesting to know if there were many other end-to-end encrypted services and products at the time since this was pre-leaks.
I only mentioned one program. A program that is literally comparable because it's literally what is being replaced. That program has been public knowledge in media such as TV shows and movies for decades. So when we're fear-mongering, we should only compare with that, and we should see what effects it had and the nonsense being used for fear-mongering.
Also, Signal was released not because of end-to-end encryption but because the founder sold WhatsApp and wasn't happy with the direction.
You're confusing the founding of the Signal Foundation with the release of Signal. Textsecure/Redphone which Signal came from existed in some part around 2010 or thereafter. Their merging and re-release as an all-in-one IP-based encryption app also came before WhatsApp was sold to Facebook.
> That program has been public knowledge in media such as TV shows and movies for decades.
Nobody I know heard about it before Snowden. You need to provide some statistics to demonstrate it was a common knowledge.
> You need to provide some statistics to demonstrate it was a common knowledge.
It was referenced in popular media for decades... So people knew about it and it was public knowledge. The reason no one cared is that the outcome of it wasn't the horror story being repeated constantly.
The funny thing is, if you think this law would affect you, it will probably reduce the amount of data they get. Why? Because they still spy on you with end-to-end encryption, it's just more work and they hack the shit out of you.
Why don't we do a trial run first? How about all communication from EU lawmakers is made public. Let's break that encryption.
> “The fact that the EU interior ministers want to exempt police officers, soldiers, intelligence officers and even themselves from chat control scanning proves that they know exactly just how unreliable and dangerous the snooping algorithms are that they want to unleash on us citizens,” commented Pirate Party MEP Patrick Breyer. “They seem to fear that even military secrets without any link to child sexual abuse could end up in the US at any time. The confidentiality of government communications is certainly important, but the same must apply to the protection of business and of course citizens communications, including the spaces that victims of abuse themselves need for secure exchanges and therapy. We know that most of the chats leaked by today’s voluntary snooping algorithms are of no relevance to the police, for example family photos or consensual sexting. It is outrageous that the EU interior ministers themselves do not want to suffer the consequences of the destruction of digital privacy of correspondence and secure encryption that they are imposing on us.”
EU ministers want to exempt themselves (https://european-pirateparty.eu/chatcontrol-eu-ministers-wan...)
The fact that they will only pass this law if they exclude themselves from it should be enough to reject the idea without any further consideration.
And of course if you do still consider further it only gets worse.
What about industrial espionage? Is a technician of Rheinmetal/Dassault/Thales also exempt?
Well, the list of exempts is the list of defense contractor employees, and the negative list of non-exempts subtracted from the list of everyone is list of high-value targets.
The locations where exempts are gathered, locations where there are high commerce traffic and/or verified sent-in data, but no sent-out data, or abnormally low traffic altogether, those are all high-value targets as well.
No matter how you slice it, they're creating a list of airstrike targets and means to aid literal foreign spies. If the affected locations and people are as obvious and well guarded as the US DoD headquarters and uniformed guys there, fine, otherwise, they're just creating doors in the wall exclusively open for "enemy" uses.
They probably have internal chat systems (cough matrix cough) that don't go above 50 M MAU which afaik is the threshold of applicability of this law. So this particular is a non-issue, unfortunately.
But then it begs the question, why politicians feel the need to use public (>50MMAU) chat systems to conduct the protected (official) business?
>But then it begs the question, why politicians feel the need to use public (>50MMAU) chat systems to conduct the protected (official) business?
It also begs the question why CSAM "distributors" would use those ;)
Because they don't know better (see also: criminals are stupid).
I think politicians should not be stupid and isolate their official business from the private one. (That would be ideal, anyway).
Stupid criminals disproportionally get caught.
Selective pressure on the intelligence of criminals will cause them to become more intelligent.
You now need even more draconian legislation to disproportionally keep catching the intelligence-wise lowest quantile of criminals.
I'd like to know how that exemption would even work in practice. Many politicians happily use WhatsApp etc. on their personal devices with no VPN for official business.
Maybe when they see private conversations with their colleagues being leaked because someone stupidly used their personal account, they'll see the light.
> EU ministers want to exempt themselves
"All animals are equal, but some are more equal than others."
..and this was allegedly Orwell's allegory for the Soviet Union. Are we there yet?
It's not about people's safety, it's about politicians' safety. See my comment https://news.ycombinator.com/item?id=45331829
Of course they don't need to spy on themselves. The goal is to stop targeted attacks against politicians and any attempts to overthrow the government. The government is uniquely unlikely to overthrow itself.
Empirically that’s absurd. The US is currently undergoing an internal struggle that’s exemplified by the agents of change being part of the government AND dangerously hostile to opposition.
the theater that is US Dem-Rep politics would never threaten its own existence regardless how much one side screams the other will be the end of democracy when the stage changes. Maybe bookmark this thread and come back next term when the next play hast started.
If the EU, a supposed bastion of human rights, forces this through, what argument do we have when more authoritarian countries demand the same thing from Apple, Google, or Meta?
Just because the EU is not as egregiously awful as some other places does unfortunately not make it a bastion of human rights. The same forces are at play there as everywhere else in the West.
>supposed bastion of human rights
Ever wondered why they position themselves like that? Because they repeated it so often that everyone believes it now.
I think many outside of EU dismiss this as an EU only thing and don't think much about it.
1. Have you ever texted someone from EU? You are now chat controlled too.
2. EU is pumping billions to foreign countries to promote EU values. How long until they condition this "help" with chat control?
And if other governments see the EU get away with this, they'll also have a blueprint for success.
Whenever I look at these proposals I am never sure if the people that wrote that law are not aware that you can’t tap one person without making spying on everyone really easy very quickly, they don’t care or they actually want it. Although this seems like a slightly more sensible version of what they proposed years ago (which was essentially adding the government to every chat).
I always find it very ironic people apply the "don't attribute to malice what can be explained by incompetence" principle to politicians, who are part of the government.
Have you ever had a really great mentor or teacher who was excellent at explaining things to you? Good news, you've now got a budget to hire several of them in full-time exclusively for yourself.
Unsure about something? Just ask and a huge apparatus of several departments, featuring dozens of expert panels with hundreds of domain specific experts each will sift through huge databases, many of them not available to anyone else but the government, of state-of-the-art research, current events, historic events, standards, whatever ..., they will analyze your problem from every possible perspective and make the result of these efforts available to you, together with several recommendations of actions according to the guidelines you provided.
I highly doubt that there are more than a hundred people on this planet who could be incompetent under these conditions. What we're observing is not incompetence, but a conflict of interests, between what they want and how often they need to throw you a little bone to keep you obedient.
You assume everyone is interested in the facts. Many, perhaps the majority are more interested in swaying opinion, loyal coworkers and possibly a grift or two on the side. In no particular order.
I think they are not in a position where they have to actually solve the technical problem, but rather in a position where they decide what they believe is best for the society.
"If you were able to break encryption only for criminals, it would increase the security of the people. Please try to break encryption only for criminals" is not completely unreasonable.
The problem, of course, is that it's not possible. But for those politicians, cryptography is pretty much magic. Why wouldn't it be possible?
Same thing happens for climate change: instead of understanding the problem and facing reality, politicians (and honestly most people) stop at "scientists just need to find a way to remove CO2 from the atmosphere efficiently". That's not how it works, but it doesn't prevent them from behaving as if it was possible. "It's magic, just do this one more spell".
> "... Please try to break encryption only for criminals" is not completely unreasonable.
And the engineers' response is "not our job, it's yours. Please invent and patent such thing yourself, then we MAY execute". As it stands, it is in fact completely unreasonable.
You can't remove 2/3 of my sentence and then say it is completely wrong.
My point isn't that "no the devils advocates are wrong", but that there's a hot potato flying across between "them" and "us" as to which side is responsible for inventing a breakable secure encryption.
More substantial parts of discussion regarding Chat Control and similar regulations always had to do with philosophical, almost syntactic level feasibility of such implement, against which beyond fusion reactor level of unilateral skepticism had been constantly cast from engineers, combined with negativity coming from its generally unethical nature, rather than mostly about ethics or freedom.
You're saying it's reasonable that they want warp cores today for coming winter, and I'm rolling eyes, that's not directed personally at you.
Unfortunately, it is not the point of government to do what is best for society. It is to organize what individuals want but cannot by themselves (emphasis on want). They are not there to “give us the best” but to give us the “minimum”.
I don't understand what you are trying to say.
The government is emergent behavior of evolutionary pressures.
For most of human history, war of aggression was a matter of a cost-benefit analysis which often have more benefit than cost. That has changed (relatively) recently because of how destructive it is that even the winner does not gain from it.
Point being, hierarchical authoritarian structures are very good at war (and other kinds of competition). That's why they exist. But they should no longer be needed.
They are entrenched and we need to evolve away from them.
> The problem, of course, is that it's not possible. But for those politicians, cryptography is pretty much magic. Why wouldn't it be possible?
Few, if any, politicians are nuclear physicists, and I'd argue nuclear physics is far more complex than cryptography, yet I haven't seen any of them ask the weapons industry to manufacture a nuke for just the bad guys.
Let's not attribute blatant malice to stupidity. People in these positions have the resources and advisors to know exactly what the consequences will be.
I say stupidity should be punished the same way as incompetence. Exactly to stop malicious people from faking incompetence to avoid punishment.
And yes, this is an attack on basic human freedoms and should be punished, not just prevented.
This is an interesting comment, because you are making exactly the same mistake as those politicians:
- They think it's easy to just ask engineers to magically make safe backdoors.
- You think it's always easy to know what is right and what is wrong. "We should just punish those who harm society". Sure, we should! And we should have safe backdoors!
> I'd argue nuclear physics is far more complex than cryptography
We're not talking about "being able to do it" but "being able to understand what it can do". Nuclear weapons are a lot easier to grasp than cryptography in that sense: it is a thing that explodes. It is absolutely obvious to everybody that a bomb destroys whatever is in the vicinity.
> Let's not attribute blatant malice to stupidity. People in these positions [...]
It's not people in these positions: the vast majority of the population doesn't understand the limits of cryptography.
> have the resources and advisors to know exactly what the consequences will be.
Seems to me like you haven't been in contact with lobbies and expert advisors. Many times, politicians will have to ask experts from the industry. They would not contact an average engineer for advice, but rather the company itself. If there is money to be made, the CEO or some executive will give their advice. This advice is systematically beneficial for the company. It's not necessarily malice: a CEO has to believe in what they are doing, even if it is objectively bad for society.
It is very hard to find unbiased experts to help you forge policies.
Analyzing text is still debated and not ruled out completely.
> I am never sure if the people that wrote that law
No. Much of the legislation that gets introduced is provided as "model legislation" by political action groups (such as ALEC). This is why so many states seem to introduce the same legislation all at once.
The party whip tells them what to vote for. Sometimes, sensible people stop deranged legislation from getting out of committee (such as banning all mRNA vaccines (ID in 2024 & 2025, KY in 2025) or requiring blood banks to provide "pureblood" (from people who never had covid vaccines) at no additional cost to anyone requesting same (ID & KY in 2025). Or the one from ID in 2024 that would have made providing blood from a person who had a covid vaccine a felony.
You can follow along with the state legislatures at: https://www.billtrack50.com/info/
And the feds at: https://www.congress.gov/
For example, HR 22 passed the House of Representatives along party lines. The Senate has not scheduled the bill for hearing/vote yet. This bill is only 2 pages long, but I would like you to read it and take a guess at who they are trying to ban from voting in Federal elections. It has never been legal for non-citizens to vote in federal elections.
https://www.congress.gov/bill/119th-congress/house-bill/22/t...
> A form of identification issued consistent with the requirements of the REAL ID Act of 2005 that indicates the applicant is a citizen of the United States.
This is called an Enhanced Driving License and only 5 states (MI, MN, NY, VT, and WA) issue these. From the front, they look just like the REAL ID compliant ID/DL from that state but with a cute little American flag on the front. The back has the funny OCR text like the page in your passport that has on the page with your picture.
They are trying to ban the following from voting in Federal elections:
1. Transgender people.
2. Non-citizens.
3. Women who took their husband's name upon marriage.
4. People who changed their name.
5. People who can't afford the $200 for a US Passport (if you never had one before, or lost yours like I did, this is about what you have to pay, otherwise it runs $110).
6. All of the above.
7. Something else (please explain)
Ylva Johansson (the creator) didn’t get into the EU by being popular in Sweden, she was appointed by the Social Democratic government in 2019, and commissioners aren’t elected anyway. For Brussels the boxes she ticked (party loyalty, decades of ministerial experience, gender balance in von der Leyen’s Commission) mattered more than domestic approval. In fact, governments often use the EU to park politicians who’ve lost their shine at home. Now she’s mostly known for pushing “chat control” (mass scanning of private messages), which only makes the disconnect clearer: an unpopular figure at home ends up driving some of the EU’s most controversial policies.
> In fact, governments often use the EU to park politicians who’ve lost their shine at home
For whatever it's worth, as an European, I will emphasize this as one of the most frustrating facts and the largest barrier to me having any serious form of respect for the EU. I have no doubt there's honest and good people there, but in my country it's well known that fuckups just get to "retire" and get out of the spotlight by shifting to EU positions. Not only does this devalue the EU, but also the original country itself, since politicians have less fear of career-ending consequences. It's a lose-lose situation for the collective.
I can only hope that experiences in my country do not reflect Europe as a whole.
Breaking encryption to stop criminals and CSAM-sharing bastards does not work. Breaking encryption will only harm honest, law-abiding citizens. Criminals will just use “illegal” real encryption. It’s easy, the implementation details are everywhere.
The EU knows this.
They’ll always include “CSAM” as a validation, but the true underlying desire is surveillance.
I'd really like them to bury this once and for all. It's really exhausting that it's like an undead zombie that always comes back.
It’s funny — Chat Control is not aimed at people who actually care about privacy. Those will always find a way to keep using encryption. The math doesn’t vanish because a law says so, and the open-source projects aren’t going away.
What it really does is push "regular" people back into surveillance by default. Most already assume their chats might be scanned or their phone might be listening, so they self-censor anyway. The law just bakes that into the mainstream tools, while the rest of us will keep using the same workarounds we always have.
Funny thing is, my private conversations of sexual nature with my 28 years old girlfriend could probably flag "their" system as CSAM. It has happened to a couple of people before from what I recall.
If this passes, just stop using anything inherently insecure. You may want to stop using WhatsApp, Instagram, Facebook, etc. for private conversations. I already do this.
There are alternatives that will not be affected by this, stick to these. I would give you a list, but I should better be quiet about it.
> There are alternatives that will not be affected by this
An app, in an official app store no less, is not going to be a solution for long. If you want an actual technical attempt at a solution you first need to regain ownership over your computing devices.
It is on F-Droid, not on Play Store. Does that make a difference?
It does today but not for long, Google is planning to add developer ID verification system for apps installed from any source, just like Apple's notarization, which will give them the technical ability to revoke their distribution on demand. It won't matter if the APK is distributed via F-Droid, Github, self-hosted servers, or in any other way.
By pure coincidence the walls are closing in from all sides.
No, that's the thing. Just anything you type on your device and send over the internet can be screened.
What about old PCs? I inherently do not trust my phone.
You can read the article you're replying on. If the device uses the internet, chances are they're gonna be able to listen in.
That is way different from client-side [...] from applications though. I thought this was the case.
https://en.wikipedia.org/wiki/Intel_Management_Engine
You can trust GNU/Linux phones though (Librem 5 and Pinephone).
> There are alternatives that will not be affected by this
For how long?
i know this is amazing concept but you can just.. not follow the law, and use 'illegal' encrypted communication.
Steganography to do key exchange on any compromised channel using DH, and then you just send normal encrypted messages - their magical idea is to do client side scanning.
this does require control over your device, but such regulations would just spring up black market for such devices.
The alternatives I have in mind, indefinitely (ideally forever the way they work). You could also just continue using older versions, whereas you need to update WhatsApp to continue using it, for example.
Signal, foolishly, is also time-bombed.
Does it still require a phone number?
In any case, Signal is not what I had in mind. Telegram is not what I had in mind either, and in fact, Telegram still has no E2EE on desktop so whatever.
Yes, but any phone number will work. That’s irrelevant to the crypto part.
EDIT: (I’m throttled and can’t reply to the child reply) - I said ANY phone number will work. You can get a number from any country, or a VoIP number, or a landline. It doesn’t need to be a sim card from the country you’re in. It doesn’t need to be a sim card at all. Any number will work.
If your country requires details to get a number, get a number from a different country. Unless you’re in China or Russia, we’re on the same internet with the same access to jmp.chat and others.
It is irrelevant to the crypto part, but not when it comes to privacy because as you may know, you cannot just get a prepaid SIM card without your details in many countries, so yeah Signal is not something I would choose.
If they can be private indefinitely, then you wouldn't need to keep them secret.
These attacks on freedom will continue until every computing device is mandated to have an ML system tracking your every input. And no communication method is safe from that.
Not even steganography would save you because more and more people would do it and they'd make it illegal too.
---
EDIT: Technology can give us tools to fight it but this has to be defeated at the political level, likely by enshrining privacy is a core human right.
> until every computing device is mandated to have an ML system tracking your every input
Well, in that case yeah, that would suck. OTR, OMEMO, etc. would not help then. Collectively not buying new hardware and pushing against it collectively might.
One problem, if I'm being honest, is that whatever you try to do, you will have a vocal group of people who will explain why it will destroy life as we know it. And everybody in that group of people will genuinely believe that it is absolutely insane to not share their beliefs.
Obviously, some groups are more right than others. If you are into cryptography, you know about the risks coming from Chat Control. But politicians are not part of your group. And what they see, from their point of view, is what I said above: whatever they try to do, there will be a vocal group of people who will genuinely believe that it is completely unreasonable.
That, to me, explains why it keeps coming back: because really, if we could break cryptography only for the bad guys, it would help a lot. "Okay, those people say that it is stupid, just like for everything else we try to do. What makes this group of people more right than the others?"
> What makes this group of people more right than the others?
The lack of financial interests?
Many groups lack financial interest and are against all sorts of things, like vaccines or WiFi.
These are usually clearly unscientific though.
I wonder if they'll insist politicians have backdoors in their chat apps too.
“The fact that the EU interior ministers want to exempt police officers, soldiers, intelligence officers and even themselves from chat control scanning proves that they know exactly just how unreliable and dangerous the snooping algorithms are that they want to unleash on us citizens,” commented Pirate Party MEP Patrick Breyer.
ahh as I expected.
This is everywhere, in every Western country, somehow all at the same time. Real identities for social media, electronic IDs, electronic currencies run by the government, backdoors in encryption
This is dystopian. Who is behind this coordinated attack?
Not just Western, Chat Control affects whole EU, including Central / Eastern European countries. Fucking Hungary (i.e. Orbán) agreed to it, for one.
> Chat Control affects whole EU
It affects everybody in the world messaging a person in EU.
I agree.
The politicians from all sides. It appears they want to solidify their power for years, and no matter how ridiculously this may sound like - also introduce some caste system where they're above law and we won't do anything but spend money and consume certified media because anything else is against the law.
We enjoyed a peaceful 'air pocket' in tech, but this is over. And it makes sense. Technology is rendering regular people useless. And when they eventually get destitute they will rebel. If I were the ruling elite I too would move fast to increase my control over the masses.
Something rarely mentioned in these discussions of EU's proposed "Chat Control" is that it only applies to certain "platforms"
Encrypted messaging not sent through one of these third party "platforms", i.e., "social media", would arguably be outside the scope of EU "Chat Control"
In other words, this proposed legislation does not require monitoring any internet user engaging in encrypted chats with any other internet user(s) as long as they avoid using a third party "platform" like the one run by Meta that is subject to the "Chat Control"
If a person believes that such encrypted chat is impossible/infeasible without the involvement of a third party such as Meta, then IMHO, this person has a more serious impediment to private conversation over the internet than EU proposed "Chat Control". But I would not trust any internet forum comment demonising the EU when what the EU is doing is regulating Big Tech
This proposed legislation may be detrimental to Meta's bottom line and so one can expect the usual public disinformation campaign where the problem is portrayed as "government surveillance" when in reality
(a) the problem is using third parties such as Meta to communicate, creating an easy partner/target for any government that wants surveiillance data
and
(b) Meta, not the government, is actually doing all the surveillance
and the EU keeps fining them for it. Big Tech companies like Meta need to ignore privacy norms in order to make money. That is the "business model". Surveillance. I cannot think of a worse choice of a third party through which to route private conversation
obviously in a couple of years they'll try again, but it was blocked aready, right?
They haven't stopped trying continuously since late 2021. You don't hear about it for a few months only because some countries are more aggressive about it than others.
it's not that I didn't hear about it, it's that I did hear about Germany and other countries standing in opposition to it, and the EU requires unanimity
- Going one after another for EU presidency since 2022 these countries were in favor: Sweden, Spain, Belgium, Hungary. Poland didn't want to include encrypted communication. Denmark wanted to include everything (text, links, videos, images, calls) but dropped text and calls after criticism (for now).
- Germany is currently not opposed to it (https://news.ycombinator.com/item?id=45273854).
- EU doesn't require all countries to support it on the council level (or parliament level). You just need at least 55% countries (at least 15) that represent at least 65% of citizens. To block it you need at least 4 countries that represent at least 35% of citizens, we are at ≈22%.
https://news.ycombinator.com/item?id=45209452 - 11 days ago
Outdated. Germany's position has been confirmed as undecided on scanning your encrypted messages.
Thanks for the update
In a couple of years they have backdoors installed in the silicon directly.
Let me be reasoned and measured and say fuck the entire gallery of those assholes. I only use Signal now, but I'm fully willing to give that up as well if this goes through and go full GPG-encrypted e-mail with keys exchanged IRL. The only thing I use the smartphone for other than Signal is navigation and OSMand works offline perfectly, I'll just pop my simcard into the cheapest dumbphone I can find and occasionally connect my phone to wifi to download new vector maps.
Creating, exchanging and safe-keeping the keys is hard. But what if OS vendors would provide just that as a system level service?
They aren't really breaking encryption, more like banning it, right?
They are breaking the idea that you can have a private conversation without the government spying on you. The how doesn't matter.
Exactly what China and Russia want (from the security perspective), and the US (from a economical one).
The opposition to chat control is really missing the point: chat control does not break encryption, the law is about mandating client-side scanning, not weakening cryptography so law enforcement can break it more easily or introducing backdoors. If you say "don't break encryption", they will just respond that this will not break encryption, which is true, but also completely irrelevant.
What we should be advocating instead is the freedom of doing whatever we want with our computing devices, which include rejecting the sort of crap companies and various government like to impose on ourselves.
Yes, it doesn't "break" encryption, it just defeats it.
The client-side scanning means that some amount of your communication will be uploaded in clear text to the government. And unless the government keeps it completely secure (spoiler: they won't) this will leak. Therefore it defeats the point of the encrypted channel.
So sure, it isn't as bad as just removing encryption from these apps. But it is very similar to giving the government a backdoor key to all messages. Maybe you see it as slightly better because only the messages flagged by the automated scanning are made vulnerable or maybe you see it as slightly worse because previously you would need both the backdoor key and access to the original messages and now all of the data you want is in a single location.
But the point is that this significantly weakens the security properties that these E2EE messengers provide if implemented.
I'm not saying it's better because it doesn't break encryption, that doesn't matter, I'm saying we shouldn't be fight it by framing it as an attack on encryption. What I think chat control is, is yet another attempt to force our devices to act against our interests.
It is sort of both. It is attacking encryption by bypassing it (by demanding a plan-text copy of the data) and it is using our devices to act against our interest. I think both are pretty bad.
When was this campaign launched? Today? Or earlier? I mean, is it public?
It's not on their website list, not in their socials
Assuming there's a tradeoff between safety and privacy (which might be a false dichotomy pushed onto people), I am perfectly fine with the current level of safety. I feel zero need to give up privacy for more safety.
I feel:
- The most danger in my life is from deranged people like some rando homeless person who decides to push me under the subway out of the blue. The second biggest danger is unemployed drug-using losers who might try to rob me in the street. The third danger is aggressive groups of teenagers (which happen to usually be a certain minority where I live) who might try to beat my up because somehow that is how they gain status among each other.
- If I was a woman, the fourth would probably be getting raped. Most probably by an immigrant, usually from a Muslim country. This might be incredibly controversial to US people but in the EU, we hear about these cases regularly. I am not saying every immigrant or Muslim is a rapist. I am not saying they rape at a much higher rate than the native population. This is why I prefaced everything with "I feel" because these 4 reasons are the narrative I see from the media. OTOH I would be surprised if there wasn't _some_ measurable correlation - I would love to see this quantified but at the same time it's the kind of thing where you get accused of being an -ist or -phobe no matter which result you get.
Anyway, taking away people's privacy does not help with any of these.
But that's not the point.
The most danger to a politician's life is from:
- Terrorists.[0]
- Non-deranged (sane) people who are so ideologically opposed to the politician's views and actions that they decide the only way to stop them is to attack them physically.
Taking away people's privacy helps with both of these. If performed by a group of people, there's the obvious need to communicate and organize. If performed by a single individual, then he still has to perform reconnaissance and acquire tools, both of which are likely to be done online to some degree.
---
So you see, it's not about people's safety. It's about politicians' safety.
[0]: Terrorism is by definition the intention to cause fear among the population. It was later redefined as trying to affect political change through violence, which is stupid but it serves the purpose of politicians using terrorists as a source of fear, despite the average person being incredibly unlikely to be hurt by one.
It's about to get worse:
New Pact on Migration and Asylum (https://en.wikipedia.org/wiki/New_Pact_on_Migration_and_Asyl...)
'Women Are No Longer Safe': Critics Blame Surge in Migrant Crime Across Europe (https://www.ibtimes.co.uk/women-are-no-longer-safe-critics-b...)
The second link is a series of sensational tweets wrapped in New York Post grade "journalism".
While crime has gone up significantly in Britain in the last 10 years, many other dramatic events have also occurred, including voting itself out of the largest regional trading block and losing out on financial markets to the middle east.
That's a bit ... off brand coming from you mozilla. How are the governments going to find and censor things you don't like
https://blog.mozilla.org/en/mozilla/we-need-more-than-deplat... https://archive.ph/ia2z4
I see the link is now broken on their site so perhaps they have thought better. STFU and just make firefox.
Say what you will, but I do not care who is pushing AGAINST Chat Control, as long as they are pushing AGAINST it.
https://web.archive.org/web/20240101011830/https://blog.mozi... Looks like it was removed around Nov 2024, ie around the time it became clear American politics was turning tides and Trump would get elected. Regardless of political position, I have no respect for people or companies that have no principled position and pander to $CURRENT_POLITICS.
I don't think it's a matter of lack of principles or pander to $CURRENT_POLITICS.
This article is simply about justifying political repression. Then the repression proved ineffective, the article became needless, and since justifying political repression is a rather toxic activity, the article was removed.
It wasn't removed, just moved: https://blog.mozilla.org/blogarchive/blog/2021/01/08/we-need...
Still true that cool URLs shouldn't change, of course.
Thanks, what does “archived” mean though?
No idea, my guess would be some software migration where it was too much work to copy the old posts over, but I'm not familiar with what happened.
Breaking encryption of private messaging is not the same as not letting propaganda run rampant and to try to equate them is bad-faith propaganda itself.
What they want in that piece is basically censorship. It doesn’t make it ok if you think that speech is bad