That Tweet links to this [1] description which, in glancing at the text, seems to indeed be accurate:
----
According to the latest draft regulation dated 28 May (Council document 9093/24), which is presented as “upload moderation”, users of apps and services with chat functions are to be asked whether they accept the indiscriminate and error-prone scanning and possibly reporting of their privately shared images, photos and videos. Previously unknown images and videos are also to be scrutinised using “artificial intelligence” technology. If a user refuses the scanning, they would be blocked from sending or receiving images, photos, videos and links (Article 10). End-to-end encrypted services such as Whatsapp or Signal would have to implement the automated searches “prior to transmission” of a message (so-called client-side scanning, Article 10a). The initially proposed scanning of text messages for indications of grooming, which is hardly being used to date, is to be scrapped, as is the scanning of voice communication, which has never been done before. Probably as a concession to France, the chats of employees of security authorities and the military are also to be exempted from chat control.
----
Strange times we live in. Entertaining, but strange.
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
Bugging communications by investigators with special approval is already an exception to this principle. Government bodies that make sure that laws conform to the constitution should veto any exception broader than that, so this draft should basically be pointless.
It feels like there are social/political mechanisms at work that allow that to however happen. They pave the road to Hell little by little, one stone at a time, and this is neither strange nor entertaining. To me, the beginning of this century has similarities with the beginning of the previous, which is quite worrying.
agreed. i feel the real motivation is much more sinister and much more to do with the geopolitical situation than anything else.
the reality is, if anyone is seriously determined to commit what they know are crimes then there are many solutions, of admittedly varying quality, for having private communications outside of the mainstream apps available on the app store. even signal itself has an apk you can install on android from their website.
so, it's unlikely this will indeed help in the fight against CSAM or whatever else is purportedly motivating this legislation. the end result will be mass surveillance 24/7 on the vast majority of the population who aren't commiting any crimes at all. it seems to me like big brother's wet dream. ironic that this is exactly the thing the US/EU political leadership have been bashing the chinese for since forever.
Any intelligent criminal will just meet face-to-face to discuss their criminal activities. None of these apps protect against someone taking a photo of the screen and snitching to the authorities about what was said in exchange for less jail time.
To be fair, criminals are (fortunately) not always intelligent, especially the rabble they are trying to catch; or at least, the "small fry" isn't, but that's precisely how - I suppose - they hope to catch the bigger fishes who may be more cautious.
it's pretty easy to do these days. even in the browser you can use WebRTC for P2P and Web Crypto on top and knock together an e2e encrypted messenger in a few hours. assuming you can trust the browser crypto of course.
I haven't confirmed this, but I would expect that creating E2EE chat that doesn't follow this new law would itself be prosecutable? Now criminals can be picked up for merely using secure chat, if the government can't easily get them for human trafficking/drug trafficking/whatever. Reminds me of how the twentieth century US gangster Al Capone was prosecuted for tax evasion.
Anyone who is not explicitly privy to a fully bespoke, end to end encrypted data transmission and retrieval system has no way to determine the function or purpose of that system.
It could be text, audio, video, raw signal bitstream from an IoT sensor, or a full duplex async combination of anyone of those.
It wouldn't be a "chat service" to an outside observer, it would just be seemingly random, opaque bits between two endpoints.
well, for example, you could roll your own secure messaging over WebRTC data channels using Web Crypto. There won't be anything unusual looking about the traffic as it will all be wrapped up inside DTLS/SRTP which is the transport for WebRTC. so, it's encrypted twice and would look perfectly normal to any outside observer. there's no way to tell what is happening in the messaging layer WebRTC "encapsulates".
At end of day, if someone wants to do this, there is no way, afaik, it can be detected. so, all these laws won't really help combating serious criminals who have some savvy.
If you're running a criminal organization, a bigger threat than a wiretap can be someone wearing a wire, so to speak. Talking about anything over text creates a ton of evidence about the criminal conspiracy that you are currently engaged in. That evidence can be screencapped or recorded or whatever else by the person at the other end of the conversation. Since you don't have physical control over that person, it's possible they could be compromised.
If you keep everything in-person, even if someone becomes a snitch, you can still check them for hidden recording devices. At best, this means the evidence against you is that person's recollection of your conversation.
This is the same reason why it's much harder to pirate a movie in theatres than one released on streaming. Physical control over the environment that information is disseminated in is the gold standard, just look at the US military:
Will my email client using SMIME have to implement this? Seems kind of ridiculous.
Seems to be targeting platforms. Will it be illegal to send encrypted texts, what is keeping anyone from using crypto on top of existing messaging?
While I do not want to dive into any details on adverse effects of such stupidities, the EU seems to be actually taking a strange road to tech dependent overengineered regulation. It seems that this mostly driven by lobbyists that want to sell compliance services. Also it seems that there is more value in creating regulation rather than making sure it is enforcible.
If you are in the business of selling SMIME clients as a service to other people, then yes, you would need to implement this if the law passes.
Maybe there's an unintended upside to all this regressive business legislation. With all the focus on the "platforms", then maybe, just maybe, this will be yet another nail among the thousands of nails needed to finally kill them off.
CP is a pretext to grab power, the same way terrorism was 20 years ago. If a government actually cared, they would start dismantling the catholic church. Risking a slippery slope fallacy, I see no way governments won't expand the scope of this intrusion. Before you know it, being critical of a certain foreign government [0] or teachers criticising the department of education [1] will be limited.
0 - you know what conflict I mean. Will we have to resort to coded messages wherever we go?
The Australian government enacted the same type of "protect the children" laws, and then immediately used it to surveil journalists critical of their policies.
Why should everyone have to suffer so that state's job in catching criminals is made dead easy ? Such criminals are a microscopic minority of the population. Governments - esp in the west - have disinvested in traditional investigation and moved to using mass surveillance as their default operating strategy. And citizens are being made to pay the price.
The bad stuff will just move somewhere else as it always has done.
Compromising everyone's privacy will eventually mostly affect innocent people. Or even cause the platforms to cease existing altogether, which looks like a real possibility with Signal. Pedos will just move on to whatever service isn't compromised yet. You can outlaw or hamper secure encryption in some jurisdictions, but due to the generic nature of computers you can't in principle stop people from using secure encryption.
Smartphones are general-purpose computers with a bunch of little digital locks, that while strong, are not impervious. Such locks, when used to protect a device owner, are good. The same type of locks, when used to deny a device owner full rights to use their device as they see fit (absent harm done to others), are evil.
They could however require a license for a compiler/interpreter, and then require binaries to be signed by said compiler. As you said they seem clueless, so I bet they will try.
Neither Whatsapp nor Signal can do anything about it, since they don't know the content of the messages. That is the whole point of their protocol. That is the whole point of privacy.
Nobody falls for that crap. We all know that CP is being presented as a scapegoat here because, "how can you be against something that MIGHT help against CP!?!?!" while in fact and in the end it'll be used to spy on everything.
Nonsense. Whatsapp owns both endpoints. They could know perfectly well what you write, when you write it, to whom, and anything their heart desires by way of their analytics. The messages themselves contains no business value to them. They could send it by carrier pigeon for all they care as long as the client is their product.
Whatsapp is not something you can compile or inspect easily. They own the endpoint, in that specific meaning. They may not have root access on the device, but inside the client nothing is out of scope.
It is their client. Any data you enter into the client is data they 0wn.
You can definitely decompile WhatsApp on Android to inspect it. I'm sure security researchers do this regularly, including those looking for a bug bounty that could be life-changing.
You can always inspect what you are running rightnow. Again, they literally own the software. They could augment it at runtime, or do whatever else they desire. You have to trust them that they don't copy your data. How the transport protocol works is completely beside the point.
Security researchers analyze software in order to third party attack vectors. They do not analyze first or second party attack vectors, because that would be silly. There's simply too many of them.
Presumably they would use edge based hash scans or ai models to detect unsavory content. But if the content is so extreme as to be unsavory, likely they will be legally required to report it to leo.
The next steps are leo seizing your device(s) or leo having WhatsApp start sending all your messages to them for review.
What happens when leo adds the hash of a state-loathed meme?
They "could" maybe. But since you seem to not have more information, we have to remain on the assumption that they're still using Signal protocol and can't see what the messange contents are.
Signal could still see the contents of your messages. Anything you enter into their app could be scanned or sent back in plaintext to some server, all prior to actual transmission via their protocol.
The only way to ensure that can't happen is to inspect the code and compile it yourself, or at least validate the hash of the binary you're installing. But we've also recently learned with the xz fiasco that you'll need to be sure to add checks all the way down.
Of course, you could always encrypt before entering the text into signal, but at that point why use signal?
Obviously, the moment these platforms lose privacy, the criminals cease communication on them immediately. So they're the last group this is aimed at.
The solution to crime is the same investigation and detective work and anonymous tip offs and so on that it's always been. People going undercover and infiltrating these groups and then bringing them down.
By chasing the criminals off this platforms, all that happens is the detective work gets harder. Now they've got to go find where to start their infiltration, all over again.
This outcome is so obvious that the only conclusions available are that the lawmakers are either IQ 60 morons, or that they have malicious intent.
> Obviously, the moment these platforms lose privacy, the criminals cease communication on them immediately
You overestimate how smart they are, you forget how a lot of crime is opportunistic, that if abuser has to convince a child to install a shady app they would have much lower success rate and set off many alarms, etc.
One way that would put down lots of exploitation and support privacy of adults would be video and online surveillance of all children when not alone, using a parent-controlled computer to detect bad things happening. This could start in kindergarden and school and gradually expand to all spaces that are not home. Children have some right to privacy, but not as strong as adults.
On the 16-th year, if the child wants so, surveillance gets turned off and he/she is granted more privacy. Like with age limits on car driving or working, at some point the state says, you are old enough to take responsibility, we won't protect you from harsh life anymore.
This is a targeted, reasonable solution with little collateral damage, that upholds the right to privacy for adults. It's what parents would want, instead of the bureaucrats. And who really, actually cares about safety of the children, parents or bureaucrats?
> video and online surveillance of all children when not alone
So, you want children to have no privacy just to get a tiny bit more privacy to adults? Are adults really this horrible towards children, do you really think you would like this as a child?
> Children have some right to privacy, but not as strong as adults.
Why the hell not? Do you really think it is ok that your daughter gets constantly video surveilled all throughout puberty? Do you really think that is a lesser evil than your text messages being scanned for some keywords? Would you be happy if there was a camera constantly watching you as you jerked off as a kid?
> Are adults really this horrible towards children, do you really think you would like this as a child?
Only parents would have access to surveillance records. Children often do not like stuff their parents make them do, and their power over them, this would be one more thing, with great benefits.
> Why the hell not?
Because they are children, they do not have full responsibility for their actions, and they are more vulnerable to abuse, and protecting their safety is more important than protecting their privacy. I want to keep the status quo, where children are protected, and adults have rights. The way stuff is going, we're all getting more like children with one parent called Big Brother.
> Would you be happy if there was a camera constantly watching you as you jerked off as a kid?
That is not what I'm suggesting. I'm talking about public spaces (including online) where adults are present. If the kid wants to jerk off, or two or more kids want to make love, they can go home or use some private space like a bathroom.
> Only parents would have access to surveillance records
You do realize parents create a lot of the CP out there? Especially if you include non-biological parents, who are legally parents.
> That is not what I'm suggesting. I'm talking about public spaces (including online) where adults are present.
So you wouldn't stop basically anything? What kind of child porn do you expect to catch using this? It isn't like anyone is creating child porn in public, they do it in the privacy of homes.
I assumed you would suggest something that could stop child porn, not just cameras in public places.
Your argument makes as much sense as banning knives because they are sometimes misused to attack people. What about alcohol? Some people drink and drive, we should ban alcohol too!
If knives can be used remotely to monetize child abuse at scale then yeah you bet they would be controlled. Your analogy fully misses the point. (And still, in many countries I've been to tobacco and maybe also alcohol are banned for sale near schools.)
This argument is more thought provoking than people may think.
What we see is a shift of power. Electronic communications started out as private enterprises, then mostly taken over by states because of the need centralization, and now almost completely taken over by private enterprises one layer above. Governments are still trying to make sense of what happened and find their role in this new world.
Platforms are centralization at work, and it's not that far fetched to think that states could do a better job than Twitter or Facebook. Platforms have immense power. After all, we mostly agree that Facebook very literally facilitating genocide was not good for society. What we disagree on is how much they knew and how much was circumstantial.
There is also this idea that jurisdictions matter for platforms. The Chinese connections with Tiktok owners are problematic since we know for a fact that they have the power to influence elections. The American ownership of Facebook is not similarly problematic, largely because the CIA and other institutions interests mostly align with ours.
It would not surprise me if the Saudi money financing Twitter/X would turn out to be just as important as the financing of 9/11.
In light of that, it should not be surprising that EU states wants to play the game too, even if it will have very little practical effect.
You're right. But apparently every time this topic comes up we cry that this is abuse of our freedom.
Tech is not good or bad but it does have unintended consequences and open new ways for abuse. This is tough to swallow for us who work in tech but is obvious to everyone else. If we stay in denial and do not volunteer to help use tech smartly to compensate for bad side effects, they will vote in some dumb law and some bad guys will exploit it for surveillance later.
There is in fact no "smart" way to compensate for this particular "bad side effect".
Either your communications are spied on to weed out unapproved material, or they're not. And there is no way to make the system architecture care about which material is allowed to be "unapproved".
The right answer here is just to accept that, beyond a certain point, further reducing the amount of circulating child porn requires unacceptable tradeoffs. Then stop whining and wishing for impossible technical solutions.
If you put "bad" in quotes, this means you don't think child abuse is actually bad? Cool.
> The right answer here is just to accept that, beyond a certain point, further reducing the amount of circulating child porn
Not porn, don't delude yourself. Actual abuse.
> requires unacceptable tradeoffs
And whether tradeoffs are acceptable or not depends on tradeoffs. If you refuse to help find solutions that don't involve spying, don't get all flustered when a law is adopted that does involve spying!
> Either your communications are spied on to weed out unapproved material, or they're not.
Exactly. Apple's solution did not involve any spying. People have spoken against, now we have solutions that do involve spying. Let's see where this goes yeah?
Try to understand how the algorithm works. If you do, please share the mental gymnastics routine you use to make it look like spying. It is not spying in any reasonable sense, definitely not the sense of the proposal by EU lawmakers.
It would attempt to identify child porn by scanning images (using both hashes and ML if I remember right, but it doesn't matter). This takes place on the local device, but under control of Apple, not the user.
Upon detecting a suspect image, it takes action. The action isn't really part of the "algorithm". Depending on the score, Apple's whim of the day, and/or outside compulsion which would probably be applied to Apple, it refuses to allow the image to be sent in messages or to "the cloud", deletes the image, and/or reports the image to Apple (which would presumably report it further). They can change what it does at any time.
In other words, it examines data on your device, on behalf of others, in a way that you don't control, and uses the resulting information to your potential detriment, again on behalf of others and again in a way that you don't control.
Apple examining your data in a way you don't control, to implement policy that you don't control and may oppose, is spying. It doesn't matter whether they do the spying using you CPU or their CPU.
If "to your potential detriment" is your measure then tell me if you think police checking your documents is not "to your potential detriment", or speed/traffic camera is not "to your potential detriment", or waiting in line to board the bus, etc.
The only scenario where you don't need to accept things that are to your potential (and very real) detriment is if you don't live in society.
> If "to your potential detriment" is your measure then tell me if you think police checking your documents is not "to your potential detriment",
Where I live, police can't just randomly "check your documents" unless they already have some independent evidence supporting the idea that you might be involved in a crime. Which is how it should be.
It wouldn't be spying, though, since they'd be doing it openly and presumably not doing it on a continuing basis. It'd still be obscene authoritarian overreach.
> or speed/traffic camera is not "to your potential detriment",
These should of course be banned.
> or waiting in line to board the bus, etc.
This has nothing at all to do with anything and is just you trying to muddy the waters.
> Where I live, police can't just randomly "check your documents" unless they already have some independent evidence supporting the idea that you might be involved in a crime.
Yeah, then how about you match the description of a criminal. But it was an example and if you don't get the point then it's a waste of time.
> These should of course be banned.
Are you protesting them?
What if your kid gets run out by one of them speeders while walking out of school gates, will you still think speeding cameras are unnecessary?
> muddy the waters
These are all examples of having to suffer detriment due to living in a civilized society. You can pretend you don't but you do.
Why does this issue get techbros all up in arms-- I don't see them out protesting airport security checks etc. Somehow when their own lives are on the line then it's acceptable to require privacy invasive checks.
To add to your excellent point, who gets to validate the models efficacy? How do we know the state hadn't trained it to report users talking about maga, or Isreal, or for those with Chinese national lovers?
You can design a system where false positives are so rare they are insignificant and can be properly handled. The only reason we don't is because we don't think it's that much of a problem.
Maybe you underestimate machine learning, if you check HN on any given day it can do anything, probably be the next president.
But flagged known images was the point of Apple's algo, for example. Still everyone just went "forget abuse, my privacy is more important for me". Really at this point techbros deserved any dumb law that lets the government read their chats.
> Maybe you underestimate machine learning, if you check HN on any given day [...]
Maybe I actually know something about it.
> But flagged known images was the point of Apple's algo, for example.
You whined at me a little while ago about how all this was about "abuse, not just porn". Yet you're using that to justify a system that, as you describe it, could only find old, known images that have been circulating around the Internet and made it into a database. Meaning images of past abuse that cannot be prevented, by third parties who would not be caught by this.
Pick a threat model, because the measures you defend don't address the threats you claim justify them.
... and if you start talking about "grooming" or "normalization" or other silly bullshit that hypothetically might have a third-order effect, but probably doesn't have any meaningful effect at all in real life, I'm not going to bother to answer it.
> Still everyone just went "forget abuse, my privacy is more important for me".
Everybody's privacy is important to me. Including the privacy of the children whom you want to have grow up in an ever-expanding panopticon. Because this isn't just about stupid bullshit like your embarrassing disease. It's about people ending up in prison. It's about building infrastructure that can trivially and secretly be repurposed to hurt people, including children, in serious, life-changing, and potentially life-ending ways.
If you know then you'd agree that with the right setup ML can do this with a very high precision. We're talking about a highly customized system trained exactly for this one purpose not some chatbot.
> You whined at me a little while ago
You're the one whining here buddy-- remember this is about a law about to be forced on you that you find inconvenient ;) I find it suboptimal but in some sense it might be better than nothing.
> this was about "abuse, not just porn".
These are related. If you have this material, you obtained it from somewhere even if you didn't make it yourself. Some police work and it may lead to some dark web exchange marketplace and actual producers.
That said yes, there's difference. The EU law being discussed is probably more fit to counter realtime abuse, compared to Apple's algo for example.
> Because this isn't just about stupid bullshit like your embarrassing disease. It's about people ending up in prison.
I actually agree with these two sentences, but not in the way you probably intended.
> The Stasi were not a child-friendly institution.
I was waiting until Hitler gets invoked in a discussion about using tech to combat and prevent child abuse facilitated by tech, I was not disappointed.
> If you know then you'd agree that with the right setup ML can do this with a very high precision.
No, it cannot.
Not with a model that you can run on a phone, no matter how specialized it is. Serious ML takes actual compute power (which translates to actual electricity).
Not with a model that you can train on the number of positive examples that are actually available. Current ML is massively hungry for training data.
Not with any model that's out there on people's phones and therefore subject to white-box attack. Adversarial examples are not a solved problem, especially not in the white-box environment.
Probably not with any model. You would need maybe a 0.0000001 false positive rate. That rate falls asymptotically with both model size and training.
> that you find inconvenient ;)
The last refuge of the fanatic is to call anybody who raises inconvenient objections a pedophile.
> I was waiting until Hitler gets invoked in a discussion about using tech to combat and prevent child abuse facilitated by tech, I was not disappointed.
The Stasi did not have anything to do with Hitler, and did not exist at all until after Hitler was dead. They were not part of the Nazi apparatus. Your ignorance of history helps to explain your willingness to give dangerous powers to untrustworthy insitutions, though.
You would not need a perfect model, since there will have to be a human and due process in the loop.
> The last refuge of the fanatic
Between us two there's one with maximalist and absolutist views.
> call anybody who raises inconvenient objections
The actual objections are dealt with. Properly implemented (like Apple's algo) it's not spying, inconvenience and detriment of an individual is a fact of life in any society etc. We just trade personal attacks now.
> a pedophile
Putting words in my mouth.
> The Stasi did not have anything to do with Hitler, and did not exist at all until after Hitler was dead
Thanks for correcting me. So basically Stalin then. Wow, such difference.
I don't know where to start .It's not only that you assume I imply you are a pedophile, you also think that would be a derogatory word or something? Pedophilia is not a crime (like being gay), sexual abuse is.
You're reading too much into this. The smile is there because you called me whining and I did the same to you.
Seriously, who are they expecting to pay for that? AI vision detection run against _every image every person sends to anyone_, among other things, will get ridiculously expensive.
Half of the reason Microsoft is pushing "AI PCs" with special hardware is so they can push their spying to on-device and reduce all the extra costs the data processing they're imagining for things like automatic-screenshot-analysis-every-x-seconds will need.
And they're pretty much experts on spying on users. They've been collecting so much data for so long that apparently they've found a way to utilize what they collect in a way that makes the costs balance out in the end. Whether thats with government access, preferential antitrust treatment, or some actual financial method that directly affects the bottom line, I don't know. Somehow it's worthwhile for them. BUT -- when even Microsoft is looking for more efficient ways to spy on people, and forcing new hardware to support that effort, you know the data collection and analysis technique is definitely not ready to be made a legal mandate.
It doesn't make sense at all for some EU decision makers to decide it's acceptable for their citizens to bear the cost of so much data processing.
....wait, how much do large players in AI contribute to these politicians campaigns? Or if not them, who is really pushing this? It seems like someone should really try following the money on this one.
Let me take the other side here. The western world couldn't make it without sovereignty. I do realize that it sounds bad that few states would have such power. But make no mistake - if they won't do it, other actors would, I think that your interests reconcile with a democratic state much more than the other crooked actors.
It's just a matter of lesser evil in my humble opinion.
I give you that if the voter opinion was not influenced by media reports. However, since that is pretty much impossible, no... There is actually no way the "overwhelming majority" will ever want that, without being influenced...
You answered yourself : remember Apple’s implementation of CSAM detection.
We don’t own our devices anymore and we now have very limited control of what is executed or not so there is nothing stopping developers to run those legal spywares on the device since our only option if we don’t like what an app does is to not use it.
I don't know how to help folks that didn't treat the apple csam fiasco as a massive wake up call to ditch the ecosystem.
We have linux phones these days, caly, and grapheneos. There really isn't reason to give up on general computing. (Ignoring the propriety baseband blobs.)
Apple's backing down on that very sound initiative was a failure and a red flag indeed. They had the chance and the weight to pull it off and set a standard, but instead basically gave in for regulators to implement whatever spying laws they want.
Sadly, nothing else comes even close to Apple in terms of security and privacy, especially for someone who is not an infosec specialist and doesn't have time to read CVEs all day.
> Sadly, nothing else comes even close to Apple in terms of security and privacy, especially for someone who is not an infosec specialist and doesn't have time to read CVEs all day.
Even for someone that is not an infosec specialist, they should be using something like Graphene for phones and something like Qubes for their OS.
Apple isn't great at all honestly, at least in terms of MacOS security - they mostly benefit from not being worth the time to target.
While you make good points, I still wouldn't trust Apple to not scope creep over time. Client side scanning of hashes for csam presents the entry point they need to establish client side scanning as a norm. It's the preverbial inch. Give it a year, or months even, and watch that grow to include scanning of text for terroristic threats, or of teens' chats for grooming, or depression, etc. Then watch that data become a gold mine for both the gov and for advertisers.
The slope is so slippery that it's ot worth the risk, imo. It paves the way to reduce general computing even further, which is already quite restricted on apple devices to begin with.
Apple's proposed algorithm was probably the best so far.
The problem is not going away, we in tech are partly responsible and we should promote good ways to deal with it. If we don't then a solution will be found anyway, it'll just be a bad one.
For now I have a Tasker job routinely deleting WhatsApp's media directories. Unfortunately everyone is using it so I have to stick with it. Hate WhatsApp with passion.
As others have stated, just uninstall it now. Even at my work, my manager wanted us to use WhatsApp to communicate with our offshore teams. I let her know that I would be happy to do so with a company provided phone, but I don't install spyware on my devices, and furthermore don't have an app store so would need to be able to build it from source. But I'd be happy to use signal or email.
It would be so funny if a security authority was caught in a CSAM case, and it wasn't detected simply because said person is an authority and shall not be scanned for unlawful content.
The problem is the design of the system and the programs. It should not handle by the apps/services but you can use your own programs for encryption, for display, etc, and can be used separately. If the data is really end-to-end encrypted then the service and apps should not care what they are; the user should care based on what programs they install to handle them.
Additionally, it says photos, videos, links, but you can make any data represented as other files e.g. text, slowscan, steganography, etc.
The law says "images, photos, videos and links". What about simple encrypted or password protected zip files?
As far as I know, most messaging platforms allow you to send regular files too. Wouldn't "the bad guys" simply use that as a loophole and continue with their day?
I know the real reason behind the law isn't to actually protect children, but, you know...
I assume this will apply to all bits. After all, a zip could contain an image, so it should be scanned. And someone might accidently change the file extension from .jpg to .py.
The point he's making is if they enact this law, it will be trivial for anyone that cares (eg, people who do distribute CP) to bypass if it is implemented as described. They don't even have to stop using Signal or whatever. They just need to plonk whatever they want hidden in a password protected .zip (or something else if that's not strong enough, or use stenography if they ban containers) and send it using Signal as normal.
So it won't stop CP, or any other criminal activity that's in the slightest bit cluefull.
They must know this, so I'm left scratching my head wondering what they are actually up to.
> The point he's making is if they enact this law, it will be trivial for anyone that cares to bypass if it is implemented as described.
I took that as a given and therefore described what I would see as scan-creep of the gov implementation regardless of the exact verbiage of the law.
My point was that anyone expecting to use the file type as a loophole would likely ne compromised, and the only way to ensure bypass of the scan would be to locally encrypt before transmission, as any text or binary entered into an app affected by this law should be assumed to be fully mined, scanned, and reported to the gov regardless of its contents.
Yep, lol nothing to stop criminals from encrypting the file themselves and sending it across lol theirs hundreds of unhacked encryptions, all the end users need to do is share the passwords outside the spied upon platforms, like this doesn't solve any issues it just strips freedoms from the non-criminals.
Shit criminals will just meet and swap usb drives lol, like i don't get how this solves the crime issue. This is like banning monero or crypto because its used illegally.. meanwhile CP and other crimes have used Euro and USD paper money for long before crypto lol but yet "crypto seems shady" is enough reason to point at it as the reason crime exists lol.
While it's a fun meme, if you actually look at the list, the inciting incidents are usually (accusations of) police violence/overreach, reforms to cut labor protections, welfare or public education, and Israeli military operations in Palestine.
In fact, most of the protests seem to neatly fall into the "police violence" (usually against minorities) and "austerity" buckets.
I think the parent meant that France is a country that actively protects its rights via violent protest as opposed to other countries that merely sit and suffer.
That was my point. Austerity measures tangibly affect most people in easy to understand ways: cuts to healthcare, cuts to education, delayed retirement, etc. Police violence and overreach are a significant concern especially among certain minorities because they (allegedly) experience forms of it every day.
But the Internet is largely a magic box and at this point the common understanding seems to be that it is both private and also under massive corporate and state surveillance at the same time. And that's not even mostly wrong.
People often forget just how much we get from the EU that's taken for granted. Everything from practicalities like no roaming costs and consumer protection, all the way to freedom of movement, peace and overall stability.
Yes, but also the (1) push of PNR to keep a complete record of your travel and movements within the EU. Dutch train operator NS is operating in spirit of the future “PNR” already and makes it harder and harder to buy “anonymous” train ticket (even for local 15min journeys). The so called anonymous card, is linked to your bank account used to top it up.
What if you prefer to use cash in your daily life (2), for envelope-style budgeting? Well, your bank will let inform the authorities of your anomaly. You will start receiving monthly questionnaires asking to backup your behavior and why you might want 2-3-4K eur in cash every month.
All that people have to do is vote for the Pirate Party. There are people holding the line in Europe, but the population is worried about war and immigration instead of net neutrality and encryption. These are understandable priorities but it'll not be good.
This is part of the trans Atlantic trade agreements. They have a certain responsibility, having negotiated them, but they clearly feel they are beneficial in some way.
Oh come on, France and Germany were basically in a perpetual war for hundreds of years before, and now there's not even a theoretical chance of any two EU states fighting each other.
Occasional war here and there not directly involving any of the member states is incomparably better than what came before.
I don't think the EU says anything about how much texts should cost...
Edit: I am *obviously* not talking about surcharges for roaming but cost in plans, which I think is the point of the OP when he asks who pays for texts. Pricing is not regulated and has nothing to do with the EU.
It does, quite a lot. For example, it says you should pay the same regardless where you are in the EU (roaming), it also says you get a clear and transparent pricing for your mobile service, it also says all kinds of things about your rights to cancel, change providers, get refunds etc... you should look it up.
Why the snark? Especially since you're beside the point, so let me rephrase with the help of my lawyer: the EU does not say anything about how much consumers should be charged for text messages by their operator (i.e. "cost"). This was clear from my previous comment...
> If you continue to spend more time abroad than you do at home and your roaming consumption continues to exceed your domestic usage your operator may start charging you extra for your roaming use. The surcharges (excluding VAT) are capped at:
So where does it say how much operators can charge in their plans? Nowhere.
They are free to say texts are free (included in plan), or texts are charged at 10 euros each, whatever.
The EU only limits surcharges when roaming to other EU countries.
Jeez, guys.
Edit:
I am not backing away from anything, I was rephrasing to sustain your strange cross-examination. You guys are being unecessarily aggressive and argumentative over a simple point.
"Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith."
"don't cross-examine."
It's Sunday, guys. Do something positive with your time. Bye.
So you're backing away from your original stance of:
"I don't think the EU says anything about how much texts should cost."
Into a weaker form of "The EU only limits surcharges when roaming to other EU countries.". This was my only comment because your first position is factually incorrect, there are situations in which the EU defines how much texts can cost.
In Germany at least, unless you opt for a super cheap package(e.g. sponsored free or less than EUR 6/-), calls and texts are unlimited in local(country level) networks, only data volume is limited. Not sure about other EU neighbors.
That is already happening though, this just says it should also happen to e2e encryption by scanning on device. If it was that expensive costs would have appeared a long time ago.
I pay ~0.10€ for a text message - but I don't know anyone who uses text messages for communication so it's not a problem. I could buy a cheap plan for unlimited text messages, but I don't want a fixed monthly fee and prefer prepaid.
This is not about preventing you from doing that, it is about preventing services with many users from providing that service to you without a backdoor.
You can just send anyone you want an encrypted e-mail or message, but Signal can't facilitate that without the required provisions set out in those laws. If these dumb laws get enacted, Signal cannot get away with just pretending you are sending gibberish whilst providing true end-to-end encryption without any client-side scanning or whatever to you, but you are well within your rights do so yourself on top of Signal (if that's even possible); they just can't provide an automated means to do that for you.
Exactly, this just pisses off companies with added costs, strips freedoms and criminals move to using their own encrypt and decrypt step that the "Scanners" just see as bullshit gibberish or some form of stenography image etc.
Or ... they develop their own darknet webrtc based chat lol, like its silly to enforce this on the general populace when its so obviously circumvented by the people looking to do scary shit.
> they just can't provide an automated means to do that for you
What I'm wondering is whether two separate applications can be set up to communicate automatically, with one handling messaging and the other being responsible for encrypting and decrypting the data.
What would be against the law in that case? The messaging app? The encryption app? Or the interaction you are doing in that moment?
Step one would be determining if anyone actually uses those two apps together. A handful of people? No one cares. Is it now the default way you install Signal (or its two components) and do hundreds of thousands of users do this? Then the next question asked is who is facilitating it and how is that done? Does the backdoored Signal have a plug-in that allows this kind of use? Does Android facilitate that? Those people will likely find themselves in legal trouble.
Of course these laws are dumb, but that doesn't mean they can't be (mis)used to get the desired effect.
Actually police and various agencies do, because when most people aren't encrypting, the few that do are suddenly interesting. Some of them will turn out to be organized crime, but some of them are just adults who want to communicate privately.
That's not what the law cares about. Being able to encrypt stuff end-to-end, is not what is being targetted — it is not realistically possible. What is being targetted is millions of people getting private, true end-to-end secure communication with no content scanning of any kind through some service. Are you providing that service to millions like Signal is? This law applies. Are you the size of Meta and are you implementing some 'clever' two-component solution to sidestep this law? Expect legal trouble.
You can already install a mail client with PGP-support. Will K-9 Mail get in to trouble if a million users in the EU started privately exchanging keys and using GPG with K-9 Mail? Who knows. These laws are not about such practical details. This is about unlocking massive amounts of signal intelligence to do… who knows what, and those large communication platforms are juicy targets. All it needs is a law to coerce them to cooperate.
Don't expect reasonable arguments from the proponents of such laws, and don't expect to be able to avoid them for millions of users with clever tricks; you'll still fall foul of the spirit of the law, if not the letter.
The EU does not want to ban encryption, because it is the backbone of e-commerce and banking. There are plenty of public references that show the EU's explicit support of strong encryption.
What some law-and-order types (globally) want, is the means to scan, peek, or otherwise access private communication, especially if that communication is provided by a service used by millions. You can encrypt all you like, but if you use WhatsApp or Signal, laws like these force those services to create a way to eavesdrop. How is probably not defined in the law. Client-side scanning before encryption, having those services act as men-in-the-middle for each conversation; this is all fine, and can use encryption as usual. As long as certain agencies get to have a peek somewhere between those strongly encrypted tunnels.
I am using a special keyboard that outputs these sequences automatically. Must my keyboard driver send the keypresses to the EU? Fine, here are they: AFC628BCF627.
I understand Signal is handicapped now, but I couldn’t care less about Signal. I only care about being able to communicate in private. Why don’t we implement this stuff at a lower layer?
Surely the guys on top must see this is an endless game that they will never win? It’s not an arm’s race, it’s fundamentally impossible.
You don't seem to understand the point of these laws. It is not about stopping anyone with enough technical know-how from encrypting their communications. This is possible today, and not something which can be easily legislated away without resorting to a much heavier class of draconian laws (at which point you won't be living in a democracy any longer in any case).
This is about making it hard (or impossible) for some perceived group of miscreants to communicate privately. People sharing CSAM (however you define that) or dealing drugs, and stuff like that. Anyone can encrypt their communication, but most people don't do this consciously; the masses just use WhatsApp and Signal and what have you.
You and your special keyboard are not of interest, and unless you start selling these along with a service to route the encrypted messages to thousands of users, you are not the target of this legislation. Take away Signal and WhatsApp and sending an end-to-end encrypted message to your drug dealer without exchanging keys and agreeing on a protocol suddenly isn't as easy as just opening an app. That's the point of this law.
It's a dumb law, but you won't make it go away by playing silly semantic games.
> without resorting to a much heavier class of draconian laws
They may be coming down the pipe, after the soft version gets people macerated.
> at which point you won't be living in a democracy
But you will be hearing from talking heads that you are, and Russia and North Korea are the real dictatorships.
And maybe they will be right, because what is democracy? The word has different meanings to different people, and it won't be difficult to shape the discussion about what our liberal democracy is all about. Maybe it's about accepting who has power now and about protecting the vulnerable. We have seen a bit of this stance and real capabilities in recent years.
Criminals are using specialty phones or should I say, were using, because this was recently cracked and thus became useless. Catching Taghi in NL was a famous result of that.
Point is that dangerous people will use specialty devices/services and being legal is certainly not one of the requirements.
Again, not what this law is about. This is all about wanting to gather signal intelligence on millions of people automatically. About being flagged when someone uploads CSAM or uses certain keywords. They know it won't stop anyone with the skills and means to use some other encrypted solution.
So they explain it to people as being able to catch criminals, but they known it won’t work against that?
How can you maintain such a position? At some point you’ll have to explain your reasons for draconian measures like this.
That’s why I’m spamming people with “it won’t work” because so many seem fooled by this. You will catch exactly zero people with this. The only people you’ll catch will be the ones that you would have caught anyway, because of their nonchalance.
> So they explain it to people as being able to catch criminals, but they known it won’t work against that?
Why a law is enacted is more complex than just the here and now. Some of these law-and-order types dream of the day they can order Apple or Samsung to completely lock down their smartphones and forbid any user controlled cryptography. Some just want to be able to feel that they are doing everything in their power to prevent children from being harmed, even if the measures only cover naive users. Some just want people to know that they are being watched, and have these laws act as deterrent.
And as a bonus: some parents really like the idea that none of their children or any of their mates are sharing (their own) underage nudes and that this is enforced automatically.
The law will likely work for some of these points, to some extent. It's still a bad law, but the people pushing it aren't idiots; just dangerous.
OK thank you for elaborating. I tend to assume that such laws - "let's listen in on everything you do" - need firm and solid justification. Coming up with a simple counter-example on first try signals to me the problem has not been handled effectively (understatement of the year). I'm not talking about having the perfect solution, just.. something that does not immediately fall down on first try within a few minutes.
If you sell your keyboard as a service to people in questionable lines of business, then yes, you will need to comply with these laws. You can probably also expect a visit from three letter agencies. Which these targeted platform companies also do.
If this sort of surveillance stuff gets accepted, in time, you're gonna get noticed, put into database, and maybe called for questioning. Why are you using encryption, people that have nothing to hide do not use it.
A timely reminder that 9/11 hijackers communicated in the clear. Examples:
“The semester begins in three more weeks. We've obtained 19 confirmations for studies in the faculty of law, the faculty of urban planning, the faculty of fine arts and the faculty of engineering.” — Mohamed Atta
“Two sticks, a dash and a cake with a stick down. What is it?”[2] — Mohamed Atta
“The first semester commences in three weeks. Two high schools and two universities. ... This summer will surely be hot ...19 certificates for private education and four exams. Regards to the professor. Goodbye.”[2] — Abu Abdul Rahman
Even in China with extreme surveillance and censorship in place, Chinese people have been quite creative in their ways of circumventing censorship. An example approach is cutting and pasting official political videos together in a way that changes their meaning ever so slightly. Automatic censorship algorithms are fooled, and human analysis and censorship are necessary and very expensive to carry out. Other examples are playing with the sounds of words, or using memes or rapidly-changing euphemisms.[3] It's too difficult to automatically censor stuff where people have taken a normal word such as "chair" and send each other images of chairs as a sign of protest. An image of a chair and a birthday cake with a number of candles could indicate a date of protest. Or a chair in a picture with a number of ducks in the background, or a number of chairs stacked on top of each other. And if censors start blocking all chairs, everyone just shifts to buses, or pieces of paper, or bananas, or whatever.
Frankly, GB was totally right in leaving, and if I had the ability to vote for stay/leave right now, I'd want to go. But this position is totally unwanted. You're being called Nazi or at least extreme-right the minute you utter it. This way of dealing with supposed democracy is what makes me want to leave even more. The EU has become a strange beast. The current election ads make that pretty clear. It basically reduces to "vote us, we're cool, we are deocracy" which is almost dystopianly void of real content.
Where are you living, if you don't mind sharing? I don't know about any place where expressing eurosceptic views would get you called "far right", let alone a Nazi.
And I disagree. You take for granted all the good regulating and all the things enabled by the EU, and focus on the one bad regulation we're discussing, which is not even a law yet. I, personally, am not looking forward to the future without EU (I remember my country before it joined and the progress is immense).
"Progress", sure. What you actually mean is "we got a lot of free money to build things with". Its easy to like the EU if you are in one of those countries that gets way more out then you have to put in.
> Where are you living, if you don't mind sharing? I don't know about any place where expressing eurosceptic views would get you called "far right", let alone a Nazi.
Try the largest German-speaking subreddit, for example.
> I don't know about any place where expressing eurosceptic views would get you called "far right", let alone a Nazi.
I think elsewhere online this may happen.
Also, some public broadcasters use the "far right" word group suspiciously often, almost as if it was some kind of effort to softly suggest to people how not to vote, but I must be imagining things, because they would never do that:)
Yeah, thats the problem. "they would never do that" has been violated far too often by supposedly centered media outlets. During corona, our state contrtrolled media actually really said that citizens are not supposed to listen to any other media because everyone else is likely lying. And since it is blatantly obvious that center-left parties will get a haircut for what they did during corona, again, the state controlled media are now doing exactly what you describe, warning the citizens of the evil right parties. And I am forced to pay for this, 50 cent a day. This isn't democracy anymore, its blatant manipulation of public opinion.
When apps created for overthrowing governments in other countries begin to backfire amid record low approval ratings, it all of a sudden turns out that “human rights” are merely a cudgel to beat others with.
Next week we have the European Parliament elections. Any tip on any "mainstream" party which is strongly against this? I know for sure the Pirate Party but they would never get a seat, at least in my country
Czech pirate party and German pirate party have seats and they're members of the Greens–European Free Alliance [1]. Take a look at which parties where you live are members of that alliance.
Just don't get guided by the tables with only those Alliance members, who actually made it into the European Parliament, on this page. For instance, only Sylwia Spurek is mentioned there for Poland - a terrible choice IMHO [1], while there's the Pirate Party in Poland (https://polskapartiapiratow.pl/) too.
[1] For example, while being the Vice Commissioner for Human Rights (vice ombudswoman) in Poland, she stated that "It is worth, first of all, stating a few facts. First, violence has a gender, whether we want it to or not. Women and children are the victims, and men are the perpetrators." (video transcript translated with https://www.deepl.com, source in Polish: https://wiadomosci.onet.pl/kraj/dr-sylwia-spurek-przemoc-ma-...).
If I correctly understand the linked materials by Patrick Breyer [1], then the parliament (which is the piece of the E.U. where we are presently asked for our vote), is opposed to this pretty much in its entirety: It says "Parliament has positioned itself almost unanimously against indiscriminate chat control." So, it seems, the way you vote here doesn't much affect that outcome at all.
Also, if I correctly understand this table [2], then "Renew" (formerly "ALDE") is also opposed, so you don't need to adopt the leftist political ideology of the Greens as a package, just to get pro-privacy representation in the European Parliament. "Renew" does seem to be a viable "libertarian" alternative there. They also make some pro-privacy representations on their website. I don't follow European politics much, so I may be mistaken here. For example, I haven't looked into their voting record.
You can look at the votes of the members of European parliament.
For example, here for a vote on "chat control" [1] (from 2021) and a recent one [2]. You can filter to your country to see how each party (or even each member) voted.
Thank you very much! I will definitely need to remember to vote in my country of residence next time, because my country of birth has almost nobody representing a good chunk of my views :(
EPP is pushing for this, ALDE is probably mixed depending on the country. So if Greens/EFA and parties like Volt or pirates stand no chance you could still not vote EPP.
I can't find specific policy positions for Volt on encryption, but they're very positive about open source [1], so you'd imagine they'd have a pretty reasonable approach to encryption too.
Transform the Declaration on European Digital Rights and Principles for the Digital Decade into a binding legal instrument, so that the Declaration is upheld at every step of policy making.
17. Everyone has the right to privacy and to the protection of their personal data. The latter right includes the control by individuals on how their personal data are used and with whom they are shared.
18. Everyone has the right to the confidentiality of their communications and the information on their electronic devices, and not to be subjected to unlawful online surveillance, unlawful pervasive tracking or interception measures.
Of course, given that this Declaration is signed by the same parties that are currently pushing the ChatControl measures being discussed doesn't fill me with much confidence.
Well, apparently, it seems spying on the populace is kind of the mainstream position - among the political elites - in many European countries these days; so perhaps you should consider non-mainstream political currents.
Also - there is the question of EU legitimacy. Its structure is highly problematic, as are its politics vis-a-vis the US, NATO, Russia, Arab countries etc - and I'll naturally not open that whole discussion; my point is that I would also consider supporting dissolution of and/or secession from the EU. Not because friendly and cooperative inter-relations are bad for European countries - of course they are - but because the EU is not a good vehicle for that, it's a vehicle for realizing elite-minority political and economic interests.
What upsets me the most about this and similar trends (ie. Climate change, AI, etc) is that when crap hits the fan, the current proponents will:
- tell you they couldn’t have know it would end this way
- they really were right, except for this one unpredictable thing that broke their master plan
- hide/pretend they were never pushing for this
- ask for help
- tell the rest to take a hike (the ones that managed to still benefit)
And there is no way for people in the present, who see this coming to prevent it or to ensure proponents are help accountable on the future. You will end up with lawsuits that take 20 years, watered down verdicts, weasel politics, etc.
I don't mean asking for help fixing, I mean asking for help in getting away from consequences. Like a scientist unleashing a zombie apocalypse asking for a ride.
I use XMPP with OMEMO for my main encrypted messaging, and I don't get why Matrix got popular instead of XMPP (aside from a big marketing budget). Even a lighter server implementation takes up several times more resources than an XMPP server, plus the concerns about the enormous central instance.
Last time I checked (2018) the support for media&file sharing was in a quite bad shape in all available Android clients. Even without e2e encryption enabled. Is it good now?
sigh. If you want to play project pedigree games; Matrix was actually the result of two existing teams - one in the UK and one in France, which happened to get acquired by Amdocs and then subsequently spun out once we'd created Matrix.
That page in particular is a pile of FUD; it keeps banging on about "impressive collection of private data being sent to Matrix central servers, even when you use your own instance" which is simply categorically untrue; it looks like they misread the privacy policy of the Matrix.org server at https://github.com/element-hq/policies/blob/master/docs/matr... and somehow assumed it applied to everyone's server instances. It doesn't, any more than https://www.w3.org/policies/privacy applies to a given random webserver on the internet :|
My only complaint with self-hosting matrix is that the canonical python implementation is quite resource-heavy. I was unable to run it on a cheap VPS. I hope that the ecosystem will improve in the future.
I agree. I really prefer Dendrite, their Go server, but development has slowed down lately. Also, because of the financial issues they have been having, I don't have a lot of hope that Dendrite will get a lot of attention. Maybe Conduit(https://conduit.rs) will become more viable instead of Dendrite. We really need a small efficient build with no moving parts, for the self hosters community.
Another vote for XMPP with OMEMO here. I use it my wife, family, and a few friends and haven't heard any complaints yet[1] (aside from the lack of stickers, which are apparently important).
[1]: But like I said in another thread, who knows if they would directly complain to me.
On iOS app distribution and censorship is and will remain centralized.
It doesn’t matter if the relay service is centralized or federated. Apple can ban apps that don’t comply with the new law. Even self-distributed apps under the new sideloading provisions of the DMA can be censored by Apple by revoking the notarization.
Most of my family use my brother's Matrix server, but it's the Element app that makes it appealing to us all. Client side scanning could be enforced in the app, regardless of the server's protections.
However there is a whole ecosystem of clients, and they can't all be back doored. You are also free with write your own client, and many do (which is why we have so many in the first place).
Potentially, yes. But that's where Signal's protocol helps. It includes plausible deniability.
Therefore even if your chat log is leaked by one member, it isn't possible to probe person A sent the message. If person B was the leaker, anyone that person B has ever communicated with on Signal could have sent the message appearing to be from person A.
Not in the Matrix ecosystem. The protocol is so brittle there's only one real server and one real client, probably intentional, since the designers of the protocol make money from that server and that client.
The designers of matrix decided to shift more of the burden of the protocol to the server so that clients would be easier to implement. Therefore there are few servers and many clients. e2ee makes the client more complicated, that's why not all clients support e2ee
I love Matrix but they do have a bit of a monoculture problem which I hope will get better when the protocol stabilizes. As long as they document their standards we should be fine. Their big commercialization push could turn out to be problematic in the long run, but we have to give them the benefit of the doubt and see.
If you want all the voip bits in place and all the latest features, you have to run a specific combination of synapse, sliding-proxy and element as the client. The xmpp ecosystem has similar problems but it gives a bit more leeway with various combinations of servers and clients that work well.
Matrix has more focus on IRC-like rooms, has a lot more features for that purpose and is much nicer to use than any conference xmpp extension.
Making this argument whilst ignoring the trade-offs of federation (that Signal has historically addressed) is somewhat disingenuous and a little fundamentalist.
do you have any breakdown on the trade-offs? Most HN commentary focuses on FUD around the signal founder rather than technical reasons why it shouldn’t be federated and would love to understand them better
My understanding is that the UK removed clauses that would undermine Signals security. Regardless of which, Signals didn't, and was never going to make concessions to the UK that would compromise it's users privacy.
Their strategy then as it seems to be now, is to do nothing but say they disagree and wait for the regulators to forcibly remove them from the market.
That is if they did themselves non-compliant with a countries laws, they'll do nothing and wait to be evicted rather then comply or voluntarily leave.
>My understanding is that the UK removed clauses that would undermine Signals security.
My understanding is that the law empowers the regulator (Ofcom) to require the use of accredited scanning technology if they consider it necessary and proportionate. No further changes to the law are necessary for that to happen.
But as of now, no such accredited technology exists. It seems likely that any client-side scanning technology that the EU mandates would also get accreditation in the UK.
Nothing changed in the UK Online Safety Bill before it became an Act, the troublesome clauses are still there.
All that happened is the government accepted that it was not currently practical to implement what they desired. So 'promised' not to require any providers to do so yet. If they deem it practical one can expect them to instruct providers.
Hence Apple and Signal both ignored their prior statements, and continue to provide their respective encrypted message and speech services.
>It's almost impossible to solved political issues using only technology.
It's extremely possible to solve political issues using technology. If you consider the government infringing people's right to put whatever substance they want into their body to be a political issue, it's been pretty much entirely solved by crypto and darknet markets for drugs.
Which are technical aspects of a fundamentally social problem. It's not the market platform itself that dodged the government - it's the people on the market.
The problem with GNU and Gnome is, to put it in the words of Steve jobs about Microsoft, "lack taste". They are too distant from the mainstream to cater to them.
postnote: this comment was Authored on Firefox under Wayland running on Linux 6.
You are missing the point. Us hackers will always find ways to circumvent the surveillance. But the rest of the population is not that fortunate. A solution has to include general awareness and mobilization of the non-tech population against this law.
> And who will you message then? I assume most of your contacts will stay where they are.
You are out of luck if you can't convince people to install PGP/GnuPG in their favorite e-mail clients. And e-mail doesn't scale for spontaneous communication like chat does.
Last time I heard (which was indeed a long time ago, so maybe things have changed), if you wanted citizenship, then your village had to take a vote, so you were well-advised to join the volunteer fire department and that sort of thing, if you wanted citizenship.
Now, with an eye toward the social dynamics of village life, I've always found the notion quite alienating to try to immigrate in a country where petty grievances held against me by my fellow villagers might block my path towards naturalization.
The picture is probably slightly different in more urbanized places, but, in those, it probably boils down more to a question of money.
I'm not sure what to make of your "a quarter are immigrant" statistic. Do you mean they live there, without being citizens? Is that number high precisely because the path to naturalization is so difficult? The number of non-citizen permanent residents, for example, is also extremely high in certain rich Arab countries (like the UAE), but they are effectively an underclass of indentured servants. So "immigration-friendly" is not what that kind of a statistic is saying at all.
(From personal experience) there's a large proportion of people living in the big Swiss cities as 'ex-pats', working for (mostly large) employers who support/sponsor their immigration and ongoing employment. (Such people are well-paid and equally-treated, and certainly not "an underclass of indentured servants".)
If one stays employed in the long term, citizenship is not needed, and IME only a small proportion of ex-pats attempt to achieve it - either because their career and life plans are likely to eventually lead them to move elsewhere, or because there's no incentive in their personal case, or disinterest, or because of the perceived difficulties.
You're right that parts of the system for achieving citizenship may sometimes be problematic, and the Swiss have somewhat of a reputation for racism, especially in the less metropolitan areas. (Of course, you could also say the same for many countries.). There have been anecdotes of people repeatedly failing to achieve citizenship through exactly the issue you originally raised.
That said, the overall approach to citizenship taken by the Swiss is mostly praiseworthy, as some of the more impressive aspects of Switzerland (e.g. its direct democracy, and the engagement of citizens in politics and the democratic process) are embedded within the shared culture of its citizens, and the citizenship process takes a decent shot at preserving this culture - requiring, for example, proof of significant language skills and knowledge of current affairs and politics.
Reminds me of a friend that married a German. In order to become himself a German citizen he had to pass an integration exam with questions about history, law and culture. He passed the exam, his German partner tried the same set of questions and failed it.
you don't have to have any means, just a job, albeit your employer must prove that they couldn't fulfill the job within Switzerland (and within the EU, if you're from outside the EU)
So far, the law doesn't have a majority. Even if they manage to push it through the Commission and Parliament, it's very unlikely to survive contact with the European Court of Justice.
In case you didn't know, the court retroactively voided these agreements. EU-US data transfers have been illegal for around 25 years or so thanks to that. People can sue you and win, even though the data protection authorities don't do much.
Yes. The court voided privacy shield in a ruling known as Schrems-II. The commission then created the Data Privacy Framework which is esentially the same as privacy shield against the will of the parliament, re-enabling transatlantic data transfer.
> users of apps and services with chat functions are to be asked whether they accept the indiscriminate and error-prone scanning and possibly reporting of their privately shared images, photos and videos
I take it this should apply to any web comments and messaging platform, and therefore require that all websites and web services comply if they can be accessed within the EU?
What do you mean? There are thousands more pixels in the timeline that can filled with POPUPS telling you how to think and how to CONSENT and how to OBEY
If such a law is introduced, will it still be possible to download the application from the website and use iOS sideloading as an alternative scenario?
(I'm not talking about the convenience or ease of such a solution)
You could just change your App Store region to any country outside the EU. For example all you need to change to US is an American phone number and credit card.
No unless you jailbreak your iPhone (good luck with that) or re-sign the app every week because that's your only option without a $100/year developer account.
I don't agree with this. Encryption is a feature of Signal, but it's not the only reason to use it. The bigger reason to use it is that it is independent from Meta, so you can use it without having Facebook track you.
I don't rely on Signals encryption, since there is no way to verify that it works in the way that it does, and even if, there is no way to know that the recipients are as careful as you are. If there is something I don't want others to find out, I just don't write it down. No encryption is fool proof.
I agree, and that's a major part of why I use Signal, but I just want to say that most of my friends (and even family) use Signal, so at this point it's also a network effect for me.
Also, is SMS even that secure anyway? There are security attacks surrounding SMS (hence why SMS is looked down as an OTP method from security standpoint).
Is that a joke? Any data that is stored about you can be used against you.
We know that Meta tracks everything you do in a pretty invasive manner. We know they use this data to target ads, and while they claim not to share data with advertisers, we do know that people have figured out ways to leak some of that data.
Since they share data with a lot of 3rd party tracking companies, we would have to trust all of them to keep our data safe. It is highly likely that some of these companies employ malicious actors.
Now, maybe you think you have nothing to hide. But the political landscape changes all the time, and things that were legal one day might be criminalised the next day, or some terrorist organisation gets a hand on your data and figures that you are an enemy of their god for some reason, ...
The only way to protect against these things is to not store the data in the first place.
Ok, a specific example: by a weird twist of fate, my country outlawed abortion (in most cases). Currently it's easy for affected women to travel somewhere and get help. Some people don't like it. With widespread tracking, it will be possible to target and punish women for breaking the law by getting abortion.
I worry about future use of my data. If it’s not e2e encrypted, future despots (or, less extreme, insurance companies, which tend to be only slightly less evil than despots anyway) can mine it (with not very good AI) to see if I am a good servant to the state , even though my remarks might be from 15 years ago and not related.
In Austria there was a case where protestors were jailed for months because mobile phone records placed them close to a house that burned down. Only after the trial showed that the house burned down because of an electrical fault the day before the case was thrown out. But the people's life was ruined already -- being put in jail for no reason fucks you up.
Western democracy doesn't help much when a higher up wants to get you.
And then there are all the crazy bastards beating up people for their religion or their sexual orientation. It's been shown that Facebook leaks some personal data to advertisers with carefully crafted campaigns.
And if that doesn't worry you, there's also all the fraud that is spread via Facebook ads: "Better Ads" means "More convincing cons". Con men use ad targeting to deliver exactly the kind of fraud you are most likely to fall for. A relative of mine fell for a finance scam -- it seemed perfectly legit, and thanks to Facebooks accurate targeting the campaign was delivered exactly to the right person that would fall for it.
When I need to buy something I look for research, reviews, competition, people who actually used the thing for some time and comment on the thing's weaknesses.
I want to control when I start being interested in something, and when I stop also.
When I need to buy something I need knowledge (weaknesses) and control. Advertisements are exactly the opposite of that.
Companies harvesting the data and using it to build extremely correct psychological profiles, which will then be used to successfully manipulate election results.
This isn’t about rigging elections. Nobody thought the 2016 election was rigged. What happened was hyper specific advertising profiles for voters, generated from all the info on Facebook, were used to customize person-specific political campaigns. If you were in a key swing district, you would’ve got nonstop ads for Trump that told you he was going to do X, Y, and Z, where those happened to be the exact three political issues you cared most about. It is widely believed in political science circles to have been what led to the surprise Trump victory.
This isn’t rigging an election because real votes were cast and counted. However is it still a fair election if the electorate doesn’t have access to sufficient information so as to make an informed choice? That is the issue at stake here.
I’d like to add that it is not just about governments (democratic or otherwise). Large corporations wield disproportionate powers, in comparison with individuals, and may have a presence across countries and continents. Even if they don’t use the data directly, they may pass it to some other entity. I’m not comfortable with the idea that anything I read or write today may be made available one day to my current or future employer, customers, providers etc. ...
In a way I have already internalized this idea. These days every time I use an electronic device I behave as if an unintended recipient was peeking above my shoulder. So my behavior isn’t as free is it was, say, in the 90s, before networked communication was so ubiquitous.
I remind you Turings fate by his own government for being gay not 60 years ago. Today being gay or straight is a non issue in most countries, and Turing life would have been different.
My take is the following: we have governments because we tolerate them. Constitutions are nothing more than a social agreement, and they could be torn apart and remade at any point in time.
Politicians are our employees - we hire them, we pay them, we can fire them. Sadly in the past 80 years we have started seeing them as our saviors and forgot their power emanates from us.
I don’t want my employee (the government) telling me what to do and tracking me. It’s irrelevant whether I have or not something to hide.
The OP, and that’s how it started, said he switched to signal due to “data harvesters” like Meta.
I feel like the conversation here diverged from that to something different.
PS: I absolutely follow the logic of restricting politicians. Unfortunately these people are versed with power and how to use it. Otherwise they would have not ended at the top…
1. This is default expectation (to have privacy, to have doors)
2. If you go abstract, it’s not too useful (its good to have of control of information sharing/ it’s good having control who access your house)
3. It seems impractical to go into details, due to very many different scenarios, details, expectations.
Take a set of different “motivations” (incompetence+personal gain+for terror+for ideology push), multiply it by types of actors (phone manufacturer, government, enemy state, criminals), mix in the possibility that law and approach can be changed/ expanded, while keeping in mind that motivations and actors will change year to year. (One thing when such tool is available for consertive gov., other thing when such tool is available for extreeme right/left gov.)
Parallels do diverge eventually, with door if somebody breaks it you most probably can see it immediately. While negative effects of privacy breach can take years to surface.
For me it’s a very bad analogy avoiding to give an answer.
Doors and how they’re used is highly cultural and has evolved. There’s nothing “fundamental” you can derive from your mental model of today.
Same goes with bike locks and the like. I used to live in a student town where people simply never locked their bikes. It was a custom of that time and place.
Well, nothing interesting can happen in short-term, but not sure about long-term given how much surveillance is being built under our noses.
Currently, only issue I face is, due to unlimited text/calls benefit in Germany, I also receive a lot of scam/phishing sms or random sales sms about some random agency offering digital marketing, webdev, wordpress etc irrelevant service unsolicited. I noticed that, somehow when such sms arrives, I am very proactive in immediately blocking those numbers, but may be by evening, I start seeing adverts all around the web creepily related to those same sms(mostly different vendors but related business area).
Thanks to the garbage that LLM is, now I suspect Google SMS as well as other Android based sms apps are also scanned and profiled to feed to advertisers, which I can't prove but my experience above is definitely not the Frequency Fallacy.
Rich messaging with images and videos is not universally available without signal or WhatsApp etc... And it's very easy (at least here in the UK) to end up sending an mms message which still costs an arm and a leg.
Interesting. In the USA at least MMS is zero cost on every plan I’m aware of, and the user experience of Signal is pretty much the same as MMS on iOS. Usually the rest of the world is ahead of North America on these sorts of things, so I thought the era of being charged for a SMS/MMS was behind us.
> there is no way to verify that it works in the way that it does
Since we're specifically talking about Signal, I think that it's worth mentioning that Signal is uniquely predictable here. They published their entire cryptosystem, it's been extensively inspected by the cryptography community, there are multiple open-source implementations that agree with the published mathematics, and I strongly suspect that more than a few people have sat down to verify that the bytes coming out of the app are actually produced by the published protocols. Claiming that that's not "working the way it does" is reaching out into territory along the lines of Trusting Trust, the unproven existence of trapdoor functions, and the Problem of Induction.
No. Signal locks not not just third party software but also builds of their own "open source" code via timebombed forced updates. It's somewhat impractical to use signal except via blinding accepting updates from them.
As a result every signal user is sadly quite vulnerable to getting pushed a bad update, particular since app store policy changed to require the app store itself being able to sign updates.
Signal could mitigate this by allowing third party clients and/or not timebombing support.
Right. There is no way for me to verify that the Signal app isn't actually a trojan created by a US agency with a clever marketing team. It sounds far fetched, but it wouldn't be the first secure messenger that was later revealed to be a covert spying device.
I still use the app, because I trust Signal more than Facebook, but the encryption isn't why I trust them.
> I don't rely on Signals encryption, since there is no way to verify that it works in the way that it does
Totally. Not everyone is a cryptographer to review the code and ensure the app they're downloading is what was compiled by the aforementioned vetted code. That's what F-Droid and cybersecurity audits attempt to solve (and Apple's vetting process, though I think their mandatory $100/yr developer license is what drives malware off the platform).
The one reason to use Signal is privacy, and its replacement of Meta apps is under that umbrella.
I use iCloud Keychain for passwords. It's a trade-off between security and convenience.
Passwords aren't as critical in my opinion, because I can always change them. Sure, it would suck if someone broke into my hosting account or my bank account, but I could probably fix it somehow. I was more thinking about secrets that I don't want people to find out, because there is no way to make people forget something they learned about me that I wanted to hide.
Some secrets are worthless without communications. Think of the poor extortionists. They took a compromising pictures, they would have to sent it via mail without proper encryption. How retrograde.
I’m joking around but I did get your point. I just think secrets cannot be categorised simply in “stuff I don’t want anyone ever to learn about” (why would someone use signal for that though) and “stuff I don’t care if anyone learns about”. 99% of the information I send over signal is actually neither, it’s in-between. I don’t want the whole world to see pictures and names of my family. I do want other members of my family to have them. Hence I use Signal for this, because I trust them most (or I distrust them least, depending on the point of view).
I agree. What I was trying to say was that encryption was not the most important part for me. Facebook or Twitter DMs would be secure enough for family photos in my opinion, if they didn't use invasive ad tracking. The fact that Signal is independent is why I use it, not because of superior encryption.
Being independent means little to me. FBI can swoop in and take all the drives based on some vague suspicions. They can be hacked. They could decide to start selling my data tomorrow.
End it end encryption make me worry less about this. I’m not a very trustful person simply put.
But I agree that everyone need to evaluate their convenience vs. risk ratio individually. I use VPNs, I wouldn’t dare to ask my family to do the same, it’s highly inconvenient.
This is why Signal needs to decentralise. There is no such thing as "leaving the EU market" if it can obtained from anywhere on the internet.
The EU has shot itself in the foot with demanding alternate app store exist, and then Signal has shot itself in the foot by not being open enough to be distributed on any app store by anybody.
The answer to these encryption laws, is to use their other laws against them. You want the iPhone to be an open platform? Great, here's a bunch of open platform chat apps that cannot be banned because they are decentralised.
Right now they live off donations (including mine) and I won't donate if they commercialize. Also, there's no easy way to monetize on users without ads, and I'm pretty sure signal users are one of the last demographics to fall for "privacy preserving ads".
Looks like we are going to have to move to two phone solutions.
The second phone will be very basic with open source hardware and self installed open source software, simple enough that you could build it yourself if you wanted. Its sole purpose will be secure communications and it would just use your phone as the communications medium.
It’s already a difficult to convince people to use signal instead of WhatsApp, FB messenger, iMessage, etc… if it requires a new phone with sideloaded software etc, I won’t have many people to text anymore.
I just gave up on smartphones altogether. It is much easier to make a laptop/desktop private instead and limit your private messaging and activities to it.
I have a separate KeepassXC database for 2FA. I guess my life experience is limited, but I am yet to encounter cases when this would be outright required. The closest one was Steam, but I used an Android VM for this.
Seems they will reconsider this after the elections. So there is time, depressing as it is. As has been said here before : every country will eat away at privacy every few years with similar proposals that failed a few years before. Until they succeed.
It’s the easiest thing for intelligence agencies to scan all your messages. They just need to submit a few million fake “content id” hashes and automatically your phone will share the images that match. Nobody can tell if content id has is of a photo of a document or a photo of a person it’s just a 256byte hash. This is so easily abused. I bet the way it’s implemented it doesn’t have enough resolution to read text so one evil content id hash will match any photo of any document or screenshot you have taken. So essentially your WhatsApp client will send every screenshot of a text document to nsa.
A few million fake "content id" hashes still gives them a 1/100000000000000000000000000000000000000000000000000000000000000000000000000000 chance that any one of those hashes will match. 256 bits are a lot, besides, what are they going to do? Sift through random vacation photos that happened to match this "ten jackpots in a row" chance?
I think OP is saying that the algorithm is designed in such a way it can match “visually similar” photos/content. The idea is you can’t just rescale, crop or otherwise slightly change a photo as you could if this was just a regular SHA hash of the file. Now they are saying that it might be possible to create an “evil hash” of a document that could match a large percentage of documents, because the hash algorithm obviously doesn’t have enough bits to actually represent the content. So if you have a hash of “white document with some black text” (for example, if looking for image scans of documents) and add this to the db of “watched” hashes, you could in theory hoover up documents.
A quick search didn’t lead me to any proof of concepts about this idea but on the surface (I don’t have any knowledge of the hashing algorithm used in these content filters) it seems like a plausible idea, depending on a lot of factors.
I'm not sure that this would work, mainly because it would mean that all the documents would have the same hash, rendering the content ID system useless. I don't know how many bits a content I'd contains, though, but I imagine it's enough to avoid having too many collisions (as that would reduce the usefulness of the system).
Right. That is the OPs point, however (as far as I can tell). They think it will be intentionally abused by governments as a way of collecting data by mandating certain hashes that will intentionally have many collisions.
Is there an alternative? (I currently only use Signal).
Also something where features work? Since this week my Signal "Something went wrong with you username, it no longer is connected to you. You can try to get a new one"
I expect applies to any app on a phone that is registered in the EU. If you wanted to and were able to buy a Swiss phone with Swiss number you might be okay.
Developers could start to employ software activism and dis-allow licenses for software they develop by European governments citing the reasons.
Perhaps Signal can deploy a version for Europe that is licensed for use only by governments and scans the hell out of them looking for corruption using AI.
Well, I goofed. Nonetheless, Threema is claiming GDPR-complaince:
Excerpt from their main web page:
Threema is 100% Swiss Made, hosts its own servers in Switzerland*, and, unlike US services (which are subject to the CLOUD Act, for example), it is fully GDPR-compliant.
Make no mistake I would never use Threema, and "made in switzerland" is usually just putting lipstick on a pig; the one time someone seriously looked into Threema it was full of weird decisions, if I remember correctly
Still GDPR is unrelated to what we are talking about
Yes, everyone wanting to serve clients in the eu (even if they are on vacation in non eu) must comply with the gdpr; this article however is not related to the gdpr though.
It just means you only store the data you need, you track how the data is used, and you allow data subjects the possibility to modify/remove said data.
You could always roll your own protocol that you use to interface with contacts, basically replicating Signal's algo. The gov wouldn't be able to stop that.
The Signal client and (irregularly) the server are published as open source. You can run your own Signal instance. If you want to complicate your life, of course.
There is an easier way - going with a selfhostable, federated solution. And at least XMPP is now commonly used with an encryption protocol that is based on Signal's.
I absolutely support Signal's position and abhorre the whole security circus with cries of "think of the children".
But, I'm in Europe (France) and I wonder who actually uses Signal? There was a move a couple of years ago to quit WhatsApp and go to Signal. Some groups did make the move, and then everyone went back. Today I have dozens of WhatsApp groups, and just one Signal group (and it's dying).
If no one uses Signal in Europe then obviously this threat is moot.
The network effect js real, but I have managed to move some groups to Signal. But you need to spend some social capital convincing people to make the move.
No signal = no comms for me.
I refuse to use whatsapp and i have probably missed out on a lot, but oh well.
I had neither 20 years ago and i survived ok - people called me, or i called them.
I do see the contradiction, as i know calls are recorded but er...I've nothing to hide.
Signal has some advantages over WhatsApp, namely that you can install the app on more devices (including computers) at the same time, which has been a convincing argument for some of my friends. They hate how WhatsApp is locked to your phone without an app for your computer.
Signal has become the default video conferencing app for several of my larger groups, and it works surprisingly well! This is a trick WhatsApp currently can't do.
SMS 2FA should end like backup recovery email. One is not safe, the other is a loop hole. If breaking encryption is too expensive, then either use the hammer approach, or compromise one of the terminals (or both). Computation will get so cheap and so good, that unless cryptography evolves pari pasu real freedom will be affected.
The EU is progressively turning into a Faschist dystopia.
And this is coming from the not elected council, not the elected parliament.
The EU in its very design is an autocracy, that wears the mask of democracy.
And right now it's acting as the puppet of the USA, supporting its world domination plans.
How is that going to be enforced in practice? Isn’t someone going to write a messenger PWA without client side scanning which everyone will be able to use? Are they going to block the domain?
And we still can’t backup our chats on iOS [0]. Does that mean that we might lose the history of all our messages?
Signal developers really seem to have some misconceptions about the priorities of their users…
[0] It‘s not a limitation of iOS itself but that Signal doesn‘t want to allow to store data and keys in a way that would ‚leak’ them to Apple - not even if I, the user, wouldn’t mind that.
Not being able to back up app data to another device that I own because its encrypted with a hardware-tied key that I can't access is a terrible design that plagues modern mobile devices. It's my device; I should be able to access any data on it.
There are plenty of viable security models where the app data could be securely protected from Apple or Google by using a key that I own and can use on other devices.
That sort of feature is dangerous, and very likely to cause at least one vulnerability. If I were running signal, I would be very reluctant to, and careful in implementing it.
Anytime you use a device you need to trust the manufacturer itself is not malicious. The difference between storing and decrypting a database on an internet-connected Apple device and storing it in Apple’s iCloud is minuscule.
Then it doesn't respect the users enough to be considered free software. The user must be free to do whatever he wants, even sending a plaintext copy to Google.
I would have to trust Meta on top of Apple for that (and there is no way that you do not have to trust the manufacturers of your devices anyways, imo).
Oh and just today I've banned yet another pedophilia fediverse instance with no easy way od reporting it the any authority.
I'd have to give my name and address and potentially put me with 1 foot in jail because I have viewed the images and have them in my browser's cache.
If they really wanted to protect children from sexual abuse, they would've created easy to report online services. But it's not and never was about pedophilia.
The EU elections are just around the corner. It's a good moment to make an informed decision and stop electing alt-rights who'd do anything under the slogan of "protecting the children".
Who should we vote for then? That’s very hard to decide without a lot of research. I would say the pirate party is a safe bet. But if there are multiple candidates you need to be sure your vote goes to a strong candidate to increase your chances of success. But just figuring out who this might be is already hard.
Then of course there’s the non-democratic structure of the union itself where the non voted commission decide the laws.
It varies from country to country who you can vote for to oppose such legislation. You need to investigate your local representatives.
Also, the Commission only proposes legislation, it doesn't enact it. Only the EU Parliament can enact legislation. The comission is similar to the Government of most democratic countries, also in the fact that it's not directly democratically elected. However, you still have plenty of democratic control over it, just not in EU specific elections, but in your own country's elections.
Edit: mistook the Council for the Commission. Corrected in line.
This is not reality TV, it's important that you cast a vote aligned with your views, not who is most likely to win or loose. If you're unsure which party represents your views, you can use tools like https://euandi.eu/
Back in May last year, the European Commission proposed what security maven Matthew Green described as “the most terrifying thing I’ve ever seen”—a law that would force everyone from Facebook to Signal to scan everyone’s messages
Parliament's involvement depends on the policy area and may imply (a) being consulted, (b) giving consent or (c) co-legislating on an equal footing with the Council (ordinary legislative procedure). In case of "chat control" (actually called CSAR or COM/2022/209), we are in case c) - it was Parliament rejecting big parts of the proposal [0].
The OP refers to a document discussed during ST 9093 2024 INIT, it's part of the same package of legislation priorities (2022/0155(COD)) and it's currently awaiting the opinion of Parliament [1].
I know these make for very click-baity titles, but this is the moment when one can follow the feed and publications of their MEPs and contact them when one doesn't agree with some of their positions. Logs of all meetings are available online.
The ChatControl2.0 proposal was put forth by Ylva Johansson who is from the left in Sweden. She literally says "But think of the children" in every interview she made after this. There has been many accusations of corruption, for example the council was in contact with the AI companies that stand to gain from getting this in law.
I don't like mass-surveillance or "dragnets" which are actually considered unconstitutional in the US (see https://en.wikipedia.org/wiki/Dragnet_(policing) ), where you make an extraordinary amount of people suspects in order to catch a single suspect.
In medicine there is a number called NNT (Number Needed to Treat) which is a really good comparision to this. It's how many you have to treat with a medicine or procedure in order to help one patient. If that number goes up too large it's a bad sign, like if you would have to feed 1 million people a pill every day to avoid 1 heart attack per year.
Here you have mass surveillance and an incredible breach of privacy of 500M citizens, in order to catch how many pedos? If they would even be caught by this at all to start with.
>If they would even be caught by this at all to start with.
I doubt it. Teenagers sending each other naked pics, maybe (but after the law passes they will know they have no privacy and will stop doing that. I fear what awareness of constant surveillance does to a young brain). The actual pedophiles were always on top of their opsec game. In this case it sounds like they just need to opt-out of scanning and send each other obfuscated links or base64 encoded encrypted zip files in text? This is child's play, there were highly sophiasticated pedophile groups using tor-only infrastructure with forced opsec and rotating identifies every month. They never trusted mainstream chat apps, and they won't be affected. This only makes it possible to track regular people.
Can't upvote this enough. Such proposal is against the privacy and basic human rights or ordinary people (wveryone is guilty unless proved innocent). Big groups making and sharing such content won't be affected by this at all.
I wish they made it easier to vote in these EU elections. I live abroad. For me to cast my vote I’d have to physically travel to my country’s embassy which is several hours travel away return during the voting hours. Or give proxy to someone living there (don’t know anyone since I’ve never lived in that city).
Meanwhile, Canada lets me vote by mail, no fuss, and they even send the ballot to my home address automatically every election.
Would that really be so hard to do for EU or national elections?
The EU elections allow you to either vote in your country of residence or in your country of birth. You just need to register beforehand and you'll just be able to vote at a local ballot.
Here in Germany they even actively inform you of that choice. I got a letter both from the dutch government and the German government that I can make a decision to either vote in Germany or in Netherlands
Yes, I’m not saying it’s impossible. I still need to travel to my residence country’s capital which is several hours away and not free to get to in order to cast my vote in person. That’s quite a hurdle and I’m not surprised that participation is so low as a result.
It's up to your country to determine how tedious they want to make it. For a counter example, as an Estonian citizen, I can vote in these EU elections via the internet using my private, government certified, P-384 key.
I hope there'll come a time where the idea that these events that distribute ultimate power might not be flawlessly executed and maybe even partially fraudulent is seen with merit. It's certainly not the time yet, as always seen when this comes around.
These heads of states also got elected in their respective countries. You don't want to see "chat control" proposals coming from the council of Europe? Then don't elect the likes of Orban/Melonie/Geert Wilders!
Next week we're voting for the EU Parliament where MEPs are responsible for discussing and accepting/rejecting proposals from the EU Council.
Wilders only formed a coalition about two weeks ago, and he isn't the prime minister so wouldn't be in the Council anyway.
As for the others, why do you think these laws come from the council? EU law never comes from the council, it's always proposed by the Commission. There's a list of people who are most responsible for this specific law here:
None of the people on the list are heads of state, as per usual. They are senior members of the Commission and the usual assortment of lobbyists who feed them ideas.
You’re correct, these elections are pretty important, as we can vote for the parties/people that would bring this thing called the EU a little bit closer to disintegration, i.e. vote for the Nigel Farages of your countries. At this point the ghouls in Brussels are un-reformable.
Yes the best solution to democratic process is to vote for famous populist alt right politician whose politics is build around saying whatever generates most clicks/hate at the time.
Best part is once in power these people are as corruptable if not more because they just dont care and will sell their votes to the highest bid. Snakeoil sellers.
If you’re so curious, yes, on top of being pro/Russia I’m also a Mets fan. LGFM! How does knowing more about me help bring this conversation forward? Should I in turn ask about your favorite MLB team?
> do anything under the slogan of "protecting the children".
This is far too forgiving a representation, they are surveillance wolves disingenuously wearing the sheeps' wool of protecting children to further their eventual thought-policing goals of "total information awareness."
Doing anything to protect children is difficult to object to. Using the children as their pretense for monitoring dissidents is really the heart of the matter. It's important to differentiate between the two.
I get that this difference could be subtly implicit in that comment, but let's please make it explicit.
These laws, as required by the EU constitution, do not come from the people who are elected, so changing who gets voted in will have zero impact on whether such laws appear or not.
Moreover the EU Parliament is controlled by social democrat (left) parties. There currently a bunch of stories in the press freaking out over the possibility that the EU Parliament might actually become majority right wing for the first time ever, example:
So why did gp talk about the alt right?also I disagree, there is a binary left right in Europe too. Unless it's for social stuff then most parties are on the right in Europe lol
We should seriously ask, if being part of EU is beneficial or not. Electing left or right is just a game to keep system working. But it serves to scrap responsibility from us and lead to slavery with every new regulation.
That means power taken from the committee and brought to parliament. So the decision-making becomes more politicized, and thus more public. Politicizing isn't great, but without it the committee van fly under the radar. Moreover, without it the committee is fully beholden to the national governments, who won't be held to account for their decisions.
I've stopped taking the whole "change it from withing / reform" arguments seriously when it comes to anything larger than a village or small community. The entire system has gotten to this point because the rules, processes and incentives all aligned and co-evolved to get it here. Every single one of those "memes" (borrowing from Dawkins here) will fight very hard for its own survival. And their survival depends on the status-quo staying as is without change.
The only way forward is to not participate and/or burn it all down and start from scratch. And we all know what a polite and neutered society we are currently because things are relatively "okay" for us, so we're not at threat, so we're not willing to do the drastic measures necessary for correction here. That includes me, as I will not be sending my sons to the slaughter.
It's not a perfect answer, and one can "not participate" in more ways than one. Also, it depends on the individual and what makes sense for them and their family.
It's also a case of "picking your poison". So if the recent war wasn't happening, I'd be moving straight to Russia as right now it seems to be the sanest when it comes to these specific things. But that comes with dealing with some of the "negatives" as I'm sure you all can imagine.
If money wasn't a problem, personally I'd fund some sort of island or floating-island community to promote self-sustainable practices whilst staying as far as practically possible from the craziness going on in the west.
If you leave the EU who are people in your country going to vote for? Most likely, either the right or the left.
Leaving the EU doesn't automatically make a country not right/left/whatever. Even before the EU most countries had the same thing. The UK left and still have left/right/whatever. You need to change a lot more than EU membership status to avoid the whole left/right issue.
Probably because they know it's not politically popular. As members of the EU, they can work with their commissioners to bring in unpopular legislation and then blame the eu if anyone complains. The UK used to do this a lot, and I expect other countries do it too.
I don't know if youre trying to imply I said any thing about the censorship law, but all I was pointing out was that leaving the EU doesn't change anything about parent's idea about voting left/right/whatever.
What I'm saying, it looks like those are pushed at EU level seemingly by bureaucratic apparatus regardless of ruling parties. Yet such ideas seem to be nowhere to be found at home, again regardless of ruling parties.
I'm probably wrong, but my gut feeling is that euro bureaucracy is playing it's own game. And it has little in common with democracy, citizen rights and citizen will at large. Infamous Juncker's phrase about how to push through unpopular regulations is the modus operandi of those people.
What I'm saying is why are you commenting it to me? I don't care either way. There's other comments that your reply would fit better under. Trying to drag everyone into an EU good/EU bad discussion is not what everyone wants. I simply stated that leaving the EU doesn't make left/right disappear, which is true. You can argue your separate point to me all you want, but I dont really care.
Centralised government and power is much more dangerous for society, than decentralised nations.
Im not sure why someone in Brusell should vote about regulations for entire Europe.
You cannot imply same rules for entire nations like all are the same. They are not. They have different cultures, different values, different taxes, different wealth, etc...
> You cannot imply same rules for entire nations like all are the same. They are not. They have different cultures, different values, different taxes, different wealth, etc...
I'm not implying anything. I'm stating the fact that partisanship is not only dictated by EU membership. Maybe you're correct, maybe not, I dont really care, but it has nothing to do with my comment. Please try again with someone else who cares as much as you do.
Leaving the EU, however, triggers competition. These small European countries will compete for talent/money/knowledge and that means more freedom and less taxes.
But hey gotta deny the EU is not working even after hitting the wall and your face is dangling from the other side right?
I didn't say anything about it working or not, did I? The only thing I pointed out was that that leaving the EU isn't going to change parent's idea about leaving the EU to avoid voting left or right. Your comment doesn't apply or mean anything to me. I don't live in Europe nor do I follow all their politics enough to have a skin in the game.
It's the governments of the EU countries that are agreeing to this in the Council (apparently it's going through because France is lifting its veto). If enough people cared about this, they would put pressure on their governments to scrap this. But this is not ever talked about except in these circles (unlike, say, the migration pact).
It hasn't really been hurting them either. By the way, UK had GDP growth by .6% in first quarter of this year, which is a lot more than a lot of other EU countries.
Yes, at this point I see no way forward except with the
EU. Unless each individual country wants to go at it alone and eventually end up working as a Vasal state to either USA, Russia, or China.
The cost of products and manufacturing is so low that a significant part of the final price is made up of overhead costs such as tax, tariffs, and transport. All of these will go up by stepping out of the EU due to increased friction.
If anything, we should go a lot further into embracing the EU. In the current political landscape we are committed.
Current nonEU members like Switzerland or England are vasals of who?
Prices of energy and basically everything in EU is so ridiculous high. Free marked is crippled because of centrally planed economics pushed by EU grants.
I think the widening of the EU that we have seen precludes the deepening of the EU that you advocate.
This is a difficult balance. we should want deeper coordination within the EU. But we should also want to help and integrate our neighbors, rather than seeing them languish and become, as you put it, vassal states. And those goals are at odds.
This is partially because coordinating more countries is inherently more difficult if everyone can veto. But cultural diversity also plays a role. Deepening coordination means letting the EU decide more. Letting a more similar culture decide more will feeo better. beyond that, they are probably more likely to decide what you would have decided anyway. That is how a wider EU works against a deeper EU.
But the good thing about the EU and a lot of its programmes is that the future generations in each are more and more well-travelled and more and more accepting of other members' cultures. Even nowadays the attitude towards, say, Poland in most younger circles in the West is much more positive than it used to be 20 years ago. Give it enough time and the people of the bloc will learn how to deal with their neighbours' cultures.
What does that look like? Let's say you have a large exporting country that decides its exporting needs are more important than the employment needs of other countries in the block, how do you handle that without political alignment? Economic community is political community. The only question is what flavour of economic community, which IMO is where the EU has gone well off track.
Unfortunately, these days economic community is not enough. With the US slowly falling apart due to internal polarization, rusia and china trying to grap as much power as they can, Middle East far from stable, and the disrupting impact of climate change, focusing only on the economy ignores our biggest problems.
If you put ideology on first place, competition will crush you easily. China don't care about environment and they make high fortune on it, like other countries did previously.
What frustrate me most is how EU sponsor their business from our taxes in name of care about environment. Ie grants on photovoltaic panels that are made from 95% in China or donated EV's that ruin traditional car manufacturing in EU.
China will (and does to a certain extent) care about the environment because they know it will eventually be a massive problem for them. Their single-party state has only managed to stay in power because it's been very good at driving up the standards of living. And you can only pollute so much before those standards stop going up and people start to get displeased, which is why they've been trying so hard to move up the value chain and export their pollution to other countries (via cheap loans).
It is unlikely that all people will die in the nuclear war.
Anyway, it makes no sense to put down a discussion on privacy or other human disagreements as trivial just because there is a big bomb that can wipe us out. This risk is present for many decades, and we are not able to affect it in a meaningful way. Nukes are here to stay, and eventually will be used. The important thing is to use your time until you die.
You can see in the replies here and everywhere else that the people want war. Because surely this time it is different. Governments and media made the EU citizens ready for war in the span of a few weeks. It"s truly scary.
Most people do not want war, but we have the war regardless, it has been imposed on us. In such situation, people want to keep the war as far away as possible. Hence support of Ukraine.
I'm talking about threatening nukes for helping the victim to defend. Denying existence of nation and its state. Russian TV debates with Solovyov. Religious leaders sanctioning military aggression.
None of that is civilized, but however, that is not the end of it. Covert operations blowing up arm depots in other countries. Financing anti-system helpers and being successful in finding traitors who sell classified information. Russian government having ambitions in toppling post-Cold War status quo in Europe. All this induces massive militarization in Europe, which will get stronger as Russia comes closer.
I don't understand you. Russia was finally helping the victims -- DNR and LNR -- to defend themselves. And the West is helping the bully to regain its power over victims.
Russia was not in any recognized position to help militarily any hypothetical political group in Ukraine. Ukraine was not in war with any other group than Russia. Remember, money and propaganda are a fair game, weapons to helpers and invasion are not.
The European Court of Human Rights has determined that there were no such things as DNR and LNR; they were a Russian military ruse from the get-go to justify the invasion of Ukraine.
Facts are facts. Russian representatives were given an opportunity to demonstrate how LNR and DNR were domestic separatists and not members of Russian military, and they completely failed to do so. The facts against them were overwhelming.
As to the ECHR itself, it is one of the most respected courts on the planet.
In a country where the courts themselves are corrupt. See the 6 part Dutch documentary called “De Villamoord” wherein 9 innocent people were framed and jailed. One committed suicide. At the end of every episode they post the names of the two responsible people. One of which was the former head of the organised crime unit in Arnhem. Now she is the president of the court of Maastricht. And it’s not the only time she had perverted the course of justice.
One guy wrote a book about it. Within days the book was pulled from the shelves and he was fined 17,000 euros. Now he won’t talk about it with anyone.
And in the Netherlands it’s written into law that all government officials can lie under oath without fear of being prosecuted for perjury (New addition around 2020, the law itself said anyone in a profession that has an obligation to secrecy, which is all of Dutch government these days. The real reason for the law). Yes that’s right, and I have a letter from the attorney general stating explicitly that perjury doesn’t apply to prosecutors.
I want the war in Ukraine to end, and. There are two options: to let Putin get what he want and risk my country being next, and to help Ukraine. Do you have other suggestions? Of course I would love it if Russia tomorrow decided to say "whoops sorry that was an accident" and retreated, but I find this highly unlikely.
I appreciate the downvotes, but I'm honestly looking forward to hearing a better alternative (than helping Ukraine financially and with weapon shipments). I imagine people expressing "anti-war" opinions live far away from the frontline, don't have to worry about their country being next, and it's easy for them to say "just end the war". But maybe I'm wrong. So please when downvoting also spare a minute to share what your preferred solution is.
I didn't downvote. There are alternative approaches. For example, U.S. can cease support as loss of Ukraine is not really a big problem for them, as long as Russia stays in non-NATO countries; Europe+UK can then say we won't be able to keep this together without U.S. and say Ukrainians, if you want, make a deal with Russia, and who wants to flee, you're welcome in Europe. Russia gets Ukraine and the small part of population there unable to leave or those with russian-compatible thought processes. No further war necessary for some time (in other words, we get some pause, which we will use to arm the f up).
This scenario sucks, shows weakness, it has its own risks, russian-controlled Ukraine is a big security and money problem for neighbouring states, and is not necessary while Ukraine can fight with western weapons, and thus nobody relevant wants to try it as of yet. But anti-war naives do not think that far ahead.
If Ukraine runs out of soldiers, or U.S. backs out, some variant of this may however get on the table and we will be subjected to massive militarization.
Hitler conquered several countries in under a year and there were no signs of that slowing down, Russia has been at a stand still in Ukraine for over 2 years now. Current war is closer to ww1 than ww2.
And why was Hitler's Germany able to conquer several countries and kill millions? Because big powers felt "we're afraid of repetition of the 1st war" and "peace in our time" and "let's make deal with him againt the others". Those policies caused utter disaster.
When you find a scorpion at your doorstep, even if it talks smoothly, and proposes to share the room as mutually advantageous, you don't negotiate with it.
Oh, now I see what meant by "with russian-compatible thought processes". Dehumanizing other people by likening them to insects and attributing incompatible 'thought processes' sounds familiar. The last time the USSR lost 26 million people because of European invasion.
You misunderstood. I meant the dangerous poisonous nature of the scorpion, not that I hate the insect; I am fascinated by scorpions, but I don't bring them home. I can rephrase - when Russian state official is at your doorstep, and makes suggestions that part of your space will now be his, don't negotiate.
> The last time the USSR lost 26 million people because of European invasion.
No - it lost them because it allied with Hitler in destroying Europe as it existed then. From the Winter War against Finland, to invading Estonia, Latvia and Lithuania, to invading Poland with Hitler and jointly holding a victory parade as the rest of Europe watched in horror. https://en.wikipedia.org/wiki/German%E2%80%93Soviet_military...
USSR lost many people not only because of the German invasion, but also because they had a terrible leader who co-started WW II and misjudged Hitler. And Europe and America made sure USSR won that war.
Tell me, how long other countries on the European continent fought Nazis?
>Europe and America made sure USSR won that war
That's funny, almost all of Europe fought along with Nazi with small exceptions like Greeks. And no one in Europe was in position to "make sure the USSR won the war"
Europe was divided, we know that. My people fought both against USSR and together with it against Germans. History and its significance can't be explained in single historical essay, and it certainly should not be misused to advance one's poor argument.
'Helped a little bit' are the right words. And helped only out self-preservation fearing what would happen to them if the USSR loses and its resources become available to Nazis.
My impression is that they helped a lot: they supplied the USSR with trucks, jeeps, food, clothing, experts in industrial engineering, etc; their ships endured attacks by the German navy to deliver this aid to Soviet ports; their bombing campaigns had the opposite effect on Germany, i.e., to make manufactured goods and things like refined petroleum products a lot more scarce than they would otherwise be.
Yes, their campaign in Africa too. But compare that to 2/3 (or 4/5 depending on the source) [0] of total Nazi casualties that happened on the Eastern front and now it's not so much.
The assertion this thread is talking about is, "Europe and America made sure USSR won that war". How many casualties Europe and America took in the course of doing so is a separate question. The US and Britain had competent leaders and an advantageous strategic position, so they were able to make sure the USSR won the war at a cost of relatively few US and British casualties.
Helping isn't measured by numbers of killed Nazis. It was about massive material support of the USSR so it was able to fight the aggressor and kill so many Nazis. The West enabled that.
Here, from the bigshots from USSR:
"Khrushchev went further and admitted: “Several times I heard Stalin acknowledge [Lend-Lease] within the small circle of people around him. He said that . . . if we had had to deal with Germany one-to-one we would not have been able to cope because we lost so much of our country.”"
"Perhaps the last word should be left to Marshal Georgy Zhukov, who masterminded the Red Army victories. He admitted, in a bugged conversation in 1963, that without Lend-Lease the USSR “could not have continued the war”."
Not according to Comrades Stalin and Khrushchev, who were in a position to know about such things:
I would like to express my candid opinion about Stalin's views on whether the Red Army and the Soviet Union could have coped with Nazi Germany and survived the war without aid from the United States and Britain. First, I would like to tell about some remarks Stalin made and repeated several times when we were "discussing freely" among ourselves. He stated bluntly that if the United States had not helped us, we would not have won the war. If we had had to fight Nazi Germany one on one, we could not have stood up against Germany's pressure, and we would have lost the war. No one ever discussed this subject officially, and I don't think Stalin left any written evidence of his opinion, but I will state here that several times in conversations with me he noted that these were the actual circumstances. He never made a special point of holding a conversation on the subject, but when we were engaged in some kind of relaxed conversation, going over international questions of the past and present, and when we would return to the subject of the path we had traveled during the war, that is what he said. When I listened to his remarks, I was fully in agreement with him, and today I am even more so.
-- Memoirs of Nikita Khrushchev: Commissar, 1918–1945
Those are incomparable. One is a political influence via civilized methods, money and propaganda. The other is a brutal military aggression.
The proper acceptable course of action for Putin & Co. was to compete economically and propagandistically, not invade with soldiers. They tried before with Yanukovich, but in 2014 these russian collaborators lost grip on power, and Putin & Co., instead of folding up graciously, or trying with another helper later again, went insane and tried to force their interests with military methods. That is an escalation that has no moral justification.
Overthrowing a democratically elected government in a foreign country is hardly a civilized method.
And yes, Putin was competing economically and propagandistically, but when he won and Yanukovich declined to sign a bad [0] agreement, the US, instead of "folding up graciously" like the EU did, said "Fuck the EU" [1] and went ahead with the escalation and supporting the 'revolution'.
"has no moral justification"
Of course, only Western escalations are always morally justified.
So an hypothetical sad event where Ukrainian pawns burned 42 people in Ukraine, and few Ukrainian neo-Nazis resisted Ukraine police is comparable or justifies multi-year military agression by RUSSIA that killed hundreds of thousands of people and devastated east/south of Ukraine? Do you think this is a civilized argument?
That's what escalation is. The American sponsored coup was an escalation. The reunification with Crimea and support for Eastern Ukrainian rebels was an escalation.
There was no coup in Ukraine. Yanukovych was removed from office by the constitutional majority of Ukrainian parliament with votes 328-vs-0. Not even a single member of his own party supported him.
"Finally, the constitution demands that at least three quarters of the constitutional membership of the Verkhovna Rada vote for the removal of the President in the final step. However, instead of the required 338 parliamentary deputies only 328 voted for the removal of the President." [0]
The internationally accepted standard is 2/3. Not a single country besides Russia recognized Yanukovych as the president of Ukraine after the vote, and even Russia gave up being a sore loser after a few months.
No I don't. If you want to nitpick, then for starters the Ukrainian parliament didn't go through the formal impeachment process (which requires 4/5 majority), because the Ukrainian constitution has no provisions for a situation when president and cabinet ministers just burn documents to hide tracks, run away into another country and become internationally wanted criminals.
Instead, the parliament passed a declaration saying that the government had abadoned their duties and called for early elections, and did so within the bounds of Ukrainian laws, and with an internationally recognized margin of majority for such drastic steps. There is no domestic or international case for calling early elections a coup. The whole "coup" sob story has been dead and buried for a long time. The transition of power was as clean as you can hope to get in a severe political crisis.
If you are looking for something to call a coup, then the Russian invasion of Crimea was a textbook coup.
First they came for crypto, and you guys laughed and cheered them on because “crypto and web3 sucks”
I told you then, that end-to-end encryption is far more worrying for politicians, than mere cryptographic signatures. And that they’ll be coming for it next. Because it can hide billion-dollar transfers, or CSAM, or gasp seditious material against the king.
Well, it’s not just Europe, it’s all over the world:
The above chronicles many cases even in your own country!
Today regular people are just as clueless about end-to-end encryption as many on HN are about web3 and decentralized network innovations. Think of the children!
And then they will come for the regular person, and by then there will be no one left making tools that could have helped them.
As for me and my views, I have come to believe that end-to-end encryption vs state actors is a band-aid, that if you are reduced to sneaking around then your government and agencies need fixing. Whereas digital signatures and smart contracts and decentralized networks are useful as they allow everyone to be in control of their own identity, voting, balances etc. without relying on a third party. It’s done in the open. But the difference is that it can be limited to “benign” things and enforces the rules, while everyone gets to make their own decisions and one party can’t corrupt the system.
To me, the transparency and resilience to corruption is the main thing. The sneaking around, I can see how governments can declare war on that.
> First they came for crypto, and you guys laughed
Crypto has probably done more to undermine privacy than Hoover’s FBI. Its proponents are ambitiously unlikeable, relishing their distastefulness to burnish outsider credentials. Its damage is easy to quantify in a way troublesome speech is not. And because a broad set of the population either doesn’t like it or, much more prominently, doesn’t care, it serves as a stalking horse for advancing general anti-privacy laws.
Signal is a great example. They should be a unifier for the notoriously-apathetic privacy crowd. But it isn’t. In part due to its crypto crossover. I genuinely can’t seriously take Signal as a canary of anything, because it’s unclear what motivates its leadership.
Also conflating and confusing "crypto" as in cryptocurrency and web3 bullshit with cryptography, which was arguably done on purpose by the "crypto" side, is making the problem worse. A niche but very important domain is, in general consciousness, mixed up with the scammers, and tarnished by association.
Cryptographic signatures are heavily used in these networks. People sign the transactions using elliptic-curve cryptography (or they are moving to some quantum-resistant thing). Then a blockchain or other decentralized network stores the transactions while a programming language is used to make sure that everyone and every node is following the rules.
Being able to finally trust the code instead of a middleman has the potential to be extremely useful despite your insistence that it cannot possibly have any uses because you personally don’t like it. Because trust is costly, and being able to reduce the attack surface enables much larger coordination and larger value to be managed collectively, with far less corruption.
There is no way to do commerce with physical goods without trusting either (a) your trading partner, (b) a middleman, or (c) your government. Crypto only solves the postmen of trading crypto without trust. Everything else still needs a trusted middleman.
And for things like voting, it is hundreds of times easier to verify if a paper ballot election is rigged than it is to verify if a crypto based election is rigged.
First of all, there are many more applications than commerce with physical goods. There’s global payments for services, recurring subscription models, gated access to content, contests, voting, governance, UBI, and much more. Check out https://intercoin.org/applications for a more comprehensive list.
I wrote this article in 2020 after multiple voting debacles in Iowa etc. Paper ballots and hand counting is what lost Al Gore the election for instance and George W Bush got elected, leading to a lot of wars and destruction. With all those paper butterly ballots and other things, it was actually NOT easier at all. People had to recount throughkut multiple days until the Supreme Court simply stopped them:
And now a large proportion of the country believes the 2020 election was rigged due to mail-in ballots arriving and being counted in the middle of the night. Go tell them they’re wrong. You may think they’re crazy but cryptographic signatures and valid IDs could have made it FAR more secure. Unlinkability is the only thing that is hard, for that we could have given everyone a token and used a zero-knowledge proof mixer.
In fact, that is what Google now does with its “privacy sandbox”. But you have to trust Google :-)
Commerce with software goods, or even exchange for digital traditional currencies, suffers from exactly the same problem as physical goods: there is no possible way to use the block chain to guarantee that a payment on the block chain will result in a good or service being provided outside the block chain. You can try to build more things onto the block chain itself, but that quickly becomes un scalable.
And for elections: if you think for a second that a crypto voting machine wouldn't have been cast doubt on by the people who brought you "Hugo Chavez stole the election through Dominion voting machines", then I have no idea on what planet you live.
On a separate topic, the USA is almost uniquely bad in the world, at least for rich democratic countries, in having such problems carrying out elections.
In my own, incomparably poorer, country, with a 50% rural population, we just don't have these problems. You have a 90% physical voting system: you come to the polling station, they check your ID in an electronic system to make sure you meet the voting age and haven't voted before in this election, they give you a stamp and a ballot, you stamp the ballot in a private booth, typically in a local school. You fold the ballot, and put it in a big urn. At the end of the voting day, representatives of all parties and anyone else who registered as an observer opens the urn and they all count the votes. They report the counts higher up electronically, and safely store the physical ballots. Elections happen on a Sunday, from 8 AM to 8 PM, sometimes with local extensions where a polling station is still full at the close. Preliminary results from exit polls are announced immediately at 8PM by the media. The electoral officials announce the first official preliminary results by 22PM, and then throughout the night. By 12 PM the next day, the vote count and official final results are typically out.
No "hanging chads", etc. There are plenty of other electoral issues (busing, paying for votes, strong local cliques where even representatives of different parties conspire to steal votes for a single party, bad education leading to people not knowing their rights or who to vote for, etc). But not procedural problems, and no machines that make it easy to hide systematic stealing.
At the end of the voting day, representatives of all parties and anyone else who registered as an observer opens the urn and they all count the votes. They report the counts higher up electronically, and safely store the physical ballots.
What you describe is exactly what happens in byzantine-fault-tolerant networks, and much more. But because it is done by machines, the cost is brought down by orders of magnitude so now many groups can have decision making and votes about many things every day, rather than spending billions once every few years and manually counting. This technology is made available to all, as opposed to, say, trusting the operators of a StackExchange site to not rig the periodic elections for moderators and those who will run the site. And it allows the communities eg DAOs to collectively manage larger amounts of money without worrying some director will abscond with it.
The REAL conflation has been by crypto-haters of decentralized protocols with centralized entities like FTX or Celsius. The only thing they have in common with crypto is that you can send crypto to the address they control. And then, they pinky promise they’ll take care of it. Crypto has been developed exactly to remove the need for such middlemen! While FTX fell, UniSwap and Aave Protocol didnt miss a beat. No one worries a UniSwap smart contract will rugpull then one day. Government regulation isnt needed when the code has been battle tested with billions of dollars. Just like government regulation of HTTP isnt needed even though it was needed for physical mail delivery. That’s the kind of building blocks we need for a future system — for voting too. Cheaper faster better.
It is a bit like arguing email and the world wide web is worse than the gold standard of regular mail. Look at how much innovation it has unleashed once given the chance to build on top. Sure we had chain letters and scams and phishing etc. But we also enabled trillions of dollars in ecommerce and SaaS and much more!
It is impossible for all but maybe 10 humans in the entire world to make sure a machine implements the algorithm it purports to implement. It is impossible for all but the best programmers + mathematicians to verify that the algorithms that they purport to implement achieve the safety/security goals they hope to achieve.
And yet, with crypto, it is possible for people to verify that the code matches exactly what was written, and it was publicly audited by multiple companies and battle-tested with billions of dollars in value.
UniSwap is a great example. No one ever worries that a UniSwap instance will do something nefarious. That's how the decentralized software SHOULD be. We don't need everyone to verify, but just allow ANY AUDITORS IN THE WORLD to do it.
This is trust in a middleman - the auditors. There is noting trustless about this system. For money, that's probably good enough - it's no less trustworthy than a bank. But it's FAR from enough assurance for national voting.
No. The auditors aren't actually handling your transactions. You can have N auditors sign off on code. And there's also battle-testing it in practice. Comparing that to literal middlemen -- telephone switchboard operators, banks, etc. -- is a category error
No, but you don't know if your transactions are actually safe, or even more so an election, if you don't trust these auditors. The people writing the code, running the servers, etc - you also need to trust them, and they are actually the ones handling your transactions or votes, the exact middlemen.
And again, in any fully electronic system, you need to take into account the whole system, not just one part of it. Maybe Bitcoin or Ethereum or whichever blockchain you like is indeed perfectly safe and very trust-worthy. But if I'm connecting to it to vote from a Windows PC that I last updated 5 years ago, then I'm still extremely likely to lose my private key to my money or have my vote cast for whoever Microsoft or the writers of all the malware I'm running likes best.
There is no way to make electronic voting safe. There will never be any way to make electronic voting safe. Any country doing it is playing with fire. Blockchain does nothing at all to change this one iota.
With paper ballots around the world there are already attacks at scale. Take the latest national election in the USA. Republicans claim that Democrats shipped in fake mail-in ballots or harvested them from old people, and said “trust us”. Democrats claim that Republicans closed polling stations and disenfranchised many voters at scale in districts that historically voted Democratic.
Witness all the rigged elections around the world, some strongmen getting 99% of the vote at scale. What good are the paper ballots in, say, Belarus if Lukashenko says he won? Is an average person going to be able to somehow know what happened in their own pollung station after they left, let alone across the entire country?
Having mutually distrusting parties have access to each other’s work is the very thing that enforces byzantine consensus but it can be checked and verified on-chain as each party signs off on the result, so anyone can check that 1) they looked at it and 2) they were satisfied. That’s far far better than hearing someone say “it went fine” about paper ballot recounts.
Furthermore, everyone being able to make sure their vote was counted by eg checking Merkle Proof is far more secure.
None of the above failure modes would be an issue if everyone who wanted to, could vote from their computer, scanned the QR code with their phone to verify their choice, and signed with their private cryptographic keys derived from their IDs.
> Republicans claim that Democrats shipped in fake mail-in ballots or harvested them from old people, and said “trust us”. Democrats claim that Republicans closed polling stations
Claims won’t change with a tech fix.
The point is there still isn’t evidence of wide-scale disruption. Electronic-only voting changes that from a verifiable problem to an inherently-unverifiable one. You only know the code voted, not the person.
> What good are the paper ballots in, say, Belarus if Lukashenko says he won?
Crypto ballots wouldn’t change this. If anything, I expect crypto voting to soon feature in authoritarians’ elections.
Yes you massively mitigate both systemic problems with a tech fix.
People in rural areas whose polling station closed thanks to Republicans, and who can’t drive 30 miles to the next one wanted to use the mail-in ballots. And Democrats were very happy to allow it. But then Republicans pointed out all the ways the mailing system and ballot harvesting was very unreliable. And both sides have a point. Taken to the extreme, both disenfranchisement and physical mail suck for voting.
In contrast, people could have an option to vote from their computer and use their phone to scan the QR code and confirm their vote and sign it. They can then verify their vote was included correctly!
I have explained at length how crypto would make it a lot more verifiable and reliable.
Everyone would be able to check:
1) their own vote was counted in their district
2) their own district was counted in the total
3) the number of votes and turnout in each district, matching the number of signed checkins
4) mutually distrusting parties in each district saw each ballot being cast (or a random sample) and were satisfied that the electronic record matches whatever receipt was generated
None of these can be directly verified by nearly anyone participating in a paper election.
> people could have an option to vote from their computer and use their phone to scan the QR code and confirm their vote and sign it. They can then verify their vote was included correctly!
Besides destroying the secret ballot, you can do this now! You look at the paper and the electronic count. If you’ve been a poll worker or observer, you know there are hundreds more checks a well-designed system has.
> Everyone would be able to check
Few people would be able to check any of this. (Fewer than can observe a poll today.) And it’s much easier to invent a “hack” that makes people distrust an electronic ledger than a paper one folks can audit ex post facto [1].
There is no similar audit capability for a blockchain. Did the person actually vote that way? Or was their phone hacked? Short of re-polling everyone, you cannot know.
Remotely coordinating a poll attack on paper ballots where every precinct has its own system is impossible. Crypto voting is a textbook tragedy of trying to solve a social problem with a band-aid of technology.
1) even if so, can I check my vote recorded at the district vote collection center is the same as the vote I meant to send?
More importantly, can I check the resulting numbers announced on TV/radio/online are the same as the sum of all legitimate votes, and not influenced by illegitimate votes, and not doctored?
It is very much possible with paper voting, or at least you can personally inspect every step of the way in the process for a small slice, and you can understand how others like you verify things in other slices.
Ultimately, you do need to rely on your co-citizens to help verify that the elections are valid (in a simple to verify system, i.e. paper voting), just like you need to rely on them to vote coherently and to abide by the results of the election.
I agree the believability is much better with paper trail. Paper creates hard-to-forge records that can be checked later, electronic communication is too complicated and hard to audit, especially origins of electronic records.
>Its proponents are ambitiously unlikeable, relishing their distastefulness to burnish outsider credentials.
and that was the perfect opportunity to use it as a stepping stone to dictate what consenting adults can and can't do in the privacy of their own computing devices.
now encrypted communications ("think of the children!") and local AI ("think of the environment!", which is exactly the same angle they've been using with crypto) are next, and within a few decades - general purpose computers. a few years of propaganda in the media, a cyberpandemic or two, and I'll be reading essayesque comments around here about why is it actually a good idea to ban those unethical, unsafe, environmentally-unfriendly machines and let us all subscribe to a cloud offering instead.
Exactly. If web browsers weren’t as big of an ecosystem as they were, they’d have pushed for OS makers long ago to ban them. After all, they can load abitrary content including copyrighted information and CSAM! And they can circumvent the 30% that Apple charges in the app store.
The Web was the one anomaly in the Matrix. Where it’s just too big for more countries (except China, North Korea, and soon Rusia) to bring to heel.
Browser makers are really your last line of defense. And rather than making MORE decentralized ecosystems, the geeks on HN spent a decade fighting against anything that smelled of decentralized encryption and digital signatures. Which is sad! We could have had far more innovation and reached critical mass same as the Web did. Instead, small teams working on Freenet or MaidSafe (Autonomi) are our best hope for a privacy future.
And it can be banned at the protocol level.
I guess Matrix and Tor might be considered the only successful projects for privacy, and Tor kinda sucks for real privacy because it’s basically still a web host.
The same people who say they can’t take Signal seriously as a canary for anything because they did something with crypto are total cheerleaders for OpenAI even after it disbanded its ethics and alignment boards and did a lot of shady stuf. “Because crypto sucks in every way possible” and “because AI is awesome”. What about nuance and substance? This is HN.
If you ask the average person, they’d say that people on HN and their snarky attitudes are far more unlikable than the people building decentralized networks that empower people.
Vitalik Buterin. Tim Berners-Lee. Ian Clarke. The teams at IPFS, MaidSAFE, Freenet. I have interviewed many of them and spoken w them. They are humble, good people trying to make the world a better place. You just enjoy shitting on anything that has the word “web3”. Actually that keyword attracts automatic downvotes on HN since 2021, as in 3 seconds after you post.
Try visiting, say, https://forum.autonomi.community/ or https://ethereum-magicians.org/ and see now nice, courteous and constructive nearly every participant and post is. They are solving hard problems. Not shooting down snarkily anything in a cargo-cult fashion.
I don’t know Europe’s polling. But in America, the majority is against [1][2]. (The only ones showing marginal favour ability are industry polls [3] by low-quality pollsters [4].)
> You just enjoy shitting on anything that has the word “web3”
I’ve made a lot of money from investing in companies that do things around crypto. Its users are a population willing to pay high fees for nebulous ideological points, almost uniquely so outside religion and politics.
Now show me what the majority thinks of “tech bros” commodifying everything and taking away everyone’s jobs, including and especially with OpenAI.
Oh wait that part is awesome and people should just atop worrying and learn to love the bomb…
I just don’t like the selective double standard of these arguments. Far less people are worried about blockchain than about AI, and the public is CORRECT. Because with Web3 even with the shittiest of shitcoins people only stand to risk what they voluntarily put at risk. While AI can harm millions of people who never opted in, and wanted nothing to do with it, across the entire world, their lives are going to change kicking and screaming, and you say “they should get used to it”.
It is the politicians and banks looking to ban things because they are worried about competition to, say, CBDCs. And if you cheer them on then don’t get upset when they ban end to end encryption by the same reasoning. People actually want the freedom to choose their own digital assets. They aren’t sneaking around, they just want choice and the Republican party has come around to supporting crypto for instance. Even DT.
> Now show me what the majority thinks of “tech bros”
Declining but better than crypto, though the recency of the polling leaves much to be desired [1][2].
> taking away everyone’s jobs, including and especially with OpenAI
Honestly, an AI that writes and launches web3 projects would be hilarious.
Also, I’d single out AI—and Altman, specifically—as demonstrating that same unlikeability. The two industries currently clamouring for harsh regulation are AI and crypto.
> politicians and banks looking to ban things because they are worried about competition to, say, CBDCs
Banks lobby for crypto. It’s insanely profitable compared to regulated fare.
Who do you think has been pushing the ETF and custody rules?
> While AI can harm millions of people who never opted in
The entire thread is about crypto trashing everyone’s privacy.
Agreed about Altman, and once again I am trying to point out the key difference: AI can impose massive negative externalities on billions of people who have never opted in, whether they like it or not — while even the shittiest of shitcoins in crypto can only lose you what you voluntarily chose to put at risk. For many people that was under $1000, and for even more it was $0.
To me that is why I consider AI far more dangerous than cryptocurrnecies of any kind. And smart contracts can do far more than cryptocurrencies… while decentralized byzantine-fault-tolerant networks can do even more.
The public fears AI far more than they fear Web3. As for the banks, they couldn’t have exposure to these assets until the ETFs came about, because of laws. And these assets only became interesting because millions of regular people around the world bought into that ecosystem and started using it. The innovation in DeFi was far greater than in regulated FinTech, and without all the arcane needs for interoperability with legacy stuff that still uses fax machines and COBOL. Similarly to how packed switched decentralized VoIP completely eclipsed switchboard operators and legacy telephone networks and trusting the operators like Ma Bell! The costs dropped nearlh overnight to zero and the quality increased, while decades of government antitrust couldn’t achieve anything close to that!
I support (some forms of) cryptocurrencies and I support end-to-end encrypted messaging, but combining both in the same app is so obviously unintelligent that questioning the motives is inevitable.
Cryptocurrencies are taxable assets. While private communication enjoys some legal protections in many countries, trading taxable assets does not.
If an app allows you to trade taxable financial assets, it means that tax authorities have every right to demand access, even if it's just to confirm your claim that you didn't use the feature.
I mean, politicians who push bad wars do far, far more damage than a terrorist ever could. Politicians who push authoritarian domestic policies instill fear into the hearts of more people than a terrorist ever could.
The only way anything can continue working in practice is if it’s decentralized, and served by different websites secured bu https rather than one app in one app store. Hard to take them all down.
The thing with https of course is that the governments can insist that browsers include their backdoored certificates. But the browsers are large enough that it’s difficult to get them to do it. China’s Great Firewall probably can. But in order for that to happen they have to prevent packets encrypted with the non-backdoored certificate chain from being routed. That requires serious control over all the networks.
This is partly why I started Qbix. So people can host whatever they want on computers of their choice. Without this decentralization, the governments are two steps away from mandating ALL your voice conversations are scanned, transcribed and analyzed by AI at the edge. Microsoft Recall + message and voice scanning = 1 step away from total panopticon of everyone everywhere. And with superintelligent AIs doing precrime based on everyone’s conversations!
If CAs start to get backdoored, people can operate a la web of trust or other asymmetric protocol where the public key is posted on a public board and the server can verify its ownership of the private key without a third party other than the public notice. More work but should be doable.
They won’t be able to operate that over public networks in China, because the routers will drop their packets.
You’d need to roll your own mesh network — definitely doable in local areas but the question is how to connect them over wider distances without going through the Great Firewall. Satellites?
Go make a protocol that fools all the AIs from every angle, that are scanning 24/7. They can get you on the metadata pattern alone, nevermind even the content.
Signal introduced its MobileCoin integration in 2021. It was completely pre-mined, with the majority of coins distributed to its founders and investors. Moxie sold out his reputation with that disingenuous cash grab.
Now, three years later, Telegram is following in Signal's footsteps with another shitty crypto integration. I don't know the details of that one, but I wouldn't be surprised to learn that its another cash grab.
----
According to the latest draft regulation dated 28 May (Council document 9093/24), which is presented as “upload moderation”, users of apps and services with chat functions are to be asked whether they accept the indiscriminate and error-prone scanning and possibly reporting of their privately shared images, photos and videos. Previously unknown images and videos are also to be scrutinised using “artificial intelligence” technology. If a user refuses the scanning, they would be blocked from sending or receiving images, photos, videos and links (Article 10). End-to-end encrypted services such as Whatsapp or Signal would have to implement the automated searches “prior to transmission” of a message (so-called client-side scanning, Article 10a). The initially proposed scanning of text messages for indications of grooming, which is hardly being used to date, is to be scrapped, as is the scanning of voice communication, which has never been done before. Probably as a concession to France, the chats of employees of security authorities and the military are also to be exempted from chat control.
----
Strange times we live in. Entertaining, but strange.
[1] - https://www.patrick-breyer.de/en/majority-for-chat-control-p...