By making a minor concession EU governments hope to find a majority next week to approve the controversial „chat control“ bill. According to the proposed child sexual abuse regulation (CSAR), providers of messengers, e-mail and chat services would be forced to automatically search all private messag
I like how patrick breyer makes a warning with all the logical points.
Especially this:
“Fourthly, scanning for known, thus old material does not help identify and rescue victims, or prevent child sexual abuse. It will actually make safeguarding victims more difficult by pushing criminals to secure, decentralised communication channels which are impossible to intercept even with a warrant.”
I am not sure what the people over there think, but the criminals will not just continue using these services.
Would a way to legally bypass this be an app that can “encrypt” your text before your send it. The government would be able to see all of your messages but it would be scrambled in a way that they couldn’t read it.
Something where both people would install the same text scrambling app and generate the same key to scramble all text (would need to do in person). They would then type all their text into the app and it would scramble it. The user would then copy The Scrambled text and send it over any messaging platform they want. The recipient would need to copy the text and put it back into the scrambling app to descramble it.
The only ones I have seen that even publish a key for me to use are a few famous internet individuals (people like Richard stallman, (I don’t know if he specifically uses it)), a few companies like mullvad, a few orgs like EFF, whistleblowers, and a few governmental organisations like the Financial Supervisory Authority in my country.
@lud@makeasnek With more government controls and intervention, its possible. I learned how to use PGP pretty efficiently but there is absolutely no one in my daily life that also uses it.
Manual encryption with personal keys may become the norm if less and less services are able to use it.
Assume any encrypted system can be decrypted at some point anyway. The best encryption is at the source- your language and the way you present the message you want to keep hidden.
Of course, this does not apply to people who just want their general conversation encrypted. To you, I say you’re out of luck and I’m sorry.
I suspect you can easily relate to the frustration of being dragged into arguments on irrelevant details of a thing for which the actual concerns are fundamental in nature. That’s not nothing.
I wonder if projects like Signal could make a community run and certified hash database that could be included in Signal et al without threat of governments and self-interested actors putting malicious entries in. It definitely doesn’t solve every problem with the client side scanning, but it does solve some.
But… an open, verifiable database of CSAM hashes has its own serious problems :-S
Maybe an open, audited AI tool that in turn makes the database? Perhaps there’s some clever trick to make it verifiable that all the hashes are for CSAM without requiring extra people to audit the CSAM itself.
Yes, though doesn’t client side scanning do that anyway? Or must the client side scan be completely secret and also only communicate to law enforcement/whatever secretly?
Not in places where constitutions are not the ultimate authority AND written such that they form negative rights by only limiting the governments power. That’s in all those places whose immigrants to America get on TV and call America’s constitution anachronistic.
You forget to mention, a constitution that is written (and properly commented) in such a way that it doesn’t require any interpretation; and that will receive periodic review and updating according to cultural and historical development; and that holds actual punishment for lawmakers who violate the constitution. Not saying that i know of any such thing.
I sometimes wonder about this. I hugely value my private communication, and I grew up in a world with that ideal. But with the rise of more cleverly invasive apps and tracking, and ease of someone else putting a video of you online, and so on, I sometimes think about a world where non face-to-face communication isn’t private any more.
I don’t know what I think of that world.
After all, we haven’t always had private, at-a-distance communication, especially for all people
But what liberty is essential? Proveably secret postcards to people on the other side of the world?
That’s also quite a harsh quote to bring in the context of the many hidden erosions of privacy - would you say the tick-tockers don’t deserve privacy or safety because they chose that social ability over a privacy they little understand?
Essential in the sense of privacy being central to our nature. We all deserve, and indeed, need our privacy. In the USA, the 4th Amendment guarantees “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated…” without sufficient evidence of wrongdoing. Any reasonable modern interpretation of that amendment should include electronic documents and communication.
I’m not sure why you would think that I believe tick-tockers should not have privacy protection. Any app that invades the users 'privacy should be banned for the same reason that end-to-end encryption should not be banned. If Tick-Tock refuses to respect the privacy of people’s non-Tick Tock communication then the app should be banned.
Essential in the sense of privacy being central to our nature
Yeah, I’m on board with that. Really what I was thinking about was imagining a world where internet presence is not a place where there’s privacy - like if you meet a friend in public, and talk on a park bench, you can’t assume no one will see you. You know that, and accept that, and adapt accordingly.
I want a world where internet communications are private and their metadata are also private, and my internet use is private… But I’m contemplating the what ifs of a different world, and how best to live in it, and how to help my children and children’s children live in it. I do think fighting for better laws and protections is part of that and I’m incredibly grateful for people like the eff; but I think it’s also worth thinking about how we can find ways to live in a new environment, understanding that society’s rules around us don’t always work in the best ways.
(On that note: you’re quoting the US Constitution a matter of EU ruling…)
I’m not sure why you would think that I believe tick-tockers should not have privacy protection.
Just your quote, that says such people who give up some liberty don’t deserve any. I suppose you didn’t mean it that way but it seemed harsh.
Just your quote, that says such people who give up some liberty don’t deserve any. I suppose you didn’t mean it that way but it seemed harsh.
Fair. Old Ben meant it harshly, I’m sure.
As for the internet being a public space where privacy shouldn’t be assumed, I have to disagree. There is far too much activity on the net that would never be conducted in a place where there is no assumption of privacy. Clearly things like banking matters need to be private and secure, but I include in this things like romantic matters. If any government can access any data on the internet that they want they any oppressive government will do so. In addition, any opening for government will be exploited sooner or later by criminals as well.
Tangential, but Lemmy is filled with smart people so I’m going to ask: is it possible to legally make it impossible for wireless signals to work within your own home? That is, how would one dampen access to wireless networks? Would this require illegal use of signal jamming devices as I imagine a Faraday cage would be too difficult to make in a room.
Edit: where else on Lemmy could I ask this sort of question?
mobsters did that in their houses, people who buy them often only learn about the previous owner after realizing that one or two rooms are faraday cages - zero wifi or cellular.
The FCC has a lot of regulations on it. From what I remember active jamming within the home is still wildly illegal. Depending on the size of your house/room, a far as at cage wouldn’t be too difficult, especially if you did it during construction. If you’re on a budget and don’t mind looking crazy you can line a closet with tinfoil and connect it to ground.
Kind of, but written communication for everyone hasn’t even always been a thing. And cryptic letters perhaps aren’t reliable secrecy for ordinary people against trained spying. And anonymity… not without other layers to your communication. And all of that not for your ordinary postcard home: it’s something you do in special situations.
I don’t think the new law would outlaw encrypting messages to your friend with PGP; nor having a second phone that you leave at the library for anonymity.
People in Reddit and sometimes here always praise the EU as some bastion of privacy, and I always got downvoted when I said that this isn’t always true. And now here we are. I hope people don’t forget this after a month, like they always do.
Yeah, no. What’s likely to happen is that you will remember this, completely miss the memo that the law didn’t pass and then go on spreading misinformation about the EU.
They will, and you’re screaming into the wind sadly.
What you can do is never forget and base your voting decisions to include this as a priority going forward. Endorse and support companies that protect privacy.
It’s a long uphill battle and every little thing can help no matter how small.
This is almost definitely not going through the ECJ. If they pass this directive I’m gonna take my chances.
Thanks to the Matrix protocol there is no chance of getting rid of E2EE communication anyway. There is no feasible way to stop decentralized communication like that, no without killing the internet.
Also I would add, not like this is unanimously supported in EU among memberstates. So this isn’t a done deal, this is a legislative proposal. Ofcourse everyone should activate and campaign on this, but its not like this is “Privacy activists vs all of EU and all the member state governments” situation. Some official government positions on this one are “this should not pass like it is, breaking the encryption is bad idea”.
Wouldn’t be first time EU commission proposal falls. Plus as you said ECJ would most likely rule it as being against the Charter of Rights of European Union as too wide breach of right to privacy.
Wait, you have a choice to vote for either puppet 1, puppet 2, or puppet 3. Your choice matters! … as long as the politicians podiums are provided by the rich we don’t have a real say.
As I remember at the moment partly Von Der Leyen, the current Commission president. She is a German Christian democrat and apparently bit with capital C. Meaning she has bit of a moral panic streak on her of the “won’t you think of the children” variety. As I understand this current proposal is very much driven by her.
However her driving it doesn’t mean it sail through to pass as legislation. Some whole memberstate governments are against the encryption busting idea.
And the fact that Ylva Johansson, being technologically illiterate as well as a close bed buddy with companies in the surveillance industry that stand to earn a crap load of money doesn’t help…
I’m sure they will tell you it’s weighing the security (against terrorists, criminals, etc) of the many against the security (from seeing dick pics or messaging a mistress) of the few.
If apps would turn off e2e encryption, how would it be? Would it affect bordering regions? Users of VPNs inside EU?
My country proposed a ban on VPN software (targeting appstores providibg them), it can also target messengers. If I get a EU version of this app, or if I use a european VPN to connect via it, would I be less safe sending political memes?
While this would be terrible if it passes, a part of me hopes a silver lining would be a massive surge in open source development focusing on privacy respecting software that does not follow or enable this disgusting behavior by the eu
When I said privacy respecting software, I definitely did not mean windows or Mac lol. Open source is the only way to actually know something respects your privacy, so both those pieces of software are inherently not that. Linux for life!
That’s like already the thing, if I modify my little “secure encrypted sharing protocol” windows will flag it as a virus if I send it (the software) to someone … Then after some time it’s ok. Guess it’s about those antivirus heuristics, but it’s not like it’s not putting a big stick in my bicycle wheel.
The Google bootlickers tell me my phone is at risk since it’s rooted. As if every single Linux, Unix, and Windows box doesn’t have root access for specific users. And Windows is so flawed they require a privilege escalation to perform fairly innocuous functions.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !privacy@lemmy.ml
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
Don’t promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
I like how patrick breyer makes a warning with all the logical points. Especially this: “Fourthly, scanning for known, thus old material does not help identify and rescue victims, or prevent child sexual abuse. It will actually make safeguarding victims more difficult by pushing criminals to secure, decentralised communication channels which are impossible to intercept even with a warrant.”
I am not sure what the people over there think, but the criminals will not just continue using these services.
Would a way to legally bypass this be an app that can “encrypt” your text before your send it. The government would be able to see all of your messages but it would be scrambled in a way that they couldn’t read it.
Something where both people would install the same text scrambling app and generate the same key to scramble all text (would need to do in person). They would then type all their text into the app and it would scramble it. The user would then copy The Scrambled text and send it over any messaging platform they want. The recipient would need to copy the text and put it back into the scrambling app to descramble it.
This is how PGP works and is pretty widely used. https://en.m.wikipedia.org/wiki/Pretty_Good_Privacy
If they can scan it, they can edit it.
Correct. Though signatures can help.
just in time.
connect the dots.
Good. Nothing to hide here.
Edit: Terrorists be downvoting
If supporting privacy is terrorism, I’m proud to be a terrorist.
Yikes. One thing is supporting privacy, and another to call oneself a proud terrorist. Imagine calling yourself a proud 9/11 plane crasher.
Shaming tactics don’t work on intelligent individuals. Try harder.
Imagine calling yourself an “intelligent individual” lol
I wonder if openPGP will ever gain popularity.
The only ones I have seen that even publish a key for me to use are a few famous internet individuals (people like Richard stallman, (I don’t know if he specifically uses it)), a few companies like mullvad, a few orgs like EFF, whistleblowers, and a few governmental organisations like the Financial Supervisory Authority in my country.
@lud @makeasnek With more government controls and intervention, its possible. I learned how to use PGP pretty efficiently but there is absolutely no one in my daily life that also uses it.
Manual encryption with personal keys may become the norm if less and less services are able to use it.
Assume any encrypted system can be decrypted at some point anyway. The best encryption is at the source- your language and the way you present the message you want to keep hidden.
Of course, this does not apply to people who just want their general conversation encrypted. To you, I say you’re out of luck and I’m sorry.
I suspect you can easily relate to the frustration of being dragged into arguments on irrelevant details of a thing for which the actual concerns are fundamental in nature. That’s not nothing.
yep, like a magician driving your sight to his left hand…
I wonder if projects like Signal could make a community run and certified hash database that could be included in Signal et al without threat of governments and self-interested actors putting malicious entries in. It definitely doesn’t solve every problem with the client side scanning, but it does solve some.
But… an open, verifiable database of CSAM hashes has its own serious problems :-S Maybe an open, audited AI tool that in turn makes the database? Perhaps there’s some clever trick to make it verifiable that all the hashes are for CSAM without requiring extra people to audit the CSAM itself.
You’re unfortunately also handing people distributing csam a way to verify whether their content would be detected by checking it against the database
Yes, though doesn’t client side scanning do that anyway? Or must the client side scan be completely secret and also only communicate to law enforcement/whatever secretly?
citizens have the right to private communication.
Not in places where constitutions are not the ultimate authority AND written such that they form negative rights by only limiting the governments power. That’s in all those places whose immigrants to America get on TV and call America’s constitution anachronistic.
You forget to mention, a constitution that is written (and properly commented) in such a way that it doesn’t require any interpretation; and that will receive periodic review and updating according to cultural and historical development; and that holds actual punishment for lawmakers who violate the constitution. Not saying that i know of any such thing.
I sometimes wonder about this. I hugely value my private communication, and I grew up in a world with that ideal. But with the rise of more cleverly invasive apps and tracking, and ease of someone else putting a video of you online, and so on, I sometimes think about a world where non face-to-face communication isn’t private any more.
I don’t know what I think of that world.
After all, we haven’t always had private, at-a-distance communication, especially for all people
Benjamin Franklin once said: “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”
This still applies.
But what liberty is essential? Proveably secret postcards to people on the other side of the world?
That’s also quite a harsh quote to bring in the context of the many hidden erosions of privacy - would you say the tick-tockers don’t deserve privacy or safety because they chose that social ability over a privacy they little understand?
Essential in the sense of privacy being central to our nature. We all deserve, and indeed, need our privacy. In the USA, the 4th Amendment guarantees “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated…” without sufficient evidence of wrongdoing. Any reasonable modern interpretation of that amendment should include electronic documents and communication.
I’m not sure why you would think that I believe tick-tockers should not have privacy protection. Any app that invades the users 'privacy should be banned for the same reason that end-to-end encryption should not be banned. If Tick-Tock refuses to respect the privacy of people’s non-Tick Tock communication then the app should be banned.
Yeah, I’m on board with that. Really what I was thinking about was imagining a world where internet presence is not a place where there’s privacy - like if you meet a friend in public, and talk on a park bench, you can’t assume no one will see you. You know that, and accept that, and adapt accordingly.
I want a world where internet communications are private and their metadata are also private, and my internet use is private… But I’m contemplating the what ifs of a different world, and how best to live in it, and how to help my children and children’s children live in it. I do think fighting for better laws and protections is part of that and I’m incredibly grateful for people like the eff; but I think it’s also worth thinking about how we can find ways to live in a new environment, understanding that society’s rules around us don’t always work in the best ways.
(On that note: you’re quoting the US Constitution a matter of EU ruling…)
Just your quote, that says such people who give up some liberty don’t deserve any. I suppose you didn’t mean it that way but it seemed harsh.
Fair. Old Ben meant it harshly, I’m sure.
As for the internet being a public space where privacy shouldn’t be assumed, I have to disagree. There is far too much activity on the net that would never be conducted in a place where there is no assumption of privacy. Clearly things like banking matters need to be private and secure, but I include in this things like romantic matters. If any government can access any data on the internet that they want they any oppressive government will do so. In addition, any opening for government will be exploited sooner or later by criminals as well.
Tangential, but Lemmy is filled with smart people so I’m going to ask: is it possible to legally make it impossible for wireless signals to work within your own home? That is, how would one dampen access to wireless networks? Would this require illegal use of signal jamming devices as I imagine a Faraday cage would be too difficult to make in a room.
Edit: where else on Lemmy could I ask this sort of question?
Yeah shielding. Totally passive.
mobsters did that in their houses, people who buy them often only learn about the previous owner after realizing that one or two rooms are faraday cages - zero wifi or cellular.
The FCC has a lot of regulations on it. From what I remember active jamming within the home is still wildly illegal. Depending on the size of your house/room, a far as at cage wouldn’t be too difficult, especially if you did it during construction. If you’re on a budget and don’t mind looking crazy you can line a closet with tinfoil and connect it to ground.
I imagine you could come up with something relatively easy to put on the walls/ceilings to block signals if you really felt like it.
Making it look like a sane person’s house might be a little more difficult though
We always had. Many people wrote personal notes/letters in cryptic ways to prevent unwanted readers from deciphering it.
Imagine a word where we would teach children not to make their own cypher because this is illegal. What a distopian society.
Kind of, but written communication for everyone hasn’t even always been a thing. And cryptic letters perhaps aren’t reliable secrecy for ordinary people against trained spying. And anonymity… not without other layers to your communication. And all of that not for your ordinary postcard home: it’s something you do in special situations.
I don’t think the new law would outlaw encrypting messages to your friend with PGP; nor having a second phone that you leave at the library for anonymity.
People in Reddit and sometimes here always praise the EU as some bastion of privacy, and I always got downvoted when I said that this isn’t always true. And now here we are. I hope people don’t forget this after a month, like they always do.
Maybe say this after this passes.
That’s the attitude I was talking about 😄
Yeah, no. What’s likely to happen is that you will remember this, completely miss the memo that the law didn’t pass and then go on spreading misinformation about the EU.
They will, and you’re screaming into the wind sadly.
What you can do is never forget and base your voting decisions to include this as a priority going forward. Endorse and support companies that protect privacy.
It’s a long uphill battle and every little thing can help no matter how small.
This is almost definitely not going through the ECJ. If they pass this directive I’m gonna take my chances.
Thanks to the Matrix protocol there is no chance of getting rid of E2EE communication anyway. There is no feasible way to stop decentralized communication like that, no without killing the internet.
Also I would add, not like this is unanimously supported in EU among memberstates. So this isn’t a done deal, this is a legislative proposal. Ofcourse everyone should activate and campaign on this, but its not like this is “Privacy activists vs all of EU and all the member state governments” situation. Some official government positions on this one are “this should not pass like it is, breaking the encryption is bad idea”.
Wouldn’t be first time EU commission proposal falls. Plus as you said ECJ would most likely rule it as being against the Charter of Rights of European Union as too wide breach of right to privacy.
What is wrong with the eu? Why do they need to always ban end to end encryption?
5 eyes. Politicians are puppets.
Wait, you have a choice to vote for either puppet 1, puppet 2, or puppet 3. Your choice matters! … as long as the politicians podiums are provided by the rich we don’t have a real say.
As I remember at the moment partly Von Der Leyen, the current Commission president. She is a German Christian democrat and apparently bit with capital C. Meaning she has bit of a moral panic streak on her of the “won’t you think of the children” variety. As I understand this current proposal is very much driven by her.
However her driving it doesn’t mean it sail through to pass as legislation. Some whole memberstate governments are against the encryption busting idea.
Von Der Leyen is a swinger clubber
And the fact that Ylva Johansson, being technologically illiterate as well as a close bed buddy with companies in the surveillance industry that stand to earn a crap load of money doesn’t help…
I’m sure they will tell you it’s weighing the security (against terrorists, criminals, etc) of the many against the security (from seeing dick pics or messaging a mistress) of the few.
The thing that always kills me about that phrase is “the needs of the many” are “the needs of the few,” because “the many” is just a gaggle of “fews.”
Lobbyists.
Lobbiests are probably the one reason they haven’t passed such anti-privacy laws, actually.
There’s lobbying on both sides
If apps would turn off e2e encryption, how would it be? Would it affect bordering regions? Users of VPNs inside EU?
My country proposed a ban on VPN software (targeting appstores providibg them), it can also target messengers. If I get a EU version of this app, or if I use a european VPN to connect via it, would I be less safe sending political memes?
While this would be terrible if it passes, a part of me hopes a silver lining would be a massive surge in open source development focusing on privacy respecting software that does not follow or enable this disgusting behavior by the eu
Software which may be made illegal.
How would such a ban ever be enforceable?
Ostensibly via TCPA.
Fuck thats terifying.
It wouldn’t be, on Linux at least
Gamers are here and coming in mass and don’t care about FOSS or security, so I won’t hold my breath.
Unless TCPA is implemented by manufacturers.
How are many other similar bans enforceable? Like CSM itself. With a lot of difficulties.
If you are using Windows or mac, they will be first in line to implement “protection” against “insecure software” :)
When I said privacy respecting software, I definitely did not mean windows or Mac lol. Open source is the only way to actually know something respects your privacy, so both those pieces of software are inherently not that. Linux for life!
That’s like already the thing, if I modify my little “secure encrypted sharing protocol” windows will flag it as a virus if I send it (the software) to someone … Then after some time it’s ok. Guess it’s about those antivirus heuristics, but it’s not like it’s not putting a big stick in my bicycle wheel.
Or Android with Google Play. It already does this BS, even if you disable scanning.
Lineage/Graphene/DivestOS here I come.
Yesterday Google play kindly un-installed KDE connect for my “security” as it is a “dangerous app”
I promptly re-installed from f-Droid.
But all the Google defenders will say “it was for our own good” or the app dev did something that looked suspicious. 🤦♂️
And since I didn’t want to root my old phone, I just disabled all of the Google services via adb.
But, but, now your phone could be hacked!! 🤣
(yes, sarcasm, lol)
The Google bootlickers tell me my phone is at risk since it’s rooted. As if every single Linux, Unix, and Windows box doesn’t have root access for specific users. And Windows is so flawed they require a privilege escalation to perform fairly innocuous functions.
Just imagine the headline we’d see in the west if this was happening in China.