Its really really great that in a time where fascists gain more and more influence in several EU states, we also make it possible to massively spy on citizens :)
I am sure they will only use it against Pedos and Terrorists! ;)
Europol already said it would use it to fight „illegal migration“ and „human traffickers“ and drug dealers
A french politian demanded to use it against „Drag Queens“ and museums
An italian politian proposed to use chat control against „human traficking“ (in this case a dogwhistle for people, that rescue migrants), organ traffickers, illegal trading of weapons and drug dealers.
Some important german polititians want to expand it against antisemitism, far right extremism and child pornography
A lobbyist and another german politian want to also use it against illegally downloaded movies and music.
https://netzpolitik.org/2023/ueberwachung-politiker-fordern-ausweitung-der-chatkontrolle-auf-andere-inhalte/ (article in german)
Surprise surprise!
Where there’s a through, the pigs will come.
And they’ll screech like banshees when you mention the same or higher standards of transparency should apply to the rich and politicians themselves.
They’re the same people.
Well, not the same people. The surveillance people are authoritarian fascists that have been in government parties a lot longer than the newer parties with similar views.
Facism is not the same thing as wanting mass surveillance. Or is your definition fascist = bad?
Well, mostly I was thinking of the extreme nationalist views that most of these kinds of politicians showed in the past when they e.g. created intelligence agencies that completely ignored any international agreements, basic rights,… to ensure the supremacy of their own nation and their influence within it.
Well, I meant that they all belong to the same group, fascists.
Fourthly, scanning for known, thus old material does not help identify and rescue victims, or prevent child sexual abuse. It will actually make safeguarding victims more difficult by pushing criminals to secure, decentralised communication channels which are impossible to intercept even with a warrant.
This point is huge, and on its own explains why half baked compromises are worthless.
The criminals will use banned chat apps, while innocent people get their messages read.
The reason they don’t care about that is that the whole thing isn’t about protecting children at all but about surveillance of the vast majority of people.
This. There are already plans on expanding what the surveillance is used for, as soon as it is possible to begin with.
“Think of the children” is just the trick they’re using to get their foot in the door. It being utterly ineffective in doing what they claim it’ll do, is irrelevant.
Well that’s the point, catching CSAM is just a very convenient excuse. Once that’s through, it will just be a matter of extending it to terrorism. Then you can declare anyone a terrorist and bam you have free reign to monitor anyone you want.
Or you could just accuse them of the really dangerous crimes, like copyright violations or insulting politicians.
That requires some kind of proof or bureaucratic fuckery. If you take any ecologist group for instance, you just have to pin a terrorist label on them, and bam, now you can spy on them legally. They’re trying to do it in France right now.
Germany too. They are trying to label the climate change protests by the “Letzte Generation” (Last generation) group as organized crime and terrorism.
Your first mistake was assuming it’s an attempt in good faith.
I want cameras and microphones in every politicians house, in every room. These record 24/7 and will be live-streamed on twitch. Any politician against this proposal is obviously a child-abusing terrorist, or do they have something even worse to hide?
Zero privacy to world leaders and absolute privacy to citizen would be ideal.
Don’t forget all their offices and vehicles.
Time to become a proud criminal. When law becomes tyranny, resistance becomes moral.
The law restricts providing a commercial service in the EU that provides end-to-end encryption without monitoring of the content of communications, not using end-to-end encryption. Unless you’re planning to run some kind of underground messaging service, you probably won’t be the one violating the law.
What is to stop a company from offering their services in the EU though? As long as they don’t legally cooperate with the EU it should be fine. Like Telegram operating from Russia (if they weren’t collaborators already).
Well, depends on the jurisdiction where they are operating from.
In the US, if you’re intentionally offering commercial services in the EU (and while the US and EU definition of that may differ, I don’t think that the difference is broad enough to matter much from the standpoint of services that are being affected), my understanding is that the US will honor EU jurisdiction, and will enforce rulings against companies. Now, you have to actually be doing business under the US standard of doing business in the EU for this to apply – like, this can’t just be some random non-commercial server that you set up and then let anyone on the Internet use, as the US doesn’t consider that doing business in the EU. A US-based lemmy/kbin server isn’t going to be considered by the US to be doing business in the EU, but if its operator, for example, says “hey Europeans, donate money here and avoid restrictions”, then that’s targeted advertising to the area and the US will consider that to be doing business in Europe. Someone like Whatsapp definitely can’t just say “oh, my servers are in the US, ergo EU law doesn’t count, and I’m going to go right on selling ads and services and such in the EU and whatever else I do”.
For somewhere like, oh, Russia, Russia may not care about enforcing EU law. However, that isn’t a blank check.
First, it may be a pain for the EU to act against Telegram itself, but if money is involved, so are payments. It’s not hard for the EU to act against payment processors – banks, Visa, stuff like that. If a service is getting payment either directly from people in the EU or from advertisers in the EU, the EU can tell the payment processor to cut them off. The payment processor isn’t going to fight the EU on that; this sort of thing happens regularly.
Second, if you’re using an illegal service, the EU might wind up having EU ISPs block it. Russia has been running around requiring ISPs to ban certain sites. The EU hasn’t done that yet, but it could. I am not at all convinced that in the long term, it won’t be the norm for countries to have a list of “banned” services that they require their ISPs to block. I am pretty sure that there are a number of parties who would like piracy sites to be blacklisted, for example.
https://en.wikipedia.org/wiki/List_of_websites_blocked_in_Russia
Third, from an individual standpoint, that means that someone in the EU is not going to be getting any EU legal protection, in the privacy sphere or elsewhere. Now, maybe the technical benefits of having end-to-end encryption outweigh that for the user, but stuff like traffic analysis on messages and the security of the client may be up for question.
Specifically for Telegram, I haven’t used Telegram, so I don’t know how it handles key distribution, which you need to do for end-to-end encryption – OTR, for example, needs some pre-existing shared secret or secure sideband channel to bootstrap trust between two users. It looks like Telegram provides source, but for that to be useful, one needs to believe that someone trustworthy has validated the source, that the binary for the client is a legitimate build from that source, and that you have properly distributed keys with the other user using that client. Those can all be done with a lack of legality, but my guess is that a lack of legality likely makes it harder.
-----BEGIN PGP MESSAGE----- enters the chat
Most people don’t use PGP/GPG, despite it being generally available.
If the vast majority of people don’t use something, it doesn’t matter much whether it exists.
A service that makes end-to-end encryption easy for the vast bulk of the public is another story.
Most people also do not care about privacy or understand anything about encryption.
If this shit was to happen, it would hit the news for a cycle, some people would get slightly upset and then it would go on with the next thing.Most people here care a lot about these things and are technically inclined. But we are a minority.
But you know who does use PGP/GPG to manually encrypt their messages?
Child traffickers.
“If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.” - Richelieu (disputed)
Lol guess we can kiss post-quantum TLS goodbye.
This is going to have catastrophically negative effects for the internet in general. And, as others have said, actual bad actors will just keep using the most advanced encryption available anyways. This only makes the vast majority of internet users less secure and easier targets for exploitation.
Great. That would probably mean a ban for Telegram would also be needed, as they’re known to not bow to local surveillance-laws.
I’m all for doing everything to find effing pedos, but I’ll doubt it will help catch one. Who would be so dumb to do illegal things on the surface-web?
Telegram is already not encrypted by default. Signal is the interesting app - they don’t even have the data to bow to data requests.
deleted by creator
You want Matrix protocol then and apps like Element.
deleted by creator
I use Element right now, will they be affected by this new law?
In theory possibly but it’s not like EU can block it
That would be nice, but most likely that would also mean that getting every service to make changes at around the same time pretty much impossible - which would be essential when e.g. the protocol needs to be updated to deal with new threats.
But who knows; I believe the Digital Markets Act intended to achieve something like this?
deleted by creator
Emails have had major problems with federation too, despite the fact that most email standards have been unchanged or only had minor changes since the early 1980s. You just usually don’t notice so much since most of those are only a headache for mail server administrators, not so much for end users.
The vast majority of emails still aren’t end-to-end encrypted.
Of course it is encrypted by default, just not on device, but in the server side. Just like Gmail, office 365, and so many online services that are perfectly secure and that no one mentions as being a problem.
If you need End to End encryption, you have the option to use it, but being server encrypted it’s more convenient for syncing on devices and for uploading files, which I use a lot.
Sorry you’re right, I meant end-to-end encryption of course. (Gmail, Office 365, and most HTTPS websites are only encrypted in-transit though, not on the server side.)
Which is, of course, the kind of encryption that matters for this proposal. (And which I believe you don’t have the option of using in group chats on Telegram, but don’t quote me on that.) Non-end-to-end encrypted messages can already be obtained by law enforcement by coercing the service provider.
Doesn’t Signal have backdoors for government agencies or am I mistaken? (Has been a while since I read something like that.)
No
Every time somebody comes to them with warrants they got nothing but timestamps for account creation and last login
Closest thing you might be thinking of is when Signal added a warning third party keyboards might spy on you, which was promptly followed by China banning Signal (the most popular Chinese keyboard app is developed within China).
Alright, thanks for the info! Fun fact about the chinese keyboard app.
Nope
Signal or tgram. Whatever floats your boat and isn’t whatapp and co. It’s not always about encryption alone. It’s also about trust. I trust tgram and Pavel Durov. If one doesn’t, go signal & co. Perfectly valid alternative.
not really, cos telegram is not end to end encrypted unless you do not use group chats, and deep dive into the menu to enable secret chat for every individual contact.
I have no idea why telegram got this secure reputation. it is literally the absolute worst of the bunch, security wise
Encryption wasn’t relevant in the context of the surveillance-law, as having ways to decrypt it will be required then and hence make it useless.
Telegram does not bow. They won’t bend their knee to a government wanting them to plant a bot. They then will just be banned.
Besides, there is end2end-encryption if you want, where is the problen? Noone forces you to use the cloud. And it’s also not “hidden deep”.
you have to open chat, click profile picture of contact, and then click the three dot menu from there, where you will find the option. It is buried deep down.
If that’s “buried deep” to you, then maybe that technology isn’t your thing. Beside that was totally irrelevant to the topic at all. If you don’t like tgram, use something else. It’s not a pro/contra encryption discussion, it’s anti-observation.
If a messenger is still alive after this law gets real, then you have your answer regarding security and privacy.
the title of the post has secure encryption and chat in the title. but irrelevant, yeah.
Also it’s at least 4 taps (and you get reduced functionality too) than most other apps, which require 0
I think, you didn’t get the real impact of the meaning of this post if you fight about encryption-capabilities of some clients.
Wow. 4 taps. This is really above the horizon of most boomers 😁 (of which you surely aren’t of)
Seriously, who cares. If you don’t like it, use another client. Telegram rocks and has a lot of features i would never want to miss. It’s not all about privacy and privacy. Smart people know when to use which tool at what occasion at their disposal. It’s about having even the option to do so at all, which the law mentioned in the OP is going to fuck away from us. But sure, go ahead and fight your peasant client-wars. Omg tgram is not the most secure client, i gotta fight it until the last secure messengers are gone at all. Happy whatsapping then.
So this is how liberty dies…
I can’t see Signal operating in Europe if this is the case. Telegram has already handed over information, so they will likely adapt and continue doing their thing. Meta/WhatsApp will want to keep that money, so they will find a way to operate as well.
I suppose Signal could have a European server, but that might cut them off from the rest of the world.
Might end up using Briar or XMPP.
I haven’t given the proposition more than a once-over, but I assume this will cover emails too?
Crazy how we had protests by right wing maniacs suspecting an evil dictatorship conspiracy behind everything, but when an actual aspect of dictatorship comes, nothing happens.
I don’t want to live on this planet anymore
I will probably end up using Matrix but they really have to leave the UK before those facist shits force them to implement a backdoor!
Goodbye data security and privacy… I guess you were nice concepts whilst you lasted.
Germany suggests splitting up child sexual abuse material regulation
Germany has suggested splitting the file into two parts, namely “generally acceptable provisions”, which should remain in the compromise text, and “controversial provisions”, which should be removed. The removed parts should be included in a new draft regulation.
Controversial provisions could be “discussed without time pressure”, to come up with solutions that protect children and also respect data privacy.
Typical Achsel Voss behavior… Fucking fascist.
He is 1 Hurensohn
Now I’ll go make coffee for the police raiding me later
How to contact your MEP.
Thanks for the link, but I’m still not sure who to contact. Apparently I’m supposed to know who is “my MEP”, but I don’t. How to?
Might depend on your country, but for Germany there are no direct candidates that we votes for. Everybody hat one vote one could give to a party, which had presented a list of people for the election. At the end the party then send the first x people of that list, according to how many of the German representatives were to be send by that party.
So, effectively all MEP which are German are “my” MEP. Or just the party I voted for if I want to be exclusive.
the proposed text would mandate the implementation of surveillance bugs
And they call it 2.0? I’ve never seen such a blatant example of version number inflation. It should be called 0.2a, as it’s nowhere near ready for release and full of bugs.
Are they proposing opening every letter that goes in the mail too? And checking every memory card that gets sent?
Reminds me of this: The Post Office Is Spying on the Mail. Senators Want to Stop It: The USPS carries out warrantless surveillance on thousands of parcels every year. Lawmakers are working to end it—right now by Dell Cameron in Wired.
To initiate this surveillance, the department or agency has at least one hurdle to climb. First, they must submit the request in writing. Then … well, nothing. That is the entire hurdle.
Edit. Note: this is just the exterior of the mail that’s scanned.
