339 comments

[ 3.2 ms ] story [ 292 ms ] thread
Ending encryption to protect children is a fallacy.

Further, I don’t understand how they can actually manage to do this without weakening all encryption on the internet.

Very strange moves that aren’t well thought out at all with a single focus to reduce the power of the people.

"Very strange moves that aren’t well thought out at all with a single focus to reduce the power of the people" is a pretty good summary of everything the tory party does.
This is likely to be a better conversation if it doesn't degenerate into "Tories are evil". The Joint Committee on the Online Safety Bill, which highlighted the potential danger of E2E encryption, includes MPs and Peers from Labour and the LibDems too, all of whom supported it. It's not a party political issue and has broad cross-party support (probably because most MPs don't really understand it).
In the footer: "This campaign is funded by the UK government"
It's pretty clear they think child safety is more important than E2E:

> We are not opposed to end-to-end encryption, as long as it is implemented in a way that does not put children at risk.

The rest is fluff.

Won't someone please think of the children syndrome.

The real answer is we want to read all of your internet interactions any time we want; the children thing is just a way to convince people that letting the government (and everyone else) to spy on you is ok.

Russian laws that granted the government the ability to block websites were also initially aimed at protecting children from drugs and suicide. Though somehow, they didn't have any provisions to allow adults access this "forbidden information".

After the technical capability was in place, they've expanded the possible grounds to block websites on multiple times. It now includes piracy, refusal of cooperation with FSB, being a public VPN, being related to Navalny, etc.

In Australia, we had a plan for a massive web filter in the late 2000s. Their databases were broken into and the blacklist leaked, and inbetween the genuinely illegal sites were sites that had been deemed to be politically immoral, like supporting decriminalization of drugs or spreading information on abortion.

There were many things that were perfectly legal but had personally offended the people presiding over the filter, including random Wikipedia pages and certain personal websites, including a dentist's site. This filter, of course, was sold to people with the idea of protecting children against predators.

Anything not directly relating to children that is sold to you with "B-BUT THINK OF THE CHILDREN!" is done with the intent to manipulate you and provide you with the false dichotomy of "unconditional acceptance, or child abuse", which is nonsense and should be viewed with extreme suspicion.

Oh, it was viewed with extreme suspicion and opposed by many, especially those working in IT. Just don't forget that Russia is a dictatorship with a dysfunctional parliament (Единая Россия, Putin's party, has more than 50% of seats) and so doesn't care much about people's opinion. I don't know much about Australian government, but it's probably more democratic than that.
Fair enough. I support E2E encryption but I think people should be allowed to rally for the opposite
Yes but as the matter is still just political in the UK, there is no reason for the government to pay for a side and not others,
Do you think the government should fund campaigns against it?
Even worse, they think without E2E children would be any safer.
I think it's also important to quote their demand that providers should "not implement end-to-end encryption until they have the technology in place to ensure children will not be put at greater risk as a result", which sounds very much like "not implement e2ee" because it's always possible to argue for some extra risk.

User-initiated reporting features where the server can only read messages that the user reported would be the obvious solution (and should be uncontroversial), but they're not asking for that.

(To avoid concerns with false reports, the sender could include a random value in the message to prevent brute-force attacks on short messages, and send an unencrypted hash of the message including metadata together with that random value. The official client would only show messages where this hash matches, so a sender cannot just omit it. When a message is reported, the full message including the random value is sent to the server, the server can then verify that this message hash was actually sent through this service by that sender, and report the sender to the police if the content is report-worthy.)

This shows that the articles by those who uncovered the plans were right [e.g. 1] - even though this is a political campaign paid for by the UK public (via the Government), and developed and coordinated by the Government, they have big logos of community groups and charities at the bottom and minimises the Government's involvement -

> "According to the [M&C Saatchi] presentation, the push will appear to be the result of grassroots action and children’s charities, while downplaying any government role."

The whole thing is just a pile of emotional manipulation, while compeletly ignoring the far, far greater number of legitimate uses of end to end encryption, and the actual dangers to everyday people of personal information being stolen, accessed, leaked, etc. if it's banned! Extremely dirty tactics.

1. https://news.ycombinator.com/item?id=29955893

That is wild and I never knee about it, but how is that related to the current story?
The only actual number on the site also doesn't seem to be sourced properly, it just sends you to the NCMEC data page, or are they just assuming that they'll lose all of Facebook's submissions if they turn on E2E?
> dangers to everyday people of personal information being stolen, accessed, leaked, etc

This campaign is ripe for hijacking and inverting like the "you wouldn't steal a car" campaign.

"NO WHERE TO HIDE: (from criminals)... thought you were safe when writing innocuous private messages on Facebook? think again, criminals intercept the plaintext to commit identity fraud in your name. Thought you only had to worry about corporate surveillance of your location data? think again, now criminals can easily track you to break into your house while you are out. Thought your job was secure? think again, now criminals can build a comprehensive profile of your social and work activities to easily and effectively social engineer their way into your organisation, risking your livelihood."

[edit]

The other approach is to apply the same thinking to something non technical to more tangibly demonstrate how this is a bad idea. e.g:

"NO WAY TO RUN: we are banning wheels, because they help paedophiles make for a quick getaway after abducting their target. In future we plan on banning legs too."

The more fun thing to do is to manipulate messages in transport.

There was a really fun game where you could join public wifi and change every image request response to be images of cats instead. (by changing the requesting URL and/or response).

This idea was borne from the 'upside-down-ternet' which people ran on their Guest Networks. (https://www.ex-parrot.com/pete/upside-down-ternet.html)

Would be fun to have a word replace running for "Thank You" to "Fuck You", it's not at all impossible to do.

Oh wow this brings back memories. More than a decade ago I lived in shared housing where each room has its own telephone port. The idea was every person was supposed to get their own internet. But after a few months of troubleshooting my housemates' internet issues I decided to open up my wifi to everyone else. I used Chillidog, a captive portal software that runs on ddwrt. I had a 3 hour continuous-use limit, after which weird stuff would happen to their images like being turned upsidedown or blurred. I used this very site to make it happen!

Eventually, my housemates just contributed to my internet bill and dropped their own subscriptions. I got rid of the captive portal and went with something more traditional

The idea that criminals will break into Facebook's servers and steal your messages is was less likely than the government using Facebook messages to catch child abusers, and that's already a little dubious.

A better counter-argument is foreign governments (China, Russia, etc.) requiring data to be held on their soil and then using it to hunt and impression political enemies.

Without end-to-end encryption, one doesn't need to break into anyones servers. Thats sort of the point. Without encryption, you are weak at every packet, which can be intercepted anywhere between you and Facebooks servers.
End-to-end encryption != no encryption. It's seems they're quite happy as long as authorized parties (adtech, intelligence agencies, etc) can man-in-the-middle the thing. Of course, tech companies never get breached and are exceptionally good at protecting our emails, passwords, credit reference data, and sensitive internal emails of political parties and campaigns, so there's clearly no risk whatsoever of your messages getting published on the internet in the future.
No end-to-end encryption does not mean no encryption. For example, Telegram does not use end-to-end encryption by default, however they encrypt all the messages with keys distributed across their servers. Anyone inspecting the packets won't be able to understand what's going on, but Telegram are able to read all your messages.
This is a good point.

Actually on closer inspection they don't even particularly care about E2E encryption, and here I was thinking this was snooper's charter v2:

> We are not opposed to end-to-encryption in principle and fully support the importance of strong user privacy. Instead, our campaign is calling for social media companies to work with us to find a solution that protects privacy, without putting children at even greater risk.

So we missed the point. This is a campaign to protect kids from shitty parenting, aa, I mean the social networks... so that they can be safely indoctrinated by social media without needing to encourage a responsible society.

In all seriousness, the larger risk here then is not necessarily criminal activity from data leaks (though that's still a real possibility with a gov backdoor) - the greater risk is deeper government mass surveillance built directly into the most popular social media networks.

I don't think they argue against all encryption (Do they?).

Basically everything would become an encrypted group chat (Double Ratchet etc) where the 3rd party is the provider which can optionally encrypt/secure access. That would ensure the provider is the only one with a backdoor for some time until access to previous messages are lost. Similar to loosing decryption keys for GDPR compliance. Access to the keys would require a court order.

Nonetheless authoritarian governments could and would misuse this. It should at least be required to have an international court order. Still very difficult.

The result of these campaigns if successful, would likely be key-escrow rather than banning encryption. With that the risk of criminal abuse is negligible.

Instead the risks are added complexity creating opportunities for bugs, and having to trust everyone with decryption access to not abuse that. It is possible to control that access technologically. For example, by requiring two separate keyholders (or in general N ot of M) keyholders before being able to decrypt any messages.

Those downsides matter, but they are scary for abuse by governments, nation state adversaries, and NSA type hackers. The downsides do not make criminals more scary.

> The downsides do not make criminals more scary.

Eh, I'm not sure. Assuming that the government keys never get leaked (which is possible even with the key-split method you propose). And assuming that the local municipal police departments and groups given access to those keys never get hacked. And assuming that products never get restricted to less-secure schemes as the technical world evolves around them.

Maybe the UK has a better track record on this, but off the top of my head a lot of the key-escrow systems I've seen in the US are quite bad. We have systems for TSA locks, fireperson access to locked buildings, etc... many of those systems are not secure, they just don't get abused very often because the prizes for doing so aren't large enough.

Key-escrow systems are less risky in terms of criminal activity than just banning full E2E encryption entirely, but I don't think I agree that 'less risky' is the same as 'safe'.

NO WHERE TO HIDE: From the press... thought you were safe organising that lock down busting party at no. 10 over WhatsApp? Think again, journalists can intercept the plain text of your messages where you laugh at the deaths of proles and ask your old school mate Rupert to bring 10 bottles of bolly.

Not sure if they've thought this through.

Considering the UK press (and the MET) sat on that story for months, and it would probably never have gotten out if Cummings wasn't so pissed about the way he was treated, the UK pols have little to worry about from the press or the police.
Given the emails were leaked to journalists e2e encryption wouldn't have helped there.
The only thing you need to know is at the bottom of the page:

"The campaign is funded by the UK Government and..."

Given our (UK) present govts history and tragging on anti BLM/eco pretesting things onto a needed bill in the commons I'm not surprised they're taking this route. It might even appear on the BBC before the year is out of it would save Boris' skin...
> big logos of community groups and charities at the bottom

Are those actually legit charities? I've never heard of them before, and at least the rightmost one ("SafeToNet - incorporating NetNanny") sounds like it's just a lobby group of some internet filter company, or an Internet filtering company itself.

If those are legit charities: Remember the names and make it known among friends what those charities are supporting.

https://www.mariecollinsfoundation.org.uk/ proudly sports the logos of Microsoft, Google and Facebook at the bottom of the page. Maybe those companies should be made aware of what they're indirectly supporting with their logo.

Barnardo's is quite well known.
The part that interests me the most is when they say "we're not opposed to E2E encryption on principle, as long as we can still safeguard child protection", but then fail to actually specify how this should be done, except by opposing E2E encryption on principle. I'd love to know if there's a solution!
E2E is something that does protect children too for that matter, so the case cannot be made. Of course children might access inappropriate content, but that is an issue of parenting and you cannot make the internet safe for children without getting active and curate what they access.
Ever wondered what modern day propaganda would look like?

This is the kind of stuff that will be in the history books in 2 decades time.

>This is the kind of stuff that will be in the history books in 2 decades time.

Do you think so? I don't, history is written by the winners, and all western governments play the propaganda game.

Doesn't matter if it's the democrats or republicans, labour or Tories. No politician is going to call this out, the behavioural psychologists are in on it, and so are the media companies.

Unless there is some major disruption in the next 2 decades, think revolution, invasion. You won't see a thing in the history books.

Maybe we need to get ahead of the game. I propose we add a new http error code: 452: this history does not exist

I actually thought it was really bad propaganda, and quite transparent. The arguments are incoherent, and they don't have any proposal.

They say "we aren't against e2e, we just want big tech to deploy it in a way that is safe". Well, either you have e2e or you don't; it's not surprising they have no proposal.

>I actually thought it was really bad propaganda, and quite transparent. The arguments are incoherent, and they don't have any proposal.

There's a saying that you only notice propaganda that doesn't work on you. That's not quite true, but roughly speaking, that's why you think this is so dumb. I could list off around a dozen other incoherent positions with no underlying policy proposals, if it wasn't for the fact they're actually quite popular right now and I know well enough to bite my tongue.

99% of the population don't understand that distinction. Which is exactly why they're running this campaign. It'll connect e2ee with criminals in the populations minds.
the irony of the active SSL certificate on this page.
Even better, the certificate has no Owner information supplied. The YouTube video is unlisted. The YouTube channel supplies no About information. It's fine for them to be anonymous and load a bunch of tracking resources over https.

Naming the campaign a title shared by Greenwald's Snowden book is an amazing touch. The same hashtag was even used extensively to discuss/promote the book. Would almost be funny if it wasn't so depressing.

I hope that is the developer of this site having a sense of humour.
The irony of this being served over TLS appears lost on them.
Yeah, that's just the thing though. They aren't against E2E encryption, actually! They're very much for it.

Just so long as they get to use it, and you don't.

Everyone is rightly criticizing the clear manipulation here.

That said, "60-90% of abuse takes place within the home or family circle," - a quote from Mick Moran, co-ordinator of the crimes against children unit at Interpol.

That leaves up to 40% happening online and elsewhere. Is it actually possible to prevent this online without compromising privacy? I think that's a legitimate problem to try to work on.

>That leaves up to 40% happening online and elsewhere

Mainly elsewhere and mainly IRL not online.

Sure, I'm just saying: it's still a legitimate problem and shouldn't be ignored.
The problem is legitimate but the proposed solution is useless
> Is it actually possible to prevent this online without compromising privacy?

It's trivial, take kids out of social media.

I don't see this said enough and I cannot state enough.

You should stop your children from having unrestricted access to the internet.

I personalty don't see it as anyone else's job to protect my children but me and their mother.

> That leaves up to 40% happening online and elsewhere

“Online” isn't just a place abuse happens in a way that is exclusive with abuse being “at home or in the family circle”, it's a place preparation for abuse happens and products of abuse are distributed. A lot of the online abuse material is from abuse that happens at home or in the family circle.

The remaining up to 40% is also mostly IRL: school, church, camp, neighbors' houses, and so on.

Going after online sex abuse while 90%+ of it happens IRL is like trying to solve climate change by targeting marginal uses of fossil fuel like motorboats while ignoring coal fired power... which... is something we also do.

You target the biggest things first. That's how you solve problems. For child abuse that means targeting home and institutional IRL abuse.

> We want social media companies to confirm they will not implement end-to-end encryption until they have the technology in place to ensure children will not be put at greater risk as a result.

This seems disengenuous. Is there any way to implement E2E encryption that wouldn't "put children at greater risk" if we accept that framing?

I understand why the Government and child welfare organizations don't like the idea of E2E. It would, in fact, make it more difficult to identify child abuse on social media, all else being equal. But the attempt to balance privacy with child welfare doesn't have to mean abandoning privacy altogether.

An alternative would be to require social media companies to allow parents to monitor their children's social media activity. Or to have "child-friendly" accounts without E2E. It doesn't seem necessary to impose a blanket ban on E2E, which would almost certainly be abused.

Exactly. “Can we have homes that don’t have cameras in every room streaming to law enforcement, without ensuring children will not be put at greater risk?”
> Is there any way to implement E2E encryption that wouldn't "put children at greater risk" if we accept that framing?

Yeah, that's what Apple's CSAM detection system is basically. They scan the content before encrypting.

True, but that wasn't exactly welcomed either.
Arguably, that's not E2E encrypted, since there is a potential vulnerability placed between the user and the start of the encryption.
You’re letting them control the narrative.

If child’s messages don’t have encryption, the first thing a predator does is move them to an encrypted messaging platform.

This is about the massive open door that is messenger and the full sweep the five eyes get from this.

I was more or less of your view until my 11-year-old niece was groomed and ended up sending naked pictures of herself to a 25-year-old man. Now, that incident was discovered because my niece's friend told her parents, but I do wonder whether, that aside, her parents would have found out at all. I am not in favour of banning E2E, but I do think it's foolhardy to deprive parents and law enforcement of any means to monitor children's social media activity.
I think the biggest problem is that parents have less and less right - or indeed, ability - to monitor their childrens communications and function as decent and responsible parents. Inevitably, were this implemented, someone would find a way to turn it against parents' rights to monitor their children.

And confounding this issue is the fact that the major platforms (Facebook, et al.) simply don't want parents to have this kind of control over their children, because it will effect their bottom line. Children with less adult supervision tend to be far more easily manipulated.

Its not just child diddlers who want this manipulation to proceed un-impeded by parental oversight - its Facebook, et al. too!

So this evil campaign is going to get a lot of corporate support, I fear. For the wrong damn reasons.

(Disclaimer: am an angry parent who is sick of the shit my kids have to deal with online... but who will also NEVER give up personal encryption as a right.)

No body is depriving parents access to their children’s phones with this. Parents guiding and supervising technology use is about as old as the internet itself.

Think of my children is just another step along the line of pearl clutching. But I’ll do you one better, I had a covert video taken of me and circulated around the internet and school that I went to. Would e2e encryption made any difference to that? No.

"Think of the children" is often abused, but that doesn't mean everyone claiming to want to protect child welfare is acting in bad faith, regardless of thought-terminating cliches like "think of the children" and "pearl clutching". It's entirely likely many of the politicans who support this move have genuine concerns. They are probably misguided, but not, I think, malicious.
Parents control their children's devices, they don't need to intercept messages on the network and decrypt them
Children must be educated to understand these things can happen. It happens in Primary School here in Scotland (ages 4 - 11 approx.). If you are technically literate you will also be informing your children when you allow them on devices. After that you should respect their right to privacy. No need to ban e2ee, that's a canard.
Well, to be blunt, my sister in law definitely explained to her 11-year-old daughter that sending pictures of her vagina to strangers wasn't a good idea. Kids don't listen.
Probably not appropriate but the Reddit channel r/kidsarefuckingstupid is proof positive. Also the lived experience of everyone who remembers being a child. Or has children. Or knows any. Yup.
It's unfortunate what happened to your niece but the situation has clouded your rationality.

A parent wouldn't let an 11 year old go to a frat party. They wouldn't let them go unsupervised to a concert. Most probably wouldn't leave their children home alone for a week. So why in the fuck do their kids have unfettered Internet access? Do they also let the kid just go to anyone's house without at least knowing who that friend is?

How would unencrypted messages preventing grooming of your niece? Her parents should be checking on her devices the same as they'd want to know who her friends were and where she was when not at home. A phone or Facebook is not a babysitter and certainly not a parent.

If E2EE was banned or restricted what at all would have changed with your niece? If she was groomed on completely unencrypted IRC what would be different? If she was groomed by some friend's older relative what would be different? Her parents failed at several occasions to actually parent her. Restrictions or banning E2EE wouldn't make them more capable parents.

> If E2EE was banned or restricted what at all would have changed with your niece?

What changed is the message she send will be unencrypted and not E2E, so now more people have access to them and maybe save or send them to their own closed messaging platform.

> Is there any way to implement E2E encryption that wouldn't "put children at greater risk" if we accept that framing?

Given that a lack of E2E encryption means that it is impossible for children to have private conversations with each other, it also means that predators have an easier time watching those conversations and using them to do harm. As such, the mere act of enabling E2E encryption reduces the risk to children.

>an alternative would be to require social media companies to allow parents to monitor their children's social media activity. Or to have "child-friendly" accounts without E2E. It doesn't seem necessary to impose a blanket ban on E2E, which would almost certainly be abused.

Exactly , make this giant companies have 2 apps Facebook Messager and FB messanger for Kids iMessage and iMessage for Kids then is you responsability as a parent to setup your child device to enter the correc tbirth date of the user, then the App Store could only allow the "kids" version of the application.

But now what? you have shit AI flagging pictures and badly paid people around the world attempting to classify is the picture is "bad" ?

The problem seems to me to have a much more effective solution, hire some real cops or social workers to answer reports from children and parents, when some creep asks for such material you could easily report them, then FB,Apple or whoever will have to help the authorities and stop this illegal activity. Make an educational compaign to educate the children and parents and let them know where to report the issue, explain also the punishment and make some public examples.

> ... is you responsability as a parent to setup your child device to enter the correc tbirth date of the user, then the App Store could only allow the "kids" version of the application.

The problem is is that there is still a large portion of parents who will give their children devices despite being less educated on the dangers of online safety regarding children.

I think that tech companies should ask parents whether they are buying a device for a child at the point of sale (since children are unlikely to purchase a device for themselves; instead they wish for a device for birthday/Christmas), and at that point, those companies should in some way inform those parents about the dangers of online use. Better yet (though could further complicate the process of distributing devices) is to give the option for parents to set up parental controls while they are in the process of purchasing a device.

Implementing parental controls (which tech companies have largely done) that allows for parents to monitor their childrens' devices seems to be the only viable way to allow for both CSAM mitigation and end-to-end encryption to coexist, in my opinion.

> The problem is is that there is still a large portion of parents who will give their children devices despite being less educated on the dangers of online safety regarding children.

Mightn't those parents be right? IMO it's more important that children use E2E so that their information doesn't fall into the wrong hands. Otherwise it will be sitting in some government database for the rest of their lives.

The real predators live in a doughnut shaped building.

>The problem is is that there is still a large portion of parents who will give their children devices despite being less educated on the dangers of online safety regarding children.

The government could educate, in my country there are a lot of informational on radio/TV like "drink at least 2L of water" , we need to attempt to solve the problem very close to it's roots. Like why should I click "I am 18" over and over again, the OS should know my age , the browser should ask my OS and if a parent setup correctly the device then the browser would refuse to load this website (the website would put somewhere in headers the age restrictions).

Honestly I do not see how removing encryption helps children, if you do it wrong you might even make it possible for people to now spy on children,

Meta: there's a funny typo in the title, it should be "end-to-end encryption". Now it's quite confusing, since "end to encryption" means something else.
A very literal example of "Won't somebody think of the children!"

https://en.wikipedia.org/wiki/Think_of_the_children

The use of the phrase "Think of the children" in debate a type of logical fallacy and an appeal to emotion.

A debater may use the phrase to emotionally sway members of the audience and avoid logical discussion. EG "I know this national missile defense plan has its detractors, but won't someone please think of the children?"

Also https://www.youtube.com/watch?v=3jFqhjaGh30

There’s no logical fallacy here, just a factual disagreement over the extent to which E2E encryption actually puts children at risk. Supposing that it does, that would be reasonable grounds for opposing it (so long as countervailing considerations were also take into account).

This particular Simpsons joke is pretty tired at this point, and it's often just used to short circuit any discussion of potential harms to children.

I am not in favor of banning E2EE, by the way. It’s just that the claim that E2EE puts children at risk should be met with a carefully considered factual response that respects the intelligence of people who are genuinely concerned about child sex abuse, rather than this reflexive ironic cry of “think of the children!”.

> should be met with a carefully considered factual response

Engaging with baseless propaganda preying on the unthinking parts of everyone by "carefully considered factual response" means you lose. Every single time. For this reason it is a naive strategy.

The point is not to engage with propaganda, but with the ordinary people who are genuinely concerned about child sex abuse enabled by social media. This is a real problem, so I don't think it's fair to talk about 'preying on [people's] unthinking parts'.

I should think that there must be even less to be gained by responding smugly with rote slogans and links to clips from the Simpsons. Who is going to be persuaded of anything by that?

What you need to show is either that (i) kids are already pretty safe online, or (ii) that the situation can be significantly improved without increased surveillance, or (iii) that the current level of child sexual abuse is a price worth paying to preserve important freedoms. But making one of those arguments would require actual thought and effort.

The issue is that it looks as though the very real issue of children being exploited is being used by the UK government to undermine E2EE. This is frankly vile, but given the vileness of this government, not at all surprising. Of course, the Murdock media will label anyone challenging this stance as an apologist.
To a lot of people on HN, it's obvious that the freedom is to use E2EE is fundamental, and that hardly any other consideration could override that.

To a lot of people who aren't on HN, it's obvious that more needs to be done to combat child sexual abuse online.

Rather than fuming at the government, it would be more useful in the long run if people could come up with actual ideas for combating child sexual abuse that don't require increased surveillance. Otherwise we are left with the unattractive (to most people) alternative to just ignoring the problem.

I mean sure, the government might have bad motivations in this instance. But there is a real problem that a lot of regular people are sincerely concerned about, without sinister ulterior motivates.

I would say that the implication that enabling more surveillance == safety is a fallacy. It’s assumed by the people pushing these kind of things, but is not necessarily true.
> I am not in favor of banning E2E, by the way. It’s just that the claim that E2E puts children at risk should be met with a carefully considered factual response that respects the intelligence of people who are genuinely concerned about child sex abuse, rather than this reflexive ironic cry of “think of the children!”.

Yes, we should all argue properly ... If only politicians were educated enough about the things they try to push or prevent, they could actually do that. Anyway, even if we discussed this properly, it would only answer half the question. The other half is: "Are children safer without that E2E encryption?" Most likely not, as they themselves send each other pictures and stuff, which can then be intercepted by some people. Everything they communicate using their spy phones, ah sorry, I meant "smart phones" of course, at their young age of -- well, what age? maybe 6 or 7? Or even younger? -- will be potentially up for grabs.

And then that is only the question about children. That is one tiny speck of the whole picture, which is not discussed.

So yes, we should argue this properly, but also we should then open up the whole debate about society as a whole. There is a huge debate to be had there, before anyone should even consider making any decisions.

Surely it would be quite easy for them to provide statistics of how many cases of $crimes were solved/stopped because of unencrypted messaging.

My impression seems to be that it's almost always reported long after the fact or some vigilante posing as a child.

Neither of which would be prevented by e2ee.

That's only half of it.

Someone will propose addressing an actual real thing that actually is a serious threat to children and someone else will mockingly and with a Calculon level of overacting say "Won't someone think of the children!", using it as a kind of ad hominem.

OK. Let’s try a proper logical response.

Right now is there child exploitation? Yes. Even though FB haven’t yet enabled E2E encryption. So what good will banning it do? There will always be ways to encrypt communication for criminals. And there will also always be ways to remain very anonymous online. The internet is just not set up to prevent it.

Further, banning all encryption is just a non starter.

Further still, having strong encryption except where law enforcement would like it to be breakable is also impossible. It’s just technically not doable. Whenever people say ‘but give us a way’ the answer is. There is no way. It can’t be done. It’s either encrypted or not. They’re the only options.

So instead of any sensible, workable plan some technically illiterate politicians have deliberately chosen the most controversial topic they can think of - child abuse - something that has been happening since forever without any E2E encryption (did those catholic priests need E2E encryption?) and blamed it on E2E encryption in the hope that emotion will override people’s logic and give them the power to read whatever online communications they like, presumable with some form of weakened / backdoored encryption that will, inevitably, be used for nefarious purposes either by our own government (see Snowden) or criminals / foreign governments who figure out how to exploit it

This is an emotion over logic argument and therefore surely a perfect example of ‘won’t anyone think of the children.

They're framing it as a choice between child safety and encryption. I think everyone on HN knows how utterly stupid that is, so I won't belabour the point.

However, what offends me, and I don't see mentioned enough, is that the UK government is exploiting the real suffering of children to destroy something that protects us all, children and adults alike. They do not speak for those children or their families. They're exploiting them and their trauma for political gain.

If I was in the U.K., this would be enough to forever turn me off the ruling Conservative party. It's disgusting. They have no morals. It's not just that they're lying -- every political side lies all the time, sometimes out of necessity. It's that they're re-victimizing the very kids they claim to be protecting. And they appear to be proud enough of that fact to promote it in this way.

I will never vote for a politician or party that's OK with that, no matter what their other policies may be.

Yes, although keep in mind that these efforts have strong cross-party support. This isn't only an issue with the Conservative party.
Most college students hate both parties, just like they always have
not really. they were fawning over bernie then hillary in 2016 and bernie then biden in 2020.
With all due respect I don’t believe you’re in tune with what college students are feeling.

—- a college student

maybe you're the exception to the norm, or maybe I am out of touch. When I was in college (in the last decade), everyone gave democrats a free pass to do whatever they wanted. I have heard that gen-z leans more libertarian though
A saying normally attributed to Churchill: "If you are not a liberal in your twenties you have no heart, if you are not a conservative in your thirties you have no brain".
It is older than Churchill and the parties are switched up according to current events.

https://quoteinvestigator.com/2014/02/24/heart-head/

Nowadays, in the US at least, given the significant correlation between education level and Democratic party alignment, it is probably due for another change. Sadly "If you are not a socialist in your twenties you have no heart, if you are not a centrist Democrat in your thirties you have no brain" does not roll off the tongue.

*correction, if you're not right of center in your twenties you have no heart, if you're not conservative in your 30's, you have no brain. The socialists are pushing for dangerous governance methods that have caused genocide and economic collapse over the 20th century and actively discriminate based on people's gender, ethnicity, and sexual orientation. The "centrist Democrats" stick their heads in the sand ignoring the crimes of the leaders they elect and the influence of the far left progressive wing of the Democratic party.
I think you'd have to shift the age groups up significantly to say anything useful about conservative leaning people, maybe do mid 40's and 60's or something like that.
I think we'd all be surprised at how many people actually lean conservative in the 20-40 age group. My hunch is that 9/10 people who lean that way stay silent for fear of professional/personal repercussions. Voicing conservative view points in the monolithic tech industry will get you fired and excommunicated
I don't really see any reason that they'd lie to, for example, Pew polls.
You're conflating the American Conservative party with the UK Conservative / Tory party.
Both major political parties in U.S. did the same thing with SESTA/FOSTA. Every smart politician will exploit anyone they can to get what they want (in that case, scoring cheap political points with their base) as long as their base do not complain loudly.

UK peeps: complain loudly!

This is the worst generation of Tory politicians in living memory, although sadly the authoritarian streak is not absent from the Labour party either.
I've been working within the Liberal Democrats to try and push policies that are pro-privacy for the past few years, revoking some of the acts put in by the current Conservative government and pushing new ones to protect against future government breaches like this. Unfortunately, it simply doesn't stick when polled to the general public. The average person simply doesn't care it seems, no matter how you frame it, and as such it's almost impossible to break ground into updates to the party manifesto. I tried the same thing within Labour a few years before and the same barriers existed, with the added fact that many of the MPs seemed to be cut from the same cloth as the Tories, and that they were incredibly resistant to change outside of their traditional focuses (NHS, Unions, Immigration, Education, blah, blah).

To be frank, it seems like most politicians would rather be at war with the technologically apt than to work with them. All we can hope is that technologies adapt at a faster rate than authoritarian governments can, and the witty can outwit the witless.

These normal people don't vote for it for a good reason! The importance of online security is massively overstated, especially by specialists like us on forums like HN. We've got to keep our credit card details private, yes. But in general we (e.g. HN community) completely fail to do the cost benefit analysis -- we talk about security as if you always have to have maximum security, rather than recognizing that it's a trade off with convenience. That combined with the tin foil hat tendencies of some HN types who comment on security. Really the best thing for almost everyone is to just keep everything in Google Drive: the probability of google employees stealing it multiplied by the loss is much smaller than the probability they won't multiplied by the convenience. I hope this comment doesn't come across as trolling-- I found your post genuinely interesting and I genuinely think that the normal folk who you're having a hard time convincing have a point -- the correct position to adopt lies in between the two camps. Which is a truism. But I mean, like, relatively far from either!
"Really, the best thing for almost everyone is to hand all their belongings to an unaccountable American corporation (which effectively provides no support), so that they can datamine it for advertising and identification purposes."

The fact that "specialists like us on HN" can say this sort of thing with a straight face and no hint of doubt, is one of the many reasons we are sleepwalking into dystopia.

Note that we're talking about security here, not preventing a corporation from profiting from us. All normal people need to do is store their stuff in Google Drive. I agree it's not pretty, and I agree hopefully we can get to a better future where we don't use a megacorporation for this, but it is safe and sensible for normal people. You've got to remember that other things happen in peoples lives -- their loved ones die -- and that's all more important than the aesthetics of their digital lives. Google gets the job done for them.
They're framing it as a choice between child safety and encryption

Politicians can always rely on any part of the holy trinity of terrorism, piracy or child to either justify or manipulate their constituency to support a measure that infringes on their security/privacy. The media plays along too easily.

Interestingly, conservatives in the US made anti end to end encryption legislation part of the EARN IT act, which also claims to deal with child abuse: https://en.wikipedia.org/wiki/EARN_IT_Act_of_2020#Legislatio...

Do politicians actually care about piracy?

I get how IP holders care about piracy, but I don’t think it resonates enough with the general public for it to really matter to politicians… Unless the politicians are literally just being paid by IP holders to care about it, which could be a thing.

NEWS from California / Hollywood :

"politicians are literally just being paid by IP holders to care about it"

> NEWS from California / Hollywood

Reports are also coming in from certain parts of Central Europe …

> holy trinity of terrorism, piracy or child

you forgot to add the mandatory element of ignorance on a particular subject matter to make the mix truly explosive, but fair point.

They're definitely inconsistent.
> It's disgusting. They have no morals.

You've gone pretty extreme there. There is a much more plausible explanation, which is that they genuinely believe that more people would be saved if the security services could access messaging apps and they don't think the level of potential abuse is worth worrying about.

Don't get me wrong, I think they have made bad decisions etc. but in this case, I think it is simply naive "if you haven't done anything wrong..."

> You've gone pretty extreme there. There is a much more plausible explanation, which is that they genuinely believe that more people would be saved if the security services could access messaging apps and they don't think the level of potential abuse is worth worrying about.

I think both can be true: the government believes it can increase security in general by expanding the state's surveillance powers--the state always wants to trade privacy for security. However, they're not framing it as a general "give us more surveillance powers and we'll increase security"; they're framing it narrowly as about protecting children ("give us more surveillance powers and we promise we'll only use them to protect sexually exploited children") which is exploiting victimized children in my book.

I don't believe the UK government for this matter is naive. They know very well what and why they are doing this and it's the same strategy used in different parts of the world. It's not new and there's no need to come up with anything new because it works so well and you can justify trading privacy (or even more important things) for security this way no matter how little sense this makes.

I do think that it's naive to think that one of the most important countries in the world with a rather effective intelligence service and a lot of smart people everywhere in the state is naive. I really don't think the UK government believes that if they remove encryption from popular chat apps the tiny percentage of population that might use it for evil purposes will be caught instead of, you know, moving to a different mechanism.

There is a much more plausible explanation, which is that they genuinely believe that more people would be saved if the security services could access messaging apps and they don't think the level of potential abuse is worth worrying about.

There's an even more plausible explanation, which is that both are true. They're aware that stopping encryption might save a few children, but they're also aware that it enables the mechanisms of the surveillance state that give them extraordinary power over the public. They want to stop child sex trafficking and they want to abuse people's privacy.

I regularly support Big Brother Watch, an anti-surveillance and pro-privacy campaign group in the UK. They send every MP lengthly reports that detail the follies and costs associated with these measures.

I've also heard Conservative MPs say that "lockdown measures were against our freedom-loving sensitivities" or something similar, so they at least acknowledge the value of freedom to the population.

Our ruling class cannot plead ignorance as an excuse.

The UK government is currently facing demands from within his own party that the Prime Minister resign. There is talk of a campaign of policy proposals ("Red Meat") aimed at Conservative backbenchers, to distract attention from the hypocrisy and lies of the Prime Minister.

I think the more-plausible thing is that this part of that Red Meat programme, which is going to consist of a train of announcements designed to appeal to rightwing Conservatives, none of which will have anything at all to do with the Prime Minister.

This Red Meat programme will also distract the opposition away from the Prime Minister's moral emptiness and deceitfulness; the government hopes that by making sufficiently-nasty policy proposals, they can force the opposition to devote their time and attention away from the weaknesses of the Prime Minister and his coterie, and towards opposing these proposals. It's very cynical.

Forecast: I have a long record of wrong political prophesies! But I think Boris will have gone within a week. I have no idea who they will replace him with; none of his colleagues has electoral appeal, as far as I can see, and they're facing a General Election in two years. I wouldn't offer odds on the outcome of that election, either; the leader of the opposition isn't particularly appealing, is not loved by his party, and seems to have no policies.

It very much does seem to be a week of 'throw it all at the wall and see what sticks'.

I have to admit - I was expecting Brexit, Trump, and a massive Tory majority at the last GE (not rubbing it in - good lord I wish I had been wrong about all of these), but I really don't know how much road Johnson has left to run. I really think it's getting shorter now every day. The (liberal) press have made a big deal about everything else so far, but the lockdown parties (sorry, meetings) I think are the first 'real' big hits to him that people will actually care about. It's genuinely going to get bumpy for him, but he was smart and filled his cabinet mostly with people who just aren't that clever and are dedicated to him - I don't think there's anyone who knows when to make the first move. I think he can only really be removed when there's someone ready to replace him.

> If I was in the U.K., this would be enough to forever turn me off the ruling Conservative party. It's disgusting.

Unfortunately this isn't unique to the Tories. Politicians across the whole political spectrum have fought to introduce increasingly authoritarian controls over the internet and technology over the past 30 years.

UK culture as a whole is more authoritarian than you'd expect. Labour would gladly implement their own version of the same if they had the opportunity. To that point, any UK millennial will likely not be able to remember a time where there wasn't some hand wringing campaign about online privacy or porn.

The problem is that Blairite/Starmer Labour are just Tories wearing a red rosette, they do not differ on policy in any meaningful manner.
You think Corbynites would be less keen on authoritarianism?
Unsure. His voting record indicates that he is anti-authoritarian, but the telegraf tells me he is pro-authoritarian.

He has publicly clashed with the powers that be about increasing police powers.

But I don’t have a clear answer for your question, especially as he has many supporters who might not vote along his own lines.

https://www.bbc.com/news/election-2017-40154361

In all likelihood, yes: they are from a faction of the Labour party that was routinely surveilled by police throughout the 20th century (and more recently, in all likelihood).

The election manifesto for Labour in 1983 contained pledges to abolish the secret services, too.

Not to mention the fact that this same part of the Labour party is often engaged in protests that will have left wingers as attendees and speakers. They're very often on the sharp end of both surveillance and crackdowns on protest.

That combined with their belief that the police are racist (eg the Met) and that prison is generally harmful is not likely to produce an authoritarian programme.

They'd have dealt with large scale tax dodgers too, unlike the current leadership.

The Liberal Democrats are anti-authoritarian, but our first-past-the-post elections don't give them a proportional number of seats :(

For example, they blocked the "snoopers charter" (digital economy bill) when they were in coalition; although the Conservatives, predictably, passed it after they won the following election on their own.

The Lib Dems managed to mitigate a lot of damage done by the Conservatives during their time in the coalition. And they were rewarded with blame for everything they couldn't stop, and a hugely reduced voter base ever since.
Unfortunately for them they sold out their student voters in order to do that, all but guaranteeing that those people would not trust the LibDems again.

Was it a good trade in hindsight? I'm not so sure. I gave them the benefit of the doubt, and my vote, a couple more times.

I'll be the first to admit my bias against the lib dems (I cant say I like any of the parties but I do have a particular dislike for them), but putting that aside as much as I can I doubt they'd be any different outside a coalition. At best, I can see them being apathetic, which when combined with pressure applied from their opposition could well turn into support.

Not on the level of the tories, and perhaps labour, but I doubt they'd be anything special in that regard

The Lib Dem's main focus for at least the last 30 years has been electoral reform, preferably to a proportional system like STV which doesn't punish third-parties. If nothing else, a Lib Dem government managing to pass that would have a massive impact on the future of UK politics, and break the two party system that first-past-the-post inevitably causes (whether Whig/Tory, Liberal/Conservative, or recently Labour/Conservative).

They took a huge gamble entering the ConDem coalition: getting some concessions from the Conservatives (e.g. same-sex marriage), but overall achieving hardly any of their manifesto promises (which, indeed, included scrapping tuition fees; first mentioned on page 33 https://www.markpack.org.uk/files/2015/01/Liberal-Democrat-m... ).

It seems they gave away way too much in order to get a meagre chance at voting reform. The resulting referendum was watered-down to Alternative Vote (rather than STV), and was not only attacked by Conservatives, but also Labour (who had ignored their own manifesto pledge in 1997 to follow the Jenkins Commission recommendations, which were to use a variant of Alternative Vote!)

There are some grass-roots efforts to support electoral reform in Labour; I doubt they'd do it themselves (like they didn't in 97), but maybe they'd be more amenable to accepting it in return for Lib Dem support?

My main worry about a Lib Dem government would be how much influence their 'free market libertarian' wing would have; where 'individual liberty' becomes a synonym for 'deregulation of the private sector'. There's definitely been more of a such rightward-lean since Clegg (compared to e.g. Charles Kennedy).

> this would be enough to forever turn me off the ruling Conservative party

Welcome to every conservative party in every country. They're all terrible humans

> They're framing it as a choice between child safety and encryption

Its worse than that by the looks. They're trying to convince people you can still have end to end encryption whilst having a man in the middle scan it to make sure its all A-Okay. Again, I think everyone knows how stupid this is.

I seem to remember Theresa May talking about this a few years ago and the idea was quickly shot down, and here I was hoping that was the end of it.

It's classic, fighting the last war, for the "security" agencies. They think that by surveilling their own people they can protect the politicians. What they have in fact done is collected huge dossiers on their public (and gov employees), which can be compromised and used by foreign powers for targeted misinformation, agitprop, and blackmail. They are the weakest link.

Since the rise of PGP and fall of key-escrow it has become more and more clear that spreading free (ussurveilled) communication between individuals and businesses was necessary to the operation of capitalist democracies. However, they can't give up their dreams of controlling their own populations so they will cede them to competing totalitarian states, which already know how to control their populations and can well afford to breach such "security".

> They think that by surveilling their own people they can protect the politicians.

That idea is so outrageously stupid that no, I don't believe they think that.

Every one of those intelligence agencies are perfectly aware they are collecting dossiers on their public (with emphasis to gov employees) that can be used to compromise the administration and coerce people into doing illegal or immoral acts. You just got the wrong adversary in mind.

Wow, you really think they are either completely treasonous or utterly incompetent? If they wanted to surveil their own (as presumably some do), they wouldn't need to compromise standard coms protocols.

It's not collecting the dossiers... it's that they are the weak link, whether they like it or not.

> Wow, you really think they are either completely treasonous or utterly incompetent?

Well, any other one would require that people on the intelligence community, whose work consists mostly on either using dossiers to compromise people or avoiding the creation of dossiers so people aren't compromised to not noticing that they are collecting a dossier on every citizen or not being aware that will lead to people being compromised... and incompetence or dishonesty not being involved.

> They're framing it as a choice between child safety and encryption.

doesn't seem so:

> End-to-end encryption is valuable technology designed to keep our data and conversations safe. We are not opposed to end-to-encryption in principle and fully support the importance of strong user privacy. Instead, our campaign is calling for social media companies to work with us to find a solution that protects privacy, without putting children at even greater risk.

they apparently claim to be looking for a third way.

There is no "third way". End-to-end encryption means no one other than the sender and the intended receiver(s) can access the decrypted messages; full stop. That includes the social media companies and the government. This obviously also precludes hacks like subverting the client software on either side to report back on the content of the messages (i.e. Apple's implementation)—if the user can't trust their client not to deliberately leak details about the message then they don't have E2EE, since someone else's agent has been placed in the communication path.
A third way would be to use a neural network to analyze a message before encryption, or to duplicate the message for receipt by the service provider.
I specifically covered that. If anyone other than the original sender (one end of the communication channel) and the intended recipient(s) (the other end of the channel) is granted access to any information about the content of the messages (including not just the full plaintext but also e.g. a digest created by a neural network on behalf of the service provider) then the system does not have the characteristics of end-to-end encryption. You've only encrypted part of the communications channel.

In any case, advocating for mandatory digital spies on end-users' devices is arguably worse than attempting to undermine E2EE.

Please don’t try to come up with solutions. At best they will be hopelessly naive or worst: dystopian nightmare worlds. Giving any credence to the idea that E2E w/ side channels is acceptable should be rejected strongly.

What you are proposing is a pluggable censorship module that can identify any forbidden speech and report back to the authorities. It will take less than 16 months for every regime to co-opt for their own aims. It will indirectly lead to the deaths of thousands of dissidents.

No, that would be severe and encroaching mass surveillance that undermines trust and sense.
(comment deleted)
Why do you think Brexit was what it was?

UK wants to dominate and enslave its population for the political gain of the ruling class.

It is clear as day to me.

The website does NOT even offer HTTP, it has 301 redirect to ENCRYPTED HTTPS. Do not click it, it's obviously a scam from hypocrites!
Well guess I won't be supporting Barnardos again. Disappointed to see them supporting this cause.
This smells of Nudge all over it. Government is using psyops against public interest for quite some time now.
ISTM that ending E2E encryption can only be the starting point. As long as kids are getting internet connected cameras - which is pretty much all kids these days - and using them to talk to people online, there will be people trying to convince them to broadcast activities which should stay private. How does ending E2E encryption fix that, without additionally implementing total surveillance? How does it work across borders?
> "We want social media companies to confirm they will not implement end-to-end encryption until they have the technology in place to ensure children will not be put at greater risk as a result."

Most of these companies already know the users birthday, if this is only about child abuse then instead of adding backdoors for everyone, why not just disable end to end encryption conversations for users under 16?

Doesn't that open up a whole new can of worms, though, because it would require the operator of every service to check the age (and by extension, identity) of every user of their service, so as not to inadvertently E2EE the communications of a child? Passing off this verification to a Trusted Third Party (wink wink) is just as bad (probably worse), because you would be make it even easier for the government to tie it into a̶ ̶s̶o̶c̶i̶a̶l̶ ̶c̶r̶e̶d̶i̶t̶ ̶s̶y̶s̶t̶e̶m̶ whatever they have planned for the next stage.
If a child wants to be "protected" online then it would be up to them to enter their actual age. But you are right, the government will take any excuse to get users verifying their age.
They already reject users who say they are under 13. How well has that been working out?
Almost everyone <18 lies about their age on the internet. I have clicked through uncountably many age gates.
This is all part of Operation Save Big Dog aka saving Boris Johnson's ass from being forced out as PM. Yesterday it was the TV licence fee ending. Tomorrow it will be some other populist nonsense.

https://www.independent.co.uk/news/uk/politics/boris-johnson...

It is opportunistic timing, but the Home Office have been pushing for this for years.
They were also talking about ending the TV licence for years. The timing couldn't be more obvious.
Don't forget the Navy being brought in to do something with the same legal standing as Border Force could do, but duly reducing our available Navy resources. The people who buy into these stupid red meat policies don't realise they can't blow up ships crossing, if anything they'll have a larger capacity to help them, therefore trafikers.
Yes. But foolish to dismiss it as just “populist nonsense”. There are many in government, police etc who are desperate for this.
These are hardly mutually exclusive.
The license fee thing may have been less of a populist thing and more of an A) shot across the bows at the BBC for its coverage of partygate. B) a sop to murdoch who has been wanting to kill the BBC/license fee since forever.
The licence fee thing has been in development for years. It was brought forward to distract attention away from the PM's blatant lying. I imagine they'll have a new policy announcement each day for the next week - anything to keep discussion of ministerial hypocrisy out of the morning news shows.
I'm sure our politicians have been discussing this on their E2E encrypted Whatsapp group chats
The only thing I see ending this push is a "fappening" style leak involving CEOs, celebrities, and government figures. Not necessarily just intimate sexual content, but as much 'personal' information as possible.

I really think we're heading straight into the panopticon. We'll probably happily vote for it, to "protect" ourselves. I'll buy some more PLTR and the bags under my eyes will grow darker.

If you don't want your children to be molested via the internet don't give your children access to the internet, end of story. You'd never let your 10yo child hang out at the skater park because the moment you are not there present someone might abduct him, but letting your child create accounts on every social media imaginable and giving him unfiltered access to the network is somehow acceptable and the rest of the world should suffer because of it? Children don't need to own smartphones, computers or internet access, just like they don't need to listen to death metal or watch gore movies. Those things will come with time and maturity and your lack of parenting is never going to excuse the government snooping on everything I do
Teach them to read real books, on paper, by real authors. Given them lots of unstructured time in nature with other children, with a watchful parent nearby (this requires investment of a parents' time, but I can't think of a better investment).
Sorry, mine wasn't a plain boomer rant, there are plenty of "real" books I would never let my child read. Most classics are very mature and talk very vividly about violence, death, sex and atrocities. Children should be exposed to nuanced stuff that isn't dumbed down, it's just that these nuanced things should be in the realm of a child, leaving the more mature stuff to older people. A book talking about the friendship between two children in a complex way is cool and good, a book talking about the friendship between two drug addicts might be more suitable to someone who knows a bit more about life.
I agree with this, but this is something that needs to be done on the societal level. Doing this individually will be nearly impossible without impacting the social life of the child involved, which no parent wants to do.

I think the vast majority of people agree that unrestricted screens and online communication are bad for kids, so I think this idea could get pretty widespread support. It shouldn't be the norm that a 10yo has an iPhone.

It's like giving them a Land Rover instead of a Hot Wheels. But of course, the Hot Wheels of phones doesn't exist right now. Maybe it should. A smartphone dedicated for children, which can only install a small number of safe apps?

I understand the criticisms. But hear me out as a parent:

1) There is no way to monitor/prevent abuse for kid to get exposed to extreme (literally, potentially mentally damaging) pornography and perversion that percolates into the mainstream life via innocent channels - manga, anime, Reddit, and so on. When I grew up the content of that sort was significantly more limited, i.e. occasional porn GIFs, most fine erotic material, but nothing of the extreme sort you could easily stumble upon by just being online today, etc).

2) Qustodio can partially filter out some content as it's installed on the PC and the smartphone, but due to the all-pervading encryption it has no visibility into Discord and other social networks.

3) Disastrous breaches in IT school policies. School has given mandatory Chromebooks to all kids which they use probably half of the time in the class and for homework, and there is no way to bind the school account to Google Family Links - this is forbidden by the school admin. There is some filtering on the school Wi-Fi which school kids circumvent by joining their phone's shared Wi-Fi. Complained, received boilerplate "we are doing our best" reply. This is an independent school in London.

4) The only option I have is to begin breaking SSL in the middle via, say, FortiGate and hope it will catch some of the sites. This would also be applicable only to home Wi-Fi, rather ineffective.

As a parent, the only solution I have is to prohibit access to screen, i.e. take all devices away, completely. Which I have failed, as there are very little communal spaces for the kids to hang out and interact where I live, and those who do hang out tend to be vaping, drinking alcohol, etc. All the kids are online in the evenings - chatting, sharing memes, laughing together, or they have pre-arranged playdates.

So, my choice here is to completely take away all devices and, hence, completely remove the social component. Or just pray he won't get abused online. I, honestly, don't know what to do. I have been living with computers since 80s, started out with ZX Spectrum and PC/XT, and I am horrified by what allowing the kid to roam Internet without filters may lead to now.

I think that you are looking for a technological solution to a non technological problem, even if there was no encryption at all there is no way to 100% inspect all of your kids communications. The same way there is no way to follow them and watch them 100% of the time in the real world. The only thing you can do is educate your kid about these issues and trust them.
Your problem is not that the kids can't be protected with encryption, but rather that you want way too much control over these kids' lives. I know you think you are protecting them, but it is much better for a child's development to simply be told and explained how the world works. Also porn. Anyone who believes that they can hide everything from a child until they are of age and that they will always act in a wise manner after they are of age is naive.
Childen watching gore on liveleak, girls looking at anorexia inspiration and boys getting into extremist ideals are not really good for their development, and these resources don't "simply tell" how the world works. In fact, it's the opposite: they construct a desirable narrative that supplants interacting with the real world, they enclose someone instead of opening them up. It's a parent's job to ward off bad influence from their children, whom are not equipped with dealing with such stimuli. Maybe not even the parent is equipped. It's not a matter of hiding and controlling children, it's about not letting other abusive people raise your children instead of you.
Facebook seems to be doing all the heavy lifting on the extremism front. Overweight/underweight problems are just stupid and it takes like 1 hour to explain how to eat properly and then you never have to deal with that again. Videos of people dying at least serve as a counterpoint to movies where nothing ever happens to people doing dangerous stuff.
Facebook's and other providers' moderation policies could differ a lot from yours. But these are the platforms where you can usually enable a form of parental control at least. Videos of people dying, like in an accident or war, might be at least real, but potentially still very damaging because of the lack of narrative. Another issue comes when the video also contains narrative: for example when they distance you from what you just saw, by saying how the people deserved death, were a lesser kind of people, and so on.

Regarding the overweight / underweight problems, do you think that all the over and underweight people, and proper weight people who still battle some eating disorder, just missed a good hour of talking to? I wonder what you'd say to them.

> Overweight/underweight problems are just stupid and it takes like 1 hour to explain how to eat properly and then you never have to deal with that again.

I do not think you have a firm grasp of how peer pressure works and how powerful it is. That's like saying "we told people that drugs are bad, so clearly nobody will do drugs anymore".

When that 1 hour of food education is pitted against 10s of hours of immersion in an online dysfunctional-eating subculture, what prevails?

Perhaps children need 1 hour, or more, "don't fall in with the wrong internet crowd and let weirdos claim possession of your identity" education. I am not sure what form that would take.

You have misunderstood me. It is up to the parents to explain to the children that there are such things and that one day they might see them by chance. Just as children can come into contact with drugs by chance through friends. It is up to the parents to prepare the children psychologically for these situations and to act wisely in this moment. For example, children could stop watching such videos early instead of continuing to watch them or simply say no to drugs because they are already prepared.

The idea of protecting children from all this through control is naive for two reasons: 1. you can't monitor children 100%. This leads to the fact that I can never prevent all things. Both in reality and on the net. 2. as adults, these children must have already thought about all this in order to act wisely. A child who moves out at 18 and has not yet dealt with it is completely on their own, although the adults would have had time to explain everything to the children.

And one more thing from pedagogy that contradicts what you said: children process only what they understand and is relevant to them. For example, if you explain to a 4-year-old child what rape is, the child will absorb almost nothing of it. For the child, sex and the sexual need is foreign. Thus, they cannot derive much information from the explanation.

I have seen a lot of sick stuff on the net as a teenager. For example, a beheading of a white journalist in the Middle East by Islamists. No one could have prevented me from clicking on the link friends sent me. However, it could have been explained to me that there are such things on the net and how that should be classified. In the end, it was up to me to classify it. And of course, such experiences could have led to anything. For example, racism.

I agree that control is not the solution for this problem, communication is. Still, I think there are things that are not simply facts of life, like having unlimited access to certain things, let's say porn, gore, hate speech, and other abusive material. At the end of the day, I don't claim to know how to solve this issue, certainly not with outlawing or backdooring encryption, but I acknowledge this problem.
I'm afraid banning encryption doesn't alleviate this very real issue. In the current ecosystem, nothing is stopping people to install whatever they want on their phones / computers (well, Apple does stop them, but aside from that), and so, it's just an install away that the child rejoins the encrypted network where everything is possible.
> When I grew up the content of that sort was significantly more limited, i.e. occasional porn GIFs, most fine erotic material, but nothing of the extreme sort you could easily stumble upon by just being online today

You must have lived a sheltered life as a child. As soon an VHS tapes came around in the late 70's and my family got a player, I was exposed to all kinds of crap- rape porn, bestiality, snuff films, white power propaganda, etc. You name it, and we'd trade the tapes as kids. Sure it's a lot more convenient now, but it was all around back then.

I've taken the approach that I'd never be able to stop my curious child from seeing nasty stuff online, no matter how hard I try. The best thing I can do is educate and provide context. I explained pretty early on to my son that he has to be careful what he looks for online, because he'll find it. Now at 15 years old, he tells me, "you wouldn't believe the shit out there, it's disgusting." Exactly.

> You must have lived a sheltered life as a child. As soon an VHS tapes came around in the late 70's and my family got a player, I was exposed to all kinds of crap- rape porn, bestiality, snuff films, white power propaganda, etc. You name it, and we'd trade the tapes as kids. Sure it's a lot more convenient now, but it was all around back then.

It was, but wasn't. I never saw porn on VHS, nor did I have a sheltered life. It wasn't until I was 15, last year of secondary school was when I saw porn round a pals house.

My parent's were not the parents who were in to such content so there was never any of that in possession. True, it has always existed but regardless it can be damaging to a child.

> I am horrified by what allowing the kid to roam Internet without filters may lead to now.

I worry too, my nephew is only three and is happily running around playing with dinosaurs.

With social media the way it is, young teens selling themselves on OnlyFans, different types of pornography/hentai imagery traded on Discord. It's all horrifying.

Downvoted why? That teenagers are not selling themselves on OnlyFans? No one should be selling "pics" of themselves for cash.

Hentai isn't traded on Discord? look around, because it's all there. Join a NSFW "lewd" discord and see for yourself.

Discord welcomes 13-year olds to join the platform. That someone that young can see that content is horrific.

Discord allows you to mark channels as NSFW and only allows users who are over 18 to view them.

Not that that ever stopped anyone though lmao.

Well, the keyword here is "responsible parenting". The child has to understand that the restrictions come from you, and not from the computer. This means watching the screen together, and not relying on a fallible automated system.

Breaking SSL is not the answer for one more reason: with more and more web apps (cannot say "websites") relying on JavaScript-only content delivery, long polling, websockets, server-sent events, and who knows what else, there are less and less standards. Earlier, such nanny software worked because everything was text and HTML, and it is known how to stop bad things in these content types. Nowadays, we can't just block replies, because we have to substitute some dummy JSON (or whatever) instead, so that the app doesn't crash or hang - and such dummy replacement of the blocked content is application-specific.

Also, think about today's children, they are tomorrow's politicians: now you deploy an automated system that breaks the internet for them, tomorrow they will deploy an automated system that will deny access for you to anything published by the opposition.

Ah the horror. Ever tried actually talking to the kid? You guys didn't run around the neighborhood doing random shit when you were young? Were your parents horrified by what allowing you to roam without supervision may lead to?

If watching some weirdo porn was enough to mentally damage people, the world would look quite different.

The problem with porn doesn't really come from accidental exposure to particularly 'extreme' material, I think. That might just be a start. The core problem is, for young people (adolescents) and adults alike, the deliberate search for porn (with hormone-fueled determination, it'll get around technical hurdles) as part of an addictive pattern of behaviour. To counter that, there's no substitute for voluntarily and consciously avoiding it. This may be helped by education: knowing why it's bad, and also knowing why it seems appealing, i.e. sex education and basic addiction psychology, as well as knowledge of the other porn-associated problems as informed by one's broader moral framework. Good luck.
The thing is there are counter examples where, in my opinion on moral grounds, a child is entitled to privacy. Some examples on off the top of my head:-

* An LGBT child using LGBT safe spaces online. Being outed before a child has come to terms with their feelings themselves can be horrendous for their mental wellbeing, even in an understanding household. In less LGBT friendly households it could be extremely dangerous.

* An abuser is part of their family and trying to communicate that to teachers, authorities or whoever else.

Of course you are right to be concerned for your child, and age/maturity is really critical in this discussion. A 4 year old clearly shouldn't have unfettered access to the internet. Should a 15 year old who has shown they can be trusted be forced to have their parent view everything they do? I'm not sure.

> but nothing of the extreme sort you could easily stumble upon by just being online today, etc).

As an adult I don't "stumble" onto the type of content you're talking about and I browse the web a lot. So if children are "stumbling" onto this content, maybe just maybe, they don't need unfettered Internet access and their own private devices.

> nothing of the extreme sort you could easily stumble upon

From your post, I divine that you don't really like porn much. I actually seek it out; but I've never "stumbled upon" anything more extreme than a model who looks as if she's 17. You don't find kiddieporn by stumbling around pornhub.

Blocking content is not the way. I ran into Encyclopedia Dramatica and similar when I was like 12, and I wish that didn't happen, but there are no technical filters that would've stopped it. In my experience, kids will find a way around anything you could do, and they will want to fight what they perceive as unjust restrictions. Talk to them and communicate, you can't solve this with a technical solution.

Also, Discord is not end-to-end encrypted. (Messages are sent and scrollback is loaded over HTTPS, realtime messages are received over an HTTPS WebSocket. (They are compressed, but not encrypted any more than normal HTTPS.))

School devices are generally monitored/filtered way too much already. Fortunately until highschool I'd always been able to bypass blocking by changing my DNS or using HTTPS. My highschool has Fortinet though which seems to do SNI filtering so whenever I need to visit blocked things I have to use Tor. (There's probably a more efficient way but Tor works fine.)

>pornography and perversion that percolates into the mainstream life via innocent channels - manga, anime, Reddit, and so on

I'm not necessarily disagreeing with you, but it's interesting how manga/anime is invoked in these discussions, often unintentionally or even unknowingly recalling the image of 'weird Japan', a supposed hotbed of child abuse and perversion, where no material, much less anime and manga are safe for Western eyes, supposedly more moral and discerning.

I recently read a paper about this kind of discourse, in which the authors pointed out, quite rightly in my judgement, that the popularity of such readings in the mainstream Western press projects a certain idea of fiction and its relationship with reality which is not shared by many in Japan, and certainly not by the consumers of this 'pornography and perversion' according to ethnographic research on their opinions and perceptions.

Second is the idea of 'stumbling' upon porn. Some people even class Neon Genesis Evangelion as 'perversion' in its own right, and recently in the US, portrayals of adolescent sexuality in stories and books, which some lawmakers are trying to remove from libraries. I'm of the opinion that the sparation isn't nearly that easy. Teenagers writing Harry Potter slash fanfiction is a far cry away from Blender animated monster porn, and a fannish teenager or younger will have a greater interest in the former.

Consider just how well moderated most Internet communities are. The chance of seeing porn (as opposed to the anime equivalent of a very softcore porn gif) on r/all, or even r/anime is slim. A child is much more likely to 'stumble' accross it if a friend they know in real life sent it to them through Discord. The only other place I can really think of a child 'stumbling' in a zone meant for children would be Twitter, but then we're talking about Twitter, not 'reddit', 'anime', or 'manga'. In other words, I'm saying that just because the material exists, it doesn't mean it's innocently 'stumbled' upon by a wide-eyed child. Children get curious, especially when you tell them not to do something, or society provides that narrative.