Edit:
I am aware about EU DMA that has working on mls and interoperability but nothing about csam and breaking encryption or sharing with third parties....
How will both exist together?
Is chat control part of new legislation supposed to undermine DMa?
Could you please stop posting unsubstantive comments and flamebait? You've unfortunately been doing it repeatedly. It's not what this site is for, and destroys what it is for.
Stating a opinion and calling out stupid comments (that later got edited to make them less stupid) is not "flamebait". How about you stop shadow-banning people?
If anything the OP of this thread was "unsubstantive" and "flamebait".
And if "Most stories about politics ... are probably off-topic" WTF is this bullshit? What is "probably". Who decides what "Political ... or other stories are not for this site and what are? This is so typical tech vague BS. There are political stories that have absolutely nothing to do with tech posted here on a daily basis, nobody respects or understands this stupid guideline. They all just tell themselves "my political story is totally not off-topic for HN" because the guidelines are so vague.
You've got a point because that comment was edited (I know, not just because of the note the OP has used but because I also replied to it prior to the edit). However, you're not going to get far if you put it like that.
My advice, as a former shadowbanned hothead, would be to give dang an email and apologise, and point out calmly that you were responding to a comment that was later edited, and that'll you'll try to be less openly aggressive when posting in future. Dang probably appreciates nice emails like that.
Snark is supposedly discouraged on HN but I guess it's hard to police, you might move on to that ;-)
You might want to familiarize yourself with how we think about these things—for example the question of how to moderate political stories on HN. There are lots of past explanations on that at https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so.... These two links are ok starting points:
This site has a 15-year history with these questions. You're absolutely welcome to disagree with how we do things but it would be good to know what the approach actually is before agreeing or disagreeing with it. It's based on some pretty clear principles. If you can figure out a better way to moderate HN with respect to such questions—that is, a way which does a better job of following those principles—I'd love to hear about it.
It’s like it’s repeating itself or using too many punctuation marks. Emoji are meant to be the informal and succinct. The emoji don’t make it briefer.
With that said the message is very serious. And serious isn’t disjunct to formal.
I think highlighting the difference between the people (real warm) and the bureaucracy (operated by people who are taught to turn off their empathy to serve the system) is worthwhile and has been proven effective in populist campaigns of late.
All in all it’s interesting political communication.
They are like little doodles in the text. They don't convey any more information than is already in there. Things which are urgent are generally best written with as little adornment as possible. If someone isn't already for the cause it can cause them to not take your writing seriously.
Imagine if you're the parent of a child and they send you this message:
> "Active shooter at school "
The time taken to get the emoji undercut the seriousness of the message. They are apparently trying to communicate something important but deliberately wasting my time.
> Currently a regulation is in place allowing providers to scan communications voluntarily (so-called “Chat Control 1.0”). So far only some unencrypted US communications services such as GMail, Facebook/Instagram Messenger, Skype, Snapchat, iCloud email and X-Box apply chat control voluntarily (more details here). As a result of the mandatory Chat Control 2.0 proposal, the Commission expects a 3.5-fold increase in scanning reports (by 354%).
> Is chat control part of new legislation supposed to undermine DMa?
Ursula von der Leyen has a long history of instrumenting children and CSAM to get more control. She did the same in Germany, she’s an utterly despicable person.
Could you please stop posting unsubstantive comments and flamebait? You've unfortunately been doing it repeatedly. It's not what this site is for, and destroys what it is for.
This kind of thing destroys what the site is for, so if it keeps up, we're going to have to ban you. If you'd please stick to the guidelines from now on, that would be good. Among other things, that means no personal attacks, putdowns, or snark.
It isn't rare in politics for a politician to be opportunistic rather than incompetent.
If they tell you they want to invade your privacy over internet casinos and copyright infringement, you tell them to pound sand. If they claim it's to arrest pedos then you tell them to pound sand and they accuse you of being a pedo. Then you have to accuse them of being a Nazi and reasoned debate is at a close and it becomes a popularity contest, which is the only way the people with no capacity for reasoned debate can win.
> It isn't rare in politics for a politician to be opportunistic rather than incompetent.
What's the opportunity here though? They're not making any friends in the tech industry so it's not to secure a job, it's not popular with a lot of people, I don't get what they're gaining here.
Evil might be too strong a word, but when we have seen such a pattern of behaviour, I think we're well past the point where we can assume ignorance and incompetence in the case of von der Leyen.
(That's not to say she's not ignorant and incompetent in many ways, because she clearly is, but I'm talking about the root of these specific behaviours, which seems pretty clearly intentional at this point).
Back when she tried her censorship thing in Germany, people openly (this was all through the news and done by child abuse survivors, so it’s not as if she had no clue) showed her how easy it was to get CSAM removed, yet she refused to entertain even a "best effort" to get it deleted and kept saying it’s impossible to remove, only concentrating on building up a censorship infrastructure.
That said, she has generally been pretty incompetent in every role, but keeps falling upwards.
Western Europe seems to hover around $20,000 to $30,000 in disposable income, which seems like quite a bit. Certainly it's more than Eastern Europe and Asia have, even if it's less than parts of North America and Oceania.
Disposable income is extremely pointless to compare if you want to figure out how much people will have left to pay for your product. Look at actual spending in whichever category you're interested in.
To illustrate, let's subtract some spending categories from that disposable income which tech companies generally don't compete for: Germans spend $13713 + $1604 on housing/lodging vs $22624 for Americans, education $255 vs $1226, food $5706 vs $8289, health $1632 vs $5452.
So comparatively Americans are already down $14681 of that disposable income, which definitely won't be spent on whatever some American tech darling produces - food, housing, education, and health spending is generally considered more important than getting a Meta Quest headset.
At the end of the day US/Germany spend the same amount of money on entertainment/recreation almost to the dollar. France is similar in that regard and together Germany and France are already a market of close to 150 million people.
Numbers are from 2021 using the historic EUR/USD exchange rates.
The point is: drill down to some category and compare actual spending in it. You'll be surprised how wildly some things vary even between countries that nominally have the same disposable income.
It seems like it depends. If it's just paying fines, like where the EU uses US tech companies as a piggy bank, you can easily compare your revenue to the cost and decide to stay. It's not as much money as it would be otherwise, but with zero-marginal-cost products, it's still worth it. On the other hand, where it would completely break your product, like in the case of installing backdoors into E2EE chat applications, it might not be worth it anymore. Google and Meta survive fine without China, for example.
And then emerging companies and nations will fill the gap. This may benefit everyone except pre-existing hegemons, suffice to say it’s not in a monopolists interest to allow any other significant marketplace to be dominated by another. This is why we the strategy of isolating China rather than competing directly may backfire. Also why China protecting it’s own internal market is net beneficial for the world in aggregate, whilst perhaps not good for dominant powers (hence the geopolitical u-turn from China good to China bad)
I don't know how serious this take is or if it's more emotional than not.
This is probably the same reaction regulators have around the world, where they'd prefer to have their own walled garden where they apply their own rules and don't need to talk to anyone else. Except when there's lot of money down the line, then they'll do an effort and make exceptions.
That's how many US services reacted to GDPR. That's how many Japanese services reacted to VISA/Mastercard ban on sexual content. That's how China is reacting to many things. I think we'll see more and more example of it down the line.
On one side, balkanization can probably help to get more diversity and allow local content to thrive with less competition. On the other side, it's basically reversing decades of cultural evolution that happened on the net, which I personally think sucks a lot.
> the same reaction regulators have around the world, where they'd prefer to have their own walled garden where they apply their own rules and don't need to talk to anyone else
I don't like the trend of balkanization, but I have to say that this is kind of suffering from a lack of perspective. What you call "their own walled garden" a lot of people call "national sovereignty", especially people who dislike the fact that the "unregulated" internet was actually regulated by the United States for all intents and purposes, and so "lack of regulation" was equivalent to letting the US run a critical piece of their national infrastructure. It should be understandable that people kinda didn't like that.
You're right that it comes down to national sovereignty. I'll show my bias: I don't think a complete lack of sovereignty is viable nor desirable. Completely erasing cultures and local specificities won't help, and I agree there is way too much US centralized critical infrastructure.
But I prefered a kind of status quo where the big players are in a standstill and can't make bold moves that could destabilize the whole board. Basically the state where the US couldn't abuse too much their position in fear of the other entities calling it quit, and the other entities couldn't completely close their borders in fear of losing too much as they retreat.
In recent years we've seen more and more moral/cultural rules getting applied to critical infra (payment, communications etc.), and I guess we're not getting that standstill back anytime soon. That also means we're back to black market style communication, as it was in the earlier decades, when we were looking for a common ground less constrained by national limitations.
> In recent years we've seen more and more moral/cultural rules getting applied to critical infra (payment, communications etc.), and I guess we're not getting that standstill back anytime soon.
This really depends on what the response to that is. People tolerated centralized chokepoints because they were neutral. That was why they historically feared doing otherwise -- it would give people an incentive to disintermediate them.
So now people are going to try to disintermediate them. Question is how long it takes to happen.
4) Get a good lawyer who is well versed in international jurisdiction issues to avoid getting dragged to an EU court anyway. Possibly operate from a non-extradition country.
There's a reason cookie prompts aren't just in eu, afaik(maybe wrong) the law will cover even eu citizens outside of eu so idk, even if you geoblock the eu you may still have problems)
You are wrong, cf. GDPR article 3. The Belgian DPA even ruled that GDPR is unenforceable if the controller is not located in EEA, does not serve anyone in EEA, and does not monitor EU individuals. https://gdprhub.eu/index.php?title=APD/GBA_(Belgium)_-_161/2...
Because GDPR-like laws also exist in about 120 countries outside the EEA, some actually stricter than the EU GDPR. The USA is a fringe exception there.
The EU is a total clusterfuck when it comes to tech regulation. Maybe the only good thing out of the EU is GDPR, everything else has been a massive overreach doing more harm than good.
How is GDPR any good? All I saw is addition of misleading popups in the sites without any actual improvement to privacy. Has any big tech reduced data collection after GDPR?
Are you in a position where you would know firsthand whether big tech data collection is trending up or down, or if not, could you share the research you've done to reach your conclusion? It seems plausible to me that the fines and other penalties have forced changes in how some companies operate, based on the large fines (absolute value, not % of revenue...) that have made the news in the past five-ish years.
What conclusion? As I said in my message, I don't know of any reduction in data collected. I am turning to community who might have some example if there is any instance of that.
Their business model is sucking up all your data and using it to target ads. You can tell they're still doing it because they're not making any less money.
No doubt it made them spend a lot of money on lawyers to figure out the best way to keep doing it, but what good is that?
Welp, considering rumors that meta is going to introduce a fee for using their apps with opt out ads in eu, maybe they really feel the effects of the law
There has been sweeping changes in log management, data export to outside entities, reliance on third party providers to parse that data and come up with insights etc.
Pre-GDPR, you'd open your logs to any random company promising to come up with something that could remotely help your marketing department. Nowadays, you'll have to vet your partners and audit how your data is handled internally. It's hard to come up with concrete examples when it's basically every single company above a decent size, as they typically don't want to work against the law.
Same for the retention period, the very type of log that you'd open for internal harvesting (you could still be collecting the info, but keep it way more confidential to the point no one outside of your SRE team has access to the totality of it)
It's as if you were asking what changes the PSI and DSS compliance laws had on the card processing field.
Considering they keep racking up fines I seriously doubt it. It's become like banking regulation, fines are just a cost of doing business and you just have to factor in the percent chance of getting caught times average size of fine vs revenue.
But banking regulation still has an effect on any entity that can't afford to be continuously fighting lawsuits and paying fines.
And actual changes happens on many of these cases. An entity getting fined three of four times for different offenses doesn't mean they never fix any of the issues.
An easy example could be Google, who've been a target of so many of these complaints, and made many adjustment, up to building separate data centers with separate management rules to deal with the EU situation.
In my experience there are much more stringent control over logging. Tokenization is the default for anything related to PII or customer data. Log retention rarely goes over 30 days. Data residency is now in the conversation when talking about storage. Maybe smaller companies can fly under the radar, but any larger companies with auditing and compliance controls take it seriously.
They'd have less success and support if the EU wasn't the only entity doing something about antitrust and market abuse. This kind of massive initiative becomes realistic because they've been battling for ages against the tech giants and know they can take the heat.
Are they though? They make a lot of noise about it but meanwhile who have they broken up? You can't even replace the OS your phone came with in most cases, Safari/Chrome derivatives are 95% of the browser market, app stores are still charging 30% with no meaningful competition and excluding apps that compete with their own, Qualcomm et al don't publish what's necessary to produce indepedent firmware for the zillion devices that use their chips and whose OEMs went out of business or otherwise stopped updating them.
Sound and fury is nothing. Actually fix some of these.
Apple, for iOS? You have to use their browser engine, you can't install anything like a JVM or the .NET runtime that competes with their APIs, you can't replace the Apple libraries that other apps use even if you were willing to implement the same interface, you have to use their App Store app to install other apps, you can't produce kernel drivers for third party hardware, pretty much all of the software they include with the device you're proscribed from replacing with a competing offering from someone else.
Google uses different methods (e.g. until fairly recently third party app stores couldn't auto-update the apps they installed, now many apps require attestation that fails if you don't run Google's code), but somehow or other the vast majority of Android phones still end up with Google Play and Google services.
Browsers with their own browser engines and bytecode runtimes are apps. These are the exact things Microsoft got in trouble for in the 90s -- because they enable competition.
A translation layer between a generic API and Apple's isn't the same thing. It can't add things Apple's doesn't already have. For example, how do you run CUDA or OpenCL code on Apple's devices? Can a cross-platform framework provide a payments implementation so your cross-platform app can use a cross-platform payments system for in-app purchases? No, because they make you use theirs and apps that compete with theirs aren't allowed.
Visual Studio Code is clearly an app. Apple doesn't allow it on iOS. Apple makes a competing app -- for which they want you to buy a Mac.
You can't just use a definition of "app" that means "whatever is in their app store" and then claim that whatever they don't allow in their app store isn't an app.
Apple never stopped VSCode from being on iOS. There are plenty of IDEs for the iPad built by third parties.
No one would ever call a virtual machine an “application”.
Are you making up things now? You don’t run CUDA on any non Nvidia hardware.
But yes, you are free to port OpenCL to iOS if you want to.
> Can a cross-platform framework provide a payments implementation so your cross-platform app can use a cross-platform payments system for in-app purchases
A “payment API” is not an “application”. Yes the cross platform frameworks do expose the underlying API.
And you can have a cross platform app that forces you to subscribe outside of the App Store - Spotify, Netflix, Microsoft, etc all do that.
> No because they make you use theirs and apps that compete with theirs aren't allowed.
Are you saying that their no competitors on iOS to AppleTV, Apple Music, Apple Podcasts, Apple Books, the iWork suite?
CUDA drivers exist for pretty much every platform. They don't work without an Nvidia GPU, but in-theory nothing stops you from running CUDA code on iPhone besides Apple.
> Are you saying that their no competitors on iOS
None with the same competitive advantage as Apple. Whether that is fair or not seems to be up to individual markets.
So exactly how is Apple stopping you from implementing the entire CUDA API as a library to include within your application noting that no one has done it on non Nvidia hardware?
So are you saying that
- Apple Music is more popular on iOS than Spotify?
- The iWork’s suite is more popular than MSOffice or GSuite?
> So exactly how is Apple stopping you from implementing the entire CUDA API
Well, neither the hardware or software supports PCI access, so... connectivity would be a start. It's about time iPhone supported Thunderbolt anyways.
> So are you saying that {Apple Music is more popular on iOS than Spotify?, ...}
I'm saying that Apple exerts a literal anticompetitive advantage by choosing their own margins (among many other things). Nothing about legislation like the Digital Market Act accuses Apple of monopoly. It designates them as a Gatekeeper (a position Apple chose) and holds them subject to additional guidelines. That is the cost of owning a userbase in Europe, now.
> I guess since the tech industry in Europe can’t export anything worthwhile
Let's see!
I, for one, would be very excited to watch Apple admit that the European audience isn't worth their while. After all, Apple acquires their companies year[0] after year[1] after year[2] after year[3] after year[4] after year[5] after year[6] after year[7] after year[8] after year[9] after year[10] after year[11] after year[12] after year[13].
Well, maybe Europe matters to Apple... b-but not much!
Evidently Apple can't make it on their own, either. If Europe meant nothing to them, they'd just leave.
...I don't even give a half-shit about Europe, either. I just find it funny how their sovereignty pisses off corporate sycophants so much. People like you actually get worked-up into writing comment-after-comment of non-argument, refusing to write something more substantiated than ad-hominem attacks. All I have to do to refute you is cite my sources.
This coming from someone who is asking why you can’t use CUDA - which only works on Nvidia hardware on ab iPhone and then suggest Apple supports external GPUs via Thunderbolt on the iPhone just in case someone wants to carry around an Nvidua breakout box to do intensive GPU work on an iPhone.
Of course you would also need a power plug.
And this is why when you leave geeks to their own devices they end up designing something like the Homermobile.
And none of “Apple’s competitors” pay a penny for in app purchases to Apple. They all force you to subscribe outside of the App Store.
> you can’t use CUDA - which only works on Nvidia hardware
Tell me you've never used CUDA without telling me you've never used CUDA.
Before Apple revoked Nvidia's certificates, they in fact did support CUDA on Apple hardware. You needed an Nvidia GPU to run it, but Apple hardware and software is a perfectly usable client: https://www.nvidia.com/en-us/drivers/cuda/mac-driver-archive...
Failing that, Nvidia still maintains BSD-style drivers if Apple did let them install their drivers. Now you're going to yell at me about how this is an unrealistic workflow, but plugging your iPhone or Mac into a TV, DAC or external drive isn't.
> just in case someone wants to carry around an Nvidua breakout box to do intensive GPU work on an iPhone.
Sure. They exist, nothing on the technical side stops Apple from implementing it. My point is not that they must add the feature, but that it is totally possible if Apple didn't arbitrarily limit userspace drivers. Draw your own conclusions about it, I couldn't give less of a shit.
If changing the iPhone to Thunderbolt and supporting eGPUs in software is equivalent to a "Homermobile" in your head, get a grip.
> Before Apple revoked Nvidia's certificates, they in fact did support CUDA on Apple hardware. You needed an Nvidia GPU to run it, but Apple hardware and software is a perfectly usable client:
> Now you're going to yell at me about how this is an unrealistic workflow, but plugging your iPhone or Mac into a TV, DAC or external drive isn't.
So how large do you think the market is for an external GPU on a phone? If there were a market for it, why isn’t anyone doing it on an Android phone?
We are talking about iPhones - not Macs. If you can engineer an Nvidia breakout box for ARM based Macs, there is nothing stopping you from turning off System Integrity Protection and installing an unsigned driver and you doing it yourself.
> Failing that, Nvidia still maintains BSD-style drivers if Apple did let them install their drivers.
You can turn off SIP right now and do it, good luck getting that working on an ARM based Mac where even Apple hasn’t architected a method yet to use third party GPUs.
> Sure. They exist, nothing on the technical side stops Apple from implementing it. My point is not that they must add the feature, but that it is totally possible if Apple didn't arbitrarily limit userspace drivers. Draw your own conclusions about it, I couldn't give less of a shit.
If there were a market for it on phones why doesn’t it exist for Android?
> If changing the iPhone to Thunderbolt and supporting eGPUs in software is equivalent to a "Homermobile" in your head, get a grip.
Yet no Android supports an external breakout box for eGPUs. Maybe it is a Homermobile?
Like I said in the last 2 comments, I honestly don't care about this. The fact that you reached for my CUDA meme as a legitimate counterpoint after being refuted so hard is almost heartbreaking. You can rest, you don't have to spend every opportunity grinding your axe on a corporation's behalf.
It is really funny watching you be butthurt about European regulators though. Can we go back to that, or will I have to wait for the bill to hit frontpage again? If you're done complaining about that stuff, I don't think we have much more to talk about (sorry for cutting out the eGPU detour, hope you had fun).
You could if you had the technical prowess create an Nvidia breakout box for the Mac right now Apple doesn’t stop you from doing anything you want. You brought up Apple stopping you from running CUDA on Apple hardware
Hopefully you realize the original Europe claims were absurd. But uhh... up to you pal. Clearly we live worlds apart.
> You could if you had the technical prowess create an Nvidia breakout box for the Mac right now
You can't even do it on Linux without official Nvidia drivers, which Apple refuses to sign for MacOS. Nouveau is veritably broken on modern GPU hardware; you either run the blob or get 2D raster output at 20FPS and no power management.
Would you be happier if I said "excluding software that competes with their own"?
Why would it be any better if they are excluding hardware that competes with their own?
> Apple never stopped VSCode from being on iOS. There are plenty of IDEs for the iPad built by third parties.
VSCode is an app that needs the .NET runtime, in order to run the code you write in e.g. C#. They don't allow the runtime it needs which means they don't allow the app (which competes with theirs).
> Are you making up things now? You don’t run CUDA on any non Nvidia hardware.
iPads have Thunderbolt, so you could actually plug NVIDIA hardware into them. Or someone could port CUDA to Apple's GPUs, as AMD essentially did with HIP. Except that would be this:
> But yes, you are free to port OpenCL to iOS if you want to.
Implementing such a thing efficiently requires driver support, but you can't modify the drivers nor supply your own.
> A “payment API” is not an “application”. Yes the cross platform frameworks do expose the underlying API.
A payments system is a part of an application. They prohibit broad categories of apps that use any but their own payments system.
Using Apple's payments API doesn't allow for apps that use a competing payments system, which was the whole point.
> And you can have a cross platform app that forces you to subscribe outside of the App Store - Spotify, Netflix, Microsoft, etc all do that.
I point to a category of thing they prohibit and then you point to the exception that proves the rule as if that meant they don't impose the rule.
We know they don't do it for a specific subset of subscription services anymore. They still do it in general, which is to say that they still do it.
> Are you saying that their no competitors on iOS to AppleTV, Apple Music, Apple Podcasts, Apple Books, the iWork suite?
This is the same thing again. It's not a question of if they prohibit every app that competes with theirs, it's a question of if they prohibit any app that competes with theirs.
> VSCode is an app that needs the .NET runtime, in order to run the code you write in e.g. C#.
You could not possibly be more wrong. VSCode is written in Typescript. It is an Electron app. There have been cross platform JS frameworks that ran on iOS for a decade.
Besides that, it’s been years since you have needed the .Net runtime to run .Net applications.
> So now are kernel extensions also “applications”?
They're things some "applications" need in order to function, so if you can't include them you've effectively prohibited those applications.
But what does it matter if something is an "application" or not? Why is it any better if Apple precludes third parties from competing with their kernel extensions?
> VSCode is written in Typescript. It is an Electron app.
It's not the IDE you have to be able to run, it's the code you write in it.
> And Microsoft already has a solution to run .Net code on iOS
That's just compiling the code to a native binary, which you would then have to go submit through Apple's store. How does that help for an IDE expected to allow you to test (i.e. execute) and debug the code you've just written ten seconds ago?
> Can you name any none pay to win games that couldn’t be a subscription service outside of the App Store?
We can see right there some examples of what isn't allowed:
Not facilitate real-time, person-to-person services (e.g., providing tutoring services, medical consultations, real estate tours, or fitness training).
Apps that let people access digital content such as music or video, but not as the primary functionality, are not considered reader apps and are not eligible for the External Link Account Entitlement. For example, a social networking app that lets people stream audiovisual content is not eligible.
> And your solution to supporting CUDA is a breakout box on an iPad with an nvidua card? Who the hell is going to buy that?
Presumably the same sort of people who buy the existing graphics card docks on the market for other platforms.
There are plenty of solutions for running Python in an IDE on the iPad. There is an even an x86 emulator and a Linux terminal built on top of it in the App Store.
It can run anything that you can run on an x86 in user mode. I downloaded the AWS CLI (which requires Python) to run some tests
By the way, you were completely wrong about VSCode being written in .Net.
> That's just compiling the code to a native binary, which you would then have to go submit through Apple's store. How does that help for an IDE expected to allow you to test (i.e. execute) and debug the code you've just written ten seconds ago?
There is an existence proof that it could be done. If you ran iSH with remote VNC you could have a full IDE on a Mac.
> We can see right there some examples of what isn't allowed:
Not facilitate real-time, person-to-person services (e.g., providing tutoring services, medical consultations, real estate tours, or fitness training).
You lack imagination. I actually know someone who does fitness classes online where most people use iPads and doesn’t pay Apple a dime - she’s sleeping right next to me. She uses Zoom.
> But what does it matter if something is an "application" or not? Why is it any better if Apple precludes third parties from competing with their kernel extensions?
It matters because once you allow kernel extensions it can bypass the security sandbox.
Do you also think that Apple should allow third parties access to the Secure Enclave?
You're asking these questions as if others have shown strides in all these domains and they're table stakes.
Apple got asked why they take 30% by the US gov, answered that they just like money, and never got asked anything again. The only gov that could do squat on that front is China. Netherlands and Korea barely got some small exceptions.
Same way Google's only trial that went anywhere regarding Google Services binding happened in EU, and the only country that got away with a vibrant android ecosystem is China (to my knowledge...does India do too?)
I'll poopoo Eu's efforts when another entity actually splits Google away, and I'll be really happy to do so, trust me.
You're using "at least they do something about antitrust" as an excuse for all their poorly thought out rules that increase compliance burdens and actually make competing in those markets harder. You can't then say "well the US isn't doing it" -- the US isn't imposing the higher compliance costs either.
Mandated USB-C was good, swappable batteries that's coming in a few years as well. GDPR was mostly useless and the only real consequence is more cookie banners that people accept as a knee jerk reaction and a lot of money that went to lawyers and "consultants" which helped smaller businesses get "GDPR ready".
Chat control is not really tech regulation though, even if it affects tech the proposal is written by people who have no idea what the fuck they are doing. Ylva Johansson (The MEP responsible for it) has even said straight out she has no idea if or how this should be complied with but "They will figure it out" (They being tech companies). With people like that deciding our laws of course you end up with shit like this.
I would disagree with that. I like being able to download a copy of all my data from all these big websites. Since I no longer use Twitter/X, it's nice to have a copy of everything I have posted there.
It was enforceable before too, thanks to the Data Protection Directive from 1995. GDPR is an harmonization of the various national transcriptions of the DPD, plus higher fines, a better cooperation mechanism, and data portability (which is a bit useless but it's nice to have). Cookie banners also predate GDPR (it was the ePrivacy directive).
> Yes, but now with gdpr it's enforceable, what if twit decides to stop providing that data?
Why would you want a law with high compliance costs to solve a problem that was already solved? It makes no sense to impose the costs unless the thing it purports to solve actually presents as a problem.
As someone that worked in an EEA tech company when the GDPR was actually being implemented, it absolutely did a ton for improving how much focus there was on privacy and PII security. That has seemed to be true for the places I've worked since too, from what I've heard.
Most companies still have no good process for data deletion or export, and I am fairly convinced it would be even more dire if people hadn't started preparing for the GDPR years ahead.
Mandated USB-C disincentives ever improving on the connector. The EU attempted to enforce a similar mandate for micro-USB back in the day - can you imagine if they succeeded? Fortunately, we got Lightning and USB-C thereafter, but improvement is always possible.
Product design doesn't need to be written into law.
Lightning originated when there was a talk about mandating micro-USB and finally died, after 11 years, when USB-C was mandated. If not for that legislation it would still be alive.
Not remotely the same for micro usb. It wasn't the same law.
Now it will be a chicken and egg problem. No one will want to put a new connector in phones, because they'd need usb c too anyways. So no new standard will emerge with wide enough industry support. If the micro usb "mandate" was as binding and restrictive as this one, we would not have had usb c.
> No one will want to put a new connector in phones, because they'd need usb c too anyways.
This is why the USB Implimentation Forum exists. If you want to put a new connector in phones, do it; just do it through the proper, standardized and official channels. If every manufacturer had their own competing charging standard, we would be back to square 1 with 15 different ways to route serial data and 15w of juice. As companies like Apple have so gratefully demonstrated, most companies tend to invent those chargers for licensing royalties rather than a willingness to push the envelope on charging or data transfer technology.
Good. I don't want a company to create and monopolize some arbitrary improvement over the current technology. I want those developments to be forced into standardization to compete, and offer backwards-compatibility just like USB does.
And plus... it's a serial cable. The demand for "research and development" has remained the same since they figured out how to flatten the type B connector. You can't fool anybody by releasing a 'new and improved' cable or connector that is just the same serial bus with proprietary mumbo-jumbo on top.
When it comes to charging and serial standards which have not meaningfully evolved in over a decade... yeah. It would be kinda nice to trade marginal improvement for compatibility and stability. The USB-C connector is not limiting smartphone data or charging speeds anyways.
The EU just mandated a charging standard. It didn’t mandate that Apple go whole hog implementing the USB 3.1 protocol including video over USB C - all things that the typical Android phone doesn’t do.
Regular iPhone is midrange - it has USB 2.0, and yet it just started to be sold. Apparently 23 years old solution is still ok for lots of the people.
When do you think mobile devices will be limited by USB-C? Another 20 years? Is it worth for you to allow mess, vendor locks and ripping of customers for another quarter of century, because some magic connector that solves problem we don't know exists can be delayed by 2-3 years? Really?
Anti-competitive practices from corporations delay progress way more than that.
I guess power cords and power plugs landed on perfect designs. It's weird how there are so many different "perfect" power plugs though.
A periodic review process won't matter. Somebody has to actually research, design and create an alternative. Why would they spend resources on that if their competitors can just decide that they're not allowed to use it?
Not at all, I think it achieved exactly what it was designed to do. The part where we blindly accept cookie banners without holding companies accountable for doing so much tracking (or put them in place without questioning if they're needed) is totally on us.
GDPR did give us the tools and the means, we just don't take full advantage of them.
You mean the thing that made web browser worse and entrenched the large players who are more easily able to conform to the 11 chapter 99 section monstrosity?
It's the main reason EEA countries show the full price of something on their price label, as well as unit prices (e.g. cost per kg) in most cases. You may not be aware of it if you're outside of europe though.
A bit less than 25 years ago, I was IT director at a small tech company. The MD approached me and asked about how we stop people looking at pr0n on the company's internet.
I looked into it, and worked out how much we'd need to restrict and monitor everyone's internet activity. And then realised that this wasn't a tech problem at all. If someone is looking at pr0n instead of doing their job, then that's a line management problem. Exactly the same as if they were reading a copy of Playboy at their desk.
Preventing child abuse is, similarly, not a tech problem. It's a human problem. The internet did not cause this problem, and if we monitor every single byte sent over a wire, the problem will still remain.
Not so much these days. But back in the day one of the crude efforts to control access to porn on the internet was filtering for the word "porn", which lead to a standard mis-spelling of it as "pr0n". Which became so ingrained that I now spell it that way by default.
I was mostly referencing that rather than trying to avoid an actual filter now.
"Child pornography" is very specifically-defined in terms of strictly-photorealistic content.
Notice that the topic discussed here is chat control. What does this have to do with photorealistic content?
The "CSAM" moniker is a broad net that drags other forms of media into scope. Sharing a fictional story about raping a child isn't child pornography (there's no victim)...but it is CSAM.
Same with manga/comics, sharing elaborate fantasies, AI images and any other fictional products. As CSAM, all of it becomes fair game for indictment.
Groups pushing to call child pornography CSAM push to ban fictional media also. But people were prosecuted for virtual child pornography before. The groups justify the new term saying all child pornography depicts child sexual abuse. And people talk about virtual CSAM.
You can apply this argument against pretty much anything: theft, murder, sexual assault, general twatery, etc. because in the end almost every crime or other undesirable behaviour is a "human problem".
Almost no one would disagree that removing all instances of CSAM from the internet would be a good thing, whether it's a "human problem" or not. That's not really the issue. Things like "how much we'd need to restrict and monitor everyone's internet activity" is the problem: it's all very complex and probably not worth the cost.
> You can apply this argument against pretty much anything: theft, murder, sexual assault, general twatery, etc. because in the end almost every crime or other undesirable behaviour is a "human problem".
Exactly?
None of them are tech problems, they all predate the tech and so do the solutions. The police do ordinary policework, arrest the criminals and they're convicted of their crimes.
Mass surveillance is a dangerous power grab regardless of the purported rationale.
The argument is "it's not worth the trade-off, because the downsides are [X]".
This is a profoundly different argument than "we should never under any circumstances use any technology to prevent anything because 'it's not a tech a tech problem' and/or 'it predates tech'".
Merely "X predates Y" is a worthless argument that can be applied to almost everything (accidents predate cars, murder predates guns, war predates ICBMs, etc. etc.)
The distinction is between the police using technology and the population being subjected to it involuntarily.
Fingerprints are a technology. If your fingerprints are on the murder weapon the police can use that as evidence that their suspect is the murderer. That's not the same thing as requiring everyone to be fingerprinted ahead of time.
The point is not that we're using tech to prevent something. The internet does not prevent pr0n, after all. But that you can't treat a human problem as if it was a tech problem merely because the tech allows it to happen easier.
My point was that the underlying problem is that some people want to look at porn instead of work. That's the problem we have to solve. The internet is just a symptom, it allows those people to pretend to be working while actually looking at porn. The solution is not to cripple everyone's internet access. The solution is to either change the people, or change those people's attitudes, so they don't want to watch porn at work. It's a human problem so it can only be solved in human ways.
With CSAM, the problem is not that there's child porn on the internet. The problem is that some people like to abuse children. We need to solve that problem. Monitoring every byte sent over the internet is not going to solve that problem. It's a human problem. We need to work out ways of detecting these people sooner in life and either help them over it, or remove their access to children. I'm not a social worker so I don't know how we'd solve that problem.
> We use quite a lot of tech to mitigate the theft and murder problem. Including stuff like having lamps on the streets in the night.
These are not required by law, or if they are they shouldn't be.
> Only around 54% of murders are solved by police.
This is quite sufficient to provide an effective deterrent. If someone is willing to take a 54% chance of a murder conviction then you weren't going to deter them with a 59% chance of one.
The clearance rates for other crimes are even lower, no it is not some kind of super effective deterrent. Police is simply not effective in solving crimes.
They don't have to be 100% effective. They don't even have to be 10% effective most of the time, because the penalties for most crimes are high enough to make up for it. If you steal $1000 and get away with it 90% of the time and go to jail for two years 10% of the time, your expected value is negative because you can make well over $10,000 in two years by doing honest work instead of prison labor.
> Almost no one would disagree that removing all instances of CSAM from the internet would be a good thing, whether it's a "human problem" or not. That's not really the issue.
Would removing all instances of CSAM from the internet be a good thing if it would lead to an increase in CSA? After all the human problem still exists after removing CSAM.
> Would removing all instances of CSAM from the internet be a good thing if it would lead to an increase in CSA?
Yes.
Even if CSAM would reduce actual abuse (which is a big "IF", last time I looked researched leaned weakly towards that it increased abuse), the argument is essentially a variant of the trolley problem: "we'll let one kid be abused to make the CSAM to save n others". I'm not comfterable with that, especially since alternatives such as cartoons, AI-generated, or just old-fashioned photoshop exist (but whether that's a good thing is debatable, and is rather off-topic here).
I don't know what the EU chat law thinks of that, I'd have to read the law[1], but no child was abused so it's not CSAM under a "common sense" definition.
No one uses a common sense definition of CSAM. No child was abused if 16 year olds send each other pictures of themselves. But it is child pornography even so. And groups pushing to say CSAM instead of child pornography push for fictional depictions to be criminal also.
Perhaps I'm misunderstanding something, but are you saying that if the research said conclusively that banning CSAM absolutely leads to an increase in actual sexual assaults against children, it would still be a good idea to ban CSAM?
That's a false dichotomy. If research conclusively showed that banning CSAM leads to an increase in actual sexual assaults against children, it wouldn't mean we should permit CSAM. Rather, it would suggest that the strategy needs to be reconsidered. F.i. shifting focus to the root cause instead of focusing solely on the media distribution.
I've no deeper knowledge on this matter, but couldn't acted, edited, and/or generated? If CSAM truly did help reduce crime rates then wouldn't you use it.
On the other hand, it might be that consuming CSAM triggers borderline people to seek it in real life.
They’re saying the opposite. Use of CSAM material is linked to increased likelihood of real world abuse in some research. Which makes sense to me. The existence of a community encourages people to contribute and participate for basically any “activity”
Break-ins are also not a technological problem, but even a simple lock helps - a lock that can trivially be picked. Setting up the perimeter, a technological thing, sends the psychological message that there's a barrier, the insides are for people with access only. It doesn't prevent break-ins, but the frequency is reduced significantly.
Interesting point. So you're saying that censoring everyone's speech and permanently breaking E2E encryption is like a lock? That it sends a psychological message that CSAM is not allowed on the internet?
I don't think I agree. I think that would be more like having to hand the police a copy of the key for every lock you install.
I don't agree with the backdooring proposals at all, but neither do I agree with the counter argument of "this is a people problem, so technology won't solve it".
Getting back to the locks example, in reality, the police can and do open any door they please. The locks are simply weak, and if the locks aren't, the constructions are. So they have no problem with people locking up, because they can override it whenever.
I don't think there's an appropriate technological solution to people abusing secrecy. But people opting into surveillance can be seen as a social solution to counter such abuse. It's basically the "I have nothing to hide" argument, but not as an argument, but a practical application. In this scenario, opting in to surveillance would be a social signal that one is not an abuser, and so, this would make resisting surveillance a signal to side with the abusers. If this would gain traction somehow, it would be like Japan and its porn censorship law. I don't think any politician there seriously thinks that the measly censorship does anything, but they also don't want to be the pervert politician who goes against the moral law.
> I don't think there's an appropriate technological solution to people abusing secrecy.
That's not the problem. The problem is people abusing children. We keep losing sight of this when discussing the issue. People sharing bad photos is not a problem. The problem is that those images are depictions of horrific actual abuse of innocent children. If we stop people taking photos of the abuse, it doesn't stop the abuse. And it's the abuse that we need to stop.
Your point about surveillance doesn't solve the problem. An abuser can put their hand up to have every byte they send on the internet monitored, and then abuse their daughter where there aren't any cameras. The abuse is the problem, not the images. If we stop the abuse, then the images go away automatically. If we stop the images, the abuse continues.
Again, this is not a technological problem: if we censor every byte on the internet then children will continue to be abused.
I agree that it's the abuse that's the problem, but consider that technology greatly exacerbates this problem. Technology can currently provide private connections at scale, even somewhat private payment - and this opportunity is abused greatly, in part to further abuse children. The problem is, and I agree with this argument, that even perfect control over technology doesn't solve the child abuse issue, never mind the other abuses of private communication and payment. We do moderate content in case of social networks, hosting providers, platform providers and at a myriad of other places too. So technological measures are already taken.
I'm doubtful we'll ever solve, or even greatly reduce, the child abuse issue, on a human level. I don't see that we (as in, the humanity) ever solved a people problem. I think with technology, we could at least try to work out something that amplify it further. Similar to how we have a framework on how to behave well, codified and enforced as law, instead of systems that would produce humans that don't do those things in the first place.
When you try to remove a bug from code, sometimes you make the bug to be more nuanced and hidden from plain sight.
I am not sure if you can remove crimes with surveillance. Maybe people will just hide deeper. The government will receive 'new powers', but crimes will not be solved.
But maybe after all that is the end goal. To win the "Crypto wars". Not to solve crimes.
How many cases where solved because of Patriot Act?
In French the autogenerated text is a (bad) joke.
As an argument as to why the chat control law should not pass it’s saying chats are pets and are a part of the family! Because yes, chat means cat in French…
I stopped reading after that and increased my already great distaste for LLM and co.
It’s sad because we actually must stop chat control. It’s a terrible idea. (Like most EU regulations nowadays.)
"You do not have access to stopchatcontrol.eu. The site owner may have set restrictions that prevent you from accessing the site."
"Performance & security by Cloudflare"
Sigh... perhaps we should start "stopCloudflareAccessControl.eu".
Casual reminder there are talks to extend the reach of the chat control, now plenty of reactionary politicians wish it could also target regular criminal offenses, like drug dealing, or drag shows.
As software makers we can also apply pressure to governments through the software we make. Local government too often simply sighs off on what Brussels proposes. They don’t seem to realise that bad laws need to be rejected.
Software makers can choose to make licenses that disallow government use from governments that vote in these bas laws.
177 comments
[ 3.4 ms ] story [ 269 ms ] threadEdit: I am aware about EU DMA that has working on mls and interoperability but nothing about csam and breaking encryption or sharing with third parties....
How will both exist together?
Is chat control part of new legislation supposed to undermine DMa?
If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.
If anything the OP of this thread was "unsubstantive" and "flamebait".
And if "Most stories about politics ... are probably off-topic" WTF is this bullshit? What is "probably". Who decides what "Political ... or other stories are not for this site and what are? This is so typical tech vague BS. There are political stories that have absolutely nothing to do with tech posted here on a daily basis, nobody respects or understands this stupid guideline. They all just tell themselves "my political story is totally not off-topic for HN" because the guidelines are so vague.
My advice, as a former shadowbanned hothead, would be to give dang an email and apologise, and point out calmly that you were responding to a comment that was later edited, and that'll you'll try to be less openly aggressive when posting in future. Dang probably appreciates nice emails like that.
Snark is supposedly discouraged on HN but I guess it's hard to police, you might move on to that ;-)
https://news.ycombinator.com/item?id=21607844 (Nov 2019)
https://news.ycombinator.com/item?id=22902490 (April 2020)
This site has a 15-year history with these questions. You're absolutely welcome to disagree with how we do things but it would be good to know what the approach actually is before agreeing or disagreeing with it. It's based on some pretty clear principles. If you can figure out a better way to moderate HN with respect to such questions—that is, a way which does a better job of following those principles—I'd love to hear about it.
With that said the message is very serious. And serious isn’t disjunct to formal.
I think highlighting the difference between the people (real warm) and the bureaucracy (operated by people who are taught to turn off their empathy to serve the system) is worthwhile and has been proven effective in populist campaigns of late.
All in all it’s interesting political communication.
Imagine if you're the parent of a child and they send you this message:
> "Active shooter at school "
The time taken to get the emoji undercut the seriousness of the message. They are apparently trying to communicate something important but deliberately wasting my time.
> https://www.patrick-breyer.de/en/posts/chat-control/
> Currently a regulation is in place allowing providers to scan communications voluntarily (so-called “Chat Control 1.0”). So far only some unencrypted US communications services such as GMail, Facebook/Instagram Messenger, Skype, Snapchat, iCloud email and X-Box apply chat control voluntarily (more details here). As a result of the mandatory Chat Control 2.0 proposal, the Commission expects a 3.5-fold increase in scanning reports (by 354%).
> https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A20...
Ursula von der Leyen has a long history of instrumenting children and CSAM to get more control. She did the same in Germany, she’s an utterly despicable person.
If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.
Edit: it looks like you've been breaking the site guidelines quite badly on a regular basis—for example:
https://news.ycombinator.com/item?id=37733548
https://news.ycombinator.com/item?id=37718945 (Sept 2023)
https://news.ycombinator.com/item?id=37100652 (Aug 2023)
https://news.ycombinator.com/item?id=36975625 (Aug 2023)
This kind of thing destroys what the site is for, so if it keeps up, we're going to have to ban you. If you'd please stick to the guidelines from now on, that would be good. Among other things, that means no personal attacks, putdowns, or snark.
If they tell you they want to invade your privacy over internet casinos and copyright infringement, you tell them to pound sand. If they claim it's to arrest pedos then you tell them to pound sand and they accuse you of being a pedo. Then you have to accuse them of being a Nazi and reasoned debate is at a close and it becomes a popularity contest, which is the only way the people with no capacity for reasoned debate can win.
That seems pretty evil.
What's the opportunity here though? They're not making any friends in the tech industry so it's not to secure a job, it's not popular with a lot of people, I don't get what they're gaining here.
Also, it has come to light that there’s a tech-connection after all, with US tech companies lobbying for their service: https://balkaninsight.com/2023/09/25/who-benefits-inside-the...
(That's not to say she's not ignorant and incompetent in many ways, because she clearly is, but I'm talking about the root of these specific behaviours, which seems pretty clearly intentional at this point).
That said, she has generally been pretty incompetent in every role, but keeps falling upwards.
1) don't have servers in Europe
2) don't hire Europeans
If Europe wants to regulate themselves into the stone age, they should be free to do it.
https://www.reddit.com/media?url=https%3A%2F%2Fi.redd.it%2Fz...
To illustrate, let's subtract some spending categories from that disposable income which tech companies generally don't compete for: Germans spend $13713 + $1604 on housing/lodging vs $22624 for Americans, education $255 vs $1226, food $5706 vs $8289, health $1632 vs $5452.
So comparatively Americans are already down $14681 of that disposable income, which definitely won't be spent on whatever some American tech darling produces - food, housing, education, and health spending is generally considered more important than getting a Meta Quest headset. At the end of the day US/Germany spend the same amount of money on entertainment/recreation almost to the dollar. France is similar in that regard and together Germany and France are already a market of close to 150 million people.
Numbers are from 2021 using the historic EUR/USD exchange rates.
The point is: drill down to some category and compare actual spending in it. You'll be surprised how wildly some things vary even between countries that nominally have the same disposable income.
US Data: https://www.bls.gov/news.release/cesan.nr0.htm
German Data: https://www.destatis.de/DE/Themen/Gesellschaft-Umwelt/Einkom...
This is probably the same reaction regulators have around the world, where they'd prefer to have their own walled garden where they apply their own rules and don't need to talk to anyone else. Except when there's lot of money down the line, then they'll do an effort and make exceptions.
That's how many US services reacted to GDPR. That's how many Japanese services reacted to VISA/Mastercard ban on sexual content. That's how China is reacting to many things. I think we'll see more and more example of it down the line.
On one side, balkanization can probably help to get more diversity and allow local content to thrive with less competition. On the other side, it's basically reversing decades of cultural evolution that happened on the net, which I personally think sucks a lot.
I don't like the trend of balkanization, but I have to say that this is kind of suffering from a lack of perspective. What you call "their own walled garden" a lot of people call "national sovereignty", especially people who dislike the fact that the "unregulated" internet was actually regulated by the United States for all intents and purposes, and so "lack of regulation" was equivalent to letting the US run a critical piece of their national infrastructure. It should be understandable that people kinda didn't like that.
But I prefered a kind of status quo where the big players are in a standstill and can't make bold moves that could destabilize the whole board. Basically the state where the US couldn't abuse too much their position in fear of the other entities calling it quit, and the other entities couldn't completely close their borders in fear of losing too much as they retreat.
In recent years we've seen more and more moral/cultural rules getting applied to critical infra (payment, communications etc.), and I guess we're not getting that standstill back anytime soon. That also means we're back to black market style communication, as it was in the earlier decades, when we were looking for a common ground less constrained by national limitations.
This really depends on what the response to that is. People tolerated centralized chokepoints because they were neutral. That was why they historically feared doing otherwise -- it would give people an incentive to disintermediate them.
So now people are going to try to disintermediate them. Question is how long it takes to happen.
4) Get a good lawyer who is well versed in international jurisdiction issues to avoid getting dragged to an EU court anyway. Possibly operate from a non-extradition country.
How is GDPR any good? All I saw is addition of misleading popups in the sites without any actual improvement to privacy. Has any big tech reduced data collection after GDPR?
Any big tech still operating in the EU did. A lot.
No doubt it made them spend a lot of money on lawyers to figure out the best way to keep doing it, but what good is that?
Pre-GDPR, you'd open your logs to any random company promising to come up with something that could remotely help your marketing department. Nowadays, you'll have to vet your partners and audit how your data is handled internally. It's hard to come up with concrete examples when it's basically every single company above a decent size, as they typically don't want to work against the law.
Same for the retention period, the very type of log that you'd open for internal harvesting (you could still be collecting the info, but keep it way more confidential to the point no one outside of your SRE team has access to the totality of it)
It's as if you were asking what changes the PSI and DSS compliance laws had on the card processing field.
See https://www.enforcementtracker.com
And actual changes happens on many of these cases. An entity getting fined three of four times for different offenses doesn't mean they never fix any of the issues.
An easy example could be Google, who've been a target of so many of these complaints, and made many adjustment, up to building separate data centers with separate management rules to deal with the EU situation.
Sound and fury is nothing. Actually fix some of these.
Google uses different methods (e.g. until fairly recently third party app stores couldn't auto-update the apps they installed, now many apps require attestation that fails if you don't run Google's code), but somehow or other the vast majority of Android phones still end up with Google Play and Google services.
Microsoft and Google both have cross platform frameworks for iOS and Android.
A translation layer between a generic API and Apple's isn't the same thing. It can't add things Apple's doesn't already have. For example, how do you run CUDA or OpenCL code on Apple's devices? Can a cross-platform framework provide a payments implementation so your cross-platform app can use a cross-platform payments system for in-app purchases? No, because they make you use theirs and apps that compete with theirs aren't allowed.
Visual Studio Code is clearly an app. Apple doesn't allow it on iOS. Apple makes a competing app -- for which they want you to buy a Mac.
You can't just use a definition of "app" that means "whatever is in their app store" and then claim that whatever they don't allow in their app store isn't an app.
Apple never stopped VSCode from being on iOS. There are plenty of IDEs for the iPad built by third parties.
No one would ever call a virtual machine an “application”.
Are you making up things now? You don’t run CUDA on any non Nvidia hardware.
But yes, you are free to port OpenCL to iOS if you want to.
> Can a cross-platform framework provide a payments implementation so your cross-platform app can use a cross-platform payments system for in-app purchases
A “payment API” is not an “application”. Yes the cross platform frameworks do expose the underlying API.
And you can have a cross platform app that forces you to subscribe outside of the App Store - Spotify, Netflix, Microsoft, etc all do that.
> No because they make you use theirs and apps that compete with theirs aren't allowed.
Are you saying that their no competitors on iOS to AppleTV, Apple Music, Apple Podcasts, Apple Books, the iWork suite?
CUDA drivers exist for pretty much every platform. They don't work without an Nvidia GPU, but in-theory nothing stops you from running CUDA code on iPhone besides Apple.
> Are you saying that their no competitors on iOS
None with the same competitive advantage as Apple. Whether that is fair or not seems to be up to individual markets.
So are you saying that
- Apple Music is more popular on iOS than Spotify?
- The iWork’s suite is more popular than MSOffice or GSuite?
- AppleTV is more popular than Netflix?
- Apple Books is more popular than Kindle?
Well, neither the hardware or software supports PCI access, so... connectivity would be a start. It's about time iPhone supported Thunderbolt anyways.
> So are you saying that {Apple Music is more popular on iOS than Spotify?, ...}
I'm saying that Apple exerts a literal anticompetitive advantage by choosing their own margins (among many other things). Nothing about legislation like the Digital Market Act accuses Apple of monopoly. It designates them as a Gatekeeper (a position Apple chose) and holds them subject to additional guidelines. That is the cost of owning a userbase in Europe, now.
How is Apple “choosing their own margins?” None of the example I listed pay Apple one penny for in app purchases.
I guess since the tech industry in Europe can’t export anything worthwhile, passing legislation is the best they have.
Let's see!
I, for one, would be very excited to watch Apple admit that the European audience isn't worth their while. After all, Apple acquires their companies year[0] after year[1] after year[2] after year[3] after year[4] after year[5] after year[6] after year[7] after year[8] after year[9] after year[10] after year[11] after year[12] after year[13].
Well, maybe Europe matters to Apple... b-but not much!
[0] https://en.wikipedia.org/wiki/BIS_Records
[1] https://www.forbes.com/sites/ronshevlin/2022/03/27/why-apple...
[2] https://en.wikipedia.org/wiki/Primephonic
[3] https://www.macrumors.com/2020/04/03/apple-acquires-ai-start...
[4] https://en.wikipedia.org/wiki/Intel_XMM_modems
[5] https://en.wikipedia.org/wiki/Dialog_Semiconductor
[6] https://en.wikipedia.org/wiki/Beddit
[7] https://www.businessinsider.com/apple-acquired-finnish-compa...
[8] https://techcrunch.com/2015/11/24/apple-faceshift/
[9] https://www.pcmag.com/news/report-apple-buys-digital-magazin...
[10] https://techcrunch.com/2013/08/28/apple-reportedly-acquires-...
[11] https://www.macrumors.com/2012/05/30/apple-acquiring-italian...
[12] https://venturebeat.com/mobile/apple-buys-c3-technologies-on...
[13] https://en.wikipedia.org/wiki/Polar_Rose_(facial_recognition...
...I don't even give a half-shit about Europe, either. I just find it funny how their sovereignty pisses off corporate sycophants so much. People like you actually get worked-up into writing comment-after-comment of non-argument, refusing to write something more substantiated than ad-hominem attacks. All I have to do to refute you is cite my sources.
Of course you would also need a power plug.
And this is why when you leave geeks to their own devices they end up designing something like the Homermobile.
And none of “Apple’s competitors” pay a penny for in app purchases to Apple. They all force you to subscribe outside of the App Store.
> you can’t use CUDA - which only works on Nvidia hardware
Tell me you've never used CUDA without telling me you've never used CUDA.
Before Apple revoked Nvidia's certificates, they in fact did support CUDA on Apple hardware. You needed an Nvidia GPU to run it, but Apple hardware and software is a perfectly usable client: https://www.nvidia.com/en-us/drivers/cuda/mac-driver-archive...
Failing that, Nvidia still maintains BSD-style drivers if Apple did let them install their drivers. Now you're going to yell at me about how this is an unrealistic workflow, but plugging your iPhone or Mac into a TV, DAC or external drive isn't.
> just in case someone wants to carry around an Nvidua breakout box to do intensive GPU work on an iPhone.
Sure. They exist, nothing on the technical side stops Apple from implementing it. My point is not that they must add the feature, but that it is totally possible if Apple didn't arbitrarily limit userspace drivers. Draw your own conclusions about it, I couldn't give less of a shit.
If changing the iPhone to Thunderbolt and supporting eGPUs in software is equivalent to a "Homermobile" in your head, get a grip.
> Now you're going to yell at me about how this is an unrealistic workflow, but plugging your iPhone or Mac into a TV, DAC or external drive isn't.
So how large do you think the market is for an external GPU on a phone? If there were a market for it, why isn’t anyone doing it on an Android phone?
We are talking about iPhones - not Macs. If you can engineer an Nvidia breakout box for ARM based Macs, there is nothing stopping you from turning off System Integrity Protection and installing an unsigned driver and you doing it yourself.
> Failing that, Nvidia still maintains BSD-style drivers if Apple did let them install their drivers.
You can turn off SIP right now and do it, good luck getting that working on an ARM based Mac where even Apple hasn’t architected a method yet to use third party GPUs.
> Sure. They exist, nothing on the technical side stops Apple from implementing it. My point is not that they must add the feature, but that it is totally possible if Apple didn't arbitrarily limit userspace drivers. Draw your own conclusions about it, I couldn't give less of a shit.
If there were a market for it on phones why doesn’t it exist for Android?
> If changing the iPhone to Thunderbolt and supporting eGPUs in software is equivalent to a "Homermobile" in your head, get a grip.
Yet no Android supports an external breakout box for eGPUs. Maybe it is a Homermobile?
The iPad Pros do in fact support Thunderbolt.
It is really funny watching you be butthurt about European regulators though. Can we go back to that, or will I have to wait for the bill to hit frontpage again? If you're done complaining about that stuff, I don't think we have much more to talk about (sorry for cutting out the eGPU detour, hope you had fun).
You could if you had the technical prowess create an Nvidia breakout box for the Mac right now Apple doesn’t stop you from doing anything you want. You brought up Apple stopping you from running CUDA on Apple hardware
Hopefully you realize the original Europe claims were absurd. But uhh... up to you pal. Clearly we live worlds apart.
> You could if you had the technical prowess create an Nvidia breakout box for the Mac right now
You can't even do it on Linux without official Nvidia drivers, which Apple refuses to sign for MacOS. Nouveau is veritably broken on modern GPU hardware; you either run the blob or get 2D raster output at 20FPS and no power management.
And what part of you can disable system integrity protection on MacOS and run unsigned drivers is hard to comprehend?
It's not hardware.
Would you be happier if I said "excluding software that competes with their own"?
Why would it be any better if they are excluding hardware that competes with their own?
> Apple never stopped VSCode from being on iOS. There are plenty of IDEs for the iPad built by third parties.
VSCode is an app that needs the .NET runtime, in order to run the code you write in e.g. C#. They don't allow the runtime it needs which means they don't allow the app (which competes with theirs).
> Are you making up things now? You don’t run CUDA on any non Nvidia hardware.
iPads have Thunderbolt, so you could actually plug NVIDIA hardware into them. Or someone could port CUDA to Apple's GPUs, as AMD essentially did with HIP. Except that would be this:
> But yes, you are free to port OpenCL to iOS if you want to.
Implementing such a thing efficiently requires driver support, but you can't modify the drivers nor supply your own.
> A “payment API” is not an “application”. Yes the cross platform frameworks do expose the underlying API.
A payments system is a part of an application. They prohibit broad categories of apps that use any but their own payments system.
Using Apple's payments API doesn't allow for apps that use a competing payments system, which was the whole point.
> And you can have a cross platform app that forces you to subscribe outside of the App Store - Spotify, Netflix, Microsoft, etc all do that.
I point to a category of thing they prohibit and then you point to the exception that proves the rule as if that meant they don't impose the rule.
We know they don't do it for a specific subset of subscription services anymore. They still do it in general, which is to say that they still do it.
> Are you saying that their no competitors on iOS to AppleTV, Apple Music, Apple Podcasts, Apple Books, the iWork suite?
This is the same thing again. It's not a question of if they prohibit every app that competes with theirs, it's a question of if they prohibit any app that competes with theirs.
Which they do. You can't get real Firefox on iOS:
https://support.mozilla.org/en-US/kb/add-ons-firefox-ios
And it's not because Mozilla doesn't want to provide it.
So now are kernel extensions also “applications”?
> VSCode is an app that needs the .NET runtime, in order to run the code you write in e.g. C#.
You could not possibly be more wrong. VSCode is written in Typescript. It is an Electron app. There have been cross platform JS frameworks that ran on iOS for a decade.
Besides that, it’s been years since you have needed the .Net runtime to run .Net applications.
https://learn.microsoft.com/en-us/windows/uwp/dotnet-native/
And Microsoft already has a solution to run .Net code on iOS
https://dotnet.microsoft.com/en-us/apps/mobile
> payments system is a part of an application. They prohibit broad categories of apps that use any but their own payments system.
There is an existence proof that there are applications that exist on iOS right now that force you to pay outside of their ecosystem.
Are you really crying over pay to win games?
> We know they don't do it for a specific subset of subscription services anymore. They still do it in general, which is to say that they still do it
Can you name any none pay to win games that couldn’t be a subscription service outside of the App Store?
And your solution to supporting CUDA is a breakout box on an iPad with an nvidua card? Who the hell is going to buy that?
There is nothing stopping
They're things some "applications" need in order to function, so if you can't include them you've effectively prohibited those applications.
But what does it matter if something is an "application" or not? Why is it any better if Apple precludes third parties from competing with their kernel extensions?
> VSCode is written in Typescript. It is an Electron app.
It's not the IDE you have to be able to run, it's the code you write in it.
> And Microsoft already has a solution to run .Net code on iOS
That's just compiling the code to a native binary, which you would then have to go submit through Apple's store. How does that help for an IDE expected to allow you to test (i.e. execute) and debug the code you've just written ten seconds ago?
> Can you name any none pay to win games that couldn’t be a subscription service outside of the App Store?
https://developer.apple.com/support/reader-apps/
We can see right there some examples of what isn't allowed:
Not facilitate real-time, person-to-person services (e.g., providing tutoring services, medical consultations, real estate tours, or fitness training).
Apps that let people access digital content such as music or video, but not as the primary functionality, are not considered reader apps and are not eligible for the External Link Account Entitlement. For example, a social networking app that lets people stream audiovisual content is not eligible.
> And your solution to supporting CUDA is a breakout box on an iPad with an nvidua card? Who the hell is going to buy that?
Presumably the same sort of people who buy the existing graphics card docks on the market for other platforms.
https://ish.app/
It can run anything that you can run on an x86 in user mode. I downloaded the AWS CLI (which requires Python) to run some tests
By the way, you were completely wrong about VSCode being written in .Net.
> That's just compiling the code to a native binary, which you would then have to go submit through Apple's store. How does that help for an IDE expected to allow you to test (i.e. execute) and debug the code you've just written ten seconds ago?
There is an existence proof that it could be done. If you ran iSH with remote VNC you could have a full IDE on a Mac.
> We can see right there some examples of what isn't allowed: Not facilitate real-time, person-to-person services (e.g., providing tutoring services, medical consultations, real estate tours, or fitness training).
You lack imagination. I actually know someone who does fitness classes online where most people use iPads and doesn’t pay Apple a dime - she’s sleeping right next to me. She uses Zoom.
> But what does it matter if something is an "application" or not? Why is it any better if Apple precludes third parties from competing with their kernel extensions?
It matters because once you allow kernel extensions it can bypass the security sandbox.
Do you also think that Apple should allow third parties access to the Secure Enclave?
Apple got asked why they take 30% by the US gov, answered that they just like money, and never got asked anything again. The only gov that could do squat on that front is China. Netherlands and Korea barely got some small exceptions.
Same way Google's only trial that went anywhere regarding Google Services binding happened in EU, and the only country that got away with a vibrant android ecosystem is China (to my knowledge...does India do too?)
I'll poopoo Eu's efforts when another entity actually splits Google away, and I'll be really happy to do so, trust me.
Chat control is not really tech regulation though, even if it affects tech the proposal is written by people who have no idea what the fuck they are doing. Ylva Johansson (The MEP responsible for it) has even said straight out she has no idea if or how this should be complied with but "They will figure it out" (They being tech companies). With people like that deciding our laws of course you end up with shit like this.
I would disagree with that. I like being able to download a copy of all my data from all these big websites. Since I no longer use Twitter/X, it's nice to have a copy of everything I have posted there.
Why would you want a law with high compliance costs to solve a problem that was already solved? It makes no sense to impose the costs unless the thing it purports to solve actually presents as a problem.
Product design doesn't need to be written into law.
Please stop repeating that argument, it's not true. There's periodic review proces built in into this legislation.
>attempted to enforce a similar mandate for micro-USB back in the day - can you imagine if they succeeded?
That would be great. Probably Apple would transition to the USB-C a few years ago with everyone instead current nonsense.
Lightning originated when there was a talk about mandating micro-USB and finally died, after 11 years, when USB-C was mandated. If not for that legislation it would still be alive.
It's actually faster that way.
Now it will be a chicken and egg problem. No one will want to put a new connector in phones, because they'd need usb c too anyways. So no new standard will emerge with wide enough industry support. If the micro usb "mandate" was as binding and restrictive as this one, we would not have had usb c.
This is why the USB Implimentation Forum exists. If you want to put a new connector in phones, do it; just do it through the proper, standardized and official channels. If every manufacturer had their own competing charging standard, we would be back to square 1 with 15 different ways to route serial data and 15w of juice. As companies like Apple have so gratefully demonstrated, most companies tend to invent those chargers for licensing royalties rather than a willingness to push the envelope on charging or data transfer technology.
And plus... it's a serial cable. The demand for "research and development" has remained the same since they figured out how to flatten the type B connector. You can't fool anybody by releasing a 'new and improved' cable or connector that is just the same serial bus with proprietary mumbo-jumbo on top.
And this sums up the issue perfectly. “I don’t want improvements. I want design by committee least common denominator”
I think I'll give EU a chance before I will agree that they created bottle neck by this legislation.
The EU just mandated a charging standard. It didn’t mandate that Apple go whole hog implementing the USB 3.1 protocol including video over USB C - all things that the typical Android phone doesn’t do.
When do you think mobile devices will be limited by USB-C? Another 20 years? Is it worth for you to allow mess, vendor locks and ripping of customers for another quarter of century, because some magic connector that solves problem we don't know exists can be delayed by 2-3 years? Really?
Anti-competitive practices from corporations delay progress way more than that.
If micro usb was enforced, USB C in its current form wouldn’t exist.
A periodic review process won't matter. Somebody has to actually research, design and create an alternative. Why would they spend resources on that if their competitors can just decide that they're not allowed to use it?
Not at all, I think it achieved exactly what it was designed to do. The part where we blindly accept cookie banners without holding companies accountable for doing so much tracking (or put them in place without questioning if they're needed) is totally on us.
GDPR did give us the tools and the means, we just don't take full advantage of them.
It's the main reason EEA countries show the full price of something on their price label, as well as unit prices (e.g. cost per kg) in most cases. You may not be aware of it if you're outside of europe though.
I looked into it, and worked out how much we'd need to restrict and monitor everyone's internet activity. And then realised that this wasn't a tech problem at all. If someone is looking at pr0n instead of doing their job, then that's a line management problem. Exactly the same as if they were reading a copy of Playboy at their desk.
Preventing child abuse is, similarly, not a tech problem. It's a human problem. The internet did not cause this problem, and if we monitor every single byte sent over a wire, the problem will still remain.
I was mostly referencing that rather than trying to avoid an actual filter now.
Notice that the topic discussed here is chat control. What does this have to do with photorealistic content?
The "CSAM" moniker is a broad net that drags other forms of media into scope. Sharing a fictional story about raping a child isn't child pornography (there's no victim)...but it is CSAM.
Same with manga/comics, sharing elaborate fantasies, AI images and any other fictional products. As CSAM, all of it becomes fair game for indictment.
Almost no one would disagree that removing all instances of CSAM from the internet would be a good thing, whether it's a "human problem" or not. That's not really the issue. Things like "how much we'd need to restrict and monitor everyone's internet activity" is the problem: it's all very complex and probably not worth the cost.
Exactly?
None of them are tech problems, they all predate the tech and so do the solutions. The police do ordinary policework, arrest the criminals and they're convicted of their crimes.
Mass surveillance is a dangerous power grab regardless of the purported rationale.
This is a profoundly different argument than "we should never under any circumstances use any technology to prevent anything because 'it's not a tech a tech problem' and/or 'it predates tech'".
Merely "X predates Y" is a worthless argument that can be applied to almost everything (accidents predate cars, murder predates guns, war predates ICBMs, etc. etc.)
Fingerprints are a technology. If your fingerprints are on the murder weapon the police can use that as evidence that their suspect is the murderer. That's not the same thing as requiring everyone to be fingerprinted ahead of time.
My point was that the underlying problem is that some people want to look at porn instead of work. That's the problem we have to solve. The internet is just a symptom, it allows those people to pretend to be working while actually looking at porn. The solution is not to cripple everyone's internet access. The solution is to either change the people, or change those people's attitudes, so they don't want to watch porn at work. It's a human problem so it can only be solved in human ways.
With CSAM, the problem is not that there's child porn on the internet. The problem is that some people like to abuse children. We need to solve that problem. Monitoring every byte sent over the internet is not going to solve that problem. It's a human problem. We need to work out ways of detecting these people sooner in life and either help them over it, or remove their access to children. I'm not a social worker so I don't know how we'd solve that problem.
> The police do ordinary policework, arrest the criminals and they're convicted of their crimes.
Only around 54% of murders are solved by police. Other crimes have lower clearance rates.
These are not required by law, or if they are they shouldn't be.
> Only around 54% of murders are solved by police.
This is quite sufficient to provide an effective deterrent. If someone is willing to take a 54% chance of a murder conviction then you weren't going to deter them with a 59% chance of one.
The clearance rates for other crimes are even lower, no it is not some kind of super effective deterrent. Police is simply not effective in solving crimes.
Ha, we officially buy videos of murders and theft from big companies and even see these videos on a big screen in groups.
Would removing all instances of CSAM from the internet be a good thing if it would lead to an increase in CSA? After all the human problem still exists after removing CSAM.
Yes.
Even if CSAM would reduce actual abuse (which is a big "IF", last time I looked researched leaned weakly towards that it increased abuse), the argument is essentially a variant of the trolley problem: "we'll let one kid be abused to make the CSAM to save n others". I'm not comfterable with that, especially since alternatives such as cartoons, AI-generated, or just old-fashioned photoshop exist (but whether that's a good thing is debatable, and is rather off-topic here).
Aren't those considered CSAM as well? At least as far as the EU Chat Control proposal is concerned?
BTW, you raise an interesting point about the argument being a variant of the trolley problem.
[1]: The definition that the law uses is in Directive 2011/93. In a very quick check it probably would be considered CSAM, but I'd have to read the entire thing to be sure: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...
On the other hand, it might be that consuming CSAM triggers borderline people to seek it in real life.
I don't think I agree. I think that would be more like having to hand the police a copy of the key for every lock you install.
Getting back to the locks example, in reality, the police can and do open any door they please. The locks are simply weak, and if the locks aren't, the constructions are. So they have no problem with people locking up, because they can override it whenever.
I don't think there's an appropriate technological solution to people abusing secrecy. But people opting into surveillance can be seen as a social solution to counter such abuse. It's basically the "I have nothing to hide" argument, but not as an argument, but a practical application. In this scenario, opting in to surveillance would be a social signal that one is not an abuser, and so, this would make resisting surveillance a signal to side with the abusers. If this would gain traction somehow, it would be like Japan and its porn censorship law. I don't think any politician there seriously thinks that the measly censorship does anything, but they also don't want to be the pervert politician who goes against the moral law.
That's not the problem. The problem is people abusing children. We keep losing sight of this when discussing the issue. People sharing bad photos is not a problem. The problem is that those images are depictions of horrific actual abuse of innocent children. If we stop people taking photos of the abuse, it doesn't stop the abuse. And it's the abuse that we need to stop.
Your point about surveillance doesn't solve the problem. An abuser can put their hand up to have every byte they send on the internet monitored, and then abuse their daughter where there aren't any cameras. The abuse is the problem, not the images. If we stop the abuse, then the images go away automatically. If we stop the images, the abuse continues.
Again, this is not a technological problem: if we censor every byte on the internet then children will continue to be abused.
I'm doubtful we'll ever solve, or even greatly reduce, the child abuse issue, on a human level. I don't see that we (as in, the humanity) ever solved a people problem. I think with technology, we could at least try to work out something that amplify it further. Similar to how we have a framework on how to behave well, codified and enforced as law, instead of systems that would produce humans that don't do those things in the first place.
I am not sure if you can remove crimes with surveillance. Maybe people will just hide deeper. The government will receive 'new powers', but crimes will not be solved.
But maybe after all that is the end goal. To win the "Crypto wars". Not to solve crimes.
How many cases where solved because of Patriot Act?
I stopped reading after that and increased my already great distaste for LLM and co.
It’s sad because we actually must stop chat control. It’s a terrible idea. (Like most EU regulations nowadays.)
"You do not have access to stopchatcontrol.eu. The site owner may have set restrictions that prevent you from accessing the site." "Performance & security by Cloudflare"
Sigh... perhaps we should start "stopCloudflareAccessControl.eu".
[/offtopic]
Software makers can choose to make licenses that disallow government use from governments that vote in these bas laws.