This seam like a hopeless endeavor. If circumvention takes little to no effort the people that are already committed to CSAM are going to CSAM.
And everyone else will just hate the burdensome bloat, etc.
If you know your not a theif having your bags checked after paying is an annoyance
Seems like all regions of the world all falling into their own particular flavors of authoritarian fascism. EU's better than most but this is absolutely draconian. We all know this won't actually be feasible to implement but the end result of of this infeasibility will be a status quo where everyone is guilty of a crime by default when needed.
I pity whoever is going to be the first false positive guinea pig for this csam process. Functionally a guilty (as decided by algo) until proven innocent logic
I assume this is just a police state overreach rather than genuine intent to stop crime. They must know that anyone actually engaging in criminal activity is going to not be caught by this because they use other forms of encrypted communication.
I'm against any kind of censorship, chat scanning and privacy violations. Nevertheless:
>Telegram founder Pavel Durov warned that France risks societal collapse if it continues down a path of political censorship and regulatory overreach. Durov was arrested in France in August 2024 after being accused of failing to moderate his app to reduce criminality
Telegram is the messenger of choice for cybercriminals (not signal, interestingly). Most stealers and many other malware families use telegram to exfiltrate data and stolen credentials. It's also used as public announcement channels for criminal groups. Telegram ignores all reports about known malicious chats, despite it being easily provable, not to mention it's not e2e encrypted.
At this point this is not resisting censorship but knowingly profiting from crime. Continuing the analogy, it's like post office was sending mails for terrorists, despite police staying in the hallway and begging them to stop that.
(my job is related to anti-malware and cybercrime prevention)
This pops up every few years, and I bet once it gets in it never goes away. It seems asymmetric that one side only has to win once to win permanently while the other side has to win constantly. Is there any mechanism to stop this in the EU and make this kind of legislation explicitly barred?
For me it is a sign the the EU construction does simply not work. It is an undemocratic technocracy that is easily lobbied by players pushing for this and I don't feel represented by a parliament where I don't know anyone.
They circumvent the accountability of nation states, it is a development catastrophe since people cannot have a reasonable influence on policies anymore.
If this pass: the EUCJ will likely kill most of the proposal, once again we will hear 'judges are against democracy and for pedocriminals', once again the EUCJ will have to justify itself and spend political power and allow a sliver of the law to pass (my bet on age verification).
The issue is that the EU courts are easy to predict. I'm not afraid of this law for itself because I know how the EU works and this will be challenged. I'm afraid of this because once again the 'center right' (i.e liberals) and the traditional right manage to move power away from courts.
'Les irresponsables' should be translated asap in German, English and any other language in the EU, and hopefully politicians will find a mirror in this book and stop worsening everything.
If not, how are EU politicians so disconnected from their citizens? How did this state of affairs come to be? Is it reversible?
In the US, our politicians don’t diverge quite as much, but when they do, the reason is money, and when it gets bad, we throw the bums out and elect populists. It’s not pretty and it’s messy but it self corrects with the next election if it doesn’t work out how people wanted.
There has not been a single article about this in my country which is "for" the proposal despite me writing to all major news outlets. My only conclusion is that they are complicit.
In short: fault of the nation states, not the EU. Most EU people won't even be aware of this, the same in other countries around the world. We here care, most people don't. Sadly.
Even though it goes against all my beliefs and values, I still see it primarily as a desperate attempt to gain at least some means of control over encrypted tools — which are, in fact, constantly used for criminal activity. The endlessly recycled “think of the children” argument is laughably pathetic. I don't understand why they don't present the real and much more reasonable justifications — such as terrorism in Europe or the spread of propaganda, which is a genuine issue here. But those reasons likely don’t sell as well with populists.
That said, I wouldn’t be surprised if this turned into a European version of the Patriot Act — where the state takes advantage of the fact that people have become desensitized, and everyone ends up being monitored 24/7. In the end, every citizen would be under surveillance, while criminals would simply download an app that doesn’t comply with this absurd requirement.
- Keep casual conversations on mainstream crap to be reachable by the masses and give the appearance of being monitored.
- Send friends to a tiny URL that redirects to a tiny ephemeral private anonymous chat instance running entirely in RAM with an IP certificate [0] once available to remove domain name ownership from the picture. When done with that chat edit redirect to be something benign and wipe the chat instance. Block most crawlers using Anubis [1] and some other tricks. Chat crawlers that validate URL's are usually very obvious.
I would wager HN could come up with 1000% more clever ideas.
Can someone explain how the same group of countries can simultaneously issue book-long regulations about how everyone needs to respect privacy to the nth degree, and run around the world trying to force others to do the same, yet also propose these kinds of things?
And this, ladies and gentlemen, is how tech-savvy people will go out of their way to make sure they communicate with as many people as possible exclusively using End-to-End-Encrypted services exclusively. (that do not scan your messages even locally / on device before sending / after receiving them)
In the UK a massive surge in using VPNs happened in the last 2 weeks and the adoption only keeps rising.
Call me Nostradamus but if this legislation gets passed I can see how a lot of people will become familiar with the Privacy and Security aspects of the tech world (comms in particular).
> Instead of weakening encryption, the plan seeks to implement client-side scanning, meaning software embedded in users’ devices that inspects content before it is encrypted.
That sounds worst to me.
That would make illegal any non official Signal client for example. Or worst does that mean it will be outside of the messaging app in the OS itself?
In the end, we need to take a step back and look at the situation:
- We know since at least Snowden the US listen to whatever they want
- China and Russia probably have advanced capabilities like this but maybe more limited geographically
- The EU is so incompetent they haven't figured it out. So now they are gonna force us to have some back channeling malware that is gonna slow and crash my phone every hour?
Nowadays the biggest EU parties are ones that are effectively against the EU, so they're using the most effective way to kill it: make their citizens hate it by passing such laws. If you create a diagram of "pro-EU" and "pro-Chat scanning" EU parliament parties, 90% will be in the two quadrants: "pro-anti" and "anti-pro".
Yes, this proposal has been around since long before those parties got as big as they are now, but even back then the quadrants were roughly similar, and as such the level of support (including now looking to pass, unlike before) has also roughly been in step with the growth of those parties.
Something the HN discussion on this topic just like the UK online safety act seems to ignore is that this kind of legislation has broad support among voters.
I'd say in general people are more concerned about The Bad People than about privacy. Probably because they mostly trust their governments, certainly more than they trust Big Tech.
Big tech and government is a false dichotomy though and these people are idiots. That is why we have right enshrined, for example that surveillance is prohibited.
And gladly Telegram does not cooperate. That is a feature.
This is at least partly because the people opposing it don't know how to make a mainstream political case.
The case for is "catch child abusers".
People opposing it are talking in abstractions like privacy and right to use encryption. Which are important but you need to identify concrete harms that ordinary people identify with. You can't oppose a harm people can visualise and feel emotional about with an abstraction.
Opponents need to say "if this passes your kids might be taken away because of a bot looking at your photos" . "Even if you send a picture of your own kid to your own mum, you will have to think about whether it could be mistaken for child abuse by some minimum wage worker at G4S from a completely different culture, who has to process 20 pictures a minute"
The opposition mostly sounds butthurt that politicians are making tech decisions. And I say that as someone who genuinely thinks chat control is a terrible idea.
42 comments
[ 5.5 ms ] story [ 66.3 ms ] threadIf you know your not a theif having your bags checked after paying is an annoyance
I pity whoever is going to be the first false positive guinea pig for this csam process. Functionally a guilty (as decided by algo) until proven innocent logic
>Telegram founder Pavel Durov warned that France risks societal collapse if it continues down a path of political censorship and regulatory overreach. Durov was arrested in France in August 2024 after being accused of failing to moderate his app to reduce criminality
Telegram is the messenger of choice for cybercriminals (not signal, interestingly). Most stealers and many other malware families use telegram to exfiltrate data and stolen credentials. It's also used as public announcement channels for criminal groups. Telegram ignores all reports about known malicious chats, despite it being easily provable, not to mention it's not e2e encrypted.
At this point this is not resisting censorship but knowingly profiting from crime. Continuing the analogy, it's like post office was sending mails for terrorists, despite police staying in the hallway and begging them to stop that.
(my job is related to anti-malware and cybercrime prevention)
They circumvent the accountability of nation states, it is a development catastrophe since people cannot have a reasonable influence on policies anymore.
The issue is that the EU courts are easy to predict. I'm not afraid of this law for itself because I know how the EU works and this will be challenged. I'm afraid of this because once again the 'center right' (i.e liberals) and the traditional right manage to move power away from courts.
'Les irresponsables' should be translated asap in German, English and any other language in the EU, and hopefully politicians will find a mirror in this book and stop worsening everything.
If not, how are EU politicians so disconnected from their citizens? How did this state of affairs come to be? Is it reversible?
In the US, our politicians don’t diverge quite as much, but when they do, the reason is money, and when it gets bad, we throw the bums out and elect populists. It’s not pretty and it’s messy but it self corrects with the next election if it doesn’t work out how people wanted.
In short: fault of the nation states, not the EU. Most EU people won't even be aware of this, the same in other countries around the world. We here care, most people don't. Sadly.
That said, I wouldn’t be surprised if this turned into a European version of the Patriot Act — where the state takes advantage of the fact that people have become desensitized, and everyone ends up being monitored 24/7. In the end, every citizen would be under surveillance, while criminals would simply download an app that doesn’t comply with this absurd requirement.
Now we are policing speech?
- Keep casual conversations on mainstream crap to be reachable by the masses and give the appearance of being monitored.
- Send friends to a tiny URL that redirects to a tiny ephemeral private anonymous chat instance running entirely in RAM with an IP certificate [0] once available to remove domain name ownership from the picture. When done with that chat edit redirect to be something benign and wipe the chat instance. Block most crawlers using Anubis [1] and some other tricks. Chat crawlers that validate URL's are usually very obvious.
I would wager HN could come up with 1000% more clever ideas.
[0] - https://letsencrypt.org/2025/07/01/issuing-our-first-ip-addr...
[1] - https://github.com/TecharoHQ/anubis
In the UK a massive surge in using VPNs happened in the last 2 weeks and the adoption only keeps rising.
Call me Nostradamus but if this legislation gets passed I can see how a lot of people will become familiar with the Privacy and Security aspects of the tech world (comms in particular).
That sounds worst to me.
That would make illegal any non official Signal client for example. Or worst does that mean it will be outside of the messaging app in the OS itself?
In the end, we need to take a step back and look at the situation:
- We know since at least Snowden the US listen to whatever they want
- China and Russia probably have advanced capabilities like this but maybe more limited geographically
- The EU is so incompetent they haven't figured it out. So now they are gonna force us to have some back channeling malware that is gonna slow and crash my phone every hour?
How low can we go?
Yes, this proposal has been around since long before those parties got as big as they are now, but even back then the quadrants were roughly similar, and as such the level of support (including now looking to pass, unlike before) has also roughly been in step with the growth of those parties.
I'd say in general people are more concerned about The Bad People than about privacy. Probably because they mostly trust their governments, certainly more than they trust Big Tech.
And gladly Telegram does not cooperate. That is a feature.
The case for is "catch child abusers".
People opposing it are talking in abstractions like privacy and right to use encryption. Which are important but you need to identify concrete harms that ordinary people identify with. You can't oppose a harm people can visualise and feel emotional about with an abstraction.
Opponents need to say "if this passes your kids might be taken away because of a bot looking at your photos" . "Even if you send a picture of your own kid to your own mum, you will have to think about whether it could be mistaken for child abuse by some minimum wage worker at G4S from a completely different culture, who has to process 20 pictures a minute"
The opposition mostly sounds butthurt that politicians are making tech decisions. And I say that as someone who genuinely thinks chat control is a terrible idea.