22 comments

[ 3.6 ms ] story [ 41.7 ms ] thread
obviously in a couple of years they'll try again, but it was blocked aready, right?
Whenever I look at these proposals I am never sure if the people that wrote that law are not aware that you can’t tap one person without making spying on everyone really easy very quickly, they don’t care or they actually want it. Although this seems like a slightly more sensible version of what they proposed years ago (which was essentially adding the government to every chat).
Funny thing is, my private conversations of sexual nature with my 28 years old girlfriend could probably flag "their" system as CSAM. It has happened to a couple of people before from what I recall.

If this passes, just stop using anything inherently insecure. You may want to stop using WhatsApp, Instagram, Facebook, etc. for private conversations. I already do this.

There are alternatives that will not be affected by this, stick to these. I would give you a list, but I should better be quiet about it.

Why don't we do a trial run first? How about all communication from EU lawmakers is made public. Let's break that encryption.
This is everywhere, in every Western country, somehow all at the same time. Real identities for social media, electronic IDs, electronic currencies run by the government, backdoors in encryption

This is dystopian. Who is behind this coordinated attack?

Exactly what China and Russia want (from the security perspective), and the US (from a economical one).
The opposition to chat control is really missing the point: chat control does not break encryption, the law is about mandating client-side scanning, not weakening cryptography so law enforcement can break it more easily or introducing backdoors. If you say "don't break encryption", they will just respond that this will not break encryption, which is true, but also completely irrelevant.

What we should be advocating instead is the freedom of doing whatever we want with our computing devices, which include rejecting the sort of crap companies and various government like to impose on ourselves.

They aren't really breaking encryption, more like banning it, right?
Let me be reasoned and measured and say fuck the entire gallery of those assholes. I only use Signal now, but I'm fully willing to give that up as well if this goes through and go full GPG-encrypted e-mail with keys exchanged IRL. The only thing I use the smartphone for other than Signal is navigation and OSMand works offline perfectly, I'll just pop my simcard into the cheapest dumbphone I can find and occasionally connect my phone to wifi to download new vector maps.
If the EU, a supposed bastion of human rights, forces this through, what argument do we have when more authoritarian countries demand the same thing from Apple, Google, or Meta?
Assuming there's a tradeoff between safety and privacy (which might be a false dichotomy pushed onto people), I am perfectly fine with the current level of safety. I feel zero need to give up privacy for more safety.

I feel:

- The most danger in my life is from deranged people like some rando homeless person who decides to push me under the subway out of the blue. The second biggest danger is unemployed drug-using losers who might try to rob me in the street. The third danger is aggressive groups of teenagers (which happen to usually be a certain minority where I live) who might try to beat my up because somehow that is how they gain status among each other.

- If I was a woman, the fourth would probably be getting raped. Most probably by an immigrant, usually from a Muslim country. This might be incredibly controversial to US people but in the EU, we hear about these cases regularly. I am not saying every immigrant or Muslim is a rapist. I am not saying they rape at a much higher rate than the native population. This is why I prefaced everything with "I feel" because these 4 reasons are the narrative I see from the media. OTOH I would be surprised if there wasn't _some_ measurable correlation - I would love to see this quantified but at the same time it's the kind of thing where you get accused of being an -ist or -phobe no matter which result you get.

Anyway, taking away people's privacy does not help with any of these.

But that's not the point.

The most danger to a politician's life is from:

- Terrorists.[0]

- Non-deranged (sane) people who are so ideologically opposed to the politician's views and actions that they decide the only way to stop them is to attack them physically.

Taking away people's privacy helps with both of these. If performed by a group of people, there's the obvious need to communicate and organize. If performed by a single individual, then he still has to perform reconnaissance and acquire tools, both of which are likely to be done online to some degree.

---

So you see, it's not about people's safety. It's about politicians' safety.

[0]: Terrorism is by definition the intention to cause fear among the population. It was later redefined as trying to affect political change through violence, which is stupid but it serves the purpose of politicians using terrorists as a source of fear, despite the average person being incredibly unlikely to be hurt by one.

I like to compare this to mandating surveillance cameras in every home. It would certainly make detecting and investigating many crimes easier. And the government might pinky swear to never watch without a warrant. They may even keep that promise. But that slippery slope is far from the only issue. Even more damning is that as long as this exists, whether used in official capacity or not, it will be the most sought after thing by hackers from crime organizations and hostile nations. Espionage, blackmail, you name - no person or organization would ever be safe, everybody's privacy and security is undermined.
I think many outside of EU dismiss this as an EU only thing and don't think much about it.

1. Have you ever texted someone from EU? You are now chat controlled too.

2. EU is pumping billions to foreign countries to promote EU values. How long until they condition this "help" with chat control?

One problem, if I'm being honest, is that whatever you try to do, you will have a vocal group of people who will explain why it will destroy life as we know it. And everybody in that group of people will genuinely believe that it is absolutely insane to not share their beliefs.

Obviously, some groups are more right than others. If you are into cryptography, you know about the risks coming from Chat Control. But politicians are not part of your group. And what they see, from their point of view, is what I said above: whatever they try to do, there will be a vocal group of people who will genuinely believe that it is completely unreasonable.

That, to me, explains why it keeps coming back: because really, if we could break cryptography only for the bad guys, it would help a lot. "Okay, those people say that it is stupid, just like for everything else we try to do. What makes this group of people more right than the others?"

I wonder if they'll insist politicians have backdoors in their chat apps too.
It’s funny — Chat Control is not aimed at people who actually care about privacy. Those will always find a way to keep using encryption. The math doesn’t vanish because a law says so, and the open-source projects aren’t going away.

What it really does is push "regular" people back into surveillance by default. Most already assume their chats might be scanned or their phone might be listening, so they self-censor anyway. The law just bakes that into the mainstream tools, while the rest of us will keep using the same workarounds we always have.

I'd really like them to bury this once and for all. It's really exhausting that it's like an undead zombie that always comes back.
Breaking encryption to stop criminals and CSAM-sharing bastards does not work. Breaking encryption will only harm honest, law-abiding citizens. Criminals will just use “illegal” real encryption. It’s easy, the implementation details are everywhere.

The EU knows this.

They’ll always include “CSAM” as a validation, but the true underlying desire is surveillance.

Ylva Johansson (the creator) didn’t get into the EU by being popular in Sweden, she was appointed by the Social Democratic government in 2019, and commissioners aren’t elected anyway. For Brussels the boxes she ticked (party loyalty, decades of ministerial experience, gender balance in von der Leyen’s Commission) mattered more than domestic approval. In fact, governments often use the EU to park politicians who’ve lost their shine at home. Now she’s mostly known for pushing “chat control” (mass scanning of private messages), which only makes the disconnect clearer: an unpopular figure at home ends up driving some of the EU’s most controversial policies.
When was this campaign launched? Today? Or earlier? I mean, is it public?

It's not on their website list, not in their socials

Something rarely mentioned in these discussions of EU's proposed "Chat Control" is that it only applies to certain "platforms"

Encrypted messaging not sent through one of these third party "platforms", i.e., "social media", would arguably be outside the scope of EU "Chat Control"

In other words, this proposed legislation does not require monitoring any internet user engaging in encrypted chats with any other internet user(s) as long as they avoid using a third party "platform" like the one run by Meta that is subject to the "Chat Control"

If a person believes that such encrypted chat is impossible/infeasible without the involvement of a third party such as Meta, then IMHO, this person has a more serious impediment to private conversation over the internet than EU proposed "Chat Control". But I would not trust any internet forum comment demonising the EU when what the EU is doing is regulating Big Tech

This proposed legislation may be detrimental to Meta's bottom line and so one can expect the usual public disinformation campaign where the problem is portrayed as "government surveillance" when in reality

(a) the problem is using third parties such as Meta to communicate, creating an easy partner/target for any government that wants surveiillance data

and

(b) Meta, not the government, is actually doing all the surveillance

and the EU keeps fining them for it. Big Tech companies like Meta need to ignore privacy norms in order to make money. That is the "business model". Surveillance. I cannot think of a worse choice of a third party through which to route private conversation