• @MigratingtoLemmy
    link
    585 months ago

    My point being, what are they going to achieve with this? Ask WhatsApp to pass over their encryption keys?

    It should be pretty obvious that you shouldn’t be sharing sensitive stuff on chat apps controlled by the NSA. Use element with encryption or something, maybe Briar etc. What are they going to do if you insist on using apps which use asymmetric client-side encryption, break TOR? Force you to use symmetric encryption and give the government your decryption keys?

    I don’t see how they are going to spy on sensitive details of Europeans with this. They might as well ban phones completely if they want to limit communication.

    • @[email protected]OP
      link
      fedilink
      English
      98
      edit-2
      5 months ago

      These laws are being passed by politicians who generally don’t understand technology. What they will achieve is a reduction in privacy and liberty for every citizen in the EU and easier methods to clamp down on dissent. Just because it’s not technically perfect or difficult to implement fully doesn’t mean it’s not a threat. It’s one step closer totalitarianism, and what’s stopping totalitarianism is everyday people, one step at a time, battling it back.

      • @[email protected]
        link
        fedilink
        52
        edit-2
        5 months ago

        A more cynical take is that they understand very well, but are being compensated by big tech for looking the other way.

        Good people often can’t comprehend how evil people work, and they say “everyone makes mistakes”, or “they don’t understand fully”. Because we want to think that everyone is mostly good.

        It’s not like that. :/

        • @[email protected]
          link
          fedilink
          55 months ago

          It was found that johannson was lobbied by non-profit funded by ai startup that develop csam detect and groom detect and other bullshit. startup from the us

          our politician now get bribed by us company. what the fuck?

      • @MigratingtoLemmy
        link
        165 months ago

        Well I get that they are stupid, but unless it’s their fetish to catch 14 year olds trying to spread rubbish propaganda, I doubt they’re going to get much. Any reporter, activist and consumer knows that anything they put on these apps goes straight to the NSA’s and MI6’s AI algorithms at the very least, and now they’re going to go to the rest of Europe.

        Yes, we should be protesting against this. Does Europe have an equivalents of the EFF to fight for such rights?

        • @Eheran
          link
          115 months ago

          I have to strongly disagree, you overestimate what people know/can/want to do. Some, sure, but not the majority. They either stay ignorant or are too lazy. Just look at add blocker usage. I can not even imagine to live without them, but here we are, I am the tiny minority! Most either do not care or are too stupid or somehow happen to not know about them.

    • @[email protected]
      link
      fedilink
      51
      edit-2
      5 months ago

      It’s literally in the article: They want to use client-side scanning. The client already has the data decrypted. This is much like what Apple wanted to introduce with CSAM scanning a while back. It’s a backdoor in each client and it’s a matter of time until it will be abused by malicious entities.

      • @[email protected]
        link
        fedilink
        155 months ago

        Yea, it is clear if there is just one closed-source app. But if we’re talking XMPP/Matrix - they have multiple open-source clients, even if some of them does introduce scanning, no way it wouldn’t be forked to remove it.

        • @[email protected]
          link
          fedilink
          95 months ago

          If a messaging service is non-compliant, the government could theoretically take action with court orders against domain owners, server owners or pursue anyone hosting a node in case of a distributed setup. In a worse case scenario, they might instruct ISPs via court orders to block these services (e.g. The Pirate Bay in some countries)

          • @MigratingtoLemmy
            link
            85 months ago

            Yeah let’s have them block github. I kind of want to see a federated git hosting platform integrated with the fediverse

            • @kbotc
              link
              English
              55 months ago

              They literally will do that. GDPR shows that they will go after big American companies (That’s the point, a huge chunk of this is protectionism to build a tech industry in the EU that they control)

            • CEbbinghaus
              link
              25 months ago

              This has actually been my dream for some time now. Not AP/Fediverse since that is built for social networks, but some platform that federates decentrally and functions closer to GitHub/Forgejo. Ideally with the ability to fork repositories across servers and the ability to hook up hosted runners github style. It would be an absolute dream to have a platform that lets anyone explore projects from any of the other nodes and build upon them.

          • @[email protected]
            link
            fedilink
            25 months ago

            Where I live, a lot of popular services, including major foreign social media and torrents everyone uses, are blocked - yet they still have a massive userbase.

            And since the scanning is supposed to be client-side, how would a server check if the scanning was really performed? What if the server does receive and log the needed responses, just to be safe, but the client actually just sends them automatically while lacking such functionality?

    • @[email protected]
      link
      fedilink
      English
      215 months ago

      You are 100% right.

      They can’t ban encryption, yet they can make it difficult. If all noobs don’t use encryption, only the pros are left. That means they only have to spy on 10 instead of 100 people. Those that don’t use encryption aren’t interesting.

      The problem is that they can’t spy on the 10 and hence they spy on the 90 and wait for the 1 guy making a mistake and becoming one of the 90.

      • @MigratingtoLemmy
        link
        25 months ago

        Fairly sure my good Eastern Europeans don’t give a fuck about what France and Germany think and will pirate and TOR and I2P their merry life away (or so I’d like to think - you tell me)

    • @Wooki
      link
      10
      edit-2
      5 months ago

      When the endpoint is controlled the keys are published

    • @vxx
      link
      25 months ago

      As far as I know, Prism is able to read encrypted messages.

      • @MigratingtoLemmy
        link
        85 months ago

        Prism has broken AES-256???

        It is more likely that Prism can use android exploits to read data before it is encrypted by the client

        • @vxx
          link
          2
          edit-2
          5 months ago

          deleted by creator

  • @[email protected]
    link
    fedilink
    195 months ago

    So first it’s client-side scanning for CSAM. Not without some nobility. But the problem is once you wedge open that door it’s technically possible to do it for other things and so you become compelled to.

    It’ll move from just CSAM to stopping and tracking “propaganda” as deemed by them which will be narrow-ish at first (anything pro-Russia, RT links, etc) but gradually expand over time to anything outside the mainstream branded as extremist (and guess what, privacy advocates will definitely fall within that label). And once that’s in place the private stake-holders, copyright holders will come knocking, they’ll say rightly so “hey you have the capability right now, we demand you implement client-side scanning to detect copyright violations” and then that will be ordered by a court, further enshrined by a law and oh look now you can no longer send political thought that the ruling regime disagrees with, can no longer surf the high seas, and so on and so forth. Congratulations and please enjoy living in the “garden” of Europe.

    • /home/pineapplelover
      link
      fedilink
      135 months ago

      The US uses the Patriot Act to spy on innocent people under the guise of terrorism. Once you open the door, they knock the wall down.

  • @fluckx
    link
    125 months ago

    Well. Now seems to be a good time to be ashamed to be Belgian.

    Shameful politicians :(

    • @[email protected]
      link
      fedilink
      -45 months ago

      Reading it, it looks like it doesn’t require invasive oversight as long as the chat apps and app stores have sufficient detection and such.

      really, that’s what such places already should have, considering how much profit they make off of our data

      • It does require invasive oversight. If I send a picture of my kid to my wife, I don’t want some AI algorithm to have a brainfart and instead upload the picture to Europol for strangers to see and to put me on some list I don’t belong.

        People sharing CSAM are unlikely to use apps that force these scans anyway.

        • @[email protected]
          link
          fedilink
          05 months ago

          The proposal only does so under specific circumstances, which makes sense. Try to read more than three words before your respond

          • The point is is that it should never, under no circumstances monitor and eavesdrop private chats. It’s an unacceptable breach of privacy.

            Also, please explain what “specific circumstances” you are referring to. The current proposal doesn’t limit the scanning of messages in any way whatsoever.

            • @[email protected]
              link
              fedilink
              05 months ago

              No, I actually read the current proposal. Maybe try that before regurgitating random stuff that matches your opinion

              • https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=COM:2022:209:FIN

                Here’s the text. There are no limits on which messages should be scanned anywhere in this text. Even worse: to address false positives, point 28 specifies that each provider should have human oversight to check if what the system finds is indeed CSAM/grooming. So it’s not only the authorities reading your messages, but Meta/Google/etc… as well.

                You might be referring to when the EU can issue a detection order. This is not what is meant with the continued scanning of messages, which providers are always required to do, as outlined by the text. So either you are confused, or you’re a liar.

                Cite directly from the text where it imposes limits on the automated scanning of messages. I’ll wait.

                • @[email protected]
                  link
                  fedilink
                  05 months ago

                  ey there you go, you bothered to actually read. Your chats remain with your provider!

                  It’s not like you were expecting privacy while sending your content through other people’s platform, were you?

  • @TheWonderfool
    link
    115 months ago

    The article is from May 19, 2022. I can find very little information about the vote of this Wednesday. While I don’t doubt its authenticity, I find it unlikely that it would pass. Last time they tried, doing it much more loudly and going as far as spreading disinformation campaigns on TV and in social media, they still completely failed at having the legislation passed. To me it looks like someone is finishing their mandate, so they are scrambling to show that they are doing the work they have been paid to do (by lobbist, obviously not by the people).

    I hope I will not be proven wrong.

  • @[email protected]
    link
    fedilink
    105 months ago

    Keep me updated Europe friends. If they implement this, for sure other countries will implement this as well.

  • @[email protected]
    link
    fedilink
    105 months ago

    It is already law in the UK, they are just waiting for the right moment to activate it.

    Maybe this move by the EU will embolden other countries to follow suite. the best thing to do is to move to a corner of the internet they can’t control. like Tor , I2P and similar projects

    • @ikidd
      link
      95 months ago

      Yah, but the UK has been an Orwellian nightmare since Maggie’s day. Everyone expects laws that completely negate privacy there and just roll over for it.

  • @[email protected]
    link
    fedilink
    45 months ago

    Regarding email which provider would be best suited if this goes true? Because Tuta is hosted in Germany it seems less optimal then say Proton?

    • @[email protected]
      link
      fedilink
      115 months ago

      If I cared about the contents of email staying safe, would rather not depend on a provider and just use provider-independent PGP. If safety is more important than universality - then I’d use something outside of email in general, like XMPP+OMEMO or maybe Simplex.

    • @[email protected]
      link
      fedilink
      2
      edit-2
      5 months ago

      Before privacy guides changed there was a spreadsheet with all providers, security details and wether or not they have ever complied to government requesting access.

      If i recall correctly proton did not score very great. Disroot did very well on paper but was considered new and had yet to proof itself

      Anyone know if this (updated) information still exists?

      • @[email protected]
        link
        fedilink
        1
        edit-2
        5 months ago

        Proton pretty much always complies with government access requests, and they never claimed otherwise. They, however, don’t have access to the content of your emails due to their encryption, meaning the data they give to governments is restricted to what you give them. They can at most give out your name, payment information, and backup mail if you voluntarily gave that info to them.

    • @[email protected]
      link
      fedilink
      English
      15 months ago

      It doesn’t make a big difference. You are going to send emails to Gmail most of the time anyway.