This is the worst thing in ages. I’m 50+, very good with IT, and I understand that we MUST act against it.
But I’m tired, boss.
Surrounded by lemmings and sheep that love Facebook and WhatsApp. People are stupid. I don’t have the energy to fight so much ignorance and stupidity - willful or otherwise.
Also, they keep trying. You fight it one year, they’re back the next. Extremely undemocratic.
Precisely. You need to keep winning, while they just need to win once. Would love it if repeat offenders like these would just stop being considered entirely after being rejected multiple times.
I’m overwhelmed by this stupidity and collective ignorance all the time. Not just in data privacy regards.
Some days I just want to give up and say “screw it”. But damn, I can’t. And a lot of others will not stop. If you do, thats alright, it is okay to rest.
Thank you, kind stranger.
Just a few years older, in IT as a career, and absolutely the same.
You know what though, when encryption was first developed in the form of pgp, the whole point was that it was to sidestep the government being able to spy on you.
Perhaps we just need to accept that we need to take encrypted communication into our own hands and not rely on messaging apps to protect us
The issue came down to ease of usability. PGP simply wasn’t plug-and-play, hell it wasn’t even easy to set up. And most importantly, it absolutely depended on the other person having the same configuration.
As messaging platforms like Signal has shown, security and encryption needs to be transparent and unnoticeable. It needs to be totally frictionless and thinking-free in order for the average Joe to want to use it.
And that is even before other issues such as platform stickiness, which Signal has issues with.
The provided link will let you contact MPs with just a few lazy clicks.
I’ve contacted them yesterday evening. Funnily enough, all the AfD opposes chat control. They’re clever. If chat control were to pass, they could campaign on having opposed it, and then mission creep it once elected.
I’m just so tired of it all. At this point I would not be surprised about ending up in prison a decade from now for using encrypted communication.
Any Dutch people here? Follow nerdvote.nl, to help decide who to vote for this election. They are suggesting technical minded people should unite and form a block in elections, so that parties will try to cater to us. If you want our vote, come up with plans an proposals to create digital sovereignty and freedom. As a member of PVDA/GL I am probably voting Barbara Kathmann , as she is fighting for digital sovereignty. Without preferential votes she probably won’t make it in so your preferential vote matters!
This would not break encrypted messaging but forbid it.
The claim I’ve seen from an MEP is that they wouldn’t compromise the e2e encryption itself but instead mandate a backdoor so they can remotely access the unencrypted messages on your device. Which is arguably worse.
What if I just transmit a bunch of random ass digits to someone?
And, now listen, what if the someone has a bunch of these numbers in his backpocket, and by complete chance, when added to your number, it gives a number that might just mean something.
This for whatever reason made me think of a system that works similar to blockchain and bitcoin scrambling. Take a message, split it in many parts, each gets sent thru different servers, but using some alghorithm, it all connects together in the end, without actually encrypting the message.
Honestly, stenography is probably the only way to achieve privacy and evade detection. A “one-time pad” would also be a solid layer of security to apply on top of that. Splitting up traffic would buy a little security if you funnel it through wildly different services owned by different corporations and ISPs, more or less requiring coordination with each other or through another party (police/government) to puzzle things together. But you still need to disguise the payload (stenography) or it will stand out.
Inscrutable traffic contents can get flagged, and the destination ip:port can be pretty damning metadata (depending on who’s watching). The only way to make any of this work without looking like typical SSL traffic is to hide data inside what looks like typical traffic.
I’ll add that with AI in the mix, profiling and anomaly detection is only going to get worse. Plus, you’re trying to evade and adversary whose movements and strategies are not completely knowable ahead of time.
Probably a really good use for llms would be to provide plausible looking strings that can securely transmit a public key
Edit:
Sun senator house — ruler sun arena amber army amber army. Bard 3 noble zone ancient citizen 1 youth colosseum 2 empire army. Arena amber amber dominus augustus quiet augustus bronze army arena augustus bronze. Amber quiet caesar 5 hill wine zone 9 caesar jewel 1 guard. 2 dinner 7 mosaic justice farmer 2 quiet echo 0 jar poet. Amber honor 8 king xiphos poet 5 dove quest justice forum plus. Yarn 9 road 2 divine 8 7 market zenith 8 keep urn. Poet 6 wall trader echo xenia law use 6 plus rome battle. Table nymph 2 soldier zeal temple ancient jar eagle market senator 1. Quill kettle 0 journey olive 6 victory honor road jewel temple colosseum. North zodiac man soldier xiphos 0 parade house jar 8 kettle 2. Bard zone xenia grain 5 jester land 6 caesar 5 parade quiet. Hill ruler poet 8 feast zeal chariot 8 quarry nymph prince lamp. Hill wheat parade plus 6 ox xenia 2 empire caesar farmer kettle. Keen 8 yard ox lamp temple hill quarry woman wine mare 2. Lion 6 rome 8 mosaic 5 yarn ox xylos citizen night god. Parade 5 citizen 8 hero youth slash hill scribe urn nymph gladiator. Year xylos xylos market rome jar gladiator noble bread zeal wheat 4. Dominus plus feast quarry justice colosseum land victory yard mare jewel quiet. Use house wall table yarn 2 use amber xeric river road night. Hymn 8 noble yarn jester war scribe trader 2 table town quill. Zeal hero zone 2 mosaic 4 wine coin grain 3 xeric colosseum. 6 legion hymn law 0 war rome quill feast valor hero 0. Wine 5 dinner king 8 9 ancient zeal 0 plus 8 arena. Imperial use nymph 9 2 quarry keep jester temple citizen divine mount. Xiphos 1 man 8 lion voice 5 wine wheat zenith table forum. Man 2 temple xenia mount dove zigzag hymn xeric 4 torch 7. Mare 2 officer feast officer zodiac 2 yard palace 2 4 colosseum. Lamp 4 brave trader vine quill xystus caesar jar 8 justice guard. 5 quest drum queen 8 zodiac 9 year dinner river umbra 7. Arena plus utterance 0 mosaic dominus quarry honor dinner echo man. Officer at evening xystus ancient man pillar legion evening.
My key:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5hWz9Cj1g2D7mJf2qE0jPaH8KxP5dQjF+Y9R2d87m Z8kUp6wTeXlU6+rbTn2SztajEms1QK0jO6vHRjTcnZmSx0pHj8K2BZXG5jL6C5pqhrP8fzC8QnPLhw P+6oX2EcfKk8yoLthQwWm2L6R8M5YoxCnGp5c8hy/hsUNgYXxmrJGnBZW4d+fQjClvYMJqUHwTY2u AxrRnh8NYJwsT2TtQZhZ2m4wCG3Xc6LhL0WrqFvh0w5Dk89Az0+8aIuN92qkjtcdMX1m8lV5wWZTf m2txmDZhX4T7M2OFOz2yP24Cl4BTVQXcJ8jG5qDQ8Z9yDRu7A+U0MdQH demo@example
I propose we make a new cipher alphabet which is more natural language and llm friendly in order to allow a more natural encoding, make it non case sensitive, no special characters, and have no header or footer, so that it is less detectable
Security by obscurity
Ok how do they plan to enforce that?
By banning HTTPS at the ISP level?
Edit: and then how do they enforce GPDR? Because you better believe everyone and their mother is going to snoop on every communication made.
By forcing Whatsapp Signal etc to implement backdoors
Signal wouldn’t, or if it did, it would be labeled as such as an insecure fork for EU conpliance only and make that fork stale immediately.
Blocking HTTPS would be frighteningly hilarious. My employer is one of thousands of websites that utilizes HSTS, which tells web browsers to use HTTPS. Our implementation of HSTS, like lots of banks etc. is also listed with HSTSpreload, which means browsers like chrome will only ever use HTTPS with our site.
What if they just do MITM with a Trusted root? Does HSTS provide a method to do cert pinning?
HSTS just enforces HTTPS over HTTP.
I seriously doubt Chrome or Firefox would ever be coerced into trusting a cert like that. If they did then you would see a very rapid shift away from those browsers to one or more of the open source alternatives.
And any CA that issued such a cert that allowed for wholesale MITM access like that would be blacklisted by all the browsers very quickly as well. That would put the CA out of business very quickly.
Don’t need to ban encryption, just control top level certificate authorities and have access to private keys.
I’d like to see them try to get mine lol.
And any CA doing so would lose their certificate authority status pretty damn quickly.
By banning HTTPS at the ISP level?
I think you might not be aware of it but big institutions like governments and such can basically already circumvent HTTPS encryption by supplying fake root certificates and forcing the ISP to redirect traffic through their own servers.
That is why End-to-End encryption is such a big deal. Because it cannot be circumvented by the government alone. If done right (proper key exchange), it cannot be broken by anyone but the legitimate recipients. The way WhatsApp does it today, Meta could technically break it too, though i’m not sure whether they do.
That’s not necessarily very easy. These certs would have to show up in public certificate transparancy logs for most browsers to accept them. If this happens on a government scale it would surely get noticed, though the question remains what you’re left to do if the government forces it anyways…
See https://en.m.wikipedia.org/wiki/Certificate_Transparency section “Mandatory certificate transparency”
not necessarily very easy
admittedly, but i still assume that the CIA could do it if it tried.
edit: thanks for the link though, this seems very interesting :D
Oh shit - I thought they dropped this! JFC, EU! What TF are you doing?
There seems to be some kind of group repeatedly pushing this crap every other year, with increasingly shady tactics.
I would for sure like to know from where this emanates…
It’s the pro-surveilance people that want to monetize your data. They try and lean on fear and push this “only ISIS uses Signal” narrative that is obviously false.
It’s just so preposterous - businesses and payment processors rely on e2ee just as much as anyone else does. The one time we’re on the same team they just want a carve out for businesses or something I expect.
So that’s why their quiz is stacked this weird way:
Yeah, I think this whole survey is written in a somewhat suggestive way. Even more important to fill it out
Yeah, classic juked survey. Not objective at all, only someone that is “pro-crime!” would say no.
ISIS also breathes oxygen.
Oh no! Get it all out of here!!! Ah!
Not enough people are aware of just how evil Peter Theil really is
Agreed. I’ve tried to tell people about https://en.wikipedia.org/wiki/Dark_Enlightenment but friends and family brush it off like it’s some small cult thing instead of being silently funded by billionaires
I swear that fuckface is part Ellen Degeneres
It’s ironic to use a meme from a movie depicting a fascistic government, to protest against a fascistic measure.
I suppose the better meme would be “it ain’t much, but it’s honest work”
One point of hope is that they mandated cross platform chat compatibility too, and every platform is just… Ignoring it and not doing it with zero consequences.
Maybe this just also won’t happen.
Feeling hopeful about giant tech companies ignoring attempts to reign them in is unwise, even when it occasionally lines up with something you personally want. And I even say that as someone with permanent distrust of the big power structures doing the regulating.
Of course chat control would be practically infeasible. But it’s not even about that. It’s about the simple fact that the EU commission ignores the will of the people, when the people have already clearly said NO. It’s about the disrespect that the EU commission exerts against the people. That in itself is unacceptable.
Don’t get your hopes up. The police and secret services don’t care about cross platform compatibility, but they’re chomping at the bit for mass surveillance.
Thanks for sharing the link to contact the MEPs. Thats actually very useful.
Operation Rubicon!
This is such a bad idea that even the US stopped doing it to all their enemies (i.e. their allies). Of course they have PRISM instead now which can’t be cracked by their enemies (i.e. their enemies and allies).
The site failed at the last step… Fortunately all my reps are opposed
Aren’t Europeans supposed to be the good guys?
There are no “good guys” or “bad guys” in geopolitics, just shades of grey. On quite a few topics, the EU is better, but any government is capable of doing stupid shit.
good take
No, the EU is just as much liberal capitalism as the US. They have a better social safety net and looked better in comparison.
the EU commission is absolutely dumb and definitely not on the side of the people though. by the way, it’s also not democratically elected.
The competition is pretty weak.
The EU’s been veering right for a few years now.
EU politicians are probably the only ones who ought to be scanned
In many cases this could be argued as unconstitutional.
In germany, it’s not technically unconstitutional (i checked last week because i assumed it should be) but it definitely feels like it should be unconstitutional. After WW2, there was a consensus to not surveil your own population, and this is a very important constraint to keep in mind.
In Lithuania privacy is defined as a fundamental right and it includes correspondence, digital or otherwise.
Would that prevent passing laws enabling chat control? Doubt it, but I can see it as a good legal argument against it.
Where did you check that? The Vorratsdatenspeicherung has been ruled unconstitutional twice for example
Art. 10 GrundGesetz: https://dejure.org/gesetze/GG/10.html
According to the EU constitution?
Yes, the right to privacy is a fundamental right in the eu charter.
I yhink the declaration of the rights of man and citizens is in there somewhere. But I haven’t really looked at it since the Schengen treaty mess.
According to constitutions of member states.
At least here it’s worded in a way that chat control could be argued as unconstitutional (not a lawyer tho).I would not be surprised that any other sane constitution protects privacy, and by extension digital correspondence, under fundamental rights.
