In the past, we could have made a version of Signal without this spyware, to be installed as an APK (as I would expect the EU to force Google to ban the non-spying version from the app store). With the upcoming Android developer verification, this will no longer be a possibility.
The thing that depresses me about offhand references to bilderberg group is it's a missed chance to name real names. I don't know who they are, but from chat gpt'ing it looks like there's some particular agencies regularly behind these. One is "DG Home," an EU department on security that drafts legislation.
Another is Europol, a security coordination body that can't legislate but frequently advocates for this kind of legislation.
And then there's LEWP, The law enforcement working party, a "working group" comprised of security officials from member EU states, also involved in EU policy making in some capacity.
Perhaps targeted reform of these bodies is in order so they don't keep producing this legislation over and over. The blocking minority shouldn't just oppose the legislation itself, but make sure that their representation at those bodies is stopping those recommendations from moving forward. The legislating infrastructure needs to be challenged as much as any particular bill.
People have been talking about this for years. Corruption, authoritarianism and fascism is eating the EU from within and people who warned about it were called from tin foil hatters to just nutters.
It doesn't have to be in secret, they can and do plan and coordinate these efforts in the open. When we hear about it, it was already planned for many years.
I mean, "the police should have the power to read your communication" is not some fringe view. It's been the view of every state in the history of forever.
Couldn't someone just build that Signal APK without spyware and then get it signed/verified by Google?
The Google change means that every APK has to be signed and linked to a developer with a verified identity.
Unless Google might not be willing to approve this alternative version of Signal, but is there any indication of that? The Signal clients are open source with a permissive license so there's nothing unauthorized about building and distributing a modified version yourself.
If the developer is in the EU, they can come after them. If not, the EU can direct Google to revoke the verification. The commission has a big lever to pull with fines which are pretty much arbitrary.
The point is, before, you could run apps on your Android phone without anyone's permission. Now, you need Google's permission. You're relying on Google authorizing a Signal build which circumvents laws, and that's not at all a given.
The EU says it wants to challenge Big Tech. What they mean is they want to blackmail them into giving them privileged access to information, control- and surveillance systems.
Android as it is fails as an operating system and the same idiots ruining perfectly good software in other companies now work for Google. Not that iOS is in any way better, it has the exact same and even more deficiencies.
There are plenty of devices running older versions of Android which are not under Big G's control and won't be subjected to this authoritarianism. Coincidentally they are also likely to be easily rootable, so you can still have full freedom.
Just don't "upgrade" and ignore all the propaganda telling you bad things about that. Keep building apps that work on older, less-hostile devices and spread the word to oppose this very deliberate planned obsolescence.
True, but there are apps, as reported in other threads in this forum, that will not run on rooted phones. E.g. banking and government apps. Most people will not go around with a rooted phone, much less with two phones.
> Coincidentally they are also likely to be easily rootable, so you can still have full freedom.
Also easily remotely ownable, so you can be spied on without even having to install any software at all. And any that aren't now will be a couple of years after they fall out of support. Which, by the way, is very hard for the community to step in and do, since they're full of undocumented proprietary binary blobs.
> Just don't "upgrade" and ignore all the propaganda telling you bad things about that.
... and when your fully owned device finally breaks completely?
Since the right people are here, can anyone explain to me why its so hard to "root" (in reality, obtain basic filesystem / networking etc. control) with that OS?
It already took a mountain of resisting the network effect to get at least some half of my friends to chat with me on Signal. The chances to get them to move to something more obscure, that has any additional friction is low and the effort in convincing them will be high. That's not to say I won't try, but man I hope it doesn't come to that.
Google won't have to ban the non-spying version of Signal, Signal will simply cease to operate in the EU. That's what the Signal CEO said in an interview.
>as I would expect the EU to force Google to ban the non-spying version from the app store
If you expect hostile action by Google you should also expect the rootkit that is google play services to also do that. Which means in both cases the solution would be to use a actual open source mobile OS based on AOSP.
This thread is going to be 400 comments of people talking about how stupid this is, how it won't work and never will, how no sane person could possibly want this. And you know what, I agree with all of that.
But there are a few people asking who is pushing for this legislation so hard. That's mostly police forces who are pointing out that they're unable to track the activities of criminal organisations. For example, in the UK sophisticated gangs steal cars and phones and ship them around the world where they're resold. They locate a buyer anywhere in the world who requests a specific car, find that car, steal it and have it in a shipping container within 24 hours. It's impossible to know who's done it, or track any of the communications involved.
In previous eras it wasn't possible to create international criminal organisations of this level of sophistication because it was harder to communicate securely. Now it's possible and we all pay the price of increased criminal activity. Everyone's insurance premiums go up, making everyone poorer. UK car insurance premiums are up 82% between 2021 and 2024 and insurance providers are still making a loss.
Just to drive this point home - watch/rewatch The Wire (2002-08), except make it impossible to tap the communications of the drug gangs because they're all using encrypted messengers with disappearing messages. Immediately the people running the organisation become untouchable. The police likely can't even figure out who the lieutenants are, let alone the kingpin. At best you can arrest a few street level dealers and that hardly disrupts the criminals at all.
On HN everyone is going to say "everyone has a right to private communication, even criminal empires". And sure, I'm not going to disagree. I'm merely pointing out that private communication allows criminal networks to be much larger, more effective and harder to disrupt. And all of society pays the price when we're victimised by criminals.
Edit: I'm not saying breaking encryption is a good thing or that it will work, I'm only pointing out why police forces want access to communication records. They're unable to do their jobs and are being blamed for the rise in crime. To prove that you've actually read my comment till the end, please mention banana in your comment.
This is true of course but the counter argument is that running your own infrastructure is probably not a problem for international criminal gangs but your group chat with the boys is not gunna go through some AI garbage filter and in the end we are still going to get our cars stolen but now the police is knocking because I called Merz a fascist bastard and once the actual fascist win an election they are going to knock on everybody’s door who called Weidel a pick me girl in Turkish.
In summary, without stupid jokes about German politics, the actual stated goal is unachievable but the real world consequences in a Europe that is sprinting to the far right are incredibly dangerous.
I used to be on your side but now that I live as a minority where the locals are increasingly becoming hostile and their very abusive rhetoric is accepted on social media and forums like reddit I actually want them to face the consequences of such speech and be deterred from uttering anything like that with their devices. (They can do so privately at the bar I have no problem with that.)
Another example is the recent nepal protests.
More abstractly I think that a multi-cultural or multi-ethnic society at scale is not able to handle anonymous and private communication without collapsing. If we dont go in the direction of benevolent censorship like China and Singapore I think the west is going to see some dark times.
Not some kind of fancy sci-fi grain-of-sand sized microchips that are completely impossible to track. Not even drugs! Cars! Those huge metal objects that weigh over a metric ton each! Those cars!
If the police can't stop criminals from shipping CARS out of an ISLAND COUNTRY, the issue isn't that they don't have a way to breach privacy of every citizen. The issue is that they should be all fired and never allowed to do any government work ever again.
The replies to this thread cannot be serious, on a web forum populated—I thought—primarily by technologists. Surely you all remember the variations on, "If you make encryption illegal then only criminals will have encryption"?
The next step will surely be to make use of communication programs that law enforcement cannot read illegal, right? The police find some person who has committed a crime, caught in the ways that criminals are usually caught, such as with forensics, or simply with the guns and drugs in the boot of their car. Then they can see what forms of communication this person was using, and who was using it with them. At that point, it doesn't matter what those other people were doing: The use of banned encryption technology is the crime. You can roll them up for that, or use evidence of this crime to justify further intrusion into their meatspace lives. And so it goes, on up the chain of a criminal organization. Theoretically, at least.
I don't like this, I don't support this, but as has been said elsewhere in this thread: Let's not pretend this is some insurmountable problem for a government who has already shown an appetite for surveillance.
Sure, you could make unauthorized, fully encrypted communication illegal. But what would be the punishment for using it? Worse than for smuggling, human trafficking, murder? I seriously doubt it. If you're a criminal risking decades in prison for major crimes, using some illegal software is 100% worth it, if it significantly reduces the risk of getting caught for the real crimes you're committing.
You can't make laws that govern how criminals behave. All chat control will really accomplish is maybe a momentary string of arrests(which is meaningless in the long term; there's always someone to take over), and longer term, worse privacy and security for everyone except the criminals.
Could you watch The Wire and point out exactly what you'd do differently. I'm picking this example, because the whole point of the show is that they're unable to do anything without a wiretap when faced with a sophisticated criminal gang.
Criminals get access to all sorts of illegal things, from drugs to weapons through stolen cars.
Are you telling me that you genuinely believe that they won't be able to download an open source, actually end-to-end encrypted app?
The stupid ones already use Telegram, which is not E2EE. There is no need to change anything for them. Those who are smart enough to choose a secure messenging app today will still be able to do it, even if that app is made illegal.
If that is what they wanted, why hide it behind language about child safety? These bills happen in the US too, nearly identical to the ones in Europe. I don't think this is about stopping crime at all. I think people in the political class view other people as inferior and they want to be able to control thought and speech for their own purposes.
>To prove that you've actually read my comment till the end, please mention banana in your comment.
I am perfectly OK with the current level of crime and the current level of freedom. In fact, I'd be OK with slightly more crime in exchange for more freedom. Truth is the police often don't even act on the crimes that are provable using good old-fashioned detective work. So they have no leg to stand on.
In fact, freedom to break the law, revolt and even kill people is necessary for a functioning democracy. The fourth box of freedom is the final check and balance. If enough people (over half the population) determine that the government is corrupt, they need to be able to overthrow it.
And that required and armed population and the ability to organize. Yes, this also helps criminals. Yes, sometimes innocent people will die because the wrong people also have access to guns. That's all the more reason to be able to fight back, both against bad people and against the government.
History repeats itself (with minor variations). People don't value their freedoms, let them be eroded by those who are attracted to power for power's sake, they get abused, and finally either they get fed up and start a revolution or the state functions so poorly it gets invaded.
We're at the stage where freedoms are getting eroded more and more noticeably. I would very much prefer to break the cycle before it comes to rifles and drones.
It just forces the police to do good-old-fashioned policing. For example, nab one of the few street level guys and force them to give up the higher-level guys. Maybe make them wear a wire.
The real problem is that we've given up on going after the low-level guys, whether they're stealing cars or selling drugs or pickpocketing the tourists. If we catch them at all, we just release them.
What papers? You think we verify that the contents of every outbound container matches what it says on the manifest? We don't. It would be prohibitively expensive to scan every container. Even if we did, and found a car in a container, how would we know the documents provided aren't valid?
This is a really hard problem. If there's an easy solution in mind, feel free to suggest it.
I don't think this will stop these people. I'm fairly sure I could write some web app, or in an extreme case, provide my team of car thieves with dedicated hardware that just illegally encrypts messages.
I think these laws are simply to catch everyday people chatting about illegal stuff on a phone without any preparation.
So, they are able to get illegal goods through customs and police is not able to catch it because no wiretaps?
The following is supposed to happen in undetectable manner:
- stolen car drives from A to B (on roads that can be policed),
- at location B let’s assume it’s chopped (finite locations/people that can chop cars)
- a container is loaded with heavy, metal car parts, undetected by metal detectors (weight scan, x-ray, visual inspection)
- container paperwork is signed by someone (literal government ID is presented here)
- customs officers are approving the outbound container that weighs over a metric tonne
You don’t think there is immense amount of incompetency or corruption here?
And what happened to police posing as a buyer, undercover cops, physical surveillance?
We recently shipped our furniture to US, and customs x-rayed it and charged us.
> But there are a few people asking who is pushing for this legislation so hard. That's mostly police forces who are pointing out that they're unable to track the activities of criminal organisations. For example, in the UK sophisticated gangs steal cars and phones and ship them around the world where they're resold.
If that is really such a big problem, then why don't the politicians say so instead of saying that this law is for protection children?
That's a fair point, but different arguments work with different audiences.
For what it's worth, they're not making up the CSAM thing. It has never been easier to disseminate/acquire CSAM in a way that you're never caught. That wasn't really possible before, which means there's a larger market for the production of such material.
I didn't bring up CSAM here because HN is militantly against think-of-the-children arguments.
Given property theft is down and encryption has been available for the entire time period of that chart -- do you have any actual steelman for why Denmark would need this, absent a thirst for power/control, especially now?
if anything should come out of this is that car manufacturers need to come up with a way so it's not this dead simple to steal cars.
And it is not that hard. They already have all the tech ready with good security systems. but you know what? those are expensive. and that is something they dont want. so they go with the cheap alternative, which has been cracked 1000+ times already.
So instead of breaking the privacy of everyone, this should only impact the manufacturers.
> They're unable to do their jobs and are being blamed for the rise in crime.
The vast majority of crime is very dumb. Like the three guys who broke into my garage and tried to take my bicycle. The police however is not interested in that: not interested in CCTV recordings, not interested the license plate of the van they were driving.
If the police isn't doing even the simplest things, there's no way in hell they would bother decrypting their whatsapp messages. That's reserved for people targeted by the government, not to fight street crime.
Some of this is being marketed to law enforcement, though. There is a world being sold to law enforcement agencies by some tech companies that one day they'll just be able to click the face in the CCTV, or the plate on the van, and immediately be able to cross reference it with the decrypted messages and other records. Imagine how much more "efficient" that kind of law enforcement could be.
This isn't a dilemma unique to encrypted comms or privacy. You have to weigh the net benefits to society as a whole. How much has the lack of secure communication and encryption at rest cost society? How much have the criminals you mentioned benefited from the lack of encryption? How much more difficult would it be for criminals to locate targets and victims with encryption protecting the latter?
Technology has never been the limiting factor in stopping any crime. I've literally shown a cop the exact GPS coordinates of stolen items and they shrug.
If police forces wanted to do a better job here, they would.
Don't presume stopping this sort of crime is the purpose, that theory doesn't hold water.
That's all bullshit because we already live in a panopticon. Everyone's physical movements are tracked, facial recognition works even on partials, there are HD cameras everywhere, continuous uploads of videos to TikTok and Instagram mean fugitives can no longer hide in the public world. Phones, Alexas/Homepods, vehicles etc can be remotely converted in to bugs with a court order (and a bunch of other devices probably are without.)
Whether its car thieves or drug dealers, these exist in the West today by explicit choice, not because it is impossible to stop.
This is conspiracy thinking. Parliament and HMG specifically allow car thieves to impoverish every car owner because ... why?
The previous Prime Minister suffered a bout of unemployment because he was unable to get a handle on the cost of living crisis. Would have been great if he could have gotten car insurance premium downs before the election. Ditto with the current Prime Minister.
track cars then and shipping containers and whatnot, not people's conversations.
we all pay the price, yes, but we also all enjoy the prosperity it brings us.
at best these are arguments for finally making cars harder to steal. (and for people to own fewer of them and just rent them when they need it. and the renter company can then store them in a big fucking lot with security if they want to.)
...
as other commenters pointed it out, the technology is out there.
sure, it might not convince enough voters, we'll see. but it's sure as shit that these networks are not going back to pen and paper.
Why bother tracking just the cars? Just track every person. When you're born some government agent can implant a tracker in your sphincter. When a car is stolen, they arrest everyone in the area where the crime occurred and then sort it out downtown.
If you've got nothing to hide, then you shouldn't object to having a sphincter implant to track your every movement. And if you happen to be in an area during a crime, you'll certainly be vindicated, so just a little inconvenience in order to ensure that no car will ever be stolen again.
And just think how environmentally friendly that'll be. Maybe people will stop having so many babies to protect their sphincters from being implanted. That'll be super good for the environment.
I'm bit more sympathetic to this type of argument than most of HN. Looking at what happens in The Wire, you need a judge to allow the wiretap, right? It's not just a willy-nilly cops-can-see-anything system, right? Though it has happened from time to time that since stuff is digital, people have taken a peek when they weren't supposed to. For instance, there was a case over the summer where someone was looking up people in the Danish CPR database, unauthorized.
But I also think this won't be the same as wiretapping. That was based on an old telephone system that was very much tied to the technology of that time. In particular, it wasn't encrypted, being just a straight up analog circuit. The bad guys couldn't do much other than use code words, or security by obscurity.
With digital, anyone can encrypt, and the cost of decryption is super high. I'm not sure what Snowden said about it, but I think it's fair to say that very few messages could be decrypted.
So what will happen? We will all send our decrypted chat messages to the man, and the bad guys will just write their own chat app, which will be encrypted. Nothing illegal will ever happen on the public channels, which from time to time will have some idiot looking at his ex-girlfriend's messages, while the drug lords just write encrypted messages that probably aren't even recognized as chat text.
In the Wire the police couldn't directly access phone conversations despite them being digital because phone companies needed to see a warrant before handing over any data. That would presumably be the case here as well, communication providers would have to service warrants.
Is it possible for this to be abused? Almost certainly.
Do I think this is a good idea? No I do not.
Despite me mentioning it 10 times, I can mention it once more. I'd prefer communications to remain private. I'm only pointing out ways it hurts society, and why police would like to return to the status quo ante where they could obtain a warrant to surveil criminals.
A huge part of the problem in Sweden, and overflowing to Denmark, is that teenagers are getting hired as hitmen via open channels, told to install Signal, and then communications go dark. If these teenage would be-hitmen had to first roll their own high grade crypto before they could apply, the supply would be reduced.
> watch/rewatch The Wire (2002-08), except make it impossible to tap the communications of the drug gangs because they're all using encrypted messengers with disappearing messages
The drama of that show was principally derived from the fact that the gangsters never so much as spoke near a telephone. The idea that you're going to force a backdoor into whatsapp and the gangsters are going to throw their hands into the air and turn themselves into the police is frankly idiotic. Criminals already use special apps and hardware to communicate more securely. They will continue regardless of what the law says they can do, because they are criminals. The idea that the rest of us should give up secure communication in order that gangsters can still find ways to communicate securely reaches the level of insulting. The cat is firmly and safely out of the bag on wiretapping gangsters.
Private communication is not that hard, nothing prevents a drug lord spin their own "signal" app, and since they are already criminal, another crime is not a big deaal, so making it illegal to use secure app is dumb. Also i love banana
They’ve had to become like that due to their bizarre choices. They really got the worst of all worlds. Net tax beneficiaries, fear, crime and now judicial over reach. How do you do this to yourself?
What is extraordinary is that the idea that there shouldn't be a word exchanged between two individuals that the state cannot listen to was a Stasi wet dream. It is just shocking that western democracies that have held totalitarian regimes at bay for so long at great expense, are now going full big brother.
This is a meme I see and don't fully understand. It seems to assume that the state isn't a democracy, yet the statement is usually applied to democracies like the US. Such statements don't make sense to me when it's the people who are the state, not some "other".
It's surveillance companies, i.e. follow the money. Imagine if you can force every IM app to include your nonsense? BILLIONS of instant installs and subscription fees.
The EU ombudsman actually asked the EU Council to comply with a Freedom of Information request about who attended the meetings about this and all we got was a fully redacted PDF with a list of about 30-40 individuals/groups (literally blacked out in the PDF). It's absurd how non-transparently this is bought & paid for.
> Who, exactly, is so strongly motivated to make such legislation?
For the part that Denmark is playing, I think the answer is somewhat readily found in the current national politics of Denmark. We've just had a pretty prominent politician 7 years ago get convicted of being in possession of CSAM. I think that's very personally offensive to our current prime minister. That has to be viewed along with her personal view of herself as the "children's prime minister", to make it into a double whammy.
We've also been dealing an inability of the police to investigate some crime, and the investigative committee established to figure out what to do about it recommended an ability for police to more readily be able to investigate digital material. I imagine the current policymakers imagine Chat Control to play a part of enabling that at a national level.
> We've just had a pretty prominent politician 7 years ago get convicted of being in possession of CSAM.
I don't disagree with your overall thesis about Danish politics at the moment, but... I think it's interesting that politicians are exempt from these monitoring schemes. So it wouldn't have prevented that guy from doing what he did. IIRC, Law Enforcement is also exempt, and they never get up to any of that, no sirree...
ANY time any legislation comes with exemptions for the people in power (legislature and law enforcement) you know it's time for extreme skepticism.
EDIT: It's just the inanity of it that has me despairing. Lobbyism at its finest (see my other comment).
We had a number of cases in Denmark over the recent years which pushes this agenda:
In addition to the obvious child abuse, there have been a case where video of a high-school girls private sexual activities where spread wildly on asocial media, fake-porn of various public figures and several cases of organized crime using various end-to-end encrypted services.
None of the Danish politicians I have communicated with like the ChatControl proposal very much, but there is nothing else on the table, which isn't much worse in terms of privacy invasion, so their only choice is ChatControl or doing nothing.
My personal opinion:
No human right is absolute, not even the right to life itself.
The demands of upholding the civilized society limit all human rights, and this limitation has always included intrusions of privacy in order to solve crimes.
I far prefer Dan Geer's proposal (See his black-hat keynote):
Companies on the Internet get to choose one of these two business models:
A) Common-carrier. Handles all content as opaque data, makes no decisions about what users see. No responsibility for the legality of the content. (= how telephone companies and postal carriers are regulated)
B) Information provider: 100% responsible for all content, no matter where they got it from. (= how newspapers are regulated)
The current "the algorithm did it" excuse for making illegal material go viral, to maximize profits, is incompatible with a civilized society.
I've asked the politicians whey they do not do that and the answers is "We do not want to piss off USA", in recent months that concern seems to be fading.
It is corruption, paranoia and addiction to power. The problem is agencies that are supposed to crack down on these things do nothing or are corrupt themselves.
Our "minister of Justices" is a scared little boy, deeply traumatised by a childhood characterised by the lack of a basic sense of safety. This trauma has never been addressed and with age he has unfortunately become a politician and earned a law degree. His rational faculties and academic degree are of course a faint echo compared to his childhood trauma, so he has no reservations destroying any personal liberty in the name of safety. I feel deeply for the boy, but fear the man.
It might seem alien to the regular HN commenter, but for most politicians/bureaucrats/law enforcement folk, the last ten years or so of widespread encrypted comms are an anomaly, and a bad one. The idea that the state is mathematically blocked from reading certain communications, even with a court order, really pushes back against the very concept of a supremely sovereign national state.
What they should be doing is giving us the ability to use public apps without the apple store or google play. What they are doing is letting Palantir get our data, despite it being from a country that thas repeatedly threantened Greenland.
What’s the endgame here, with porn, chat control and age verification occurring globally, when will this end and where will we end up? What are the realistic outcomes?
The end game is politically controlled speech. First you can't share porn, then you can't share violence, then you can't share police abuse, until it starts to creep into the world of anything unflattering to those in power.
And of course, it will all be under the guise of safety and harm reduction, but the veil will keep getting thinner and the amount of things covered more comprehensive
Not often mentioned but violence is the greatest enemy of people in power.
They always say stuff like "violence doesn't belong in politics", "violence is always wrong". But look at the French revolution, they had to cut the dictator's ("king's") head off to stop him from trying to get back into power. Look at the US for for independence, how many redcoats had to get shot before the UK decided it's not longer economical to keep oppressing the colony. Look at the assassination of Reinhard Heydrich, a public execution of a mass murderer.
And for now we're allowed to celebrate those events. Some are even national holidays. But we can not publicly discuss current events in the same manner. Those supporting recent assassinations or attempts usually get banned and many don't even dare voice their support. But there is some line where the fourth box of liberty _should_ come out. And I don't think we have enough freedom of speech currently to discuss where exactly the line lies. (Note to mods, I don't have an opinion on the recent shooting and this message is not related to it. I would have posted the exact same thing even if it didn't happen and have posted similar messages in the past.)
BTW this is funny: Brandon Herrera posted a video reconstructing the headshot by Gary Plauché where it's obvious both him and the commenters support the killing. He also reconstructed the, well, earshot by Thomas Matthew Crooks and denounced it. I wonder if he would support an assassination if it turned out Trump got, say, a massage with a happy ending from an underage girl trafficked by his friend. That would imply being a pedophile is worse than being a fascist[0] in his mind.
Anyway, violence should be used carefully as a last resort but people in power are afraid of it because ultimately, no matter how much power they have, they still need a continuous supply of oxygen to their brain, which can be interrupted in a number of ways and the probability of such an event increases proportionally to the number of people they exploit.
Without the ability for people to have private conversations and organize politically in private, democracy is impossible. It wasn’t as much of a problem in the times when everything happened IRL, but now online is the default.
So the endgame is that an anti-democratic government eventually wins an election and uses its new tools to crush dissent and make opposition parties impossible.
Or a small set of supranational entities that are responsible for creating the illusion of national entities are taking advantage of the headless blunder that are nation-states to execute their master plan in lockstep.
The realistic outcome, most likely, is mDL (mobile driver's license) automatically being passed through from your OS, to your browser, to the website. This will make compliance with age verification requirements easy, in addition to making ban enforcement and blocking crawlers/robots/spam much easier.
There's already a W3C browser standard in development - The Digital Credentials API. Apple is adding support for "Verify with Wallet on the Web" in iOS/macOS 26. Chrome is currently rolling out Origin Trials.
On the flip side, there's no anonymity. Welcome to the real Web 3.0 - an internet which has been finally put in a box, for better and worse. An internet which is finally forced to respect national laws, for better and worse. An internet where what you say online, will be treated with no difference than if you had said it in person.
> An internet where what you say online, will be treated with no difference than if you had said it in person.
It's 1984. Surveillance in your home so you only speak the government speak. If you criticize the government or the genocides commited by them you're "doing hate speech/wrong think" and you'll receive the cops at your door to be disappeared without recourse
The populace will be told you were evil and no one dares question too much or they will be next.
Or we can tell them to fuck off and stop buying into every little crisis and fake right v left fight they try to sell.
> The privacy considerations for digital credentials are not static. They will evolve over time as the ecosystem matures, and may be informed by the behavior of other actors in the ecosystem, improvements in other layers of the stack, new threats to user privacy, as well as changing societal norms and regulations.
Boil the frog slowly and carefully, and look out for opportune moments that could help to speed up the process.
IMO, the endgame is tyranny that we cannot escape. Something like stasi on hi-tech steroids. Such a tyranny can only be possible if there are no places on earth we can escape to and if domestic survelliance is so comprehensive that potential threats are eliminated before those threats realise what they are up to. In such a state, when there is neither external no internal pressure, the tyrant can rule for centuries. The thing is, there is a nontrivial number of those among us who prefer this way of life, and they are very capable in achieving their goals.
Residential ISPs will only transmit packets that have a valid device attestation signature from one of the well-known device vendors. "Unsafe" software won't get access to the devices' secure enclave to sign their packets, so their packets will either have to be transmitted in plaintext, or they'll be dropped by the ISP.
The goal is always to suppress the ability to dissent political.
It was trialed during covid and people absolutely cheered for this type of control.
Now it's only a matter of time unless people accept that it's never acceptable. Not even with "perceived threats". Covid passes and social scores to do activities where absolutely a wet dream for govs and corporations alike. The corporations that benefit from government mandated tools love getting free money and governments love control. They know the tools never spy on them, and that's why everytime they're the ones committing crimes or ignoring their rules it's "a mistake or nothing to see here".
On sufficiently long time scales, there is only one realistic outcome: the internet will not tolerate censorship and will not abide state control. It is bigger than people and computers; it's an evolutionary force.
A political party that is free from lobbyists and actually care for its citizens would be a good thing though. Number one reason of the decline in the west.
Since this is EU level legistlation and blocking minority is already ignored (e.g. going in to the streets does not matter in there), it is much more difficult.
Maybe we should schedule a day in the future where everyone travels to Strasbourg/Brussels for a demonstration.
and what if a system of mediation can pick up the encrypted messages sent by dissidents and formulate a plan to crush the resistance? To government-for-hire companies, it's a service problem, not a systemic one.
I think that decentralized solutions to the Web mostly suck because they're worse to use for the majority of people. But if the Web becomes useless for things people actually care about, decentralized solutions will creep in. People won't simply give up, the things that work will become better in the ways that serve prospective users.
That's kind of the worst case scenario, though, where bad politicians don't get removed from office. We can hope that most people will decide that enough is enough, or politicians will quietly back down when they realize they're dooming their own careers.
The worst case is when only approved hardware and software will be legal, and every level of infrastructure will be enforcing that. You can say good bye to decentralized solutions then.
Note how Apple is already a bit like that, banning certain torrenting apps even from alternative app stores [0]. I’m just mentioning that as a demonstration of the feasibility of such closed and controlled ecosystems. Now restrict ISP network traffic to packets signed by approved hardware, and there aren’t that many practical loopholes left.
No one has really pointed forward a convincing explanation of who is behind this movement.
The idea that this is the police is ludicrous to me, I don't know every european country but my overall opinion is that they have very little sway over anything.
I am in a group of high civil servants for digital services in France and strangely no one seems to have heard about the project despite these people drafting most of France's position on numeric policies.
My view is it is probably more about mass control (avoiding a movement like Gilets Jaunes and the like) than anything else.
I lost count how many times the "lets get rid of encryption" plans have been tried and failed. It's truly ridiculous how these people don't understand anything about encryption and somehow still think this is a good idea.
How is it possible that after years of discussing plans like this, they still managed to not listen to anyone who knows anything about encryption and online safety?
Makes me really worried about the future. There is a lot going on in the world, and somehow they feel the need to focus on making our communications unsafe and basically getting rid of online privacy.
The goal they are trying to achieve is good, but the execution is just stupid and will make everyone, including and maybe especially the people they want to protect, less safe online.
The age verification thing is another example. All it does is send a lot of sensitive traffic over cheap or free VPN's (that might be controlled by foreign states). Great job, great win for safety!
I do not agree with you that they have good intention or have good goals. They know what they are doing, and they are doing it to gain control. I think by saying they have good goals, but they don't know better, we are down playing the danger. They know what they are doing, and they are doing it to have more power over people.
I agree with you (i.e., I share your belief that the whole "safety" argument is a bold-faced excuse to just gain more control and surveillance power over the population), but I believe that the parent comment was just trying to be extra charitable to those pushing for the bill.
I think it is fair to give the opponent's position (which both you and I believe is in the wrong) a steel-man argument treatment, by assuming the best possible interpretation of their argument (even if they don't imo deserve it, and you don't believe in their stated intent).
The approach makes sense to me, as attacking and debating genuineness of someone's intentions is an endless rabbithole. So if you have an option to decimate their case, all while assuming their stated intent to be truthful and genuine, that's a pretty solid way to actually move the needle on the argument in a desired direction.
They have evil intentions, but they are also idiots. The nature of an authoritarian government is one that requires maximizing control for survival. As a particular country shifts to a more authoritarian government, and those people who enabled dumb ideas fall out of power (right, left, or whatever) those same tools will be used by their political adversaries to control, imprison, or kill them.
Why are they idiots? Because western Europe is not yet authoritarian and thus there is little personal benefit to hasten a slide towards it, there are so many other ways to gain power in a free society. (I wouldn't bet money that Europe will remain free in 25 years.)
There is a secondary problem here -- anything that decreases the information security of European countries hands more power to the US and China (and to a lesser degree other nations with advanced infosec capabilities like Russia and Israel.) If you are European (I'm not) the first thing that should be done is investigate the people pushing this stuff.
People need to understand that some people are abusers by nature and mentality, some from birth, some by upbringing. And they crave power.
The sayings like "those who want power rarely deserve it" exist for a reason, except until the last few decades we didn't have a good enough understanding of psychology to explain why. Now we do. Some people have anti-social traits and they should never be allowed in positions of power because they are mentally ill.
Difference is "normal" mental illness like psychosis is harmful to the individual who has it. Anti-social mental illness is harmful to those around them, especially those under them in hierarchical power structures.
It’s right there in the name: Chat Control. Take them at their word!
Look at Australia’s “hacking” bill. It was about letting the government hack (take over) your account and post as you. The “hacking” referred to ahat THEY would do — to YOUR accounts:
There needs to be accountablility regardless of intent for policies that affect everyone.
I agree with you though, they know what they are doing and about some implications at least.
I hope most services will just block Denmark though. Any investment in such technologies is a waste and should come to a great cost to developers. In this case Google products in general should be shunned. Not that they were famous for steady support of products instead of quickly killing them.
The seeming trend that worries me the most these days is the lack of competence at multiple levels of society. Our leaders, their supposed subject matter experts, the people doing "the science" all seem to be demonstrably incompetent at their jobs. I don't know if this is an actual trend or just the perception of one but it's concerning either way.
Why do you call them "leaders"? They are "people in positions of power".
I don't understand where this desire to be led comes from. Other people do not have your best interest in mind. I want others to get out of my way, unless we have a conflict of interest and then we _might_ need a third party to resolve it. But I certainly don't need or want to be led.
"the science" I don't agree with this part, and I think it's quite dangerous to rope that in.
Science is not one way of thinking, it's a methodology, it's seeking truth. There might be bad actors and idiots, there is likely lots wrong, but the beautiful thing about science is that facts matter. If someone publishes bullshit you can repeat the study and proof them wrong.
That science is (wrongfully) taken as justification for stupid things, is not on "the science" as a whole.
If anything makes me hopeful, it is science and the remarkable developments happening.
Key enablers that ensured those plans fall apart were PC platform and default code freedom on it. It doesn't work because anyone can just compile the clean versions of apps using gcc, on PC. Same cannot be guaranteed on Android and is not even happening on iOS.
We shouldn't have shrugged off the weird feeling of shackles on our wrist when iOS(iPhoneOS) was first released. We should not have relied on geohot stopping by and dropping a jailbreak he found. We should have voted to force it open by law.
cannot emphasize this enough. Workarounds were always tolerated because they silenced the potential competition until the frivolous features that people did it for (namely customization) were all available by default, closing the door for what Apple actually hated (side-loading). They are expert software politicians, just look what they do with the EU's open-ecosystem demands
The proximate goal they're trying to achieve is mostly irrelevant when compared to the broader technical goal. That goal is to force all messaging systems to re-architect so they include a "bump on the wire" that hosts a scanning mechanism sophisticated enough to recognize novel (unknown) image content. This implicitly requires re-architecting these systems to contain neural-network image classifiers that operate over a model that's kept secret (to the user/client.) Everything else is sort of irrelevant compared to the implications of this new architecture.
The "good news" for now is that the systems deployed in this model won't classify text, only images and URLs. The bad news is that the current draft explicitly allows that question to be reviewed in the future. And of course, once you've re-architected every E2EE system to make image scanning possible, most of the damage to cybersecurity is likely already done; a year or two down the road, text scanning will probably be viewed as a modest and common-sense upgrade. I expect that folks who object to text scanning on cybersecurity grounds will be informed that the risks are already "baked in" to the image-scanning model, and so there's no real harm in adding text scanning.
Leaving aside the privacy issues, this is basically an existential national security risk for Europe. It's amazing to me that they're walking right into it.
It's important to remember that government is not your friend, isn't meant to be, and never has been. It's a machine of control that needs to be held in constant restrain by the population. Obtaining more control is the expected behavior of those who come into power, shown through all of history.
What is progressive about rampant decontextualized chat? I read these anti-control statements by what appear to be tech zombies who know nothing about the tech being promoted. LLMs/ML are based on faulty, Western units that are about defining reality in individualistic, material terms, lacking interdependence and relying on arbitrariness to destroy that chance for shared experiences.
If governments are leery of LLMs for the wrong or right reason and the industry and technology lacks any kind of grasp of what it is and what the inputs are, then BOTH are wrong and the tech needs dismantling.
If the decontextualizing of communication is epidemic, as it appears to be in Chat, then the industry has failed not grasping the first thing about the technology.
I think you're confusing technical encryption with the privacy of encryption.
For example, let's say I implemented a CSAM-scanning AI model in my chat app, which runs locally against your message, before communicating the message over an encrypted HTTPS channel. If the message is flagged, it can be sent over an encrypted HTTPS channel to authorities, on a secondary separate connection. At no point, did it leave the device, in unencrypted form.
Is that message encrypted? Yes.
The way that you want? No.
Governments have recognized this distinction, and have figured out they can have their cake and eat it too; the security of encryption with none of the privacy.
>If the message is flagged, it can be sent over an encrypted HTTPS channel to authorities
okay, but how do you prevent me from intercepting that communication.
Or even running my own copy of the local model and determing ahead of time whether it will trip the alarm. If the attacker has access to the model, they can effectively make a GAN to modify images to get past the filter.
> In cryptography, encryption (more specifically, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode.
From Wikipedia. They can’t have their cake. You are breaking the concept of information into smaller steps (e.g. message) when that is against the definition.
Another example of such degenerate-encryption would be having messages "end-to-end" encrypted, but a copy of the key is kept by a service-provider or even sent in advance to a government agency.
People usually mean "end to end encryption" in these situations, and by adding a third "end" to the system, you bypass the whole point of end to end encryption.
all of this is basically irrelevant, given that the type of ppl who this legislation claims to target can always just resort to email + pgp or some such, over which governments don't really have any meaningful control...
My guess has been an unholy alliance between 'IP holders' like Hollywood (and increasingly games), and the surveillance industrial complex.
Add in the fact that both China and the US already have practically near omniscient digital oversight of everything their citizens do through server and OS level backdoors, the uninformed politicians in the EU/UK are easier to tempt by lobby groups crying in the name of the children.
No, this is not corporate lobbying responsible. Stop giving your beloved politicians an out and acknowledge they do not have your best interests at heart, only a thirst for power.
The buck stops with the politicians signing this into law.
> The goal they are trying to achieve is good, but the execution is just stupid and will make everyone, including and maybe especially the people they want to protect, less safe online.
If so, the best way to stop that is to sugest a good way to achieve the good goal.
It is perfectly possible to encrypt a message such that two different keys can decrypt it. There is nothing in modern encryption that makes that impossible. See https://faculty.cc.gatech.edu/~aboldyre/papers/bbks.pdf and many others.
So your chat app encrypts your message with the recipient's public key and the state's public key.
Hey presto, you have a message which cannot be read by someone who casually intercepts it. If the state seizes your message - or records it for later analysis - they do not need to break encryption. There's no plain-text version laying around for anyone to sniff.
Is this a good idea? No. Even ignoring the civil liberties aspect, we know that key management is extremely difficult. A leak of the state's private key(s) could be devastating.
But let's not pretend that this is somehow technologically impossible.
>>> A leak of the state's private key(s) could be devastating.
Preventing this leak is what's technologically impossible. A leak includes when the government that's keeping the keys decides to start abusing their access to the data.
When people say it is impossible, they clearly mean it is impossible to do in a way that isn’t entirely broken by losing one key. You know this and please don’t pretend that you don’t. When competent cryptographers say the word impossible it has a very clear definition.
> It is perfectly possible to encrypt a message such that two different keys can decrypt it. There is nothing in modern encryption that makes that impossible.
Not really, any more than it's possible to write a message that says the same thing whether you read it in English or Swahili. You might be able to do it once as a novelty, but the approach won't generalize.
There are multiple-recipient schemes, but they don't rely on using two different keys to decrypt the same message. Instead, you encrypt the message (once) using a (single) symmetric key, and you prepend a bunch of different messages saying "the symmetric key is xxxxxxxxxxx", one for each intended recipient. Those are encrypted with keys specific to each recipient, and each recipient has to attempt to decrypt them all and select the one that decrypted successfully.
The paper you link appears to be discussing an entirely different problem: its definition of a "multi-recipient encryption scheme" does not contemplate sending the same message to several different recipients:
> There are n receivers, numbered 1, ..., n. Each receiver i has generated for itself a secret decryption key sk_i and corresponding public encryption key pk_i. The sender now applies a multi-recipient encryption algorithm to pk_1, ..., pk_n and messages M_1, ..., M_n to obtain ciphertexts C_1, ..., C_n.
> Each receiver i can apply to sk_i and C_i a decryption algorithm that recovers M_i.
> We refer to the primitive enabling this type of encryption as a multi-recipient encryption scheme (MRES).
Note that there is no requirement for anyone other than recipient i to be able to understand message M_i. As described, all encryption schemes are multi-recipient encryption schemes, because you can just consider each message M_k individually and encrypt it to recipient k using a single-recipient scheme.
Chat control opens an additional data channel where messages are sent through, if the detection algorithm finds something suspicious. It effectively makes encryption useless, because someone else, who shouldn't be part of your conversation, is also able to read your messages.
Partially it is new corrupted people getting bought in positions of power. There is interest behind this stuff that we have not eradicated. As long as that is allowed to continue, we have to take down one puppet after another. A new puppet is already waiting for their chance to make buck campaigning for the same shit again. After some years in office they don't care what happens to society afterwards. They only care they got their fat paychecks and post politician positions in management layers of big corp.
And we elect their parties and these people over and over again, instead of making them utterly fail the next election. Too many of us do not see through these thinly veiled attempts and too many of us are too comfortable to vote them out.
> they still managed to not listen to anyone who knows anything about encryption and online safety
Why do you assume something like that? Do you actually know the arguments that the parties in favor of this kind of regulation are presenting? And can you dismiss them based on objective facts?
> The goal they are trying to achieve is good
That is what should be, in my opinion, the basis of this discussion. Assume good intentions and try to work out with the parties involved to achieve the goal in a reasonable way. This is the way, I believe.
Hand-wavingly dismissing other party's arguments would be in my opinion disingenuous.
>>Why do you assume something like that? Do you actually know the arguments that the parties in favor of this kind of regulation are presenting? And can you dismiss them based on objective facts?
The moment anyone brings up the whole "just put a backdoor in that only we can access" despite years of people who actually know better saying that's not possible, is the moment when any further arguments become moot and not worth any further engagement or assumptions of good intention.
That's the single argument all these stupid "chat control" like proposals are based on.
I'm not assuming anything, I work in software development. In this industry we spend ungodly amounts of time and resources to attempt to keep data safe, and create systems like the ones proposed to flag and handle malicious activity of many kinds. I think I know quite well how hard it is, and how easy it is to get it wrong, with potentially very real consequences.
The only things being handwavingly dismissed are the collateral damage, side effects, very real risks, and concerns about the effectiveness of the proposed solutions.
EU gets infiltrated by corporate interest just like every single country's government does. It's a constant fight against lobbyism and financial interests opposing the citizens' rights. I wish it wasn't so, but greed knows no bounds.
Readit News
I swear those Thursday bilderberg meetings are a thing.
Another is Europol, a security coordination body that can't legislate but frequently advocates for this kind of legislation.
And then there's LEWP, The law enforcement working party, a "working group" comprised of security officials from member EU states, also involved in EU policy making in some capacity.
Perhaps targeted reform of these bodies is in order so they don't keep producing this legislation over and over. The blocking minority shouldn't just oppose the legislation itself, but make sure that their representation at those bodies is stopping those recommendations from moving forward. The legislating infrastructure needs to be challenged as much as any particular bill.
It doesn't have to be in secret, they can and do plan and coordinate these efforts in the open. When we hear about it, it was already planned for many years.
What are the odds
The Google change means that every APK has to be signed and linked to a developer with a verified identity.
Unless Google might not be willing to approve this alternative version of Signal, but is there any indication of that? The Signal clients are open source with a permissive license so there's nothing unauthorized about building and distributing a modified version yourself.
The Signal CEO aid that they would pull out entirely from the EU if Chat Control comes to pass.
> Unless Google might not be willing to approve this alternative version of Signal, but is there any indication of that?
In this scenario, Signal will still be allowed to be distributed outside of the EU so you could get it from the Play store hosted out of the EU.
They have no obligation to sign anything, and they aren’t in the business of fighting city hall. Quite the opposite.
They only break the law when it earns them bundles of money.
Android as it is fails as an operating system and the same idiots ruining perfectly good software in other companies now work for Google. Not that iOS is in any way better, it has the exact same and even more deficiencies.
Just don't "upgrade" and ignore all the propaganda telling you bad things about that. Keep building apps that work on older, less-hostile devices and spread the word to oppose this very deliberate planned obsolescence.
Also easily remotely ownable, so you can be spied on without even having to install any software at all. And any that aren't now will be a couple of years after they fall out of support. Which, by the way, is very hard for the community to step in and do, since they're full of undocumented proprietary binary blobs.
> Just don't "upgrade" and ignore all the propaganda telling you bad things about that.
... and when your fully owned device finally breaks completely?
Move now to alternatives. If you must use Android, GrapheneOS with Sandboxed Play Services.
the reasonable alternative being... ?
If you expect hostile action by Google you should also expect the rootkit that is google play services to also do that. Which means in both cases the solution would be to use a actual open source mobile OS based on AOSP.
But there are a few people asking who is pushing for this legislation so hard. That's mostly police forces who are pointing out that they're unable to track the activities of criminal organisations. For example, in the UK sophisticated gangs steal cars and phones and ship them around the world where they're resold. They locate a buyer anywhere in the world who requests a specific car, find that car, steal it and have it in a shipping container within 24 hours. It's impossible to know who's done it, or track any of the communications involved.
In previous eras it wasn't possible to create international criminal organisations of this level of sophistication because it was harder to communicate securely. Now it's possible and we all pay the price of increased criminal activity. Everyone's insurance premiums go up, making everyone poorer. UK car insurance premiums are up 82% between 2021 and 2024 and insurance providers are still making a loss.
Just to drive this point home - watch/rewatch The Wire (2002-08), except make it impossible to tap the communications of the drug gangs because they're all using encrypted messengers with disappearing messages. Immediately the people running the organisation become untouchable. The police likely can't even figure out who the lieutenants are, let alone the kingpin. At best you can arrest a few street level dealers and that hardly disrupts the criminals at all.
On HN everyone is going to say "everyone has a right to private communication, even criminal empires". And sure, I'm not going to disagree. I'm merely pointing out that private communication allows criminal networks to be much larger, more effective and harder to disrupt. And all of society pays the price when we're victimised by criminals.
Edit: I'm not saying breaking encryption is a good thing or that it will work, I'm only pointing out why police forces want access to communication records. They're unable to do their jobs and are being blamed for the rise in crime. To prove that you've actually read my comment till the end, please mention banana in your comment.
In summary, without stupid jokes about German politics, the actual stated goal is unachievable but the real world consequences in a Europe that is sprinting to the far right are incredibly dangerous.
Alternative für Deutschland (AfD), the far right party, is against Chat Control.
https://fightchatcontrol.eu/#delegates
Another example is the recent nepal protests.
More abstractly I think that a multi-cultural or multi-ethnic society at scale is not able to handle anonymous and private communication without collapsing. If we dont go in the direction of benevolent censorship like China and Singapore I think the west is going to see some dark times.
Not some kind of fancy sci-fi grain-of-sand sized microchips that are completely impossible to track. Not even drugs! Cars! Those huge metal objects that weigh over a metric ton each! Those cars!
If the police can't stop criminals from shipping CARS out of an ISLAND COUNTRY, the issue isn't that they don't have a way to breach privacy of every citizen. The issue is that they should be all fired and never allowed to do any government work ever again.
Where is this confidence that you can do their job coming from?
The next step will surely be to make use of communication programs that law enforcement cannot read illegal, right? The police find some person who has committed a crime, caught in the ways that criminals are usually caught, such as with forensics, or simply with the guns and drugs in the boot of their car. Then they can see what forms of communication this person was using, and who was using it with them. At that point, it doesn't matter what those other people were doing: The use of banned encryption technology is the crime. You can roll them up for that, or use evidence of this crime to justify further intrusion into their meatspace lives. And so it goes, on up the chain of a criminal organization. Theoretically, at least.
I don't like this, I don't support this, but as has been said elsewhere in this thread: Let's not pretend this is some insurmountable problem for a government who has already shown an appetite for surveillance.
You can't make laws that govern how criminals behave. All chat control will really accomplish is maybe a momentary string of arrests(which is meaningless in the long term; there's always someone to take over), and longer term, worse privacy and security for everyone except the criminals.
Yes, criminal gangs are bad.
And, for me, and probably many others here too, enabling governments to look at private encrypted messages of everyone is way worse.
Let’s find other ways to prevent these gangs from stealing cars.
Could you watch The Wire and point out exactly what you'd do differently. I'm picking this example, because the whole point of the show is that they're unable to do anything without a wiretap when faced with a sophisticated criminal gang.
Are you telling me that you genuinely believe that they won't be able to download an open source, actually end-to-end encrypted app?
The stupid ones already use Telegram, which is not E2EE. There is no need to change anything for them. Those who are smart enough to choose a secure messenging app today will still be able to do it, even if that app is made illegal.
>To prove that you've actually read my comment till the end, please mention banana in your comment.
no
I understand your point, but I fail to see how this law will change that.
In fact, freedom to break the law, revolt and even kill people is necessary for a functioning democracy. The fourth box of freedom is the final check and balance. If enough people (over half the population) determine that the government is corrupt, they need to be able to overthrow it.
And that required and armed population and the ability to organize. Yes, this also helps criminals. Yes, sometimes innocent people will die because the wrong people also have access to guns. That's all the more reason to be able to fight back, both against bad people and against the government.
History repeats itself (with minor variations). People don't value their freedoms, let them be eroded by those who are attracted to power for power's sake, they get abused, and finally either they get fed up and start a revolution or the state functions so poorly it gets invaded.
We're at the stage where freedoms are getting eroded more and more noticeably. I would very much prefer to break the cycle before it comes to rifles and drones.
People who break the law for money have existed forever and forever will. You don't need encrypted messages to smuggle drugs across borders.
The real problem is that we've given up on going after the low-level guys, whether they're stealing cars or selling drugs or pickpocketing the tourists. If we catch them at all, we just release them.
Dead Comment
This is a really hard problem. If there's an easy solution in mind, feel free to suggest it.
I think these laws are simply to catch everyday people chatting about illegal stuff on a phone without any preparation.
Do you have a source? Not doubting you. More curious for their arguments.
The following is supposed to happen in undetectable manner: - stolen car drives from A to B (on roads that can be policed), - at location B let’s assume it’s chopped (finite locations/people that can chop cars) - a container is loaded with heavy, metal car parts, undetected by metal detectors (weight scan, x-ray, visual inspection) - container paperwork is signed by someone (literal government ID is presented here) - customs officers are approving the outbound container that weighs over a metric tonne
You don’t think there is immense amount of incompetency or corruption here?
And what happened to police posing as a buyer, undercover cops, physical surveillance?
We recently shipped our furniture to US, and customs x-rayed it and charged us.
These are literally non-issues.
If that is really such a big problem, then why don't the politicians say so instead of saying that this law is for protection children?
For what it's worth, they're not making up the CSAM thing. It has never been easier to disseminate/acquire CSAM in a way that you're never caught. That wasn't really possible before, which means there's a larger market for the production of such material.
I didn't bring up CSAM here because HN is militantly against think-of-the-children arguments.
You can get it up and running in one week on a cheap server.
- Criminals will still use encryption even if its against the law, given they are criminals
- Denmark is one of the safest countries on earth and every year crime has been declining for decades. Even your property theft example is a declining occurrence in Denmark: https://www.statista.com/statistics/1178977/number-of-report...
Given property theft is down and encryption has been available for the entire time period of that chart -- do you have any actual steelman for why Denmark would need this, absent a thirst for power/control, especially now?
So instead of breaking the privacy of everyone, this should only impact the manufacturers.
Just my 0.02
The vast majority of crime is very dumb. Like the three guys who broke into my garage and tried to take my bicycle. The police however is not interested in that: not interested in CCTV recordings, not interested the license plate of the van they were driving.
If the police isn't doing even the simplest things, there's no way in hell they would bother decrypting their whatsapp messages. That's reserved for people targeted by the government, not to fight street crime.
This does not happen almost anywhere else - car theft. This is UK issue with local law enforcement / insurance companies.
Phones - just fix your streets, elect politicians that are tough on crime. Simple.
If police forces wanted to do a better job here, they would.
Don't presume stopping this sort of crime is the purpose, that theory doesn't hold water.
Whether its car thieves or drug dealers, these exist in the West today by explicit choice, not because it is impossible to stop.
The previous Prime Minister suffered a bout of unemployment because he was unable to get a handle on the cost of living crisis. Would have been great if he could have gotten car insurance premium downs before the election. Ditto with the current Prime Minister.
we all pay the price, yes, but we also all enjoy the prosperity it brings us.
at best these are arguments for finally making cars harder to steal. (and for people to own fewer of them and just rent them when they need it. and the renter company can then store them in a big fucking lot with security if they want to.)
...
as other commenters pointed it out, the technology is out there.
sure, it might not convince enough voters, we'll see. but it's sure as shit that these networks are not going back to pen and paper.
If you've got nothing to hide, then you shouldn't object to having a sphincter implant to track your every movement. And if you happen to be in an area during a crime, you'll certainly be vindicated, so just a little inconvenience in order to ensure that no car will ever be stolen again.
And just think how environmentally friendly that'll be. Maybe people will stop having so many babies to protect their sphincters from being implanted. That'll be super good for the environment.
I'm bit more sympathetic to this type of argument than most of HN. Looking at what happens in The Wire, you need a judge to allow the wiretap, right? It's not just a willy-nilly cops-can-see-anything system, right? Though it has happened from time to time that since stuff is digital, people have taken a peek when they weren't supposed to. For instance, there was a case over the summer where someone was looking up people in the Danish CPR database, unauthorized.
But I also think this won't be the same as wiretapping. That was based on an old telephone system that was very much tied to the technology of that time. In particular, it wasn't encrypted, being just a straight up analog circuit. The bad guys couldn't do much other than use code words, or security by obscurity.
With digital, anyone can encrypt, and the cost of decryption is super high. I'm not sure what Snowden said about it, but I think it's fair to say that very few messages could be decrypted.
So what will happen? We will all send our decrypted chat messages to the man, and the bad guys will just write their own chat app, which will be encrypted. Nothing illegal will ever happen on the public channels, which from time to time will have some idiot looking at his ex-girlfriend's messages, while the drug lords just write encrypted messages that probably aren't even recognized as chat text.
Is it possible for this to be abused? Almost certainly.
Do I think this is a good idea? No I do not.
Despite me mentioning it 10 times, I can mention it once more. I'd prefer communications to remain private. I'm only pointing out ways it hurts society, and why police would like to return to the status quo ante where they could obtain a warrant to surveil criminals.
The drama of that show was principally derived from the fact that the gangsters never so much as spoke near a telephone. The idea that you're going to force a backdoor into whatsapp and the gangsters are going to throw their hands into the air and turn themselves into the police is frankly idiotic. Criminals already use special apps and hardware to communicate more securely. They will continue regardless of what the law says they can do, because they are criminals. The idea that the rest of us should give up secure communication in order that gangsters can still find ways to communicate securely reaches the level of insulting. The cat is firmly and safely out of the bag on wiretapping gangsters.
Dead Comment
Dead Comment
Who proposes it and drives it and lobbies for it? It doesn't come from nowhere.
The truth is that Scandinavian societies are much more authoritarian and illiberal than they want people to believe.
Doesn’t mean the state should be trusted to a naive degree of course
https://www.theguardian.com/world/2023/nov/30/how-gang-viole...
https://www.cbsnews.com/news/teen-girls-hitwomen-sweden-orga...
https://www.europarl.europa.eu/news/en/agenda/briefing/2025-...
Western democracies have consistently installed and protected totalitarian regimes.
https://balkaninsight.com/2023/09/25/who-benefits-inside-the...
Any shred of rights or privacy has reduces it's ability and/or increases the cost of it doing what it deems worth doing.
The EU ombudsman actually asked the EU Council to comply with a Freedom of Information request about who attended the meetings about this and all we got was a fully redacted PDF with a list of about 30-40 individuals/groups (literally blacked out in the PDF). It's absurd how non-transparently this is bought & paid for.
Following the money requires actually following money. Not imagined money.
Do we have evidence of these companies lobbying for CharControl?
And law enforcement agencies.
For the part that Denmark is playing, I think the answer is somewhat readily found in the current national politics of Denmark. We've just had a pretty prominent politician 7 years ago get convicted of being in possession of CSAM. I think that's very personally offensive to our current prime minister. That has to be viewed along with her personal view of herself as the "children's prime minister", to make it into a double whammy.
We've also been dealing an inability of the police to investigate some crime, and the investigative committee established to figure out what to do about it recommended an ability for police to more readily be able to investigate digital material. I imagine the current policymakers imagine Chat Control to play a part of enabling that at a national level.
I don't disagree with your overall thesis about Danish politics at the moment, but... I think it's interesting that politicians are exempt from these monitoring schemes. So it wouldn't have prevented that guy from doing what he did. IIRC, Law Enforcement is also exempt, and they never get up to any of that, no sirree...
ANY time any legislation comes with exemptions for the people in power (legislature and law enforcement) you know it's time for extreme skepticism.
EDIT: It's just the inanity of it that has me despairing. Lobbyism at its finest (see my other comment).
We had a number of cases in Denmark over the recent years which pushes this agenda:
In addition to the obvious child abuse, there have been a case where video of a high-school girls private sexual activities where spread wildly on asocial media, fake-porn of various public figures and several cases of organized crime using various end-to-end encrypted services.
None of the Danish politicians I have communicated with like the ChatControl proposal very much, but there is nothing else on the table, which isn't much worse in terms of privacy invasion, so their only choice is ChatControl or doing nothing.
My personal opinion:
No human right is absolute, not even the right to life itself.
The demands of upholding the civilized society limit all human rights, and this limitation has always included intrusions of privacy in order to solve crimes.
I far prefer Dan Geer's proposal (See his black-hat keynote):
Companies on the Internet get to choose one of these two business models:
A) Common-carrier. Handles all content as opaque data, makes no decisions about what users see. No responsibility for the legality of the content. (= how telephone companies and postal carriers are regulated)
B) Information provider: 100% responsible for all content, no matter where they got it from. (= how newspapers are regulated)
The current "the algorithm did it" excuse for making illegal material go viral, to maximize profits, is incompatible with a civilized society.
I've asked the politicians whey they do not do that and the answers is "We do not want to piss off USA", in recent months that concern seems to be fading.
Deleted Comment
And of course, it will all be under the guise of safety and harm reduction, but the veil will keep getting thinner and the amount of things covered more comprehensive
First Porn, Now Skin Cream? ‘Age Verification’ Bills Are Out of Control (https://www.eff.org/deeplinks/2025/03/first-porn-now-skin-cr...)
They always say stuff like "violence doesn't belong in politics", "violence is always wrong". But look at the French revolution, they had to cut the dictator's ("king's") head off to stop him from trying to get back into power. Look at the US for for independence, how many redcoats had to get shot before the UK decided it's not longer economical to keep oppressing the colony. Look at the assassination of Reinhard Heydrich, a public execution of a mass murderer.
And for now we're allowed to celebrate those events. Some are even national holidays. But we can not publicly discuss current events in the same manner. Those supporting recent assassinations or attempts usually get banned and many don't even dare voice their support. But there is some line where the fourth box of liberty _should_ come out. And I don't think we have enough freedom of speech currently to discuss where exactly the line lies. (Note to mods, I don't have an opinion on the recent shooting and this message is not related to it. I would have posted the exact same thing even if it didn't happen and have posted similar messages in the past.)
BTW this is funny: Brandon Herrera posted a video reconstructing the headshot by Gary Plauché where it's obvious both him and the commenters support the killing. He also reconstructed the, well, earshot by Thomas Matthew Crooks and denounced it. I wonder if he would support an assassination if it turned out Trump got, say, a massage with a happy ending from an underage girl trafficked by his friend. That would imply being a pedophile is worse than being a fascist[0] in his mind.
[0]: https://acoup.blog/2024/10/25/new-acquisitions-1933-and-the-...
---
Anyway, violence should be used carefully as a last resort but people in power are afraid of it because ultimately, no matter how much power they have, they still need a continuous supply of oxygen to their brain, which can be interrupted in a number of ways and the probability of such an event increases proportionally to the number of people they exploit.
So the endgame is that an anti-democratic government eventually wins an election and uses its new tools to crush dissent and make opposition parties impossible.
Boot stomping on a human face forever.
Deleted Comment
Westerners always pointed fingers at China, North Korea and Russia, but in this case we are seemingly attempting to lap them.
There's already a W3C browser standard in development - The Digital Credentials API. Apple is adding support for "Verify with Wallet on the Web" in iOS/macOS 26. Chrome is currently rolling out Origin Trials.
https://digitalcredentials.dev/
https://www.w3.org/TR/digital-credentials/
https://developer.apple.com/videos/play/wwdc2025/232/
https://developer.chrome.com/blog/digital-credentials-api-or...
On the flip side, there's no anonymity. Welcome to the real Web 3.0 - an internet which has been finally put in a box, for better and worse. An internet which is finally forced to respect national laws, for better and worse. An internet where what you say online, will be treated with no difference than if you had said it in person.
It's 1984. Surveillance in your home so you only speak the government speak. If you criticize the government or the genocides commited by them you're "doing hate speech/wrong think" and you'll receive the cops at your door to be disappeared without recourse
The populace will be told you were evil and no one dares question too much or they will be next.
Or we can tell them to fuck off and stop buying into every little crisis and fake right v left fight they try to sell.
> The privacy considerations for digital credentials are not static. They will evolve over time as the ecosystem matures, and may be informed by the behavior of other actors in the ecosystem, improvements in other layers of the stack, new threats to user privacy, as well as changing societal norms and regulations.
Boil the frog slowly and carefully, and look out for opportune moments that could help to speed up the process.
That's why you need to diversify software ecosystems now.
It was trialed during covid and people absolutely cheered for this type of control.
Now it's only a matter of time unless people accept that it's never acceptable. Not even with "perceived threats". Covid passes and social scores to do activities where absolutely a wet dream for govs and corporations alike. The corporations that benefit from government mandated tools love getting free money and governments love control. They know the tools never spy on them, and that's why everytime they're the ones committing crimes or ignoring their rules it's "a mistake or nothing to see here".
But I wish you were right.
China is every wannabe dictator's digital wet dream.
Maybe we should schedule a day in the future where everyone travels to Strasbourg/Brussels for a demonstration.
https://en.m.wikipedia.org/wiki/Nepalese_revolution
That's kind of the worst case scenario, though, where bad politicians don't get removed from office. We can hope that most people will decide that enough is enough, or politicians will quietly back down when they realize they're dooming their own careers.
Note how Apple is already a bit like that, banning certain torrenting apps even from alternative app stores [0]. I’m just mentioning that as a demonstration of the feasibility of such closed and controlled ecosystems. Now restrict ISP network traffic to packets signed by approved hardware, and there aren’t that many practical loopholes left.
[0] https://news.ycombinator.com/item?id=45098411
I am in a group of high civil servants for digital services in France and strangely no one seems to have heard about the project despite these people drafting most of France's position on numeric policies.
My view is it is probably more about mass control (avoiding a movement like Gilets Jaunes and the like) than anything else.
How is it possible that after years of discussing plans like this, they still managed to not listen to anyone who knows anything about encryption and online safety?
Makes me really worried about the future. There is a lot going on in the world, and somehow they feel the need to focus on making our communications unsafe and basically getting rid of online privacy.
The goal they are trying to achieve is good, but the execution is just stupid and will make everyone, including and maybe especially the people they want to protect, less safe online.
The age verification thing is another example. All it does is send a lot of sensitive traffic over cheap or free VPN's (that might be controlled by foreign states). Great job, great win for safety!
I think it is fair to give the opponent's position (which both you and I believe is in the wrong) a steel-man argument treatment, by assuming the best possible interpretation of their argument (even if they don't imo deserve it, and you don't believe in their stated intent).
The approach makes sense to me, as attacking and debating genuineness of someone's intentions is an endless rabbithole. So if you have an option to decimate their case, all while assuming their stated intent to be truthful and genuine, that's a pretty solid way to actually move the needle on the argument in a desired direction.
Why are they idiots? Because western Europe is not yet authoritarian and thus there is little personal benefit to hasten a slide towards it, there are so many other ways to gain power in a free society. (I wouldn't bet money that Europe will remain free in 25 years.)
There is a secondary problem here -- anything that decreases the information security of European countries hands more power to the US and China (and to a lesser degree other nations with advanced infosec capabilities like Russia and Israel.) If you are European (I'm not) the first thing that should be done is investigate the people pushing this stuff.
People need to understand that some people are abusers by nature and mentality, some from birth, some by upbringing. And they crave power.
The sayings like "those who want power rarely deserve it" exist for a reason, except until the last few decades we didn't have a good enough understanding of psychology to explain why. Now we do. Some people have anti-social traits and they should never be allowed in positions of power because they are mentally ill.
Difference is "normal" mental illness like psychosis is harmful to the individual who has it. Anti-social mental illness is harmful to those around them, especially those under them in hierarchical power structures.
Look at Australia’s “hacking” bill. It was about letting the government hack (take over) your account and post as you. The “hacking” referred to ahat THEY would do — to YOUR accounts:
https://www.accessnow.org/surveillance-state-incoming-with-a...
Australians even made a movie about a dystopian future:
https://www.youtube.com/watch?v=vJYaXy5mmA8
I agree with you though, they know what they are doing and about some implications at least.
I hope most services will just block Denmark though. Any investment in such technologies is a waste and should come to a great cost to developers. In this case Google products in general should be shunned. Not that they were famous for steady support of products instead of quickly killing them.
Is there any evidence for this other than vibes?
I don't understand where this desire to be led comes from. Other people do not have your best interest in mind. I want others to get out of my way, unless we have a conflict of interest and then we _might_ need a third party to resolve it. But I certainly don't need or want to be led.
Science is not one way of thinking, it's a methodology, it's seeking truth. There might be bad actors and idiots, there is likely lots wrong, but the beautiful thing about science is that facts matter. If someone publishes bullshit you can repeat the study and proof them wrong.
That science is (wrongfully) taken as justification for stupid things, is not on "the science" as a whole.
If anything makes me hopeful, it is science and the remarkable developments happening.
wait until they start all using "AI", that'll agree with everything they say
When was the last time you heard someone praise someone else's competency?
Deleted Comment
We shouldn't have shrugged off the weird feeling of shackles on our wrist when iOS(iPhoneOS) was first released. We should not have relied on geohot stopping by and dropping a jailbreak he found. We should have voted to force it open by law.
The "good news" for now is that the systems deployed in this model won't classify text, only images and URLs. The bad news is that the current draft explicitly allows that question to be reviewed in the future. And of course, once you've re-architected every E2EE system to make image scanning possible, most of the damage to cybersecurity is likely already done; a year or two down the road, text scanning will probably be viewed as a modest and common-sense upgrade. I expect that folks who object to text scanning on cybersecurity grounds will be informed that the risks are already "baked in" to the image-scanning model, and so there's no real harm in adding text scanning.
Leaving aside the privacy issues, this is basically an existential national security risk for Europe. It's amazing to me that they're walking right into it.
They only need to succeed with it once, so they'll keep trying again and again.
That's exactly why it's very important to raise awareness about it everywhere.
It's important to remember that government is not your friend, isn't meant to be, and never has been. It's a machine of control that needs to be held in constant restrain by the population. Obtaining more control is the expected behavior of those who come into power, shown through all of history.
If governments are leery of LLMs for the wrong or right reason and the industry and technology lacks any kind of grasp of what it is and what the inputs are, then BOTH are wrong and the tech needs dismantling.
If the decontextualizing of communication is epidemic, as it appears to be in Chat, then the industry has failed not grasping the first thing about the technology.
For example, let's say I implemented a CSAM-scanning AI model in my chat app, which runs locally against your message, before communicating the message over an encrypted HTTPS channel. If the message is flagged, it can be sent over an encrypted HTTPS channel to authorities, on a secondary separate connection. At no point, did it leave the device, in unencrypted form.
Is that message encrypted? Yes.
The way that you want? No.
Governments have recognized this distinction, and have figured out they can have their cake and eat it too; the security of encryption with none of the privacy.
okay, but how do you prevent me from intercepting that communication.
Or even running my own copy of the local model and determing ahead of time whether it will trip the alarm. If the attacker has access to the model, they can effectively make a GAN to modify images to get past the filter.
From Wikipedia. They can’t have their cake. You are breaking the concept of information into smaller steps (e.g. message) when that is against the definition.
Add in the fact that both China and the US already have practically near omniscient digital oversight of everything their citizens do through server and OS level backdoors, the uninformed politicians in the EU/UK are easier to tempt by lobby groups crying in the name of the children.
The buck stops with the politicians signing this into law.
If so, the best way to stop that is to sugest a good way to achieve the good goal.
How would solve these good goals?
Deleted Comment
So your chat app encrypts your message with the recipient's public key and the state's public key.
Hey presto, you have a message which cannot be read by someone who casually intercepts it. If the state seizes your message - or records it for later analysis - they do not need to break encryption. There's no plain-text version laying around for anyone to sniff.
Is this a good idea? No. Even ignoring the civil liberties aspect, we know that key management is extremely difficult. A leak of the state's private key(s) could be devastating.
But let's not pretend that this is somehow technologically impossible.
Preventing this leak is what's technologically impossible. A leak includes when the government that's keeping the keys decides to start abusing their access to the data.
Not really, any more than it's possible to write a message that says the same thing whether you read it in English or Swahili. You might be able to do it once as a novelty, but the approach won't generalize.
There are multiple-recipient schemes, but they don't rely on using two different keys to decrypt the same message. Instead, you encrypt the message (once) using a (single) symmetric key, and you prepend a bunch of different messages saying "the symmetric key is xxxxxxxxxxx", one for each intended recipient. Those are encrypted with keys specific to each recipient, and each recipient has to attempt to decrypt them all and select the one that decrypted successfully.
The paper you link appears to be discussing an entirely different problem: its definition of a "multi-recipient encryption scheme" does not contemplate sending the same message to several different recipients:
> There are n receivers, numbered 1, ..., n. Each receiver i has generated for itself a secret decryption key sk_i and corresponding public encryption key pk_i. The sender now applies a multi-recipient encryption algorithm to pk_1, ..., pk_n and messages M_1, ..., M_n to obtain ciphertexts C_1, ..., C_n.
> Each receiver i can apply to sk_i and C_i a decryption algorithm that recovers M_i.
> We refer to the primitive enabling this type of encryption as a multi-recipient encryption scheme (MRES).
Note that there is no requirement for anyone other than recipient i to be able to understand message M_i. As described, all encryption schemes are multi-recipient encryption schemes, because you can just consider each message M_k individually and encrypt it to recipient k using a single-recipient scheme.
The data might get leaked, but not to relevant authorities.
And we elect their parties and these people over and over again, instead of making them utterly fail the next election. Too many of us do not see through these thinly veiled attempts and too many of us are too comfortable to vote them out.
You are the people who make this kind of repeated attack on freedom possible.
Fixed that for you.
I suspect the primary reason that people in this position fail to understand anything about encryption is that it is their job to do so.
Why do you assume something like that? Do you actually know the arguments that the parties in favor of this kind of regulation are presenting? And can you dismiss them based on objective facts?
> The goal they are trying to achieve is good
That is what should be, in my opinion, the basis of this discussion. Assume good intentions and try to work out with the parties involved to achieve the goal in a reasonable way. This is the way, I believe.
Hand-wavingly dismissing other party's arguments would be in my opinion disingenuous.
The moment anyone brings up the whole "just put a backdoor in that only we can access" despite years of people who actually know better saying that's not possible, is the moment when any further arguments become moot and not worth any further engagement or assumptions of good intention.
That's the single argument all these stupid "chat control" like proposals are based on.
The only things being handwavingly dismissed are the collateral damage, side effects, very real risks, and concerns about the effectiveness of the proposed solutions.
This is very easy to answer. Just look up what all the responses were, for all the times this kind of stuff was proposed.