← Back to context

Comment by kebman

2 days ago

Is this a good time to plug the creation of chat protocols running over distributed hash tables (DHT) (essentially a decentralized way of creating mini message servers) and with forward security and end-to-end encryption? I made a POF in Rust but I don't have time to dev this right now. (Unless angel investors to help me shift priorities lol...)

44 comments

kebman

Reply
IlikeKitties  2 days ago

Here's whats coming: Devices will be locked down by remote attestation and hardware secure models by the vendors like google, apple and microsoft. Only registered devs will be allowed to make software for those devices. They simply won't run unless the software is backed by a google/Apple/MS signed certificate. They'll make chat software that doesn't run chat control illegal. If you make it, you'll lose your signing certificate and no one will be able to run it. Sure there will be nerds running modified devices with no check but it's about compliance for > 99% of the people. No one you care for will use that software because they won't be able to run any banking software, other chat software, social media apps etc. on their phone if they jailbreak it.

  • spwa4  2 days ago

    ... which then enables Apple/MS/Google to either forbid real encryption, or allow for silently replacing the app on your phone with one that breaks your encryption.

_aavaa_  2 days ago

It’s not. This is a political problem, not a technical one.

  • kebman  2 days ago

    I beg to differ. As long as we have gentlemen like Pavel Durov getting arrested at French airports, it's definitively at technical question. A decentralized and distributed chat protocol with distributed devs and owners would make it impossible to arrest any one individual, and it would make it exceedingly hard to censor such a platform. But you are perhaps a fed? xD

    • whatevaa  2 days ago

      Investigate steganography. Otherwise they will just make using particular applications servicws illegal and selectively enforce it. That's why this problem is not technical

      If you need a specialized vacuum to collect shit from the floor, how about... not shitting on the floor in the first place.

      1 reply →

  • cherryteastain  2 days ago

    People keep repeating this defeatist drivel but it's just not true. It's still up in the air whether you can defeat a law using technical measures, but it is a thoroughly settled matter that you cannot legislate away mathematics.

    We saw how laws completely failed to make encryption illegal in the 90s as open source encryption code spread rapidly on the internet. "Exporting" encryption software was illegal in many countries like USA and France but it became impossible to enforce those laws. A technical measure defeated the law.

    Encryption is just maths. It is the law being unreasonable here, and it will be the law which will ultimately have to concede defeat. UK is the perfect example here - Online Safety Act's anti-E2EE clauses have been basically declared by Ofcom to be impossible to implement and they are not even trying anymore.

    • dns_snek  2 days ago

      "I can still use GPG" isn't a win condition you seem to think it is. Authoritarian governments will be perfectly happy to let you continue using GPG as long as the remaining 99% of society continues using monitored/censored communication apps.

      5 replies →

    • flir  2 days ago

      No disrespect intended, but "it's still technically possible" doesn't matter. We, as enigneers, tend to think in absolutes (after all, something either works or it doesn't). Politicians are perfectly happy with a law that is only 80% effective - they would argue that sometimes people break laws against murder, but that doesn't mean laws against murder should be thrown on the scrapheap.

      Most people obey the law most of the time. Doing a technical end-run around the law (a) leaves you with very few people to talk to (b) makes you stick out like a sore thumb, at which point you're vulnerable to the $5 wrench.

      1 reply →

    • _aavaa_  2 days ago

      > People keep repeating this defeatist drivel but it's just not true.

      It is not defeatist drivel to argue for political action rather than trying to hit everything with a technological hammer.

      > We saw how laws completely failed to make encryption illegal

      In the USA free speech rights defeated that law.

      > Encryption is just maths.

      But nothing in those maths guarantee you the ability to use them legally.

      4 replies →

    • theptip  2 days ago

      > it is a thoroughly settled matter that you cannot legislate away mathematics.

      I don’t think this protects us. I view the “encryption is maths” position as referring to backdoor keys.

      But this time they figured out client-side mandated spyware is a viable way of breaking e2e without contradicting mathematics.

      I hate to get dystopian but we can all see where this is going; “Trusted Hardware” is mandated to run your Government ID app and Untrusted Hardware is illegal because it’s only for criminals and terrorists. Your Trusted Device performs client-side content scanning, it’s illegal to install an untrusted app, and all app developers are criminally liable to monitor for Harmful Content on their services.

      This is what we are fighting against. They keep trying and they are getting closer to succeeding. And none of this is incompatible with mathematics; it’s a pure rubber-hose attack on the populace.

  • const_cast  2 days ago

    Its both, ultimately politics is not all-knowing and you can't stamp out all technical solutions.

    Like, breaking encryption is just not possible if the encryption is set using a proper algorithm. Governments try, and they try to pass laws, but it's literally impossible. No amount of political will can change that. Ultimately I can write an encryption algorithm or use GPG or something and nobody on Earth, no matter how motivated or how rich, can read what I encrypted, provided I do not let out the key. If I just keep the password in my head, it's impossible.

    So, until we invent technology to extract secrets from a human brain, you cannot universally break encryption. Its just not possible. Doesn't matter if 7 billion people worldwide vote for that. Doesn't matter if Elon Musk wants it. Doesn't matter if the FBI, CIA, and the NSA all work together.

    • dns_snek  2 days ago

      It's not a technical problem. Chat Control wasn't about breaking encryption, it would bypass encryption with client-side scanning. It targets the apathetic 99% of the population who won't have the energy or knowledge to do anything about it.

      It's also not a technical problem because technical solutions (like GPG) already exist. The problem is political (stopping these authoritarian laws) or should that fail, social (convincing people to inconvenience themselves with alternative communication apps that aren't available on app stores)

      15 replies →

ori_b  2 days ago

No, it's a good time to start lobbying for positive privacy legislation.

  • raxxorraxor  2 days ago

    Absolutely true that we need sensible legislation not based in diffuse fears that endagers data security everywhere.

    That said, I think doing both is sensible. Always good to have a fallback and feasibility of such surveillance attempts is part of the political discussion. Fait accompli through pervasive encryption, which some politicians might read as perverse encryption.

    That said, chat control isn't the only problem. Removing anonymity through age or general ID checks is the other.

woah  2 days ago

If they put a chip in every phone that grabs messages out of memory on their way to be rendered in the UI, it doesn't matter how fancy your backend encryption technology is