Comment by miohtama
2 days ago
The trick is that because they could not pass the proposal that enforces message scanning, now this proposal defines "high risk activities" and in the case of high risk activity, the national authorities can force someone to comply (i.e. start to scan messages, block, stop activity).
Here is the actual text: https://data.consilium.europa.eu/doc/document/ST-15318-2025-...
High risk classification is at the end of the text.
Some highlights of what is defined as high risk, and thus can be forced to go through mandatory scanning or forbidden:
- Encrypted messaging follows closely due to privacy concerns and the potential for misuse. Posting and sharing of multimedia content are also high-risk activities, as they can easily disseminate harmful material.
- The platform lacks functionalities to prevent users from saving harmful content (by making recordings, screenshots etc.) for the purpose of the dissemination thereof (such as for example not allowing recording and screenshotting content shared by minors)
- Possibility to use peer-to-peer downloading (allows direct sharing of content without using centralised servers)
- The platforms’ storage functionalities and/or the legal framework of the country of storage do not allow sharing information with law enforcement authorities.
- The platform lacks functionalities to limit the number of downloads per user to reduce the dissemination of harmful content.
- Making design choices such as ensuring that E2EE is opt-in by default, rather than opt-out would require people to choose E2EE should they wish to use it, therefore allowing certain detection technologies to work for communication between users that have not opted in to E2EE
Also, a lot of these points do not sound like they are about the safety of children
- Platforms lack a premoderation system, allowing potentially harmful content to be posted without oversight or moderation
- Frequent use of anonymous accounts
- Frequent Pseudonymous behavior
- Frequent creation of temporary accounts:
- Lack of identity verification tools
Based on the light of the proposal, Hacker News is very dangerous place and need to have its identity verification and CSAM policies fixed, or face the upcoming fines in the EU.
> - Making design choices such as ensuring that E2EE is opt-in by default, rather than opt-out would require people to choose E2EE should they wish to use it, therefore allowing certain detection technologies to work for communication between users that have not opted in to E2EE
So you make it so that when the user starts the application you ask them "Your current configuration allows government, and probably some hackers as well, to see your messages. Do you want to enable encryption? Your government's suggestion is that you should say 'No' here. That's also what the foreign intelligence agencies suggest" "Yes, enable encryption" "No". That's clearly opt-in, you even provide the government's recommendation. And of course you then ask that whenever they open the application if they selected "No", we have learned that it's completely fine to keep asking same question from the user.
Oh, and make sure that the other party is clearly aware that the other side has not enabled encryption.