Comment by npodbielski
7 hours ago
Signal is centralized. So this company operating in EU, under EU laws, will have to do the scanning too. How they implement it however and when and if at all remains to be seen. All maybe they will not and EU will block signal. Maybe they will allow you install apk and Google will block installing from apks directly, basically forcing companies to do the scanning.
And if everybody will do the scanning, maybe they will be sending all of this data to the giant EU server then that will look for 'problematic citizens' like in minority report.
Who knows, but it seems like running your own private chat for your own and your family and friends will be the only way to have some privacy in a few years.
Simplex Chat looks like a decent alternative. It also has the benefit of not needing a phone number or email address.
They have the same jurisdiction problem as Signal. So does Delta Chat, Matrix which were mentioned in another response here.
From a practical side, if the client and server are open source then the project is survivable even if the supporting organization is wiped out. For now users don't demand it nor do they understand it. At minimum, the clients must be open source and buildable, all encryption must happen on the user's device and there should be some control over the end server connections. It is also critical that there are near foolproof workarounds for tunneling the traffic in severely locked down countries like China. This is one of the big problems with requiring a phone number, for example. If users in China can't use a communications tool then it's bullshit.
Some projects like Delta Chat are criticized for one reason while the critics take at face value unverifiable claims from other projects. Delta Chat checks a lot of boxes along with user control and deployment of servers.
SimpleX is a good concept but I'm not sure how it can scale -- which is a detail that shouldn't be ignored. How Signal expects to continue with no visible revenue source is another good question.
XMPP should not be written off either. If I had to bet on a protocol having users a decade from now, that's the one. AI coding agents are going to rapidly iterate on improving the front end stuff. With all of the privacy busting age verification coming from the US, I'd be willing to bet the replacement for Discord will be something XMPP based.
On one side the EU funded open source projects to try to break away from the US tech giants, while passing laws to kneecap their own tiny open source alternatives (Cyber Resilience Act etc.) If the US & the EU wants to exist in the next century they need to be going the opposite direction. It was bad enough that western tech companies built China's great firewall and assisted authoritarian regimes elsewhere.
Most end users don't understand that keeping communications secure is not a given, it is really expensive and difficult. Adding wacky, difficult, very expensive or impossible to follow requirements is the fingerprint of EU bureaucracy and not just unwelcome but very dangerous.
For the EU Elon haters -- with the growth of Starlink, Elon Musk or whoever controls SpaceX is going to have a deep view of global internet communications in the years ahead. That will include an ability to block, filter, and allow things either they or those who control Starlink choose. Any regulation which weakens or cripples the security of internet communications is ceding power to that entity, whoever it may be.
> Signal is centralized. So this company operating in EU, under EU laws, will have to do the scanning too.
The Signal CEO has repeated that they will rather leave the EU than start doing the scanning.
We will see...
Yeah, I agree. We will see what happens.
Words are just words as far as I know but the prospect of leaving the EU for Signal would really send a strong message to all those who still believe that the EU is better in terms of privacy than the US.
As far as I am concerned this is the nail in the coffin for the EU privacy advocates/ evangelists.