Comment by moniosi
2 days ago
The common fallacy people have regarding chat control (and should be clarified) is that it's not like internet is made of a few select providers, anyone can open an encrypted tcp connection from an ip to another, and the global traffic is too massive to be scrutinized, also the most widely available apps already comply to the single police request to access conversations from suspects. This means that this will create further privacy for criminals such as pedophiles and mass espionage for the common man. It's also curious to notice that at every proposal stage, politicians are always conveniently exempt from the regulation, which is hilarious coming after the Files.
Yeah but messaging apps are really only useful if there are lots of people on them to message.
So in the real world a relatively small number of providers, WhatsApp, Signal etc, are in a position where all your friends are going to be on them. And those are the ones likely to be named and told they need to implement image scanning/review.
> So in the real world a relatively small number of providers.
Why do we even need providers? Locally store the convos on each device and there's not a need for the server.
No normal user wants that. You would still need some infrastructure to link users with IPs, and if you lose your device, all your chats are gone.
Messaging protocols are useful even if everyone is not on the same app. In the past I was chatting with my google using friend via some third party jabber server where I had an account. It was useful and didn't require us to be "in the same app". We both were using both different apps and different server providers.
> In the past
Exactly. That time is mostly over.
3 replies →
But actual protocols are so last century. You might have to think ahead for fifteen minutes because the design has to be staaaa-a-ble. It's haa-a-ard! And you can't sell out to somebody who'll change it and have an exit event.
> it's not like internet is made of a few select providers
In practice it is. Almost all messaging happens on a few apps.
> also the most widely available apps already comply to the single police request to access conversations from suspects
That is not true: Signal is widely available and doesn't do that. WhatsApp probably doesn't do it either.
Don't get me wrong: I am against ChatControl as well. I believe that security comes at the cost of freedom, and it is a choice to be made on a case-per-case basis. Removing E2EE for everybody is not worth it, because criminals will always be able to use encryption one way or another. The problem is that politicians don't seem to understand it.
They do understand it but what they want is not just criminals' data but all of us.
They want to pick the easy fruit. The dumb criminals that would do that sort of thing over whatsapp.
8 replies →
WhatsApp already does it for unencrypted messages for about half of the EU under the purview of the rules of lawful interception obligations for NI-ICS, as well as Norway, Switzerland and the UK.
When they want to read encrypted messages they seize the phone and use Cellebrite or similar 3rd Party tooling to gain physical user-level access. No need for cert-pinning or esoteric MITM attacks.
N.B. China does not allow WeChat to have e2e encryption.
> When they want to read encrypted messages they seize the phone
That is very, very different from mass surveillance.
The whole point of end to end encryption is that providers cannot comply with police request to access conversations. A properly secured system would make it impossible without compromise of your device. Now i don't know what signal does, but I am almost certain WhatsApp can just lie about your contacts keys and man in the middle the connection.
> Now i don't know what signal does
That makes me question how much you know about end-to-end encrypted messengers, because Signal is the gold standard.
> I am almost certain WhatsApp can just lie about your contacts keys and man in the middle the connection.
The problem there is that WhatsApp is not open source, so you can't check. So obviously you have to trust. But there are many, many employees who have access to the WhatsApp sources, so if it was not implementing what it says it is, chances are that someone would have said it. Also thanks to the EU DMA we have some protocol published by WhatsApp.
3 replies →
> The problem is that politicians don't seem to understand it.
The problem is that politicians were corrupted by power.
This is an extremely naive view of politics in complex systems like the EU. We're not talking about the US of French president here. The people in the 27 EU countries elect their EU representatives, and nobody knows them. People usually vote for a party, and they usually don't care much about the EU, except for complaining.
It feels like people who are against the EU vote for far-right politicians (the ones that are against the EU).
EU politicians are elected by the people and they represent what the people from the 27 member countries voted. Which is different from e.g. the US president, where the people don't really have much choice. Same in France, where people voted against the far-right and not at all for Macron.
this is rational because pedophiles are not a threat to the state. if they were, the bill would look very different.
A modest proposal: have governments consist of underage girls.
> which is hilarious coming after the Files.
Files?
Epstein