| ▲ | _aavaa_ 3 days ago |
| It’s not. This is a political problem, not a technical one. |
|
| ▲ | kebman 3 days ago | parent | next [-] |
| I beg to differ. As long as we have gentlemen like Pavel Durov getting arrested at French airports, it's definitively at technical question. A decentralized and distributed chat protocol with distributed devs and owners would make it impossible to arrest any one individual, and it would make it exceedingly hard to censor such a platform. But you are perhaps a fed? xD |
| |
| ▲ | whatevaa 3 days ago | parent [-] | | Investigate steganography. Otherwise they will just make using particular applications servicws illegal and selectively enforce it. That's why this problem is not technical If you need a specialized vacuum to collect shit from the floor, how about... not shitting on the floor in the first place. | | |
| ▲ | AnthonyMouse 3 days ago | parent [-] | | > Investigate steganography. Otherwise they will just make using particular applications servicws illegal and selectively enforce it. This isn't quite accurate. It's hard to ban things that are widely used. Because of its design, it's very difficult to censor email. You could order some large provider to do it but then people could use a different one. You can get email for free from a provider in another jurisdiction. It's not that hard to start a new one. Trying to ban interoperability with mail servers in other countries would cut you off from the world. It creates a cost for a government that wants to do it, which is a deterrent, and even if they try it's hard to enforce. That isn't what happens when everyone is using Facebook, because then a sufficiently major government can just order Facebook to do whatever authoritarian thing under threat of criminal penalties and there is no switching to another provider or operating your own Facebook server while still being able to communicate with the people using the existing system. You want authoritarianism to have legal friction and technological friction against it. They're not alternatives to each other, they're checks and balances. |
|
|
|
| ▲ | cherryteastain 3 days ago | parent | prev | next [-] |
| People keep repeating this defeatist drivel but it's just not true. It's still up in the air whether you can defeat a law using technical measures, but it is a thoroughly settled matter that you cannot legislate away mathematics. We saw how laws completely failed to make encryption illegal in the 90s as open source encryption code spread rapidly on the internet. "Exporting" encryption software was illegal in many countries like USA and France but it became impossible to enforce those laws. A technical measure defeated the law. Encryption is just maths. It is the law being unreasonable here, and it will be the law which will ultimately have to concede defeat. UK is the perfect example here - Online Safety Act's anti-E2EE clauses have been basically declared by Ofcom to be impossible to implement and they are not even trying anymore. |
| |
| ▲ | dns_snek 3 days ago | parent | next [-] | | "I can still use GPG" isn't a win condition you seem to think it is. Authoritarian governments will be perfectly happy to let you continue using GPG as long as the remaining 99% of society continues using monitored/censored communication apps. | | |
| ▲ | whatevaa 3 days ago | parent | next [-] | | Also you will be easily identified as problematic by your use of GPG/PGP. VPN's provide privacy by blending your traffic with others. If you stand out... | |
| ▲ | cherryteastain 3 days ago | parent | prev [-] | | Conversely, as long as the people they actually want to target (dissidents, journalists, ...) use non-compromised E2EE it's not very useful for NSA/GCHQ etc to harvest info about all the cat videos everyone else is watching. | | |
| ▲ | dns_snek 3 days ago | parent | next [-] | | It won't help you with those specific cases no, but Chat Control would be the perfect tool to monitor and stop the spread of information between regular citizens who are trying to organize against the government, just look at China. It's not your cat videos they're interested in. When people are protesting against the government it's vitally important that they're able to get information out as quickly as possible, to as many people as possible. If the government can slow that momentum down then opposition fizzles out. Chat Control would do a great job in service of that goal, it's large scale crowd control, not a targeted attack. | |
| ▲ | Nextgrid 3 days ago | parent | prev [-] | | But it makes the people they want to target very easy to spot - just look at who doesn't watch cat videos. The absence of data is data itself. | | |
| ▲ | whatevaa 3 days ago | parent [-] | | Yup, that xckd with 5 dollar wrench applies. You will be on the radar. |
|
|
| |
| ▲ | flir 3 days ago | parent | prev | next [-] | | No disrespect intended, but "it's still technically possible" doesn't matter. We, as enigneers, tend to think in absolutes (after all, something either works or it doesn't). Politicians are perfectly happy with a law that is only 80% effective - they would argue that sometimes people break laws against murder, but that doesn't mean laws against murder should be thrown on the scrapheap. Most people obey the law most of the time. Doing a technical end-run around the law (a) leaves you with very few people to talk to (b) makes you stick out like a sore thumb, at which point you're vulnerable to the $5 wrench. | | |
| ▲ | kebman 2 days ago | parent [-] | | Here's a funny story for you. Did you know that porn was quite severely censored in Norway up until the 90's? But suddenly, the censorship stopped. Why? Because of the distributed quality of the internet. While the Norwegian state may still wish to continue censoring porn in Norway, they deemed the task too difficult and too invasive to continue, so they just dropped it entirely (except of course for certain extreme fringe cases). I was personally shown clips by the Norwegian Board of Film Classification in the early 2000's showing both grey zone depictions, and clearly illegal depictions of film violence per the law. I am still traumatized from seeing some of that s*t. Legally btw, since they are a state authority tasked to categorize and censor such media, and also educate people with the right degrees. Yet in that meeting, when I asked them how they're handling censorship now, they kind of just threw their hands up in the air and told me directly that "We only give advice on cinema films these days. Look, we can't very well censor the entire internet without also using either extremely invasive or unfair strategies. If you really want some violent or pornographic movie, you're probably gonna get it no matter what we try to do." So, the morale of this story is, make something ubiquitous enough, or hard enough to censor, and some states might just give up. If you build a truly decentralized system, good luck censoring it. And that was pretty much it for Norway. They had given up on the idea of preventing people from seeing violent or pornographic contents on the internet. Within political science we speak about effective ways to participate politically. Sometimes that's not screaming slogans outside some government buildings. Sometimes that's simply building resilient and forward secure distributed systems. Btw. as a side note, the bad guys are still taken. Instead of thought policing entire populations, they're now tending to the guys doing actual harm. The anti encryption bills are just smoke and mirrors to get you to give up essential liberties, so they get more control. It has little or nothing to do with protecting children and you know it. |
| |
| ▲ | _aavaa_ 3 days ago | parent | prev | next [-] | | > People keep repeating this defeatist drivel but it's just not true. It is not defeatist drivel to argue for political action rather than trying to hit everything with a technological hammer. > We saw how laws completely failed to make encryption illegal In the USA free speech rights defeated that law. > Encryption is just maths. But nothing in those maths guarantee you the ability to use them legally. | | |
| ▲ | Gormo 3 days ago | parent [-] | | > It is not defeatist drivel to argue for political action rather than trying to hit everything with a technological hammer. I'd say it's actually worse than defeatist drivel, since it actively discourages an entirely feasible strategy of making bad laws difficult/impossible to enforce, and instead encourages people to squander their efforts and resources on fighting all-or-nothing political battles in the context of utterly dysfunctional institutions riddled with perverse incentives that no one at all in the modern world seems to be able to overcome. The "political, not technical" argument is equivalent to telling people concerned about possible flooding that instead of building levees, they should focus all their efforts on trying to drain the ocean. | | |
| ▲ | _aavaa_ 3 days ago | parent [-] | | > entirely feasible strategy Who will host the code? What App Store will you publish in? | | |
| ▲ | Gormo 3 days ago | parent | next [-] | | The developers and the FOSS community generally; F-Droid is a good app store for FOSS, but there's no inherent need for app stores in the first place. Duplicating the tremendous success of the Linux ecosystem is a worthy goal, but even at the outset, the idea is to reach the 1% of users who want such a solution and are willing to invest thought and effort into it, and let it gradually become viable for incrementally wider adoption. Trying to target the 99% who don't care in the first place wouldn't make much sense. | |
| ▲ | RealityVoid 3 days ago | parent | prev [-] | | Right, you need an end-to-end ecosystem. Delivery, ease of use, trustable code and audit, good math, community, financial incentives. Still much more enduring solution than an eternal political battle, IMO. |
|
|
| |
| ▲ | theptip 3 days ago | parent | prev [-] | | > it is a thoroughly settled matter that you cannot legislate away mathematics. I don’t think this protects us. I view the “encryption is maths” position as referring to backdoor keys. But this time they figured out client-side mandated spyware is a viable way of breaking e2e without contradicting mathematics. I hate to get dystopian but we can all see where this is going; “Trusted Hardware” is mandated to run your Government ID app and Untrusted Hardware is illegal because it’s only for criminals and terrorists. Your Trusted Device performs client-side content scanning, it’s illegal to install an untrusted app, and all app developers are criminally liable to monitor for Harmful Content on their services. This is what we are fighting against. They keep trying and they are getting closer to succeeding. And none of this is incompatible with mathematics; it’s a pure rubber-hose attack on the populace. |
|
|
| ▲ | const_cast 3 days ago | parent | prev [-] |
| Its both, ultimately politics is not all-knowing and you can't stamp out all technical solutions. Like, breaking encryption is just not possible if the encryption is set using a proper algorithm. Governments try, and they try to pass laws, but it's literally impossible. No amount of political will can change that. Ultimately I can write an encryption algorithm or use GPG or something and nobody on Earth, no matter how motivated or how rich, can read what I encrypted, provided I do not let out the key. If I just keep the password in my head, it's impossible. So, until we invent technology to extract secrets from a human brain, you cannot universally break encryption. Its just not possible. Doesn't matter if 7 billion people worldwide vote for that. Doesn't matter if Elon Musk wants it. Doesn't matter if the FBI, CIA, and the NSA all work together. |
| |
| ▲ | dns_snek 3 days ago | parent | next [-] | | It's not a technical problem. Chat Control wasn't about breaking encryption, it would bypass encryption with client-side scanning. It targets the apathetic 99% of the population who won't have the energy or knowledge to do anything about it. It's also not a technical problem because technical solutions (like GPG) already exist. The problem is political (stopping these authoritarian laws) or should that fail, social (convincing people to inconvenience themselves with alternative communication apps that aren't available on app stores) | | |
| ▲ | Gormo 3 days ago | parent | next [-] | | > It targets the apathetic 99% of the population who won't have the energy or knowledge to do anything about it. That's the same 99% of the population whose motivations and priorities define the incentive structures applicable to politics. If 99% of the population don't care about your issue, you're not going to win the political fight without quite a lot of leverage attached to entirely unrelated issues. So the choice is between creating impediments to the enforcement of this bad policy, and at minimum using technology to establish a frontier beyond which it can't reach -- one that is at least available to those motivated to seek it out -- or instead surrendering completely to politics controlling everything, with it being almost a certainty that the political process will be dominated by adverse interests. | | |
| ▲ | dns_snek 3 days ago | parent | next [-] | | > If 99% of the population don't care about your issue, you're not going to win the political fight Indeed, that's why I'm not very hopeful about the future of our privacy. We will need technical solutions to Chat Control of course, but that's just the last step. First we need to crack open iOS and Android with anti-trust enforcement. An uncensored chat app is useless if we can't install it on our devices without government approval. Unfortunately a significant portion of the tech community is in favor of these walled ~~prisons~~ gardens. Anything we try to do is doomed to fail without freedom to do what we want with devices we own, so until we get past that hurdle I'm hopeless that we'll be able to do anything about Chat Control. | | |
| ▲ | Gormo 3 days ago | parent [-] | | > Indeed, that's why I'm not very hopeful about the future of our privacy. I'm not very hopeful about politics generally, for that very reason. The obvious solution is to work to make politics less of a determinant of outcomes. > First we need to crack open iOS and Android with anti-trust enforcement. Another political solution? Not going to happen. We need to work towards a functional mobile OS ecosystem that isn't controlled by Apple, Google, or the government. That won't be easy, and won't offer any immediate short-term options, but work is already in progress, and will in the long run be far more effective than waiting for politics to save us. | | |
| ▲ | dns_snek 3 days ago | parent | next [-] | | > Another political solution? Not going to happen. I hold out some hope that the EU "faction" responsible for the DMA makes enough progress in the coming years to make the lives of Chat Control proponents difficult by fighting for viability and complete independence of third party app stores. That's why I think it's critical for the EU to strike down Apple's (and now Google's) notarization process. I'd also invite those who support walled gardens and attack the EU for the DMA to rethink their position because if authoritarian legislation like Chat Control succeeds in the EU, it's definitely coming to the US next. Of course an independent OS would be the dream but I'm even less hopeful about that. | |
| ▲ | _aavaa_ 3 days ago | parent | prev | next [-] | | > The obvious solution is to work to make politics less of a determinant of outcomes. This statement is meaningless. You can’t finance, develop, build, sell, and operate an OS and phone in a vacuum outside the reach of “politics”. | |
| ▲ | dylan604 3 days ago | parent | prev [-] | | Nobody has the resources like an Apple or a Google to develop an open mobile OS that will be able to run on any hardware | | |
| ▲ | Gormo 3 days ago | parent [-] | | If anything, I'd say it's the other way around. Apple and Google themselves don't seem to have the resources to do that -- iOS and Android are layers built on top of BSD and Linux, respectively -- whereas it's FOSS projects that are the most dominant and pervasive ones in even far more complex use cases than mobile OSes. | | |
| ▲ | dylan604 2 days ago | parent [-] | | Huh? Apple absolutely does not want this to happen. That's why it doesn't happen. It's not that they do not have the resources to do it. Not really sure how you think that 2 of the most valuable companies on the planet do not have the resources. |
|
|
|
| |
| ▲ | pcrh 3 days ago | parent | prev [-] | | > If 99% of the population don't care about your issue... That depends largely on how the issue is presented. For example, it is now seen as "only sensible" to use pseudonyms online to protect your true identity from random people. Why does the same not apply to your other data? Why should the government have access to pictures of your children? | | |
| ▲ | Gormo 3 days ago | parent [-] | | Which is all well and good, and to the extent that people are won over to those arguments and create more political capital for putting an end to these privacy-violating policies, all for the better. But that's not a substitute for nor mutually exclusive with technical measures to protect privacy, which will work regardless of the political milieu. |
|
| |
| ▲ | mrguyorama 3 days ago | parent | prev [-] | | > It targets the apathetic 99% of the population who won't have the energy or knowledge to do anything about it. It targets the 99% of the population who do not care about your absolutist stance on encryption, do not care about the technical reason you can't have simultaneous perfect encryption and a gov backdoor, and do not care about math. They care that the world changed pretty much overnight, and they are tired of finding out that their children have been solicited for sex by strangers on the internet and platforms have done everything possible to NOT address that problem. People are tired of being victimized, tired of not having some control over what their children are able to interact with, tired of being blamed for giving their kids access to the internet while their kids are required to use the internet for things like school It's utter insanity to think parents wouldn't rather just cede some freedom to have a fighting chance of bringing up children the way they want, of being able to keep them safe from literal pedophiles. That's not apathy, that's a difference of priorities. The entire history of human civilization is the story of ceding certain freedoms for some sort of stability. Parents will happily run government code on all their devices if it means the government strings up pedophiles every week. The internet has been the single largest boon to pedophiles and people making and distributing child porn ever, and parents are tired of waiting for Google and Facebook to hem and haw about how they can't afford to fix it and wont even try. If you want to stop things like Chat Control, give parents an alternative that doesn't take enormous effort to learn and understand, that actually works, that doesn't put the onus on them to magically be able to police every single HTTP request their child's devices make without even giving them the tools to do so. Stop blaming parents for not parenting hard enough. You have no idea how absurd this entire situation is for parents who aren't tech experts. And no, child parental controls on devices right now are utterly unsophisticated, and utterly useless at stopping this. Parents will turn on as much tracking as they can, and STILL find out their kids figured out a fairly trivial way of bypassing it. Stop ignoring the very real problems that modern parents are faced with. | | |
| ▲ | dns_snek 3 days ago | parent | next [-] | | > If you want to stop things like Chat Control, give parents an alternative No! It is not my job to appease your fantasies. It is your job to first and foremost prove that Chat Control will effectively curb child abuse, which proponents of the legislation have completely failed to do. Secondly it is your job to ensure that your solution doesn't break the EU charter of fundamental human rights. Here is a solution for you: All children must be accompanied by their legal guardian at all times - a child must never leave their sight. Unlike Chat Control, this solution would actually work and prevent all cases of abuse except those perpetrated by the guardians themselves. > Parents will happily run government code on all their devices if it means the government strings up pedophiles every week. By all means, I support your decision to run government code on all of your devices. Just keep mine and everyone else's out of it. | |
| ▲ | rsync 3 days ago | parent | prev [-] | | Children shouldn’t have devices. They certainly shouldn’t have always online devices capable of accessing social media platforms. US father of three here and if they’re younger than 15 just hand them a Nintendo switch… if you hand them anything at all. You will never win the arms race you’ll be fighting- against both your children and the platforms. Just opt out. | | |
| ▲ | mrguyorama 3 days ago | parent [-] | | The Switch has a built in web browser that is "hidden" barely. Ample Youtube videos will show your child how to use it to access instagram, discord, even roblox supposedly. Does your school not force them to have some sort of laptop? I was using my middle school provided laptop to do things I probably shouldn't have on my parent's network with them none the wiser, and the school not caring what I did, and utterly unable to stop me even if they wanted. In fact, the IT department basically drafted me and a few other students to be repair techs. I was only superficially technically inclined at the time. Parents will want control over their 16-18 year olds too, that's kind of a critical time. "Just don't let them use the internet at all" is a great way to ensure your kid cannot develop any sort of healthy relationship with the internet once they become an age where they can just buy their own stuff, and sets them up nicely to be fresh, naive meat to whoever wants to exploit them. My family is all experiencing this. You have simply given parents a lose lose lose lose situation, and then complain when they turn to the only remaining group claiming to offer assistance. | | |
| ▲ | dns_snek 2 days ago | parent [-] | | What does that have to do with Chat Control? You need better parental controls offered by iOS, Android, Windows, etc. Chat Control is chiefly about scanning and censoring every private message sent between adults under the guise of stopping the spread of CSAM (trivially defeated by sending encrypted ZIP files or using an alternative non-conforming messaging service). |
|
|
|
| |
| ▲ | _aavaa_ 3 days ago | parent | prev [-] | | I would like to introduce you to rubber hose cryptography. | | |
| ▲ | kps 3 days ago | parent [-] | | That doesn't work well for mass surveillance of regular people. | | |
| ▲ | _aavaa_ 3 days ago | parent [-] | | We’re talking about how the ability for the public to use strong encryption is contingent on laws allowing that. Normies won’t start using PGP. Normies will use whatever popular app their friends are on. Those apps can have their encryption made illegal, kicked off stores, and their developers jailed. The thing protecting the developers from this isn’t the strength of their encryption, it’s the laws saying the encryption is legal. |
|
|
|
