| ▲ | France moves to break encrypted messaging(reclaimthenet.org) |
| 111 points by Cider9986 6 hours ago | 59 comments |
| |
|
| ▲ | hilbert42 3 hours ago | parent | next [-] |
| Seems to me we're going to have to let the anti-encryption mob have their way until things go wrong—bigtime. No amount of expert advice will convince them until they witness firsthand the negative consequences of weakening encryption. It's only afterwards and as a consequence some highly
newsworthy disasters occur such as a child abduction or political sex scandal involving a high profile politician come to light that the lay public will get the message that weak encryption is effectively no encryption. In the meantime criminals will be early adopters of more sophisticated messaging such as steganography. |
| |
| ▲ | xingped 2 hours ago | parent | next [-] | | Would be nice, but you know they'll carve out exceptions for themselves or use "unauthorized" messaging channels regardless with no consequences. It is _always_ "rules for thee, not for me" with politicians. | |
| ▲ | BrenBarn 23 minutes ago | parent | prev | next [-] | | In most cases I think the revelation of a scandal involving a high-profile politician would be a good thing. (That is, better than it remaining secret.) | |
| ▲ | Mars008 2 hours ago | parent | prev [-] | | > Seems to me we're going to have to let the anti-encryption mob have their way until things go wrong—bigtime. Been there, seen that. That's how Pakistan got nuclear bomb. France was just making friends. |
|
|
| ▲ | heinrich5991 5 hours ago | parent | prev | next [-] |
| This article incorrectly implies that Telegram is end-to-end encrypted, by putting it in the same line as WhatsApp and Signal. Telegram doesn't even try to be end-to-end-encrypted by default. WhatsApp claims to be end-to-end-encrypted, but it's not open-source, Signal is end-to-end-encrypted. |
| |
| ▲ | hellcow 4 hours ago | parent | next [-] | | > WhatsApp claims to be end-to-end-encrypted, but it's not open-source And explicitly does not encrypt metadata. Meanwhile NSA top brass publicly stated, "We kill people based on metadata." | | |
| ▲ | 2ndorderthought 3 hours ago | parent [-] | | I imagine in 2027 people will be getting killed over vibes. Does make you wonder what kind of people they kill or how many. I can't think of a lot of crimes whose metadata warrants being killed for personally. | | |
| ▲ | xethos 2 hours ago | parent | next [-] | | > I can't think of a lot of crimes whose metadata warrants being killed for personally You're (literally) missing links then. If A is a high-value target that we look at closely (because they're a high-value target), what if B frequently contacts A? If C, D, and E always recieve messages from B immediately following A messaging B? What about times? Is B messaging F at a consistant time, and never outside of that? Is A only messaging G, at a set time, with G's phone immediately being put into (ineffective) airplane mode immediately before and after? Facebook built their business on the social graph, but the CIA's been at this for decades | | |
| ▲ | 2ndorderthought 2 hours ago | parent [-] | | Thanks for explaining. I guess we are talking about espionage or something like that. I've been so focused on the rise of domestic surveillance lately that I forgot about the noncitizen aspects. Which is ridiculous but at the same time, it does seem like a trillion dollar focus lately. | | |
| ▲ | xethos 2 hours ago | parent [-] | | My examples are all based on the CIA and NSA playbook though, as it was the NSA director that said the quiet part out loud, explicitly, in front of Congress. The NSA is effectively America's red team, an offensive arm, meaning they (should be) focused on threats (percieved or otherwise) outside the country The FBI has been much quieter about this though - there has yet to be a Snowden-for-the-FBI, though they would be one of the agencies I would fully expect to be doing similar work domestically. As this becomes more well-known, I would expect state and county police to start looking into data and metadata as well. In some cases, they already are [0] - even if some aspects of that case are less relevant today (Google Maps no longer uploads location history, though cell tower trilateration is getting more accurate, not less). It's far more prevalent than most people realize, though I invite you to consider which you'd rather have when building a second-by-second profile of a person's life: the message contents, or the metadata? [0] https://www.wired.com/story/find-my-iphone-arson-case/ | | |
| ▲ | 2ndorderthought 2 hours ago | parent [-] | | Metadata would be more powerful in 9 out of 10 cases. Message contents could be invaluable in some cases too. Interesting to think about |
|
|
| |
| ▲ | tardedmeme an hour ago | parent | prev | next [-] | | Isn't this already happening? It's why the war department uses ChatGPT and Claude to target drone strikes. It's why Anthropic had to make a public scene to pretend that wasn't happening. | |
| ▲ | Projectiboga 2 hours ago | parent | prev [-] | | In the dystopian novel Nineteen Eighty-Four, thoughtcrime, also known as crimethink in the official language of Newspeak, is the offense of thinking in ways not approved by the ruling Ingsoc party. It describes the intellectual actions of a person who entertains and holds politically unacceptable thoughts; thus the government of The Party controls the speech, actions, and thoughts of the citizens of Oceania. https://en.wikipedia.org/wiki/Thoughtcrime | | |
| ▲ | 2ndorderthought 2 hours ago | parent [-] | | It's a great book! It does make you wonder what s future with neural link and data centers in every city looks like under a fascist regime. |
|
|
| |
| ▲ | em-bee 3 hours ago | parent | prev | next [-] | | telegram may not be end-to-end encrypted by default but it does support end-to-end encryption. the generous reading is that this encryption, if used, should be broken. so as i read it the article doesn't suggest that all of telegram is end-to-end encrypted only that it has support for it. | |
| ▲ | wolvoleo 2 hours ago | parent | prev [-] | | Yes and the secret chats in telegram are super clumsy. Both parties need to be online at the same time for the key exchange, it only works on one device at each side. Nobody I know uses them. I sent some people a password reset through them but half of them couldn't get their head around it. So yeah while it has secret chats, they aren't very useful at all. |
|
|
| ▲ | amarant 4 hours ago | parent | prev | next [-] |
| I'm starting to think we need to make encryption a protected class, so that we can label speaking against it as hate speech. Let's start putting some of these politicians in jail for being stupid. |
|
| ▲ | ZetsuBouKyo 43 minutes ago | parent | prev | next [-] |
| I remember a joke where a guy sent a joke to another via private message, and Xi Jinping laughed. It seems the government's mindset is the same everywhere. |
|
| ▲ | skiing_crawling 3 hours ago | parent | prev | next [-] |
| How will they know what's encrypted? Maybe I just like sending random sequences of bytes across the wire |
| |
| ▲ | sufficientsoup an hour ago | parent | next [-] | | It doesn't even need to be random. What if you send an instance of a proprietary file format? Is the company required to share the spec and toolchain so that the govt can verify it (probably) isn't an encrypted message? | |
| ▲ | vkou 2 hours ago | parent | prev [-] | | I'm sure the judge will love your explanation. | | |
| ▲ | tardedmeme an hour ago | parent [-] | | In my home directory is a 4GB random file. I suggest you should do this too. Vary the filename to taste. Some suggestions: the name of any active drug market or cyber threat actor. |
|
|
|
| ▲ | budududuroiu 2 hours ago | parent | prev | next [-] |
| I'll repeat this over and over: Most EU politicians are aware of needing to lead from positions of deep unpopularity for the next 10-20 years, they're just setting the stage to have the tools to suppress dissent at their disposal. After encryption, my bet is on reduced rights to protest (see UK wanting to ban protests that repeatedly "cause disruption"). |
|
| ▲ | sublimefire 4 hours ago | parent | prev | next [-] |
| Some people do not take no for an answer. This is bordering on absurd. But on the other side what I miss is some explanation if forensic analysis helps here? Presumably the messages stay on a phone and you can recover them. If that is the case then it should be enough to fight the crime, i.e if you get a warrant to access the device then you can access messages, which I believe many would agree is fine. |
|
| ▲ | nazcan 2 hours ago | parent | prev | next [-] |
| I still don't understand the note that the companies can't decrypt the messages with e2e encryption. Isn't it as simple as a software update that says: "If user = foo, then send the on device keys elsewhere"? Or if those keys are part of a TPM, then a software update that just asks it to send in the decrypted messages? Can judges not order this now, but can order decryption if the keys are stored centrally? |
|
| ▲ | iamnothere 2 hours ago | parent | prev | next [-] |
| Time to teach all your friends how to use a one-time pad. Could be a fun hobby for those with the right inclination. |
|
| ▲ | wewewedxfgdf 2 hours ago | parent | prev | next [-] |
| But not for French politicians and military, am I right? Encryption for me not for thee? |
|
| ▲ | croes 4 hours ago | parent | prev | next [-] |
| Let’s start with the smartphones of politicians. |
| |
| ▲ | wolvoleo 2 hours ago | parent [-] | | They already excluded themselves in the chatcontrol proposals. Typical. |
|
|
| ▲ | uriahlight 3 hours ago | parent | prev | next [-] |
| "The excessive increase of anything often causes a reaction in the opposite direction; and this is the case with freedom, which in a democracy often descends into anarchy... The excessive liberty of the individual in a democracy eventually leads to a desire for authoritarian rule, and out of that desire, the tyrant arises." - Plato's Republic |
|
| ▲ | pessimizer 5 hours ago | parent | prev | next [-] |
| > Mass surveillance, of course, isn’t what the delegation is proposing. The fear isn’t that a French investigator will read every WhatsApp message. French investigators won't care about every WhatsApp message. But they definitely will slurp them all up, process them all with AI, and read them whenever they have an interest. And they will deny they are doing this as they do this. |
| |
| ▲ | adrianwaj 3 hours ago | parent [-] | | It will become more important over time - Telegram and the TON coin are reintegrating. So messaging surveillance is financial surveillance too? Price is going up too. https://x.com/BSCNews/status/2053046567930937817 Upgraded a month ago: https://x.com/durov/status/2042247948147241072 It'd be interesting (horrifying?) to see something that was once assumed secret go public. Imagine if all chats and payments eventually went public at some point... the Transparity, when nothing can be encrypted anymore so no one tries. Mankind becomes a unit - or it devolves? With TON, perhaps altcoins will give way to micro coins - tailored especially for apps and their users/founders? ..for micropayments and running on AI infrastructure. Blockchain and AI infrastructure are already interchangeable in large part. So if transaction histories are exposed, the damage is limited. Startups won't look to IPO, they'll look to float a coin to make serious money. Binance did it. Polymarket next? Poly is dominated by Bitcoin as it stands. I'm not sure if Ethereum tokens would be the same thing. | | |
| ▲ | fn-mote 2 hours ago | parent [-] | | > […] something that was once assumed secret go public. Imagine if all chats and […] went public I strongly suspect instead that you would see Polymarket-style insider trading by the few powerful people who have access to the secrets. | | |
| ▲ | adrianwaj an hour ago | parent [-] | | Yeah, you would also have to trust Poly staff and media outlets. But also messaging platforms whereby wiretapping has never been so lucrative. So what's the CEO of ____ saying about an IPO? https://kalshi.com/markets/kxipo/ipos/kxipo-26 Time to get friendly with the 'tappers or become one oneself, right? This news story is so pertinent. Doctor Evil's secret AI prompt >> Train on messaging and then tell me the most lucrative bets in the prediction markets. |
|
|
|
|
| ▲ | jmclnx 5 hours ago | parent | prev | next [-] |
| Lets pretend this happens, I am curious how it would work. So a person in Canada messages someone in France who's WhatsApp is not encrypted. But the message from Canada is encrypted. Will the person in Canada's message have to be sent unencrypted ? Or will WhatsApp Canada need to allow France to break Canada's encryption ? Personally I think it would be easier for these apps to ban people in France from using their service. |
| |
| ▲ | EMIRELADERO 4 hours ago | parent [-] | | They would have used the "ghost user" strategy. > "Perrin now offers a different framing. “Article 8 ter, which I had adopted, was not at all aimed at obtaining encryption keys but at introducing a ghost participant into a conversation before encryption,” he says. The “ghost participant” approach, sometimes called a ghost user proposal, was floated by GCHQ in 2018 and rejected by every major privacy organization, civil liberties group, and security researcher who looked at it. The idea is that the platform silently adds a third recipient, an invisible intelligence agent, to a supposedly two-person conversation. Users never see them. The encryption technically still works, except that one of the parties is the state." |
|
|
| ▲ | EGreg 3 hours ago | parent | prev | next [-] |
| One of many simultaneous attempts all around the world: https://community.qbix.com/t/the-global-war-on-end-to-end-en... And by the way, this article mentions other things already in place, such as being able to commandeer your device and spy on it without breaking encryption: https://community.qbix.com/t/increasing-state-of-surveillanc... |
|
| ▲ | tw04 5 hours ago | parent | prev | next [-] |
| I find it fascinating that a country with citizens that are typically willing to protest in the streets at the drop of a hat don't seem to care. Is it that they aren't technically literate? |
| |
| ▲ | tensor 4 hours ago | parent | next [-] | | These sorts of laws have repeatedly failed to pass in Europe due to people protesting. The government just keeps coming back and trying again it seems. What makes you think French citizens don’t care? | | |
| ▲ | HerbManic 3 hours ago | parent | next [-] | | I do think they care but you hit on a point. Governments just keep trying to force this and eventually wear down the resistance to it. They can try repeatedly as it only has to work once. | | |
| ▲ | tensor 2 hours ago | parent | next [-] | | Yeah, this feels like an exploit used by many governments these days. You see the same thing in the US where the Republicans just keep filing appeals or lawsuits until they eventually get what they want. Over and over and over and over. Governments should probably adopt some sort of "retry" limit for these things. Good luck getting that passed though I suppose. | | |
| ▲ | vkou 2 hours ago | parent [-] | | That would just be abused by people who want to permanently enshrine a bad status quo. They'll file X really shitty, bad faith challenges, and when they all fail, everyone will be permanently stuck with a bad thing. Imagine if women's suffrage failed 5 times, and hey, guess we'll never get it, 5 times is the limit. |
| |
| ▲ | novok 2 hours ago | parent | prev [-] | | It's because it doesn't break the political and financial careers of the people who do in the civil service and the politicians. Once it does, you'll see it is not repeated. Prop 13 in California is an amazing example of this, known as a third rail political issue because it "kills" the politicians who attack it directly. It doesn't even approach even getting put up as a proposition or bill directly. It has a tight feedback loop because the most mobilized voting class, the olds, feel it immediately and the Howard Jarvis Taxpayers Association mobilizes immediately also. So they go for it on the sides, for things like commercial property, or complicated to understand inheritance and so on. So if you really want to fight back and be effective, you have to (politically) destroy the careers of those who do. | | |
| |
| ▲ | userbinator 4 hours ago | parent | prev [-] | | Maybe it's time for France to reconsider its relationship with the EU. | | |
| ▲ | Georgelemental an hour ago | parent | next [-] | | The French people did consider that, in the referendum on Maastricht. The politicians ignored the results | |
| ▲ | palata 4 hours ago | parent | prev | next [-] | | The French people typically elect far-right politicians to represent them at the EU level, so... | | |
| ▲ | userbinator 4 hours ago | parent [-] | | It's not about left or right, but up and down. | | |
| ▲ | tardedmeme 2 hours ago | parent | next [-] | | Which are also known as right and left, respectively. What, did you think right and left were arbitrary? The words are arbitrary, but the meanings are not. They correlate quite strongly with the material interests of the up and down. | | |
| ▲ | novok 2 hours ago | parent [-] | | Stalin & Mao would like to have a word with you. | | |
| ▲ | tardedmeme an hour ago | parent [-] | | ... okay? I thought they were dead. What about the entire rest of the world that is left or right. We're not stuck between a choice of Staln (left), and Htler (right) - there are more reasonable people in the world, even more reasonable politicians. |
|
| |
| ▲ | 0dayz 3 hours ago | parent | prev [-] | | That makes little sense if you know some basic political science, the EU is comprised of different political interest groups just like your country is. Unless you literally belive everyone in the EU belive the exact same thing and there's zero disagreements what do ever. | | |
| ▲ | shakow 3 hours ago | parent [-] | | Kind of, at least in France? Our privacy-nefarious laws have been passed by both left- and right-leaning governments. It seems that if there is something the elite agrees upon, it is that the plebeians should be kept in check. |
|
|
| |
| ▲ | 0dayz 3 hours ago | parent | prev [-] | | This is France pushing this onto themselves? |
|
| |
| ▲ | esseph 2 hours ago | parent | prev [-] | | > Is it that they aren't technically literate? Few are, that is a huge part of it. Most have far more pressing concerns. |
|
|
| ▲ | Mars008 2 hours ago | parent | prev | next [-] |
| The big problem here is that Veracrypt development is done there if I'm not mistaken. Probably time to get back to trusted old TrueCrypt. |
|
| ▲ | idiotsecant 3 hours ago | parent | prev | next [-] |
| The world needs frontiers or stuff like this is the natural state. |
|
| ▲ | TacticalCoder 4 hours ago | parent | prev [-] |
| To make the link with another very successful article on HN today: who is Franced rule by yet? By cyber-libertarians right? |
