Privacy

31128 readers

646 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

654

Chat Control 2.0: EU governments set to approve the end of private messaging and secure encryption (www.patrick-breyer.de)

submitted 11 months ago by makeasnek@lemmy.ml to c/privacy@lemmy.ml

123 comments fedilink hide all child comments

cross-posted from: https://lemmy.ml/post/6469594

How to contact your MEP.

you are viewing a single comment's thread
view the rest of the comments

[–] rrobin@lemmy.world 33 points 11 months ago (1 children)

This is a really nice summary of the practical issues surrounding this.

There is one more that I would like to call out: how does this client scanning code end up running in your phone? i.e. who pushes it there and keeps it up to date (and by consequence the database).

I can think of a few options:

The messaging app owner includes this as part of their code, and for every msg/image/etc checks before send (/receive?)
The phone OS vendor puts it there, bakes it as part of the image store/retrieval API - in a sense it works more on your gallery than your messaging app
The phone vendor puts it there, just like they already do for their branded apps.
Your mobile operator puts it there, just like they already do for their stuff

Each of these has its own problems/challenges. How to compel them to insert this (ahem "backdoor"), and the different risks with each of them.

[–] yiliu@informis.land 21 points 11 months ago

Another problem: legislation like this cements the status quo. It's easy enough for large incumbents to add features like this, but to a handful of programmers trying to launch an app from their garage, this adds another hurdle into the process. Remember: Signal and Telegram are only about a decade old, we've seen new (and better) apps launch recently. Is that going to stop?

It's easy to say "this is just a simple hash lookup, it's not that big a deal!", but (1) it opens the door to client-side requirements in legislation, it's unlikely to stop here, (2) if other countries follow suit, devs will need to implement a bunch of geo-dependant (?) lookups, and (3) someone is going to have to monitor compliance, and make sure images are actually being verified--which also opens small companies up to difficult legal actions. How do you prove your client is complying? How can you monitor to make sure it's working without violating user privacy?

Also: doesn't this close the door on open software? How can you allow users to install open source message apps, or (if the lookup is OS-level) Linux or a free version of Android that they're able to build themselves? If they can, what's to stop pedophiles from just doing that--and disabling the checks?

If you don't ban user-modifiable software on phones, you've just added an extra hurdle for creeps: they just need to install a new version. If you do, you've handed total control of phones to corporations, and especially big established corporations.