"What do you mean you and your friend chat over Signal when there are dozens of other chat apps? Sounds like you two have something to hide, if you ask me." [0]
Whenever I hear someone telling me they have nothing to hide, I ask them to unlock their phone and hand it to me. The joke still goes over people heads sometimes.
That's a bad argument - people trust the government differently than each-other. They also (should) mistrust the government differently. Voting is secret for a reason. How much of a chance do you think we have of meaningfully changing a government, if they can guess with 80% degree accuracy how everyone voted, based on their chats and social networks? When they know ahead of time who is assembling a new political party? When they know all of their friend's friends dirty secrets, and will tactically leak them to the press? Or simply prosecute them for spreading hate/antisemitism/homosexual propaganda/some other vague crime?
Knowledge is power. Does it feel like the balance of power is currently tilted too far in favor of individuals?
> How much of a chance do you think we have of meaningfully changing a government, if they can guess with 80% degree accuracy how everyone voted, based on their chats and social networks
This doesnt really detract from your overall point, but you may be underestimating how easy it already is for the government to tell how you will vote, without use of networking information. Just knowing someone’s educational level and zip code is enough to guess their voting preferences to a high degree of accuracy (the latter component being the reason why gerrymandering is so effective).
The people in the government branches with access will be random individuals. It's the exact same as giving a stranger your phone unlocked, except that you should say "pls don't leak"
Yes, technically it is, but the feeling of it is entirely different. Same thing with cloud services: people upload (or don't care) about a good bunch of stuff, to whatever cloud backend the app is using, but sending each other stuff is a different thing.
But they're often not a "random stranger" though - there's plenty of people who many would trust to do exactly that due to expectations of reputation etc. "The Government" is arguably just another.
I suspect the vast majority of people on the street would absolutely unlock their phone at request when taking their phone to be repaired. But really, I doubt many actually personally know the people involved, will likely never see them ever again, and their judgement of the company involved and their hiring practices limited to "They have a decent enough looking storefront that says "Screen Repair" on it".
Weather they should do that is another discussion, but I can't imagine a working society if every position of trust like that breaks down. I can't buy groceries from someone I haven't personally vetted the farming practices of. I have to check every time I drink water for contaminants. There's a lot of outsourcing of trust already in society, and it kinda mostly works.
I think it's better to move past the individual question entirely. I tell them to imagine whatever political power they fear the most and ask themselves how it would likely behave if it knew nobody could coordinate against it in secret.
I have rather little to hide myself but I want desperately for you to be able to hide something. Otherwise we're together a worse deterrent against authorities behaving badly as we would otherwise be.
I find it quite personally impactful that I've never had to bend the knee to a king. Without the ability of certain historical figures to keep secrets from their king, I think things would be quite different in that regard.
If most people can reason about the current historical moment as it relates to policy decisions, well I guess that's an equally dangerous sort of problem.
> If most people can reason about the current historical moment as it relates to policy decisions, well I guess that's an equally dangerous sort of problem.
Firstly I am not sure what "current historical moment" means.
Generally most people don't have the will, knowledge or knowhow to understand political policy. Political policy seems to be constantly at odds with reality (if you listen to Dominic Cummings Q/A and/or Interviews he spells out how dysfunctional it is).
Even if that is the case more often than not now the power structures in the Western World are setup in a particular way where it is opaque, protects itself and does not serve the people that it is suppose to govern.
> I ask them to unlock their phone and hand it to me
Let’s say they do that. What would you do next? Go over their photos? Private messages with their so? And then what? Laugh at something that you found there? Would you feel then that you proved some point? I just don’t understand how this scenario would play out in real life
The person would likely not want to unlock their phone and let you look around (hopefully) causing them to realize that privacy is important and they shouldn't give it up so easily
> Whenever I hear someone telling me they have nothing to hide, I ask them to unlock their phone and hand it to me.
But I "trust" the gouvernement in a different way that I trust you.
- With that access you can also "do" things, like sending messages or delete stuff.
- I'm worried that you could judge me in a different way than the government would judge me. Because if you are a friend I care how you see me. But I don't care what the authorities think of me as long as I don't do anything illegal, they won't care.
Are you a lawyer? How confident are you that you aren't doing something illegal? At 30 seconds of thinking of an interesting example, there are still blasphemy laws on the books [0] in some parts of Europe and it isn't clear how compliant what people say at home is with hate speech laws. And there are a lot of laws out there that most people don't know about.
There isn't any reason to think people are obeying the laws in the privacy of their own spaces. Historically there are actually good reasons to think people are disobeying the law, but the laws are stupid and it is better not to check unless there is a political opponent to take out (eg, anti-homosexuality regulations).
Some countries have defacto blasphemy laws as part of hate speech (in Europe) or social harmony (in Asia) laws. This is covered in the wikipedia article
There are definitely more countries that have blasphemy laws than are on the list on that page (e.g. Sri Lanka).
I, and everyone else, are doing illegal things all the time. As you point out, that's the nature of our legal system. So it's not terribly persuasive to say, "well are you sure you're not doing anything illegal" because it misunderstands the reason why we all haven't gotten arrested. It's not because of privacy but because almost all of us are below the notice of the police. You even cite an example of how privacy doesn't save you in exactly the cases where you think it ought to.
There are arguments for maintaining privacy but I don't really think this is one of them.
You seem to be arguing something slightly off the thread topic. Jenadine typed "But I don't care what the authorities think of me as long as I don't do anything illegal, they won't care".
And I'm not sure who you are to say you are "below" the notice of the police. The police are primarily there to police the people at the bottom of society. The higher up the ladder of social status people climb the less they have to do with the police.
> Because if you are a friend I care how you see me. But I don't care what the authorities think of me as long as I don't do anything illegal, they won't care.
Then an election happens and people who very much care about your previously non-illegal behavior gain access to years of historical data.
FBI employees have been stalking their ex-girlfriend using FBI database. That’s what we mean with “You may be doing things the government doesn’t like” — Abusive boyfriends can be part of a local government.
1) Trust is a human-to-human interaction which depends on being able to predict future behavior from past behavior (and often other cues, whether rational or not).
Trusting an organization is a category error. You cannot trust something composed of people who are regularly replaced every few years and who operate according to written rules ("laws") which they are allowed to change.
2) "as I don't do anything illegal, they won't care" - This is a fallacy. First, they can absolutely harass you even if you end up winning in court eventually. Second, what is legal and illegal changes over time. Third, plenty of things which are illegal (wrong according to legality) are not wrong according to morality (they harm no-one) - they are just illegal because humans who feel the need to control others wrote down a piece of text describing punishments for them.
3) Plenty of countries have stupid laws.:
Example 1: it's illegal to approve illegal actions - which basically means you can't ever argue for to change the law to make something legal because you'd be approving it. Usually it's not enforced as such but given how the law is often phrased, it often can be.
Example 2: it's illegal to endorse the use of violence - this is the stupidest law there is:
- It is by definition contradictory because all governments base their power on violence[0] so according to this law you can't support the existence of the government itself.
- It's contradictory in how it treats historical and current actions. You are free to celebrate the assassination of Reinhard Heydrich, The French Revolution or Us independence, even though they were all violent actions - they were morally good but illegal under the laws at the time. But you can't say that current dictators should be killed. A friend got a warning from reddit just yesterday for saying not that a certain dictator should be assassinated but that he should be sentenced to death and then executed by anyone in a position to do so.
[0]: The government has such a strong monopoly that the violence just needs to be implied and most people will submit and the rest are used as examples "this is why it's stupid to fight a cop".
> A friend got a warning from reddit just yesterday for saying not that a certain dictator should be assassinated but that he should be sentenced to death and then executed by anyone in a position to do so.
A lot of social media today will sanction you if you say such things as "it's ok to punch a Nazi". But won't sanction a Nazi for saying things like "white replacement theory".
Yes, it's simple pattern matching. But they are gonna get better though, there are people working on using LLMs for surveillance right now.
AFAIK it was automated, she appealed and won. But it has a chilling effect on people and some won't bother appealing. I'd do it anyway just to waste their time because they have to use a human to review.
Corporations these days have way more power to control speech than governments just a few decades ago and some people still refuse to call it censorship because they find some obscure definition which says it has to be done by a government.
We will have to fight for the same freedoms as just a few generations ago because people learned nothing.
These things should first be tested for 5 years on every politician and every civil servant, including their families, including their children.
Security researches should be given the freedom to hack that system as much as they can, in order to find security problems, no prosecution guaranteed.
Every access to data should be logged on a public blockchain with pseudonymization of who accessed whose data.
After those 5 years, reports and statistical analysis about the usefulness should be published: how many crimes were prevented, who went to jail for what, who had to go to court for what, with references to the logged data in the blockchain.
Then the public gets to vote on if they want this or not.
The issue I have with this proposal is that politicians won't change their behavior. The optimum politician is an absolute pragmatist without any moral values. That is what you need to be to succeed in a federalistic democracy.
Regarding Chat Control: Do we know who is lobbying for it so much? Maybe journalists should focus on finding dirt on the lobbying organizations, so that everyone knows about them.
Oh we know who's behind it: a Hollywood celebrity-run charity that shadily hired multiple high-ranking Europol politicians.
Their whole deal is to convince legislators that scanning every image on your device for CSAM is absolutely necessary (https://www.thorn.org/) and then selling a tool to do that to companies (https://safer.io/).
If it's legally required, what else are you gonna do but go to them for a "solution"?
Total surveillance, which we are talking about here, is extremely damaging to the subject, eventually all their dirty secrets will be out, legal and illegal.
I also argue that allowing the state to monitor its citizens fundamentally changes it closer a state I don’t want to exist. Nothing good can come out a surveillance state, no matter how small.
The problem is that _we don't want every crime to be caught or solved_.
The worst thing that could happen to freedom is that the system would actually work as advertised. Because then resistance would be impossible.
If a government is so powerful they can stop even just 99% of crimes, they are so powerful that people can't rise up against it. At that point it's only a matter of time until authoritarians get elected and get rid of elections. The probability is not 0 which means it'll happen eventually with a probability of 1.
We need to be able to resist. Look at how many democracies were created by violent revolutions. How many bad people had to be killed before they stopped trying for a while. How many bad people had to be threatened with being killed before they gave up power "voluntarily".
You think the Velvet revolution was peaceful? Imagine you're an asshole who oppressed 10M people for years until they got fed up and 1M of them are now in the square right in front of your eyes, angry and shouting. What do you think is gonna happen if the implied violence materializes? How many cops do you need to stop 1M people and how many of those cops are actually gonna turn their weapons against you too? The real power is always held by men with guns (and these days with drones).
Or look at Syria. You think the cunt in charge fled out of goodwill to stop the bloodshed? No, he fled because he didn't wanna end up bleeding out on the pavement and then be hung up at a gas station as a temporary flag of freedom.
We need to be able to resist and that includes being able to talk about violence, even promote it when the violence is just (not legally but morally). We need to be able to make people angry, to promote hate against injustice. And we need to be able to organize without the government knowing until it's too late for them. And yes, those abilities will be used by bad people too but that's the price we need to pay.
Drop the “chat” and just call it “control”. The current proposal is so vague it would cover anything with online sharing/syncing people can sign up for. Any SaaS, any app, any service. Chat, email, file syncing, todo lists, doesn’t matter.
I am pretty sure now that this ChatControl thing is the result of the EU being unable to setup an US type NSA/echelon type stealth mass surveillance system.
They might have gone so far to have paid for an implementation but it didn't work (like the EU search engine, cloud or whatever) because they are really incompetent.
So now the solution is to do it in the open, just write a dystopian law and force it through the fake parliament. Our only hope now is the practical implementation of ChatControl will also be in practice ineffective.
We are not really living in 1984 or Brave New World, in the EU we are in the 1985 movie Brazil.
And what people in western, democratic world think about it? That this is just fine? I live in autocratic, almost dictatorship regime country and for the past 100 years we've just gotten used to the idea that we don't have any rules here. But I thought in EU and US things are different. All these news stories about Control, UK surveillance, age verification, all this stuff with no significant reaction baffle me.
I live in the United States and it baffles me just as much, trust me. Fine, maybe I didn't have the biggest expectations for the general public, but I really expected the Internet to react much more viscerally to what is happening. In the past, the Internet was much more defensive about Internet policing that was significantly less dystopian. Now, it feels like no matter how rapidly things decline, it's just another Tuesday; most people are unwilling to make any sort of sacrifice or risk for any cause, and nobody (including me, I guess) is really sure what to do anyways.
It really wasn't that long ago that we were all talking about SOPA.
This is, ironically, one of the reasons we need a more decentralized public square.
Large gatekeepers get flack from politicians if they allow "the wrong people" to organize. First they claim there is a huge problem with terrorists/nazis/pedos/etc., maybe even find a couple of real instances of those things, and use that to demand that the gatekeepers Do Something, i.e. set up a censorship apparatus.
But the modern ones are subtle. You don't try to read something and get refused, it just goes to the bottom of the feed where you won't see it. Take advantage of the human failing that busybodies will take petty satisfaction in causing harm to strangers they've been told are their enemies. Let them issue false reports against anyone pointing out the emperor has no clothes. Have the algorithm take those reports seriously, with useless or non-existent customer service that can do nothing about adversarial report brigading. Make it known that this is what happens to people who don't toe the party line so people self-censor and people who don't get shadow banned.
It's an assault on the ability of the public to defend itself from bad ideas.
Additionally, keep in mind that controversial laws or proposals, at least in France, are often announced or passed during summer vacation when people are away, limiting scrutiny and attention.
> And what people in western, democratic world think about it?
People are usually asked to 'think about the children'. Pedophiles, drugs, suicides, self-harm, cyberbullying; and whatever other horror stories the media has at hand. This maneuver is usually sufficient to neutralize the opposition.
In my country that has managed to free itself from communism just 35 years ago everyone I know opposes it.
Politicians from countries like Germany have tried to make EU decide things like this on the "majority principle" for ages (because they know they can bully smaller countries into submission), but we still have the consensus principle.
Every country has to agree. So it takes only one country to put a stop to it.
> In my country that has managed to free itself from communism just 35 years ago everyone I know opposes it.
That tends to confirm my feeling that people in countries that have not suffered from tyrannical government for a long time have forgotten the value of privacy and freedom of speech because they have not seen the consequences in living memory. This is coming when the last of the people who remember the pre WW2 era are dying. Dictatorship is no longer part of living memory.
There has definitely need a cultural change in the UK in the last few decades. People have far more trust in the system (government and big business) or have learned helplessness (in a recent discussion about privacy people told me I was naive to think I could stop my private data being collected anyway so should not bother trying). This was in the context about what people say about their kids (specifically education, mental health, family problems) on Facebook.
> Every country has to agree. So it takes only one country to put a stop to it.
A lot of pressure can be brought on bear on any one country by the rest though.
The government of a country may not have the same view as the people. When the UK was in the EU the government pushed EU surveillance regulation, IMO so they could then then say it was not their fault it was introduced, they had to follow the EU directive (many years ago when there was strong public opposition to more surveillance).
That tends to confirm my feeling that people in countries that have not suffered from tyrannical government for a long time have forgotten the value of privacy and freedom of speech
I think it is more complex than that, see Hungary and Poland (though Poland is a bit on the rebound).
The problem with the consensus principle is that it will always be profitable for the Putins and Xis of this world to pay off an Orban or Fico to block EU decisions they dont like.
Which is why I am for majority principle, even though I am from a small country that would lose out on power. Countries still can leave using article 50 if it is not palatable for them.
Given the state and amount of lobbying, I'd rather have some good stuff blocked due to lack of consensus, than more of this anti-democratic nonsense approved because Thorn and the EPP are buddies.
I think that the dictate of majority is one of the worst things about "democracies". As for buying politicians for a purpose - the whole of the EU looks like US lapdog.
> But I thought in EU and US things are different.
Different indeed.
Privacy is enforced through compliance and civil court actions. In 2018, one of the largest actual data breaches at the time (~300 million customer records) netted about $0.25 per record in penalties, after several years of lawyering. ($52 million (US)/$23 million (UK)).
The EU makes more money fining companies for policy violations:
A €1.2 billion ($1.3 billion) fine was imposed by the Irish Data Protection Commission (DPC) for transferring Facebook users' personal data from the EU to the US in violation of GDPR.
There are no rules in the US anymore either. We just pardoned 1500 criminals who tried to overthrow the government and kill representative.
The President is accepting bribes (Paramount, Disney, Twitter, Facebook, Apple) and he is being allowed to use power that constitutionally is suppose to belong to the Congress.
I tried I2P not so long ago and was quite impressed by the design decisions and the quality of the technology. It's truly an amazing piece of software that covers basically everything you need for a distributed network.
The only thing missing is actually the community and usage, because the technology has a network effect, and more users with stable routers provide faster and a more reliable network. So it's indeed slow at the moment. I highly recommend giving it a chance and playing a bit with it. Even for non-anonymity and security cases, it's fun to play with hole punching, global addressing by public keys, and stuff like that, which you can see in things like Iroh and libp2p.
It provides a simple universal SAM interface and libraries to work with it to plug other apps.
I2P doesn't have exit nodes like Tor, so it's essentially the same thing as running a Tor relay from an outside perspective, with a few positive differences.
I2P is mainly an overlay network that routes traffic only inside the network. The upside is that providers won't ban your IP for participation if you run a node. I know that with Tor, many datacenters/CDNs don't care whether it's a relay or exit node and will blanket ban all known IPs of the network. You also won't attack someone on the clearnet or somehow participate as a scapegoat in clearnet crimes.
I've never heard about any consequences for running non-exit relays in Tor, though if you're in a country that strictly punishes usage of any anonymous technology, that might be risky anyway.
I2P has several commercial "outproxies" that proxy traffic to the usual internet, but that's not the intended usage and it's not enabled on typical users' routers.
UPD: Anyway, if you feel uncomfortable sharing others' traffic and want to only use it as a client, you can disable transit traffic completely in both Java and C++ implementations.
Is it possible to make an encrypted messenger app without a central authority? Like BitTorrent magnet links. We all share the messages to support the network bandwidth, but can only see the messages which pertain to us? From my really novice understanding of cryptography, this should be possible. And it seems like the only privacy focused solution for the future.
Once upon a time, prior to Microsoft or eBay purchasing it, this is what Skype was. It required a set of central instances to be supernodes to facilitate discovery, then each client communicated with others directly. And IIRC any client up long enough and with sufficient compute and bandwidth, could become a supernode.
Skype and iChat both did direct client-to-client communication. Skype was bought by MS, and Apple got sued by a CIA front company over iChat. The result was the same both ways: all comms started getting routed through a central server that could log metadata.
Historically, source IP was a lot more readily available. Every IRC user's source IP was visible, every UNIX login session's source IP was visible, and lots of people hosted their own websites which meant they saw your IP address there too. The implications of it used to be more like having an email address from a specific university. Skype happened relatively early in the world of online privacy.
I don't understand why obsolete technologies by MS are often upvoted on HN and become the first replies, while the corresponding working, decentralized technologies go to the bottom. Matrix exists and has a preliminary P2P version [0,1]. Other messengers were also mentioned in the comments here. Another example of such tendency is here: [2].
https://chatiwi.com/ seems to be the only real e2e encrypted chat without installling an app (can check the network and source code as it’s just JavaScript)
Yes,it is possible to create a p2p encrypted messenger without any central node. It is even possible to have a relatively good UX in it.
What's nearly impossible is to make it easy and popular among "normal users". Onboarding would be pretty involved. Adding your friends to the contact list would require jumping through a number of hoops. Having several sessions open (phone and laptop, typically) would not be trivially easy, and synchronizing between them would not be very easy, or automatic. Also, forget about push notifications.
It might be far easier to run an instance of Matrix, or whatever Jabber server, etc, on a private host, with full disk encryption, and only accessible via Wireaguard. It's not hard to set up fully automatically from an app; see how Amnezia Proxy does that.
It, of course, will have a special node (the server), but it's definitely not a public service, and it cannot be encountered by accident. It of course would be limited only to people you would invite. Should be enough for family, friends, a small project community, and other such limited circles. It would not require much tech savvy to set up.
But a grand social media kind of network, like FB or Twitter, can't be run this way, because the UX friction would inevitably be too high for a lay person to care.
Why would it be illegal, if I'm not offering it publicly? Is running a VPN between my family computers illegal? Is ssh-ing onto a host and using the talk command illegal?
I suppose only public services, advertised for new users, are the target of the "chat control" directive. You can't join pseudonymously. But joining my VPN-based chat server would require being my acquaintance; should I ask an ID from a person I met at a pub? If so, should I ask their ID before I engage in a small talk with them in the pub?
I don't trust the rhetoric or the motives. Which brings me to the following questions:
Do all of your acquaintances even use VPNs? Because 97,56% of mine don’t. So it's not about you and your friends.
But lets assume for a moment that it's about you and your friends... If this law goes through, what’s to stop them from pushing through a series of follow-up laws forcing every VPN provider include backdoors? Who’s going to stop them? Why stop them? By then, the public will have already given in. No one will care if you or your friends are sentenced to 25 years for using a “non-compliant” (read: secure) VPN. Do you have _something to hide_?
In five years, any provider without a backdoor could easily be branded as “insecure.” We’re already living in a world where words often mean the exact opposite of what they should. Why would this be any different? And from my PoV, why take the risk? Children need safe ways to communicate as much as adults.
The world has more than one country in it. People in free countries have the right and duty to create technologies to the benefit of people in authoritarian countries.
The people in the free countries don't have to physically go somewhere. You do this over the internet, e.g. writing code and publishing it for others to use.
If you live in one of the authoritarian countries and it pretends to be a democracy to a sufficient extent that voting can actually change things, try doing that. If not, your options are pretty much "apply for the passport" or "sharpen your weapons".
There are different solutions with different levels of decentralization. Briar is peer-to-peer. Matrix has servers but in a federated model, so there is no central authority but in some sense each server is an "authority" for users on that server.
Well, conversely, if you figure you have already lost anyway, why not try the technical solutions?
We've tried the political solutions for so long, but this thing just keeps coming back. We have to put our lives and day jobs on hold to push back against this, while the authoritarian camp's agenda is carried by people for whom advancing it is their day job. Therefore it costs them nothing to try over and over again, and they only need to succeed once.
I mean, we enjoy workers rights only after decades of violent protests and many deaths, and yet they are still constantly threatened, because its is a nature of power and politics.
But pro-privacy people consider writing a petition a peak of political struggle, and when it fails it is over for them.
> If you try combat political issues mainly through technological solutions, you have already lost.
This is what people say when they're afraid that technological solutions would actually work.
Technologies have a network effect. If the rest of the world is using a technology which is resistant to censorship or surveillance, any given country will have a harder time banning it, and those technologies defend against governments that violate privacy rights in secret even when the law prohibits them from doing it.
Build privacy into every internet standard and protocol. Make it seven layers deep with no single point of compromise. Make attempts to break it an exercise in futility because it's built so thick into so many things that stripping even a piece of it back out would break the whole world and still not compromise the security of the system.
Is it really? I can think of approximately one political battle the tech crowd won (the Crypto Wars), to dozens of lost ones. Meanwhile, the battles where a strong technical solution was fielded are looking fairly good even when the political side was surrendered with nary a fight - I can still easily torrent most books and software, download scientific papers, emulate modern consoles and securely exchange data with people in any country less locked down than North Korea.
The cliché about how you should not approach political problems with technical solutions is recited all the time in these threads, but nobody ever presents evidence for this claim. It seems like a meme that is disproportionately useful for those who are confident in their abilities to win any political contest.
> I can still easily torrent most books and software, download scientific papers, emulate modern consoles and securely exchange data with people in any country less locked down than North Korea
You can also go to jail for any of the above, should your particular government authority decide to throw the book at you.
Technical capability is necessary, but rarely sufficient.
Although the chance of getting a large fraction of the population to use a decentralised censorship resistant messenger is low, it's still higher than the chance of somehow stopping the Eureaucracy from continuously pushing authoritarian policies.
What does that mean? I thought that commissioners were nominated by governments of member states. Similarly like they nominate ministers inside those states.
Maybe https://delta.chat/en/ : completely decentralized as based on email infrastructure, e2e encryption, easy registration without providing personal data.
You have a spectrum of options going from centralised (Signal, WhatsApp, …) to federated (XMPP, Matrix) to P2P.
In my opinion, federated is the sweet spot: you do have to trust the server with your account management, but that server can easily be yours, or one you ethically align with, and through it, you will be able to talk with anyone on the network.
P2P sounds great on the surface but in a mobile-first messenging world, that comes with practical tradeoffs in bandwidth and battery consumption, unless you offload discovery and push to trusted servers, at which point you are back to federation with more steps.
The problem I see with decentralized protocols is that node owners can easily be spotted, and then crushed under legal constraints that will make them more insecure than a strong multinational who's there just for profit and can balance legal fight for a relative privacy with it's own interest in protecting its customers.
Don't you think that it makes them obvious high-value targets? I mean, that's not even like this profusely pragmatic take has no precedent in the real world: the Snowden revelations showed that all major tech companies were in bed with the NSA to spy extrajudicially on everyone. It's a leap of optimism to think they would "fight legally for its own interest in protecting its customers".
Then, compare that to the low-scale/low-value/hobbyist/residential service providers. How high do you think the chances are for a malicious state-actor to "corrupt" many service operators without it widely being known and publicly dealt with? There's also a deniability dimension to this: XMPP uses OMEMO as a zero-knowledge encryption scheme: whatever the users are doing is none of the operator's business, and the choice of encryption scheme and implementation is purely a client-side affair, so now you are no longer dealing with "reluctant" operators, but potentially millions of end-users using strong encryption. And that is assuming the server is operating in the open, but nothing prevents service operators from offering it over tor (with very little impact on the end-user-side), further raising the bar for the malicious state actor.
You can send encrypted email. That's how email already works.
You can also send encrypted messages over any other medium. You don't need the messenger app to encrypt your messages for you.
One of the common arguments that PGP is bad is that it's "inevitable" that someone will send a message in cleartext, defeating the whole purpose of encrypting your messages. I don't understand this. The fact that this is possible to do is obviously an artifact of the idea that the user should be unable to tell whether the messages they send and receive are encrypted or not. Do the encryption and decryption yourself, and this is not a mistake it's possible to make. Don't confuse the encryption, which is something you do, with the delivery, which is something the channel does. The point of encryption is that the channel can't be trusted!
You can encrypt the email content with PGP or Age, sure. However, metadata such as the Subject line, sender and receiver are in plaintext. Lavabit fixed this, but requires money. You can use i2p tools to fix this too.
If you can agree with your communication target on a common DNS server under your or their control that doesn’t respect authoritative DNS servers, and both of you can securely connect to said server, then you already have a continued, trusted communication mechanism that you may as well use for your communication. You’re just arguing a pretty pointless technicality.
> If you can agree with your communication target on a common DNS server under your or their control that doesn’t respect authoritative DNS servers, and both of you can securely connect to said server, then you already have a continued, trusted communication mechanism that you may as well use for your communication.
Why? It can easily be the case that that traffic is observable by outside parties. You'd still need to encrypt your communication.
Connecting to the DNS server "securely" doesn't really get you anything except some DOS resistance.
If I know Marisa's public key and Marisa knows Omar's public key, she can sign a message to me saying, "Omar's public key hash is c2ecc3b9b9eb94dcafe228f8d23b1e798597d526358177c95effa6bc0ded3a35". I can then use that key hash to authenticate messages from "Marisa's Omar". If she gives Omar mine too, he and I can set up a private channel without further involving Marisa.
Hopefully we aren't just talking to Marisa's MitM proxy. If other mutuals also know him as "Omar" then I can ask them for his key too, and if I get the same response, I can have more confidence that Marisa isn't playing that trick on us.
Never total confidence, though. You need some way to bootstrap a non-MitMed connection; no evidence can ever prove conclusively that you aren't a Boltzmann brain floating in the post-heat-death void, or Descartes being tricked by his evil demon that controls all his perceptions, or Neo in the Matrix.
But meeting up with one of your friends in person once to exchange either public keys or a shared secret, even before you start using the system, can go a long way to ensuring that you are all actually enjoying privacy.
actually though? storing a very small but important info (public keys, domain ownership and such) would have been a perfect use case, which also keeps the chain small...
The new version of Bitchat (from Jack Dorsey) is interesting: it's a chat over BLE mesh, but says that it'll continue the chat on the nostr infrastructure if two (in principle anonymous) participants fave each other in the app. Haven't had able to try this out yet.
Are politicians really exempt? Must be some really high profile pedophiles, or pedophile supporters between them, like those in the Hungarian government - they support this by the way.
IIUC, no, they are not excempt. Certain professional contexts are excempt from surveillance, including political work, police work, military work and some corporate work. This is intended to prevent state or corporate secrets to be subject to surveillance.
I am not sure how it will be implemented that politicians are only excempt when texting about work. It seems like any implementation will allow politicians to avoid surveillance by using their work phone.
EU logic: Want to centrally track users with personally identifiably information? Great! Want to store anonymized data with local cookies, that the user can delete, disable, or doctor at any time? That should be heavily restricted with constant intrusive warnings.
Local governments all over the EU tried to push internet surveillance for a long time. Today, apparently the political landscale is ripe for their success.
Considering the endurance and BS justifications they brought up for so long tells me, there is a is a coordinated effort behind the scenes going on for decades now.
Dissmissing it with incompetence, like "EU logic" is naive, imo.
I have the same opinion, but I can't think of who or what would be pushing for that?
Unless it's just the US and NSA again actually somehow having trouble with bypassing encryption? Like just push the EU to do some more spying that the US/NSA can then use to see more? I find this somewhat hard to believe since in my mind the NSA is on every US server and can probably just get unencrypted everything from spyware (the OS itself) on all end-points.
Maybe governments/humans simply eventually naturally pivot to power grabbing and this was going to happen all along everywhere?
It's also not an EU-only thing. It's been happening all over the west, partners of the US and even outside of the west: UK, Australia, Colombia, Mexico, the Koreas, China, Russia, etc.
Our own governments are pushing for it, simple as that. I live in Spain, and both left and right parties, and to a lesser degree their voters, are increasingly leaning authoritarian and tacitly agree to extend surveillance; the police and specially the gendarmerie lobby for it as well.
So our parties are drooling at the idea of extending surveillance by EU directive so they can point fingers at the EU instead of risking losing votes.
It's no surprise to me, then, that in the document leaked to Wired in 2023[1], our country's position was the most extreme:
> In our view, it would be desirable to legislatively prevent EU-based service providers from
implementing end-to-end encryption.
There may have been external lobbying, but it wasn't necessary.
> coordinated effort behind the scenes going on for decades
It's an open conspiracy among the global ruling class, including people and organizations collaborating at places like the World Economic Forum and Bilderberg meetings. *Adjusts tin-foil hat.*
The interests of the rich and powerful are aligned to coordinate an international effort for more surveillance of the public, control of information flow and communication. It's part of the rising tide of authoritarianism and frankly fascism.
I could call the recent right-shift in the west a coordinated effort too and in many cases, this would be a decent explanation, catching private media outlets, biased and centralizes social media, spineless populistic politicians and the donor class behind them but ...
Some cases are much more benign. Like the police, only seeing their need for more privacy invasions to achive their goals, meeting a tumbling elected politician with the need to pose as tough on crime. Both sides ignore anything beyong their horizon. Here, you have good old incompetence, esp on the politicians side. Pair that again with the populus feeling the need, that something drastical has to be done and you would have an alternative explanation.
As sad as it sounds, but a fascistic government, comming out of a democracy is not a failure of democracy. Many people dont care about big topics, correlations and history repeating itself. They are willing to sacrifice rights, piece by piece, others have fought died for. Besides a lack of governmental transparency, this ignorance, small and large scale, and its todays normalization are the problems i see here.
I cant help it, but i realized first hand (as i assume, many others did too) that this ignorance is often more than just a small mistakem done by individuals. Today, i see it as a cognitive deficiency.
Take one extreme for example, flat earthers. There are many simple physical experiments or celestial observations one could do, to conclude, that the earth is a sphere, but not for them. Confronting FEs with contradictions will only lead to reactance (ad hoc rejection), no matter how polite or enduring you are or striking your arguments are. I know this first hand. If you are lucky, you might encounter and open state of mind that struggles with the cognitive dissonance, you have induced, but only for a short time. Having lasting effects on some strongly biased mind resembles something like a long term therapy: an open mind / willingness for therapy and regular confrontig sessions. If all those self proclaimed critical thinkers were able, to not only change their minds on a whim but would actively seek contradictions in their believes on their own, the world would be a much better place. Can you tell me any historical atrocity commited by societies, where some believe about a superior truth or some absolute good/evil was not at the very core of it? I cant.
The same biased reasoning about a superior truth can be found in modern politics today. In essence, its people rallying around some vague group identity or against some other group (in/out group characteristics) and irrationally attack/discard $symbol criticism as if its fight-or-flight time because the apes survival dependeds of the tribe. MAGA accolytes could realize them selfs, that 1st gen. mexican migrants have a significant lower crime rate and thus crime emerges from within the US, but they dont. It doesnt cross their mind 0, that someone willing to migrate is also willing to work for a stable future. Instead, they rally arround "mass deportation" and will post hoc rationalize any atrocity of their supreme leader.
After Nazi-germany lost the war, the tribe was shattered and it was tabu to speak about or do $symbol in public. For a brief moment in time, it looked like the populus could actually learn, that history is not a loop but even though most AFD accolytes agree on the evil atrocities of that time, they still fall for the nostalgic unity strength and role model of it, they would like to see "tribe great again" and absolute evil being dealt with and ignore anything beyong, including your well-meaning, factual arguments. So why even try?
I cant help it, but i think changing the message to a primarily emotional one might be a better strategy. I am not saying we should ignore factual arguments but since disgust towards out groups can be such a strong source of bias, why not use it against them and make xenophobia disgusting again, like its 1945.
I like Gavin Newsoms recent trolling and hope he doesnt degrade into simple insults only. He does, what is neede, wresling with a pig and i think we all should convey the same derogatory message, while the communication channels are still unfiltered. The other side does not want to have a truley open discourse, they want us to be silent.
I know, this can be seen as inflammatory and counter productive but i think the polite approach is even more futile.
a fascistic government, coming out of a democracy is not a failure of democracy. Many people don't care about big topics, correlations and history repeating itself.
i disagree. people not caring about important topics is a failure of democracy. one issue is the reason why they don't care. in many cases it is the feeling of being unable to influence change. and that most certainly is a failure of the system.
my conclusion though is that it isn't a failure of democracy itself, but rather that it makes the system less democratic.
I was more so mocking the security theater in the GDPR, but now I see your frustration with how activism works in EU policy making.
Because of the circumstances under which the USA was federated, we have done pretty strong systems in place to prevent local activism from having a national impact.
It doesn't prevent the federal government itself from surveiling the population (e.g. the Patriot act and everything descending from it) but at least if something is legal in a state, companies in that state can generally transact with residents of any state. (for example: https://en.wikipedia.org/wiki/Marquette_National_Bank_of_Min....)
EU logic is only government should be able to track personal information
US logic is only billion dollar companies should track personal information
Personally I prefer the former as governments will spend my tax money on getting the data from the billion dollar companies anyway, and those companies will exponentially monetise it because they are required to
Not that the US government doesn't constantly spy on its citizens, but I'd much rather businesses do so than the government.
When I open a bank account, every bank is legally required to forward my personal information and transaction history exceeding $600/yr to the federal government, and there's nothing I can do about it.
I don't have to have a Facebook account or credit or debit card (and I don't have any of those) so I only get spied on by businesses I choose to deal with. Not only that, but most businesses I deal with give me a 3% discount when using untraceable cash, instead of payment processors.
On top of that, when businesses get out of hand, customers choose to support a new business and the old one fails. This can be financially detrimental to those invested in the business, but it is much, much less bloody than when the same thing happens with a government.
I guess that makes sense when you are part of the power wielding majority. but as someone who isn't, it's absolutely better for private corporations to have my data than governments. Sure, private corporations will end up giving said data to the government if required, but it's at least a step removed. And Facebook can't put me into MetaJail using MetaPrivatePolice (yet), whereas the government absolutely can.
The EU lets you store whatever you want in cookies as long as they are truly anonymous (do not contain unique identifiers.) What you call "anonymized data" is literally the opposite.
The term "anonymized data" is a bit jargony, but tracking everything a person does, but not storing the name or address of the person meets the definition most organizations use for "anonymized". It's very far from "anonymous".
Anonymization is a process which removes identifying information from data. Adding unique identifiers is the opposite of anonymizing data. A selection of the data stored in cookies might not contain any PII, but it still can't be said to be anonymized.
No chance in hell my country agrees to it (despite the darling of EU being the current prime minister). It is still a minority government and both the president and the people oppose it.
It will die this time and they will try to bring it back in 2 years time.
One thing I do not understand is why people in Denmark allow this to happen. Where are the large scale protests against the party that brought this zombie back to life?
I wonder what the chances are that the ECJ could look at employing actions for annulment against chat control, if it is passed. It is possible for private individuals to ask the court to annul an EU act that directly concerns them. So even if governmental structures across EU does not want it challenged, the issue could still be brought to the court.
DSA was pushed by the very controversial Thierry Breton, former CEO of Atos, then European commissioner for the internal market, now on the advisory council of Bank of America.
Atos btw is the company that leads in receiving money to construct Europe's virtual security infrastructure.
But the proposal was ultimately supported by a substantial majority in parliament, led by the christians, socialists. liberals and greens.
> DSA was pushed by the very controversial Thierry Breton, former CEO of Atos
It's a clown show, that "French Big Tech company" Atos stock price went from 10000 to 40 euros in 25 years [0] and is now being sold into pieces because it has 5B debt [1] and is hopeless .
I heard him talk once on youtube he is a total moron.
> Atos btw is the company that leads in receiving money to construct Europe's virtual security infrastructure.
Great if those type of people are in charge there is nothing to worry about. The only downside is the Internet might get slower in Europe.
At the end EU citizen might just be told to put the EU in CC of every messages you send, invited to every chat group, and tagged on every social media posts. If you don't you go to prison.
I mean during Covid the french gov mandated them to print and fill a new form every time they took their dog out to pee. So that is not far fetch.
Its board, as well as boards of the related orgs, is crawling with ex-State guys, even some CIA assets (most recently Fernando Ruiz Perez) etc. They're in bed with WeProtect (State Dept) as well as McCain Institute guys. The connection is not obvious, but see this as starting point https://balkaninsight.com/2023/09/25/who-benefits-inside-the...
What's telling is the fact that they never targeted the U.S. and U.S. policy-makers EVER, despite being mostly Washington guys with lended tech credibility of SF VC's.
"As of July 2013, Thorn is in talks with leading internet companies (Facebook, Microsoft, Google, Twitter and at least three others) to collaborate on creating a database of millions of child abuse images on the web."
So if one messed up person likes that stuff, I guess they might aim towards working there?
If this has the effect its proponents claim it will, it seems like substantially the larger outcome of this will be that government agents will be reviewing people's sexts. They say that false positives are rare, but how often is it okay for the government to be reviewing peoples' sexts? I found it a little hard to get concrete info on how exactly their image hashes work, but it sounds quite literally that if you've got a couple of young people (whether teens or twentysomethings) who are sexting, and their sexts look a bit like some piece of "known CSAM" if you squint, then a government agent will review it and possibly harass them.
Seems like eventually the law will get some poor girl killed when the authorities contact her parents about "CSAM," discover that it was the girl herself who took the picture and sent it to her boyfriend, her dad finds out she was having sex and does an honor killing.
But we're just supposed to trust that these image hashes have a small false positive rate, when there's no way to have transparent review without making it easy for adversaries to avoid the scan.
Even if they have a small false positive rate, the absolute figures will be staggering. 500 million people and all texts are being scanned, with more than 99% not being CSAM.. you do the maths..
Isn't democracy rendered impossible with laws like this?
I mean, if slavery was still legal or LGPT still illegal, would the government have been able to use this technology to smother political movements before they ever start? Wouldn't the government be able to add client-side scanning for words or phrases they don't like (not just images of child abuse)?
For democracy to work at all, people must at least be able to freely discuss there contrarian thoughts amongst themselves, even if they run contrary to the ruling party's wishes. I did not expect the cradle of democracy to be the one to kill it.
Start with protecting children. Then something about misinformation. Then about defending democracy. Then about stopping terrorism. And soon you can escalate your authoritarian policy to just about anything.
This is why having the structure of fundamental civil rights, like in the US constitution, is important. I’m surprised the EU doesn’t seem to have such protections for free speech and privacy and against warrantless surveillance.
Between FISC, the Patriot Act/USA Freedom Act, and such it doesn't seem like the US constitution is doing a good job at protecting anyone. There is a long wikipedia article named Mass surveillance in the United States, but not yet one for the EU.
I don’t disagree. But there is still far more protection for free speech in the US than in the EU, where wrongthink is not acceptable to the powers that be. It is a huge regression and for some reason, culturally Europe seems to be modeling itself more after China than the US, with whom it shares more history and values.
i have lived in all three places (15 years in china) and i have to respond with an empathic no.
what we are seeing is that thanks to social media, more discourse is public. which leads to more prosecutions. that is not a regression. that stuff has always been prosecuted. and they go against hate speech, not wrong think.
hate speech is no clearly defined, so maybe we need to talk about that. wikipedia translates the german term "Volksverhetzung" to "incitement to hatred", but that's not actually a good translation, because it rather means "incitement to hatred against a whole people". besides that here is strong language directed against individuals that is designed to hurt them. in germany that is defined as insult to your honor or dignity and incitement to violence. the devil is in the details of course, and there are many expressions that are borderline and depend on context. but i think we can agree that such speech is generally not wanted. whether it should be punished is another question, but in my opinion "wrong think" goes way beyond what i described here. one topic that does go beyond hate speech that may be problematic is expressions that threatens the democracy. i couldn't find any good examples for that yet other than democracy being threatened by radicalization, polarization and political violence. so presumably anything that leads to that, most of which is already covered by hate speech.
I don’t agree with that. Inciting violence is wrong. Lying is wrong. But pointing out crime figures of for example the imported migrant Muslims is true, yet also hate speech?
I think we’re far beyond hate speech being thought crime. It also means you can’t be honest about your reasons or viewpoint, thereby poisoning the public debate.
i can't comment on specific examples without knowing more details about the context and what actually happened. the problem in such cases is often that crime figures are cited in isolation without comparing them to local crime figures as if there was no local crime or ignoring the fact that a lot of "crime" by immigrants is violations against immigration law. something a local can't possibly violate. i understand the same thing is happening in the US. so yes, if you twist statistics to deliberately make immigrants look worse than they are, then that is hate speech.
if that is not what you are talking about then we will have to look at he actual numbers being pointed out and the message they come with and the response to that.
The problem is that already some countries, including Germany, are not reporting on the background of criminals anymore because it could lead to hate speech.
Customs officers everywhere have almost unlimited discretion to deny entry.
While I think the Vance meme reflects very poorly on my country, it is always advisable to remember that you have very limited rights in every country while crossing the border and that it best not to piss off the officers. Travel StackExchange is filled with Q&A’s about how to what to do when the customs officials of various rich countries apply their discretion to deny entry, often for reasons even more petty than having a meme.
I have long campaigned against Fourth Amendment violations in the US, but to compare the US and the EU is laughable. The difference is night and day in every aspect, from constitutional rights to privacy (virtually worthless in most EU constitutions vs quite broad in the US) to practical surveillance (far deeper and broader in the EU) to court requirements for access for typical requests (commonplace in the US, rare in the EU.)
As an example of one of those points, the US right to privacy was long considered so broad that it served as the _foundation of the right to abortion_ in the US for decades! By contrast, to pick an EU example, the Dutch right to privacy is so weak that it is quite literally written into the Dutch constitution as “except as limited by law”; in other words, nearly worthless.
To compare them by presence of a Wikipedia page is beyond ridiculous.
Your address and phone number are publicly available with a Google search. I've been stalked and had someone show up at my house after moving (and I have zero social media presence) because, for some reason, my personal info was all online and easily found by googling my name.
People can take a video of you, shame you for some random thing, and have your face and name known to millions by the end of the day.
The NSA can access all your online data and share it with whoever they want. Companies do it on their behalf as well. Cops can dig through your car just by saying it smells funny.
A right to privacy somehow was construed as the right to an abortion. But the right to privacy never meant you have the right to keep anything private. In some other countries, you can easily have your data taken down from public view online and sue (and win against) people who violate that right. That's an uphill battle in the US.
American freedom is general is based on “might makes right”, whether that’s the well armed gunslinger in the old west, the lawyered up millionaire in the courts, or the billion dollar company using their freedom of speech to obliterate yours.
Everyone has the same freedom to use their resources to maximise that freedoms to help with where the fiat meets the nose.
Americans have the right to privacy "except as limited by capitalism". For example, your location history and purchasing history are actively sold for the ad industry. No it is not sufficiently anonymized.
FISA and patriot act are very controversial, the EU doing the same thing but far worse isn’t a good argument to stand on merely because the US gets talked about more on Wikipedia and therefore the press (which is one of the primary acceptable sources for a wiki article). Not to mention places like Germany and France did much of what NSA was doing back in the 2000s, often with even more leeway.
If anything censorship and extensive government oversight of peoples lives in EU and UK is far less controversial so there isn’t much of a push back. As you can see every time this comes up on HN where people in the EU defend it.
According to Wikipedia, the Russian constitution mentions the following:
1. Everyone shall have the right to the inviolability of private life, personal and family secrets, the protection of honour and good name.
2. Everyone shall have the right to privacy of correspondence, of telephone conversations, postal, telegraph and other messages. Limitations of this right shall be allowed only by court decision.
Which constitution are you talking about? The one that includes the House of Congress' right to militia to defend the constitution...or the one without that article?
Lately, the constitution of the US is as much worth as toilet paper, because the Trump administration does everything to exploit it using the "invasion excuse".
In Europe, there is the EU charta of fundamental human rights. If they are violated, laws can be fought above country level.
Covid was only 5 years ago can you imagine what people would have used this sort of power for during the lockdowns? How are people's memories so short especially with regards to such a traumatic experience that we all had?
if the framing is “pandemic controls bad because my rights are more important than public health in a global pandemic” it’s not a very convincing argument.
we should stick to actual fact and issue here which is that these tools are bad for human rights NOW. not some mythic pandemic is bad bogeyman
How is the framing of “chat control bad because my rights are more important than saving the kids from sex abuse” any different? I bet you good money you understand the fallacy in my example. I only wish people could see it for things that “their side” championed as well.
> When executing the detection order, providers should take all available safeguard measures to ensure that the technologies employed by them cannot be used by them or their employees for purposes other than compliance with this Regulation, nor by third parties, and thus to avoid undermining the security and confidentiality of the communications of users.
Nudge the door open with child abuse "concern" and then expand to your hearts content later. The analogy of it being like a police officer standing next to you while you chat online to a friend was great. He was joking when he said "lets cancel cars" but it might happen in the distant future. Letting people control heavy projectiles doesnt seem like such a great idea.
When you put "concern" in scare quotes like that... are you saying that there isn't actually anything to be concerned about regarding the safety of children using the internet?
I guess you're right. I doubt there are actually any children being prayed on on streaming apps and the like, and even if there are I highly doubt it has any lasting impact on their mental health.
The problem is obviously real, but a lot of people disagree with this proposed solution. Nobody is trying to argue whether child abuse is a problem or not.
I don't think there's a workable solution that both protects kids and protects society from sliding into 1984.
It essentially feels like a referendum on "should we just accept it?" It being whichever over those you think is the lesser over two evils. Figuring that out is an exercise left to the reader.
Maybe not let your kids unattended on the internet. Require default settings on vendor products to child protected mode, punish parent negligence while in parallel crawl the web for illegal content.
Straw man? It happened to my niece on a streaming app. She was 11. It started out as innocently as "what's that shirt you're wearing? Can you show me?" and progressed from there.
Straw man my ass.
Edit: I'm against the mass surveillance and direction things trending in, but I think either way we are facing a significant negative externality whichever way we choose. Either there's real people suffering real harm, or we're getting screwed by sliding into 1984. Both of those horrible. If we pick one horrible over the other, we're essentially saying "I'm ok accepting this horrible reality in order to avoid a different horrible reality".
I just don't think we can have our cake and eat it too on this issue.
As roer said above "Nobody is trying to argue whether child abuse is a problem or not.". You just built a straw man argument around something that isn't even being discussed.
If it's a given that it's a problem, and that we want to do something about it, then the discussion is what should we do about it? So we have to pick something.
The only suggestions I see are things like Chat Control and things like "how about be a better parent". In practice, neither of these work. Chat Control we lose out on too much privacy and get dangerously closer to 1984. "Just be a better parent" is basically the strategy we have now, and it isn't working. I wrote in another comment what happened to my niece, I won't repeat it, but TL;DR as a parent you don't know what you don't know and your best efforts can go in vain.
Did you really have to add the Israeli thing there?
News flash: every country in the world has an Epstein. Even Epstein has been replaced and a new guy is doing his work. Or does anybody really believe that child abuse among elites in the US and globally has suddenly stopped when Epstein was suicided?
This isn't even epstein, it's an active member of the likud party, but since you've mentioned epstein i guess i should say that the former prime minister of israel also visited his island numerous times and bolster my point. And yeah, it's my moral obligation to include it.
I hate the "protect the children" argument so much.
Birth rates are so low that a lot of people don't even have kids. Why should we preference other people's children to a total invasion of our privacy? Shouldn't those parents mind their own offspring?
Stop putting god and other people's children in my life. That's none of the government's business.
The other point is that people don't even care. Teachers with CP possession don't do any time, just one or two year suspended sentence. Most of the terrorists, be it by bus, truck, gun or knife, were well known to the police ahead of time. Did that stop the attacks? Would more "chat control" change any of that? Fuck no....
It's an interesting argument that with a declining birth rate childrens protection should be less in the picture. I'm more inclined to think that we owe it to the next generation to give them something viable and recognisable as a childhood, and it's communities obligation to raise them. Those who want privacy will usually find it.
> we owe it to the next generation to give them something viable and recognisable as a childhood
Poverty and bad parenting is the problem, not the Internet.
> it's communities obligation to raise them.
I'd favor taxing bad parents instead of taxing the broader society.
If you don't want your kids seeing content you disagree with, don't give them access. It's a parent's responsibility.
I find it hard to believe that this is the top priority.
> Those who want privacy will usually find it.
Increasingly impossible. Privacy is evaporating.
Coupled with the increasing amounts of censorship, freedom of speech is disappearing too.
The next step is to leverage these tools to control the population. It's already happening.
Right now these systems are being used to coerce powerful politicians and business leaders. It's a trap that becomes a blunt instrument.
One day in the not too distant future you'll have to sign in with your government photo ID to make queries or posts online. If you say something "bad", the government will fine you and limit your social mobility. Your jobs, your opportunities, your money will all be suspended, subject to your pending social rehabilitation.
The only way to stop that is to shut it down now.
Sorry that the kiddies might see boobies. Maybe mom and dad need to limit smartphone access or install filters.
If we're being honest with ourselves, we'd crack down on all the rampant sex trafficking in Roblox. But we know that protecting kids isn't the real reason these things are being developed.
What makes you think he is unaware of reality?
He just expresses his demands at this reality, or rather the small part of reality that human society occupies.
I am pretty sure he is aware that the default is rather intrusive - but that doesn't mean that is the right default.
"One of the main characteristics of the society is that its members take business in what other people do with their own lives."
That is your definition of societey, but one I consider close to totalitarian. And yeah, sadly it is the standard, but there are societies that stick together, so each member has better chances of living their own live and not so each members lives the live that the others force them to live.
That's arguably a selfish way to live- where no one cares about anyone but themselves. You would just be people living next to eachother, not a community.
Saying other people may not interfer uninvited in my life is not the same as saying people may not care about me.
I care about other people and interfer in their life, because in the case of my kids, they cannot sustain on their own and they want me as their parent. So there is consent in general about it.
But I am not telling my neibghors that they must wear a warm jacket when it is cold.
(Or that they may not consume porn, to not go to hell)
There is a slight difference between offering help for example and forcing someone to do things in a different way, no matter how well intentioned.
Liberty is good, but individuation and atomisation can break a community if it goes too far. If you don't feel any obligation to the state that helped you what hope do you have for national unity.
Louis makes it sound that its actually for protecting the children but we all know its just an excuse for surveillance, control, and ultimately jailing people for wrong opinions (a real threat in the EU since there is no protection of Freedom of Speech anywhere)
> The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.
October, 2018: "In Europe, Speech Is an Alienable Right: [the European Court of Human Rights] upheld an Austrian woman’s conviction for disparaging the Prophet Muhammad."
>On Thursday, the European Court of Human Rights (ECHR) upheld her 2011 conviction for “disparagement of religious precepts,” a crime in Austria. The facts of what E.S. did are not in dispute. She held “seminars” in which she presented her view that Muhammad was indeed a child molester. Dominant Islamic traditions hold that Muhammad’s third wife, Aisha, was 6 at the time of their marriage and 9 at its consummation. Muhammad was in his early 50s. The Austrian woman repeated these claims, and the Austrian court ruled that she had to pay 480 euros or spend 60 days in the slammer. The ECHR ruled that Austria had not violated her rights.
jailing people for wrong opinions (a real threat in the EU since there is no protection of Freedom of Speech anywhere)
how do you figure that? the freedom of opinion is explicitly enshrined in the german constitution for example. there are limitations, but these are very specific and not arbitrary.
gemany is in fact one of the countries the provides the most protection for your opinion world wide, as long as that opinion is not based on obvious falsehoods (like holocaust denial), or stirs up hatred against a group of people. you can however criticize others and at this point germany provides even more protection than the US.
After a minute of searching... https://www.nytimes.com/2022/09/23/technology/germany-intern... I admit that these cases are arguable but by the same token the police don't have to respond to every mistake with a dawn raid. Even the US Secret Service has more discretion than this.
Not even the multiple cases of an individual doing nothing but call a politician a dick on social media?
> Last year, Andy Grote, a city senator responsible for public safety and the police in Hamburg, broke the local social distancing rules — which he was in charge of enforcing — by hosting a small election party in a downtown bar.
> After Mr. Grote later made remarks admonishing others for hosting parties during the pandemic, a Twitter user wrote: “Du bist so 1 Pimmel” (“You are such a penis”).
> Three months later, six police officers raided the house of the man who had posted the insult, looking for his electronic devices. The incident caused an uproar.
...
> In response to a message by [politician] Mr. Jurca criticizing Muslims, Mr. Mai posted a link to a picture of the mural [saying “Du bist so 1 Pimmel”].
> Several weeks later, four police officers pounded on Mr. Mai’s door at 6 a.m. with a warrant to confiscate his electronics. Mr. Jurca had filed a police report claiming the link to the photo was an insult.
in germany that is covered under insult against the honor and dignity of an individual. i don't know about this case, but this is generally only prosecuted when the insulted asks for it, and in most cases is a civil matter. that the incident caused an uproar shows that the response this case is an example of overreach, but overreach happens everywhere, and is an issue in itself. he question here is, is the risk for overreach more dangerous than removing the law/protection. this is certainly debatable.
The continual harassment of socialist parties by the government, including declarations that any group following Marxist philosophy is necessarily acting towards an unconstitutional goal.
because they are calling for a revolution, not reforms. revolution is an unconstitutional goal. if they believe that marxist philosophy can be achieved without a revolution they better ought to make that very clear. and to my knowledge the treatment of communists in the US was way worse.
there is a difference between individuals calling for a revolution and organized groups that have that in their program as a goal. the latter is not a theoretical threat but one that has historical precedent.
we need to be more specific here. peaceful demonstrations are certainly allowed. it becomes a problem when those demonstrations become violent. suppression would be not allowing these demonstrations in the first place. and if that is the case we need to look at how often that happens and whether the risk for a planned demonstration turning violent justifies not allowing it to take place.
Germany has banned slogans in favour of Palestinian freedom.
do you have any references?
and what do you mean by "government-sanctioned"? reality is that any kind of large public demonstration requires registration and is subject to permission. the question is whether permission is granted to all groups equally, or whether certain groups are getting limited. if that is what you mean then we would have to look at actual statistics. demonstrations in favor of palestina certainly did happen.
> and what do you mean by "government-sanctioned"? reality is that any kind of large public demonstration requires registration and is subject to permission.
In Germany. That's not true in the majority of the democratic world and is not what any reasonable person would call freedom of expression. Nothing that requires permission is a right and civil rights don't require permission.
> demonstrations in favor of palestina certainly did happen.
And the protestors have faced consequences both immediate and in long-tail harassment from the German State.
You don't just need permission for a demonstration in Germany if you plan to block traffic. See e.g. how covid policy protesters were treated. But I guess you agree with those policies so think that's ok.
What are you talking about? I see those (clearly very well funded) protests calling for literal unambiguous genocide of the Israeli people "from the river to the sea" almost weekly in every major train station and city center in the EU (and also China which means CCP gov backs the message)?!
Open jew hate in Europe hasn't been this elevated since WWII.
The result of all of the hubbub over privacy in past years is that many people left more centralized services for other private servers, which means that the government can no longer just ask Twitter for your data and it’s a pita for them.
Once they can read everything again, and more, the next step will be to use your own network, a.k.a. the multinet, which is mostly an advanced form of the disparate networks in the 20th century. Even ARPANET was just another network, which evolved into the B.S. we have today. We also don’t have to use the same protocol stack, routing, etc. We could get rid of name resolution and just use some long IDs.
that's what I am thinking, EU made GDPR that is good move prevent any third party to extract privacy data illegally but still doing it to themselves anyway
I voted for the only candidate that was clearly against this. However, the companies are suppose to do the scanning, not the police. Corporations like Meta already does things like this for sure. The difference is that they now will have to share potential crimes with the police. For Signal it is worse since it can't be added.
for ages I was saying "do not ignore crime that is now allowed to scale and proliferate thanks to e2e" (very much similar to crypto). If you accept this reality and work with the government you can arrive at a decent compromise that is not 100% bad. If you ignore reality and cover your ears and shout "nananana", the government will find a way and I guarantee you it will be a dumb way that undermines privacy way more. News at 11, the government did.
Let's pick our pitchforks up and pretend sexual abuse monetization or human trafficking are not taken to the next level thanks to end to end encryption. We gotta make police do their damn jobs right? It's not our fault we invent new and improved ways that prevent police from doing that.
EUSSR, an unvoted for central dystopian committee, led by WEF line Schwab, warmongers like Rutte and career aristocracy like Ausgeleiert (von der Leyen).
Up until about 100 years ago, most civilian communication was either totally ephemeral (in-person speech) or transmitted on physical artifacts. Surveillance required either physical mail piece interception, physical presence, or individual communications with knowing parties. That the Powers That Be are even capable of reliable remote surveillance—-let alone that they’re _entitled to do so_—-is very much a recent occurrence.
> That the Powers That Be are even capable of reliable remote surveillance... is very much a recent occurrence.
Yep. Many of our laws and regulations sorely need updating to match the world in which nearly anyone can set up 24/7 surveillance very, very, very cheaply and cops can go to a handful of businesses to find out who we talk to, what we're saying, and what we're reading about. Things that made sense when you had to put a guy in a place to keep watch, to follow a guy to see who he talks to, or go door to door to ask folks in a neighborhood what happened on a particular date are much less likely to make sense in the world we live today.
> Surveillance required either physical mail piece interception
It was explicitly understood that if you used the UK or US post offices, your correspondence could be read. Because it became government/state property the moment you handed it to the post office (this is still the case, I think). Pretty sure this is how all postal services worked.
Telegrams, likewise, were implicitly intercepted.
Sure you can argue that surveillance is new. But so, actually, is privacy. The right to have a private conversation is also new; the idea that your private words were your own and your patriarch/clan leader/priest/boss/judge/monarch/patriarch would not simply be able to demand, with threats, that one or all of the parties recount them would have been shocking. There are surely many things you simply wouldn’t have voiced because one of those people might find out.
Projecting our modern ideas of free speech and privacy onto a pre-communication-age society doesn’t make any real sense.
> Pretty sure this is how all postal services worked.
Nope. For ages (and possibly still today), the only thing that can be casually read by the US post office are the parts of the mailpiece that can be seen without opening the mailpiece. So, the entire contents of postcards can be read at any time. The entire contents of envelopes, packages, and the like cannot.
Engage your brain for a second and ask yourself if the "Founding Fathers" would really have set up a system where the government gets to root through its citizens' private communications without a warrant.
And yes, you can point to how the third-party doctrine enables all sorts of warrantless investigation of the private communications of modern day USians, but the state of the world was way different back when that doctrine was solidified. In a just world, we'd see massive reform to the doctrine to bring it in line with how folks interact with third-parties these days, but authoritarians don't like to be stripped of their tools of oppression and clandestine, unchecked surveillance and will fight very hard to keep them.
> Until about 20 years ago, very little civilian communications were encrypted. Ten years before that, virtually no civilian communications were encrypted.
It does not feel like the world is a more dangerous place than 30 years ago. I need to see evidence that crime is increasing because of encryption before taking arguments against encryption seriously.
If it were really that disruptive we'd see crime rise and police effectiveness reduce drastically. This isn't the case. Society is just as safe as 20 years ago if not safer.
I'm sure sometimes this has an effect but most criminals are still caught. Because they make mistakes too. Communication is only a small part of the chain.
Zero day compromises of most devices are available to state actors. If they get a warrant to compromise your device they get everything on the screen, no need to break encryption.
Yes, it’s hard. Surveillance should be hard. Just because it -could- be trivially easy does not mean it is in the public’s interest that it -should- be.
The privacy exposure is so huge with chat control et al that there is effectively no expectation of privacy anywhere ever, from a practical point of view. That is not conducive to a functioning democracy, which only works when there is a delicate and deliberate balance of power between the individual and the state.
doing nothing hands over too much power to criminals
you either have encryption, or you don't. there is no middle ground. any measure to force access to encrypted messages would effectively disable encryption entirely.
I was going to respond to this part of GP but along the lines of communication being (mostly?) not a crime in an of itself. Committing crimes in the physical world is still illegal.
I just want to make that clear, governments don’t need complete access to your digital life to make the legal system go round.
Unfortunately the argument of strong privacy for everyone loses compared to the emotional argument of “we could have prevented this horrific crime if we had access to XYZ”, in the emotional political arenas
> stirring up paranoia is not going to solve the problem
There are reasonable tools that have been deployed and are existing for police enforcement ; notably with the coordination of ISP providers. The fact that encryption has been democratized does indeed change the situation for enforcement but this does not mean everybody should be spied on by default.
Here's the thing, more appropriate tools for criminal activity encompass not only encryption but stenography technics, maybe even just signaling.
It's so easy to bypass that it only steer up the problem an order of magnitude further, makes the life harder for everybody, and creates a situation where everybody's data is basically on some server.
Now, knowing how capable institutions are able to protect data ; well i'm telling you there is 0 way I envision continuing my journey on the internet if it means that everything i look at, say or have an opinion on can be used against me eventually.
> On the other hand, doing nothing hands over too much power to criminals
What ever happened to innocent until proven guilty?
Any form of blanket surveillance flips this into “maybe guilty so capture and archive surveillance data, and if ever (even years after) are possibly suspicious, comb through archived data to find some form of proof and then build up your pre-text for a warrant… in other words - “maybe guilty until proven guilty’
We've had end-to-end encryption for a few years now and there seem to be very few cases that have been thwarted by it. Criminals are actually dumb. (Yes, the FBI has 10,000 locked iPhones that they would love to unlock but it's not clear that it would make a difference.)
> but virtually all forms of evidence that document a crime are encrypted
These are good points, though I'm wondering if the burden of proof has just increased? E.g. in the past there was little permanent evidence, so do we really need to break encryption to prove beyond a reasonable doubt?
It's like lack of DNA evidence making cases seem "unprovable", but then what did we do before DNA was available?
Which countries have been invaded by European countries to bring democracy? Because America started multiple wars for that in the last 70 years, not Europe.
Iraq, Afghanistan, Mali, Somalia. The expeditionary European powers like the UK, Spain, etc can't hide behind the US when they were willing participants.
Isn’t EU’s justification that they protect you from companies / private industry but they want full government/police control because that’s trusted / socialist?
What makes you say that? A lot of it was heavily impacted by industry, who were by far the biggest contributors during the drafting process.
> And anything but full trust of government also wouldn’t fit with chat control.
I agree with this, but chat control isn't a top-down proposal. It's based on a solid grassroots movement aiming to combat CSAM. Personally I think it's misguided, but there is a _lot_ of public support for online regulation to stem the endless cases of CSAM.
It's a real blind-spot of HN and devs to miss this, as if we don't find ways to effectively end CSAM online, stronger less-targeting regulation like the proposed Regulation to Prevent and Combat Child Sexual Abuse is inevitable>
Please stop repeating this nonsense. The GDPR never mentioned cookie banners. This is the industry‘s shitty solution to forcing users to consent with tracking.
You can run a perfectly fine website with zero cookie banners if you simply don’t track your users and don’t expose them to third parties that do track them.
Hence, all websites implementing cookie banners are the culprits here, not the GDPR.
That's a false dichotomy - clearly there's more options than these two. There's definitely a better way to address this issue.
On the other hand, between those two, it arguably is worse, because we now live in worst of both worlds - we still get a ton of stalking but we now have those cookie banners on top of that.
I can block coockies using simple addons, which is WAY lower effort than clicking through a deliberate dark-pattern that is different on EVERY website (or using complex addons with lookup tables for every website).
It's not about cookies specifically, they're just one of the many ways you can be tracked.
You can't realistically block fingerprinting without serious effort, and you can't block your IP without using a VPN (which causes a bunch of other problems with sites not serving you).
the behaviour was already bad (sharing your personal information with 1000s of “trusted partners”), companies just want to keep doing it even if it inconveniences their users.
The correct analogy would be California’s toxic substance regulations.
They’re vaguely worded and enforcement is applied randomly based on whatever company is getting bad press at the time. So virtually everything sold in California carries a sticker saying essentially that “this product may cause birth defects.”
Even companies selling products that don’t contain any of these chemicals do so, out of fear of the asymmetric power wielded by the state.
Do a majority of train passengers jump the ticket barriers because they are afraid they might get fined billions of euros if they don’t?
The laws necessitating cookie banners came into effect long before GDPR. That would be the 2002 EU ePrivacy Directive. The GDPR (2018) concerns the handling and storing of personal information, the mandatory disclosure of how this is done, and the mandatory right users to ask what data is being stored and deleting that data. There aren't any cookie banners in native apps. But they still need to comply with GDPR. And you can get into trouble for mishandling privacy sensitive information.
That law has been pretty successful to the point where there have been debates in the US about adopting similar laws.
The common US media company interpretation to declare their websites an abusive UX disaster zone and put their contempt and complete disregard for their main product (users) on full display is entirely on them and their sleazy lawyers trying to find ways where they can still do their sleazy business. This is made worse by incompetent web designers deciding that this is apparently "the way things should be done" without questioning that. Most cookie banners are just the result of their (mis)interpretation of the law, lazy copying of some shitty website they once saw, and the perceived need to provide lots of legal ass coverage for what under GDPR is flat out just not allowed at all.
Worse, the jury is actually still out on whether the highly misleading language, dark patterns, etc. are actually not illegal in themselves. They might very well be. Lots of companies got some really bad advice regarding GDPR. And some EU companies have actually been fined for doing it wrong.
> You can run a perfectly fine website with zero cookie banners if you simply don’t track your users and don’t expose them to third parties that do track them.
I run an extremely simple static website with some JavaScript that lets the user keep track of their state between visits. I have no way to access their cookie, and nothing on the website sends data to me (in fact, can't, since it's a static site running on Cloudflare pages). I never really thought about whether or not I need to add a cookie banner, I just... Didn't.
Please stop repeating this nonsense defense of poorly designed policy.
When everybody is using it wrong, the problem isn’t “everybody.” The problem is your design.
Cookie consent should be a centralized browser based setting and nothing more. And the default should be some middle ground compromise that both the most privacy obsessed people AND businesses are not happy with.
I challenge you to demonstrate the supposed understanding you have that would explain why that website is following "industry‘s shitty solution to forcing users to consent with tracking." (and not even each industry website does such stupid full page banners) instead of using non-shitty solutions.
It's a good question, which has a very obvious answer: even government websites are built by clueless people and/or marketers and/or using shitty tech.
Which you can see when you click on "personalise" in the cookie banner.
Obviously you haven’t either, because GDPR says nothing about cookie banners.
Cookie banners are the result of a different piece of legislation, the ePrivacy directive. Have you read that one too?
What about all the latest judicial actions regarding data transfers to 3rd parties that have gone back and forth due to ongoing legal cases? Legislation is totally irrelevant without the context of the latest judicial precedent.
Did you read the entirely of the schrems decisions and the analysis of what that means for using or offering any technology services? Having read GDPR is irrelevant when one day Google analytics is okay to use and the next day it's not due to one court case.
What about the latest data transfer agreements between the US and EU that invalidated the use of standard contractual clauses, and the above prior Schrems decisions? You've had years at this point.
Do you think it’s good to insult and assume bad faith from your fellow internet commenters about a topic you actually don't understand yourself?
Oh definitely, the decentralized private market absolutely got together in secret to devise a plan to undermine the beautifully designed EU legislation by using cookie banners.
My flower shop down the street that has a cookie banner on their Wix website is secretly trying to undermine the government.
It couldn't possibly be that the largely unaccountable central planners in the EU's technocratic maze of a government designed a dumb piece of legislation.
Who said anything about secret? They are doing it all in the open.
> My flower shop down the street that has a cookie banner on their Wix website is secretly trying to undermine the government.
Oh, your flower shop only sells you flowers. The 1421 "partners" on their website however are really glad that they tricked clueless people to include their "GDPR-compliant privacy-preserving" solutions.
> It couldn't possibly be that the largely unaccountable central planners in the EU's technocratic maze of a government got something wrong.
GDPR doesn't require huge obnoxious banners.
ePrivacy doesn't require huge obnoxious banners.
Industry: let's create huge obnoxious banners with all sorts of dark patterns to trick people into "consent" through innocent inconspicuous tool vendors like Interactive Advertising Bureau, and blame GDPR for requiring them.
Poor, poor sweet innocent companies. It's GDPR making them collect and keep your precise geolocation for 12 years across thousands of partners who care about your privacy: https://x.com/dmitriid/status/1817122117093056541
Sorry, cookie banners are a direct result of EU legislation, it really is that simple.
While your "evil data broker malicious compliance conspiracy" narrative is a popular one, especially on this website, that doesn't make it true and you've offered zero facts to support it either.
I've dealt directly with multiple companies in regards to this legislation, and know exactly why we made the decisions we did based on the legal advice given in each instance.
But I will not argue further. You want this conspiracy narrative to be true as it plugs into the tapestry of religious narratives that form your identity. Any facts or logic I can offer against this are no match.
However, could you not agree that moving forward, a centralized browser-based setting is the better solution for all parties involved?
> Sorry, cookie banners are a direct result of EU legislation, it really is that simple.
Please write to me the relevant part of the legislation that require a full screen cookie banner that requires you to manually click "no" on each of the 1000+ "partners".
> you've offered zero facts to support it either.
Ah yes, and you've provided a lot of support to your "cookie banners as we see them implemented by literal ad business industry groups are the result of the legislation"
> and know exactly why we made the decisions we did based on the legal advice given in each instance.
Oh, I do, too. The legal council is "since you insist on using fifteen different marketing tools each relying on tracking, we have to include these banners developed by the advertising and tracking industry to cover our assess".
> You want this conspiracy narrative
Once again: it's not a conspiracy theory. It's literally done in the open.
> could you not agree that moving forward, a centralized browser-based setting is the better solution for all parties involved?
GDPR has been around for 9 years now.
Somehow, world's largest advertising and user tracking company that incidentally makes the world's most popular browser came up with exactly zero proposals to do that.
In the same time they have come up with at least three to keep tricking people into tracking. The latest one was literally "how to build a more private web? by turning on tracking" https://x.com/dmitriid/status/1664682689591377923 ("no thanks" in those screenshots turns off data sharing and tracking)
But yes do tell me how this blatant open flaunting of user privacy is "conspiracy thinking".
Edit: also please tell me whether "we're creating a user profile on you, collect device identifiers and precise geolocation information, and storing that data for 12 years" is conspiracy thinking and the direct result of GDPR?
You can, and I have, and it clearly requires almost any modern website to have a cookie banner. Which shouldn't be too surprising, when you go to gdpr.eu and see the cookie banner at the bottom. It's possible in principle to jump through the crazy hoops required to avoid it, but the only sites I've ever seen do so are national Data Protection Authorities.
Only if you define "almost any modern website" as one that does precisely what the GDPR set out to deal with. If tracking wasn't as widespread we wouldn't have needed the regulation in the first place.
Because American websites often don't bother with preemptive GDPR compliance, and DPAs consider first-party cookies of small websites to be a pretty low enforcement priority. My browser shows four persistent cookies, one for news.ycombinator.com and three for .ycombinator.com, that definitely require GDPR consent. In particular note that merely keeping you logged in across browser sessions requires a cookie banner, because that persistence is not strictly essential to the site's functionality; the official GDPR explainer (https://gdpr.eu/cookies/) calls this a "preferences cookie".
sniff encrypted chats, hahaha. Some law makers are completely clueless. I like Louis Rossmann. He looks like he’s been up stressed for weeks, yet his arguments are pretty level headed.
What if we make chats obfuscated instead of encrypted? So send a lot more data per sentence/word. It would need some sort of key on both sides to make sense of the data but it would be hard to use it without it. Or would that fall under the definition encryption?
"What do you mean you and your friend chat over Signal when there are dozens of other chat apps? Sounds like you two have something to hide, if you ask me." [0]
Whenever I hear someone telling me they have nothing to hide, I ask them to unlock their phone and hand it to me. The joke still goes over people heads sometimes.
[0]: https://idiallo.com/blog/nothing-to-hide
That's a bad argument - people trust the government differently than each-other. They also (should) mistrust the government differently. Voting is secret for a reason. How much of a chance do you think we have of meaningfully changing a government, if they can guess with 80% degree accuracy how everyone voted, based on their chats and social networks? When they know ahead of time who is assembling a new political party? When they know all of their friend's friends dirty secrets, and will tactically leak them to the press? Or simply prosecute them for spreading hate/antisemitism/homosexual propaganda/some other vague crime?
Knowledge is power. Does it feel like the balance of power is currently tilted too far in favor of individuals?
> How much of a chance do you think we have of meaningfully changing a government, if they can guess with 80% degree accuracy how everyone voted, based on their chats and social networks
This doesnt really detract from your overall point, but you may be underestimating how easy it already is for the government to tell how you will vote, without use of networking information. Just knowing someone’s educational level and zip code is enough to guess their voting preferences to a high degree of accuracy (the latter component being the reason why gerrymandering is so effective).
The people in the government branches with access will be random individuals. It's the exact same as giving a stranger your phone unlocked, except that you should say "pls don't leak"
Yes, technically it is, but the feeling of it is entirely different. Same thing with cloud services: people upload (or don't care) about a good bunch of stuff, to whatever cloud backend the app is using, but sending each other stuff is a different thing.
But they're often not a "random stranger" though - there's plenty of people who many would trust to do exactly that due to expectations of reputation etc. "The Government" is arguably just another.
I suspect the vast majority of people on the street would absolutely unlock their phone at request when taking their phone to be repaired. But really, I doubt many actually personally know the people involved, will likely never see them ever again, and their judgement of the company involved and their hiring practices limited to "They have a decent enough looking storefront that says "Screen Repair" on it".
Weather they should do that is another discussion, but I can't imagine a working society if every position of trust like that breaks down. I can't buy groceries from someone I haven't personally vetted the farming practices of. I have to check every time I drink water for contaminants. There's a lot of outsourcing of trust already in society, and it kinda mostly works.
We’re already living in a world where FB and Google know this. Probably many others. No point adding to the list, but still. That ship sailed.
"The ship is already leaking, so we may as well drill more holes and make it illegal to plug them, instead of plugging the existing holes."
As I said, “no point adding to the list”
So I am not suggesting drilling holes. I am pointing out the obvious.
You're right.
Better to just wait for ship to sink naturally. From the holes.
I think it's better to move past the individual question entirely. I tell them to imagine whatever political power they fear the most and ask themselves how it would likely behave if it knew nobody could coordinate against it in secret.
I have rather little to hide myself but I want desperately for you to be able to hide something. Otherwise we're together a worse deterrent against authorities behaving badly as we would otherwise be.
The majority of people I've found will dismiss any arguments like this until something happens to them or someone they know.
I find it quite personally impactful that I've never had to bend the knee to a king. Without the ability of certain historical figures to keep secrets from their king, I think things would be quite different in that regard.
If most people can reason about the current historical moment as it relates to policy decisions, well I guess that's an equally dangerous sort of problem.
> If most people can reason about the current historical moment as it relates to policy decisions, well I guess that's an equally dangerous sort of problem.
Firstly I am not sure what "current historical moment" means.
Generally most people don't have the will, knowledge or knowhow to understand political policy. Political policy seems to be constantly at odds with reality (if you listen to Dominic Cummings Q/A and/or Interviews he spells out how dysfunctional it is).
Even if that is the case more often than not now the power structures in the Western World are setup in a particular way where it is opaque, protects itself and does not serve the people that it is suppose to govern.
> I ask them to unlock their phone and hand it to me
Let’s say they do that. What would you do next? Go over their photos? Private messages with their so? And then what? Laugh at something that you found there? Would you feel then that you proved some point? I just don’t understand how this scenario would play out in real life
The person would likely not want to unlock their phone and let you look around (hopefully) causing them to realize that privacy is important and they shouldn't give it up so easily
Not sure if you noticed but I assumed they will give you their phone, which is possible absolutely, they can do it just to prove a point
> I ask them to unlock their phone and hand it to me.
Alternatively, you also ask them to release the Epstein files... :-)
IDK man. I don't think everyone has access to that one.
hey, let he who wasn't there cast the first stone! /s
[flagged]
> Whenever I hear someone telling me they have nothing to hide, I ask them to unlock their phone and hand it to me.
But I "trust" the gouvernement in a different way that I trust you.
- With that access you can also "do" things, like sending messages or delete stuff.
- I'm worried that you could judge me in a different way than the government would judge me. Because if you are a friend I care how you see me. But I don't care what the authorities think of me as long as I don't do anything illegal, they won't care.
(Just playing devil's advocate here)
Are you a lawyer? How confident are you that you aren't doing something illegal? At 30 seconds of thinking of an interesting example, there are still blasphemy laws on the books [0] in some parts of Europe and it isn't clear how compliant what people say at home is with hate speech laws. And there are a lot of laws out there that most people don't know about.
There isn't any reason to think people are obeying the laws in the privacy of their own spaces. Historically there are actually good reasons to think people are disobeying the law, but the laws are stupid and it is better not to check unless there is a political opponent to take out (eg, anti-homosexuality regulations).
[0] https://en.wikipedia.org/wiki/Blasphemy_law
Some countries have defacto blasphemy laws as part of hate speech (in Europe) or social harmony (in Asia) laws. This is covered in the wikipedia article
There are definitely more countries that have blasphemy laws than are on the list on that page (e.g. Sri Lanka).
I, and everyone else, are doing illegal things all the time. As you point out, that's the nature of our legal system. So it's not terribly persuasive to say, "well are you sure you're not doing anything illegal" because it misunderstands the reason why we all haven't gotten arrested. It's not because of privacy but because almost all of us are below the notice of the police. You even cite an example of how privacy doesn't save you in exactly the cases where you think it ought to.
There are arguments for maintaining privacy but I don't really think this is one of them.
You seem to be arguing something slightly off the thread topic. Jenadine typed "But I don't care what the authorities think of me as long as I don't do anything illegal, they won't care".
And I'm not sure who you are to say you are "below" the notice of the police. The police are primarily there to police the people at the bottom of society. The higher up the ladder of social status people climb the less they have to do with the police.
That's a really bad devil's advocate, since the authorities care a lot about any behavior, even non (yet) illegal ones
In some countries they definitely do. In other countries, who knows what they might care about one election from now?
That is further reason to protect your privacy. Maybe today you're perfectly fine, but what about the next election cycle?
To continue with your logic. Now, if anyone hacks the "gouvernement", they now have a master key to all our devices.
Pff amateur hour. Hack a dating site and start your own human breeding program.
Or maybe this hack?
https://www.nytimes.com/2022/04/28/us/paul-jones-fertility-s...
Or like this guy?
https://www.cbc.ca/news/canada/ottawa/fertility-doctor-own-s...
Seems that 'fertility doctor' is a simple hack for personal breeding program. There are more of these cases too.
> Because if you are a friend I care how you see me. But I don't care what the authorities think of me as long as I don't do anything illegal, they won't care.
Then an election happens and people who very much care about your previously non-illegal behavior gain access to years of historical data.
Then to use Rossmann's counter-argument (TFV): Let's walk in a police station and have the nice policemen take a look instead.
FBI employees have been stalking their ex-girlfriend using FBI database. That’s what we mean with “You may be doing things the government doesn’t like” — Abusive boyfriends can be part of a local government.
1) Trust is a human-to-human interaction which depends on being able to predict future behavior from past behavior (and often other cues, whether rational or not).
Trusting an organization is a category error. You cannot trust something composed of people who are regularly replaced every few years and who operate according to written rules ("laws") which they are allowed to change.
2) "as I don't do anything illegal, they won't care" - This is a fallacy. First, they can absolutely harass you even if you end up winning in court eventually. Second, what is legal and illegal changes over time. Third, plenty of things which are illegal (wrong according to legality) are not wrong according to morality (they harm no-one) - they are just illegal because humans who feel the need to control others wrote down a piece of text describing punishments for them.
3) Plenty of countries have stupid laws.:
Example 1: it's illegal to approve illegal actions - which basically means you can't ever argue for to change the law to make something legal because you'd be approving it. Usually it's not enforced as such but given how the law is often phrased, it often can be.
Example 2: it's illegal to endorse the use of violence - this is the stupidest law there is:
- It is by definition contradictory because all governments base their power on violence[0] so according to this law you can't support the existence of the government itself.
- It's contradictory in how it treats historical and current actions. You are free to celebrate the assassination of Reinhard Heydrich, The French Revolution or Us independence, even though they were all violent actions - they were morally good but illegal under the laws at the time. But you can't say that current dictators should be killed. A friend got a warning from reddit just yesterday for saying not that a certain dictator should be assassinated but that he should be sentenced to death and then executed by anyone in a position to do so.
[0]: The government has such a strong monopoly that the violence just needs to be implied and most people will submit and the rest are used as examples "this is why it's stupid to fight a cop".
> A friend got a warning from reddit just yesterday for saying not that a certain dictator should be assassinated but that he should be sentenced to death and then executed by anyone in a position to do so.
A lot of social media today will sanction you if you say such things as "it's ok to punch a Nazi". But won't sanction a Nazi for saying things like "white replacement theory".
That's how it should be but unfortunately a lot of social media will do the opposite of what you're suggesting.
Yes, it's simple pattern matching. But they are gonna get better though, there are people working on using LLMs for surveillance right now.
AFAIK it was automated, she appealed and won. But it has a chilling effect on people and some won't bother appealing. I'd do it anyway just to waste their time because they have to use a human to review.
This is a good time to remind every tech worker that if you're working for an exploitative corporation, you have the moral obligation to do your job as poorly as you can: https://drewdevault.com/2025/04/20/2025-04-20-Tech-sector-re...
---
Corporations these days have way more power to control speech than governments just a few decades ago and some people still refuse to call it censorship because they find some obscure definition which says it has to be done by a government.
We will have to fight for the same freedoms as just a few generations ago because people learned nothing.
> With that access you can also "do" things, like sending messages or delete stuff.
If you break E2E encryption, you can likely also impersonate and "do" things.
Again, again and again:
These things should first be tested for 5 years on every politician and every civil servant, including their families, including their children.
Security researches should be given the freedom to hack that system as much as they can, in order to find security problems, no prosecution guaranteed.
Every access to data should be logged on a public blockchain with pseudonymization of who accessed whose data.
After those 5 years, reports and statistical analysis about the usefulness should be published: how many crimes were prevented, who went to jail for what, who had to go to court for what, with references to the logged data in the blockchain.
Then the public gets to vote on if they want this or not.
The issue I have with this proposal is that politicians won't change their behavior. The optimum politician is an absolute pragmatist without any moral values. That is what you need to be to succeed in a federalistic democracy.
Regarding Chat Control: Do we know who is lobbying for it so much? Maybe journalists should focus on finding dirt on the lobbying organizations, so that everyone knows about them.
To be honest, the journalists already focused on finding dirt
https://balkaninsight.com/2023/09/25/who-benefits-inside-the...
https://balkaninsight.com/2023/09/29/europol-sought-unlimite...
Oh we know who's behind it: a Hollywood celebrity-run charity that shadily hired multiple high-ranking Europol politicians.
Their whole deal is to convince legislators that scanning every image on your device for CSAM is absolutely necessary (https://www.thorn.org/) and then selling a tool to do that to companies (https://safer.io/).
If it's legally required, what else are you gonna do but go to them for a "solution"?
I don’t think this is a fair treatment of anyone.
Total surveillance, which we are talking about here, is extremely damaging to the subject, eventually all their dirty secrets will be out, legal and illegal.
I also argue that allowing the state to monitor its citizens fundamentally changes it closer a state I don’t want to exist. Nothing good can come out a surveillance state, no matter how small.
The point is that this way the public doesn't have to protest against it.
The politicians and civil servants will do that for us, which is what we are paying them for anyway: to work for us.
This way they'll think twice if they really want this to get started.
Yes, I understood the point. I don’t think it’s a good idea.
Good idea, maybe this way we would have Ursula von der Leyen's sms with Pfizer!
The problem is that _we don't want every crime to be caught or solved_.
The worst thing that could happen to freedom is that the system would actually work as advertised. Because then resistance would be impossible.
If a government is so powerful they can stop even just 99% of crimes, they are so powerful that people can't rise up against it. At that point it's only a matter of time until authoritarians get elected and get rid of elections. The probability is not 0 which means it'll happen eventually with a probability of 1.
We need to be able to resist. Look at how many democracies were created by violent revolutions. How many bad people had to be killed before they stopped trying for a while. How many bad people had to be threatened with being killed before they gave up power "voluntarily".
You think the Velvet revolution was peaceful? Imagine you're an asshole who oppressed 10M people for years until they got fed up and 1M of them are now in the square right in front of your eyes, angry and shouting. What do you think is gonna happen if the implied violence materializes? How many cops do you need to stop 1M people and how many of those cops are actually gonna turn their weapons against you too? The real power is always held by men with guns (and these days with drones).
Or look at Syria. You think the cunt in charge fled out of goodwill to stop the bloodshed? No, he fled because he didn't wanna end up bleeding out on the pavement and then be hung up at a gas station as a temporary flag of freedom.
We need to be able to resist and that includes being able to talk about violence, even promote it when the violence is just (not legally but morally). We need to be able to make people angry, to promote hate against injustice. And we need to be able to organize without the government knowing until it's too late for them. And yes, those abilities will be used by bad people too but that's the price we need to pay.
Drop the “chat” and just call it “control”. The current proposal is so vague it would cover anything with online sharing/syncing people can sign up for. Any SaaS, any app, any service. Chat, email, file syncing, todo lists, doesn’t matter.
I am pretty sure now that this ChatControl thing is the result of the EU being unable to setup an US type NSA/echelon type stealth mass surveillance system.
They might have gone so far to have paid for an implementation but it didn't work (like the EU search engine, cloud or whatever) because they are really incompetent.
So now the solution is to do it in the open, just write a dystopian law and force it through the fake parliament. Our only hope now is the practical implementation of ChatControl will also be in practice ineffective.
We are not really living in 1984 or Brave New World, in the EU we are in the 1985 movie Brazil.
Does EU really have any real security apparatus independent from it's member states as such that it would really have a need for something like this?
Also ChatControl is something being pushed by Denmark and other ideologically similar countries not necessarily the EU itself as such.
dictionary have wiretap. so just call it wireless tap.
And what people in western, democratic world think about it? That this is just fine? I live in autocratic, almost dictatorship regime country and for the past 100 years we've just gotten used to the idea that we don't have any rules here. But I thought in EU and US things are different. All these news stories about Control, UK surveillance, age verification, all this stuff with no significant reaction baffle me.
There is significant opposition from civil rights and privacy groups, from courts as well as from the EU Parliament: https://en.wikipedia.org/wiki/Regulation_to_Prevent_and_Comb...
I live in the United States and it baffles me just as much, trust me. Fine, maybe I didn't have the biggest expectations for the general public, but I really expected the Internet to react much more viscerally to what is happening. In the past, the Internet was much more defensive about Internet policing that was significantly less dystopian. Now, it feels like no matter how rapidly things decline, it's just another Tuesday; most people are unwilling to make any sort of sacrifice or risk for any cause, and nobody (including me, I guess) is really sure what to do anyways.
It really wasn't that long ago that we were all talking about SOPA.
This is, ironically, one of the reasons we need a more decentralized public square.
Large gatekeepers get flack from politicians if they allow "the wrong people" to organize. First they claim there is a huge problem with terrorists/nazis/pedos/etc., maybe even find a couple of real instances of those things, and use that to demand that the gatekeepers Do Something, i.e. set up a censorship apparatus.
But the modern ones are subtle. You don't try to read something and get refused, it just goes to the bottom of the feed where you won't see it. Take advantage of the human failing that busybodies will take petty satisfaction in causing harm to strangers they've been told are their enemies. Let them issue false reports against anyone pointing out the emperor has no clothes. Have the algorithm take those reports seriously, with useless or non-existent customer service that can do nothing about adversarial report brigading. Make it known that this is what happens to people who don't toe the party line so people self-censor and people who don't get shadow banned.
It's an assault on the ability of the public to defend itself from bad ideas.
Large gatekeepers delenda est.
A website was set up to inform and facilitate contacting MEPs: https://fightchatcontrol.eu
Additionally, keep in mind that controversial laws or proposals, at least in France, are often announced or passed during summer vacation when people are away, limiting scrutiny and attention.
Expect to hear more outrage come September
> And what people in western, democratic world think about it?
People are usually asked to 'think about the children'. Pedophiles, drugs, suicides, self-harm, cyberbullying; and whatever other horror stories the media has at hand. This maneuver is usually sufficient to neutralize the opposition.
In my country that has managed to free itself from communism just 35 years ago everyone I know opposes it.
Politicians from countries like Germany have tried to make EU decide things like this on the "majority principle" for ages (because they know they can bully smaller countries into submission), but we still have the consensus principle.
Every country has to agree. So it takes only one country to put a stop to it.
> but we still have the consensus principle.
Beware attacks on checks and balances like this. If they actually work, someone will try to get rid of them.
> In my country that has managed to free itself from communism just 35 years ago everyone I know opposes it.
That tends to confirm my feeling that people in countries that have not suffered from tyrannical government for a long time have forgotten the value of privacy and freedom of speech because they have not seen the consequences in living memory. This is coming when the last of the people who remember the pre WW2 era are dying. Dictatorship is no longer part of living memory.
There has definitely need a cultural change in the UK in the last few decades. People have far more trust in the system (government and big business) or have learned helplessness (in a recent discussion about privacy people told me I was naive to think I could stop my private data being collected anyway so should not bother trying). This was in the context about what people say about their kids (specifically education, mental health, family problems) on Facebook.
> Every country has to agree. So it takes only one country to put a stop to it.
A lot of pressure can be brought on bear on any one country by the rest though.
The government of a country may not have the same view as the people. When the UK was in the EU the government pushed EU surveillance regulation, IMO so they could then then say it was not their fault it was introduced, they had to follow the EU directive (many years ago when there was strong public opposition to more surveillance).
That tends to confirm my feeling that people in countries that have not suffered from tyrannical government for a long time have forgotten the value of privacy and freedom of speech
I think it is more complex than that, see Hungary and Poland (though Poland is a bit on the rebound).
Yes, undoubtedly more complex than that, but I think it is an important factor - people do not value what they have taken for granted.
The problem with the consensus principle is that it will always be profitable for the Putins and Xis of this world to pay off an Orban or Fico to block EU decisions they dont like.
Which is why I am for majority principle, even though I am from a small country that would lose out on power. Countries still can leave using article 50 if it is not palatable for them.
Given the state and amount of lobbying, I'd rather have some good stuff blocked due to lack of consensus, than more of this anti-democratic nonsense approved because Thorn and the EPP are buddies.
I think that the dictate of majority is one of the worst things about "democracies". As for buying politicians for a purpose - the whole of the EU looks like US lapdog.
What democracy are you thinking about? All implementations have a small minority of "representatives" making all the decisions.
> But I thought in EU and US things are different.
Different indeed.
Privacy is enforced through compliance and civil court actions. In 2018, one of the largest actual data breaches at the time (~300 million customer records) netted about $0.25 per record in penalties, after several years of lawyering. ($52 million (US)/$23 million (UK)).
The EU makes more money fining companies for policy violations:
A €1.2 billion ($1.3 billion) fine was imposed by the Irish Data Protection Commission (DPC) for transferring Facebook users' personal data from the EU to the US in violation of GDPR.
That is what privacy is about.
https://nationalcioreview.com/articles-insights/extra-bytes/...
Well Chat Control would offset that 10 fold...
Gee I don't know, maybe if the press and journalists weren't a bunch of useless pr peddlers maybe we could have a better gauge of it
There are no rules in the US anymore either. We just pardoned 1500 criminals who tried to overthrow the government and kill representative.
The President is accepting bribes (Paramount, Disney, Twitter, Facebook, Apple) and he is being allowed to use power that constitutionally is suppose to belong to the Congress.
I tried I2P not so long ago and was quite impressed by the design decisions and the quality of the technology. It's truly an amazing piece of software that covers basically everything you need for a distributed network.
The only thing missing is actually the community and usage, because the technology has a network effect, and more users with stable routers provide faster and a more reliable network. So it's indeed slow at the moment. I highly recommend giving it a chance and playing a bit with it. Even for non-anonymity and security cases, it's fun to play with hole punching, global addressing by public keys, and stuff like that, which you can see in things like Iroh and libp2p.
It provides a simple universal SAM interface and libraries to work with it to plug other apps.
https://geti2p.net/en/
And if you don't want to install Java, there's also a C++ implementation: https://i2pd.website/
I have been hearing good things about I2P for 2 decades but what are the risks when using that thing?
Is this like running a Tor node where you could potentially get a knock on the door because somebody else went on some pedo website?
I2P doesn't have exit nodes like Tor, so it's essentially the same thing as running a Tor relay from an outside perspective, with a few positive differences.
I2P is mainly an overlay network that routes traffic only inside the network. The upside is that providers won't ban your IP for participation if you run a node. I know that with Tor, many datacenters/CDNs don't care whether it's a relay or exit node and will blanket ban all known IPs of the network. You also won't attack someone on the clearnet or somehow participate as a scapegoat in clearnet crimes.
I've never heard about any consequences for running non-exit relays in Tor, though if you're in a country that strictly punishes usage of any anonymous technology, that might be risky anyway.
I2P has several commercial "outproxies" that proxy traffic to the usual internet, but that's not the intended usage and it's not enabled on typical users' routers.
UPD: Anyway, if you feel uncomfortable sharing others' traffic and want to only use it as a client, you can disable transit traffic completely in both Java and C++ implementations.
You got me into i2p. My rpi router and dozens of servers are now i2p floodfill nodes!
Thanks!
what is thing you are talking about? can you share some links?
Is it possible to make an encrypted messenger app without a central authority? Like BitTorrent magnet links. We all share the messages to support the network bandwidth, but can only see the messages which pertain to us? From my really novice understanding of cryptography, this should be possible. And it seems like the only privacy focused solution for the future.
Edit: looks like it exists, and is called Briar.
Once upon a time, prior to Microsoft or eBay purchasing it, this is what Skype was. It required a set of central instances to be supernodes to facilitate discovery, then each client communicated with others directly. And IIRC any client up long enough and with sufficient compute and bandwidth, could become a supernode.
Skype and iChat both did direct client-to-client communication. Skype was bought by MS, and Apple got sued by a CIA front company over iChat. The result was the same both ways: all comms started getting routed through a central server that could log metadata.
It also had the side effect of having far better latency than any modern day popular video calling app can offer.
It also had the side effect of making it possibly for any of your contacts to DDoA you because they had accès to your IPv4 address through Skype.
Historically, source IP was a lot more readily available. Every IRC user's source IP was visible, every UNIX login session's source IP was visible, and lots of people hosted their own websites which meant they saw your IP address there too. The implications of it used to be more like having an email address from a specific university. Skype happened relatively early in the world of online privacy.
I don't understand why obsolete technologies by MS are often upvoted on HN and become the first replies, while the corresponding working, decentralized technologies go to the bottom. Matrix exists and has a preliminary P2P version [0,1]. Other messengers were also mentioned in the comments here. Another example of such tendency is here: [2].
[0] https://arewep2pyet.com/
[1] https://news.ycombinator.com/item?id=23393935
[2] https://news.ycombinator.com/item?id=44898242#44898884
https://delta.chat/en/download Seems the best app (no web version)
https://chatiwi.com/ seems to be the only real e2e encrypted chat without installling an app (can check the network and source code as it’s just JavaScript)
https://briarproject.org/ and https://tox.chat/ requires to install an app and doesn’t work on iOS.
Briar seems discontinued
“Latest News
AUGUST 31, 2023
Briar Desktop 0.6.0-beta released - blogs“
Yes,it is possible to create a p2p encrypted messenger without any central node. It is even possible to have a relatively good UX in it.
What's nearly impossible is to make it easy and popular among "normal users". Onboarding would be pretty involved. Adding your friends to the contact list would require jumping through a number of hoops. Having several sessions open (phone and laptop, typically) would not be trivially easy, and synchronizing between them would not be very easy, or automatic. Also, forget about push notifications.
It might be far easier to run an instance of Matrix, or whatever Jabber server, etc, on a private host, with full disk encryption, and only accessible via Wireaguard. It's not hard to set up fully automatically from an app; see how Amnezia Proxy does that.
It, of course, will have a special node (the server), but it's definitely not a public service, and it cannot be encountered by accident. It of course would be limited only to people you would invite. Should be enough for family, friends, a small project community, and other such limited circles. It would not require much tech savvy to set up.
But a grand social media kind of network, like FB or Twitter, can't be run this way, because the UX friction would inevitably be too high for a lay person to care.
Will be in illegal. Why risk jail?
Why would it be illegal, if I'm not offering it publicly? Is running a VPN between my family computers illegal? Is ssh-ing onto a host and using the talk command illegal?
I suppose only public services, advertised for new users, are the target of the "chat control" directive. You can't join pseudonymously. But joining my VPN-based chat server would require being my acquaintance; should I ask an ID from a person I met at a pub? If so, should I ask their ID before I engage in a small talk with them in the pub?
I don't trust the rhetoric or the motives. Which brings me to the following questions:
Do all of your acquaintances even use VPNs? Because 97,56% of mine don’t. So it's not about you and your friends.
But lets assume for a moment that it's about you and your friends... If this law goes through, what’s to stop them from pushing through a series of follow-up laws forcing every VPN provider include backdoors? Who’s going to stop them? Why stop them? By then, the public will have already given in. No one will care if you or your friends are sentenced to 25 years for using a “non-compliant” (read: secure) VPN. Do you have _something to hide_?
In five years, any provider without a backdoor could easily be branded as “insecure.” We’re already living in a world where words often mean the exact opposite of what they should. Why would this be any different? And from my PoV, why take the risk? Children need safe ways to communicate as much as adults.
The world has more than one country in it. People in free countries have the right and duty to create technologies to the benefit of people in authoritarian countries.
Nope. I don't have many passports and AFAIK getting citizenship is not a child's play, you can't do that on a whim.
The people in the free countries don't have to physically go somewhere. You do this over the internet, e.g. writing code and publishing it for others to use.
If you live in one of the authoritarian countries and it pretends to be a democracy to a sufficient extent that voting can actually change things, try doing that. If not, your options are pretty much "apply for the passport" or "sharpen your weapons".
There are different solutions with different levels of decentralization. Briar is peer-to-peer. Matrix has servers but in a federated model, so there is no central authority but in some sense each server is an "authority" for users on that server.
If you try combat political issues mainly through technological solutions, you have already lost.
Well, conversely, if you figure you have already lost anyway, why not try the technical solutions?
We've tried the political solutions for so long, but this thing just keeps coming back. We have to put our lives and day jobs on hold to push back against this, while the authoritarian camp's agenda is carried by people for whom advancing it is their day job. Therefore it costs them nothing to try over and over again, and they only need to succeed once.
> We've tried the political solutions for so long
I mean, we enjoy workers rights only after decades of violent protests and many deaths, and yet they are still constantly threatened, because its is a nature of power and politics.
But pro-privacy people consider writing a petition a peak of political struggle, and when it fails it is over for them.
> If you try combat political issues mainly through technological solutions, you have already lost.
This is what people say when they're afraid that technological solutions would actually work.
Technologies have a network effect. If the rest of the world is using a technology which is resistant to censorship or surveillance, any given country will have a harder time banning it, and those technologies defend against governments that violate privacy rights in secret even when the law prohibits them from doing it.
Build privacy into every internet standard and protocol. Make it seven layers deep with no single point of compromise. Make attempts to break it an exercise in futility because it's built so thick into so many things that stripping even a piece of it back out would break the whole world and still not compromise the security of the system.
Exactly. Part of the tech crowd is so naive when it comes to this sort of discussions…
Is it really? I can think of approximately one political battle the tech crowd won (the Crypto Wars), to dozens of lost ones. Meanwhile, the battles where a strong technical solution was fielded are looking fairly good even when the political side was surrendered with nary a fight - I can still easily torrent most books and software, download scientific papers, emulate modern consoles and securely exchange data with people in any country less locked down than North Korea.
The cliché about how you should not approach political problems with technical solutions is recited all the time in these threads, but nobody ever presents evidence for this claim. It seems like a meme that is disproportionately useful for those who are confident in their abilities to win any political contest.
> I can still easily torrent most books and software, download scientific papers, emulate modern consoles and securely exchange data with people in any country less locked down than North Korea
You can also go to jail for any of the above, should your particular government authority decide to throw the book at you.
Technical capability is necessary, but rarely sufficient.
Although the chance of getting a large fraction of the population to use a decentralised censorship resistant messenger is low, it's still higher than the chance of somehow stopping the Eureaucracy from continuously pushing authoritarian policies.
> Eureaucracy from continuously pushing authoritarian policies.
There is no "Eureaucracy", Council decides, countries may or may not implement.
Countries could face penalties if they don't implement or follow EU regulations.
https://commission.europa.eu/law/application-eu-law/implemen...
Are not governments of member states in control of Council?
Council is shadow government by elites.
What does that mean? I thought that commissioners were nominated by governments of member states. Similarly like they nominate ministers inside those states.
Maybe https://delta.chat/en/ : completely decentralized as based on email infrastructure, e2e encryption, easy registration without providing personal data.
Besides Briar, BitTorrent used to have a client like that for a brief time: https://www.bittorrent.com/blog/2015/05/12/bleep-private-mes...
You have a spectrum of options going from centralised (Signal, WhatsApp, …) to federated (XMPP, Matrix) to P2P.
In my opinion, federated is the sweet spot: you do have to trust the server with your account management, but that server can easily be yours, or one you ethically align with, and through it, you will be able to talk with anyone on the network.
P2P sounds great on the surface but in a mobile-first messenging world, that comes with practical tradeoffs in bandwidth and battery consumption, unless you offload discovery and push to trusted servers, at which point you are back to federation with more steps.
The problem I see with decentralized protocols is that node owners can easily be spotted, and then crushed under legal constraints that will make them more insecure than a strong multinational who's there just for profit and can balance legal fight for a relative privacy with it's own interest in protecting its customers.
> a strong multinational
Don't you think that it makes them obvious high-value targets? I mean, that's not even like this profusely pragmatic take has no precedent in the real world: the Snowden revelations showed that all major tech companies were in bed with the NSA to spy extrajudicially on everyone. It's a leap of optimism to think they would "fight legally for its own interest in protecting its customers".
Then, compare that to the low-scale/low-value/hobbyist/residential service providers. How high do you think the chances are for a malicious state-actor to "corrupt" many service operators without it widely being known and publicly dealt with? There's also a deniability dimension to this: XMPP uses OMEMO as a zero-knowledge encryption scheme: whatever the users are doing is none of the operator's business, and the choice of encryption scheme and implementation is purely a client-side affair, so now you are no longer dealing with "reluctant" operators, but potentially millions of end-users using strong encryption. And that is assuming the server is operating in the open, but nothing prevents service operators from offering it over tor (with very little impact on the end-user-side), further raising the bar for the malicious state actor.
You can send encrypted email. That's how email already works.
You can also send encrypted messages over any other medium. You don't need the messenger app to encrypt your messages for you.
One of the common arguments that PGP is bad is that it's "inevitable" that someone will send a message in cleartext, defeating the whole purpose of encrypting your messages. I don't understand this. The fact that this is possible to do is obviously an artifact of the idea that the user should be unable to tell whether the messages they send and receive are encrypted or not. Do the encryption and decryption yourself, and this is not a mistake it's possible to make. Don't confuse the encryption, which is something you do, with the delivery, which is something the channel does. The point of encryption is that the channel can't be trusted!
You can encrypt the email content with PGP or Age, sure. However, metadata such as the Subject line, sender and receiver are in plaintext. Lavabit fixed this, but requires money. You can use i2p tools to fix this too.
The subject line is content set by the user. What are you thinking of?
Regular encrypted email relies on a certificate authority
S/MIME does. PGP doesn’t (but only serves part of S/MIME’s purpose). That said, email does rely on a central authority—DNS.
In practice yes, but it's good to know the smtp rfc does support domain literals, ie user@IP.
DNS isn't a central authority. Everyone selects their own DNS server. It can say whatever it wants.
This is a rare case where it's centralized in practice and yet the option to do your own thing hasn't been removed from the relevant software.
If you can agree with your communication target on a common DNS server under your or their control that doesn’t respect authoritative DNS servers, and both of you can securely connect to said server, then you already have a continued, trusted communication mechanism that you may as well use for your communication. You’re just arguing a pretty pointless technicality.
> If you can agree with your communication target on a common DNS server under your or their control that doesn’t respect authoritative DNS servers, and both of you can securely connect to said server, then you already have a continued, trusted communication mechanism that you may as well use for your communication.
Why? It can easily be the case that that traffic is observable by outside parties. You'd still need to encrypt your communication.
Connecting to the DNS server "securely" doesn't really get you anything except some DOS resistance.
DNS already supports encryption on the protocol level. And even if you can’t use DOH/DOT, you can use PGP or age or whatever in your clear text too.
pgp or gpg relies on you dealing with the keys.
What?
Isn't that sort of like how Tor works?
Yes but it requires exchanging public keys out of band.
You could use Granovetter introduction.
If I know Marisa's public key and Marisa knows Omar's public key, she can sign a message to me saying, "Omar's public key hash is c2ecc3b9b9eb94dcafe228f8d23b1e798597d526358177c95effa6bc0ded3a35". I can then use that key hash to authenticate messages from "Marisa's Omar". If she gives Omar mine too, he and I can set up a private channel without further involving Marisa.
Hopefully we aren't just talking to Marisa's MitM proxy. If other mutuals also know him as "Omar" then I can ask them for his key too, and if I get the same response, I can have more confidence that Marisa isn't playing that trick on us.
Never total confidence, though. You need some way to bootstrap a non-MitMed connection; no evidence can ever prove conclusively that you aren't a Boltzmann brain floating in the post-heat-death void, or Descartes being tricked by his evil demon that controls all his perceptions, or Neo in the Matrix.
But meeting up with one of your friends in person once to exchange either public keys or a shared secret, even before you start using the system, can go a long way to ensuring that you are all actually enjoying privacy.
Couldn’t we spend a small amount of crypto to write our public key into a blockchain to avoid the MITM threat?
Same thing though, you have to give your wallet public key out of band. There's no other way to prove it's you.
actually though? storing a very small but important info (public keys, domain ownership and such) would have been a perfect use case, which also keeps the chain small...
Did you just recommend actually using some kind of crypto and blockchain on HN?
TLDR: That sounds like it is some kind or grift.
In all seriousness, google the Sidetree Protocol. Daniel Bruchner promoted it at Microsoft. And now we can even do zk-rollups too.
Where was I? Oh yes, some kind of grift!
The new version of Bitchat (from Jack Dorsey) is interesting: it's a chat over BLE mesh, but says that it'll continue the chat on the nostr infrastructure if two (in principle anonymous) participants fave each other in the app. Haven't had able to try this out yet.
BitChat from Jack Dorsey
Didn't Cwtch promise this? Not sure on the current state though.
Tox also.
Are politicians really exempt? Must be some really high profile pedophiles, or pedophile supporters between them, like those in the Hungarian government - they support this by the way.
Just one example from the many:
https://edition.cnn.com/2024/02/17/europe/hungary-child-abus...
Sure, Daniel Cohn Bendit, MEP for 20 years, was a big promoter of pedophilia [0].
Here he is on television promoting it in 1982 [1].
- [0] https://en.wikipedia.org/wiki/Daniel_Cohn-Bendit#Allegations...
- [1] https://www.youtube.com/watch?v=6IOAaSFpVCw
IIUC, no, they are not excempt. Certain professional contexts are excempt from surveillance, including political work, police work, military work and some corporate work. This is intended to prevent state or corporate secrets to be subject to surveillance.
I am not sure how it will be implemented that politicians are only excempt when texting about work. It seems like any implementation will allow politicians to avoid surveillance by using their work phone.
EU logic: Want to centrally track users with personally identifiably information? Great! Want to store anonymized data with local cookies, that the user can delete, disable, or doctor at any time? That should be heavily restricted with constant intrusive warnings.
Local governments all over the EU tried to push internet surveillance for a long time. Today, apparently the political landscale is ripe for their success.
Considering the endurance and BS justifications they brought up for so long tells me, there is a is a coordinated effort behind the scenes going on for decades now.
Dissmissing it with incompetence, like "EU logic" is naive, imo.
I have the same opinion, but I can't think of who or what would be pushing for that?
Unless it's just the US and NSA again actually somehow having trouble with bypassing encryption? Like just push the EU to do some more spying that the US/NSA can then use to see more? I find this somewhat hard to believe since in my mind the NSA is on every US server and can probably just get unencrypted everything from spyware (the OS itself) on all end-points.
Maybe governments/humans simply eventually naturally pivot to power grabbing and this was going to happen all along everywhere?
It's also not an EU-only thing. It's been happening all over the west, partners of the US and even outside of the west: UK, Australia, Colombia, Mexico, the Koreas, China, Russia, etc.
Any other ideas?
Our own governments are pushing for it, simple as that. I live in Spain, and both left and right parties, and to a lesser degree their voters, are increasingly leaning authoritarian and tacitly agree to extend surveillance; the police and specially the gendarmerie lobby for it as well.
So our parties are drooling at the idea of extending surveillance by EU directive so they can point fingers at the EU instead of risking losing votes.
It's no surprise to me, then, that in the document leaked to Wired in 2023[1], our country's position was the most extreme:
> In our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption.
There may have been external lobbying, but it wasn't necessary.
[1]: https://www.techdirt.com/2023/05/26/leaked-document-shows-sp...
> coordinated effort behind the scenes going on for decades
It's an open conspiracy among the global ruling class, including people and organizations collaborating at places like the World Economic Forum and Bilderberg meetings. *Adjusts tin-foil hat.*
The interests of the rich and powerful are aligned to coordinate an international effort for more surveillance of the public, control of information flow and communication. It's part of the rising tide of authoritarianism and frankly fascism.
I could call the recent right-shift in the west a coordinated effort too and in many cases, this would be a decent explanation, catching private media outlets, biased and centralizes social media, spineless populistic politicians and the donor class behind them but ...
Some cases are much more benign. Like the police, only seeing their need for more privacy invasions to achive their goals, meeting a tumbling elected politician with the need to pose as tough on crime. Both sides ignore anything beyong their horizon. Here, you have good old incompetence, esp on the politicians side. Pair that again with the populus feeling the need, that something drastical has to be done and you would have an alternative explanation.
As sad as it sounds, but a fascistic government, comming out of a democracy is not a failure of democracy. Many people dont care about big topics, correlations and history repeating itself. They are willing to sacrifice rights, piece by piece, others have fought died for. Besides a lack of governmental transparency, this ignorance, small and large scale, and its todays normalization are the problems i see here.
I cant help it, but i realized first hand (as i assume, many others did too) that this ignorance is often more than just a small mistakem done by individuals. Today, i see it as a cognitive deficiency.
Take one extreme for example, flat earthers. There are many simple physical experiments or celestial observations one could do, to conclude, that the earth is a sphere, but not for them. Confronting FEs with contradictions will only lead to reactance (ad hoc rejection), no matter how polite or enduring you are or striking your arguments are. I know this first hand. If you are lucky, you might encounter and open state of mind that struggles with the cognitive dissonance, you have induced, but only for a short time. Having lasting effects on some strongly biased mind resembles something like a long term therapy: an open mind / willingness for therapy and regular confrontig sessions. If all those self proclaimed critical thinkers were able, to not only change their minds on a whim but would actively seek contradictions in their believes on their own, the world would be a much better place. Can you tell me any historical atrocity commited by societies, where some believe about a superior truth or some absolute good/evil was not at the very core of it? I cant.
The same biased reasoning about a superior truth can be found in modern politics today. In essence, its people rallying around some vague group identity or against some other group (in/out group characteristics) and irrationally attack/discard $symbol criticism as if its fight-or-flight time because the apes survival dependeds of the tribe. MAGA accolytes could realize them selfs, that 1st gen. mexican migrants have a significant lower crime rate and thus crime emerges from within the US, but they dont. It doesnt cross their mind 0, that someone willing to migrate is also willing to work for a stable future. Instead, they rally arround "mass deportation" and will post hoc rationalize any atrocity of their supreme leader.
After Nazi-germany lost the war, the tribe was shattered and it was tabu to speak about or do $symbol in public. For a brief moment in time, it looked like the populus could actually learn, that history is not a loop but even though most AFD accolytes agree on the evil atrocities of that time, they still fall for the nostalgic unity strength and role model of it, they would like to see "tribe great again" and absolute evil being dealt with and ignore anything beyong, including your well-meaning, factual arguments. So why even try?
I cant help it, but i think changing the message to a primarily emotional one might be a better strategy. I am not saying we should ignore factual arguments but since disgust towards out groups can be such a strong source of bias, why not use it against them and make xenophobia disgusting again, like its 1945.
I like Gavin Newsoms recent trolling and hope he doesnt degrade into simple insults only. He does, what is neede, wresling with a pig and i think we all should convey the same derogatory message, while the communication channels are still unfiltered. The other side does not want to have a truley open discourse, they want us to be silent.
I know, this can be seen as inflammatory and counter productive but i think the polite approach is even more futile.
Now you know about my ideas :)
a fascistic government, coming out of a democracy is not a failure of democracy. Many people don't care about big topics, correlations and history repeating itself.
i disagree. people not caring about important topics is a failure of democracy. one issue is the reason why they don't care. in many cases it is the feeling of being unable to influence change. and that most certainly is a failure of the system.
my conclusion though is that it isn't a failure of democracy itself, but rather that it makes the system less democratic.
I was more so mocking the security theater in the GDPR, but now I see your frustration with how activism works in EU policy making.
Because of the circumstances under which the USA was federated, we have done pretty strong systems in place to prevent local activism from having a national impact.
It doesn't prevent the federal government itself from surveiling the population (e.g. the Patriot act and everything descending from it) but at least if something is legal in a state, companies in that state can generally transact with residents of any state. (for example: https://en.wikipedia.org/wiki/Marquette_National_Bank_of_Min....)
EU logic is only government should be able to track personal information
US logic is only billion dollar companies should track personal information
Personally I prefer the former as governments will spend my tax money on getting the data from the billion dollar companies anyway, and those companies will exponentially monetise it because they are required to
Not that the US government doesn't constantly spy on its citizens, but I'd much rather businesses do so than the government.
When I open a bank account, every bank is legally required to forward my personal information and transaction history exceeding $600/yr to the federal government, and there's nothing I can do about it.
I don't have to have a Facebook account or credit or debit card (and I don't have any of those) so I only get spied on by businesses I choose to deal with. Not only that, but most businesses I deal with give me a 3% discount when using untraceable cash, instead of payment processors.
On top of that, when businesses get out of hand, customers choose to support a new business and the old one fails. This can be financially detrimental to those invested in the business, but it is much, much less bloody than when the same thing happens with a government.
US had PRISM and countless other programs to siphon all data
I guess that makes sense when you are part of the power wielding majority. but as someone who isn't, it's absolutely better for private corporations to have my data than governments. Sure, private corporations will end up giving said data to the government if required, but it's at least a step removed. And Facebook can't put me into MetaJail using MetaPrivatePolice (yet), whereas the government absolutely can.
The EU lets you store whatever you want in cookies as long as they are truly anonymous (do not contain unique identifiers.) What you call "anonymized data" is literally the opposite.
The term "anonymized data" is a bit jargony, but tracking everything a person does, but not storing the name or address of the person meets the definition most organizations use for "anonymized". It's very far from "anonymous".
Anonymization is a process which removes identifying information from data. Adding unique identifiers is the opposite of anonymizing data. A selection of the data stored in cookies might not contain any PII, but it still can't be said to be anonymized.
The GDPR isn’t about anonymized data stored in local cookies.
That's not what it was all about, but it sure was an effect of it.
No chance in hell my country agrees to it (despite the darling of EU being the current prime minister). It is still a minority government and both the president and the people oppose it.
It will die this time and they will try to bring it back in 2 years time.
One thing I do not understand is why people in Denmark allow this to happen. Where are the large scale protests against the party that brought this zombie back to life?
Follow the money. This and the sudden wave of internet censorship comes partly from AI companies lobbying trying to sell their new AI thing.
I wonder what the chances are that the ECJ could look at employing actions for annulment against chat control, if it is passed. It is possible for private individuals to ask the court to annul an EU act that directly concerns them. So even if governmental structures across EU does not want it challenged, the issue could still be brought to the court.
has the ECJ ever done anything like that before?
Yes all the time. Seems like there is a handful cases a year. Poland, as an example, has won 19 annulments between 2004–2023.
The big one in 2020 I think was this one where they ruled against data retention.
https://curia.europa.eu/jcms/upload/docs/application/pdf/202...
Who are the actors behind the ChatControl initiative?
I remember reading their names being blacked out.
DSA was pushed by the very controversial Thierry Breton, former CEO of Atos, then European commissioner for the internal market, now on the advisory council of Bank of America.
Atos btw is the company that leads in receiving money to construct Europe's virtual security infrastructure.
But the proposal was ultimately supported by a substantial majority in parliament, led by the christians, socialists. liberals and greens.
https://howtheyvote.eu/votes/139040
> DSA was pushed by the very controversial Thierry Breton, former CEO of Atos
It's a clown show, that "French Big Tech company" Atos stock price went from 10000 to 40 euros in 25 years [0] and is now being sold into pieces because it has 5B debt [1] and is hopeless . I heard him talk once on youtube he is a total moron.
> Atos btw is the company that leads in receiving money to construct Europe's virtual security infrastructure.
Great if those type of people are in charge there is nothing to worry about. The only downside is the Internet might get slower in Europe.
At the end EU citizen might just be told to put the EU in CC of every messages you send, invited to every chat group, and tagged on every social media posts. If you don't you go to prison.
I mean during Covid the french gov mandated them to print and fill a new form every time they took their dog out to pee. So that is not far fetch.
- [0] https://finance.yahoo.com/quote/ATO.PA/
- [1] https://en.wikipedia.org/wiki/Atos#Financial_difficulties
Danes and Swedes are in the forefront
They say it's the Swedes, but that's not accurate. Thorn is a NSA-run charity that has been lobbying for this since 2012.
Interesting. Do you have a source for the connection between the NSA and Thorn?
Its board, as well as boards of the related orgs, is crawling with ex-State guys, even some CIA assets (most recently Fernando Ruiz Perez) etc. They're in bed with WeProtect (State Dept) as well as McCain Institute guys. The connection is not obvious, but see this as starting point https://balkaninsight.com/2023/09/25/who-benefits-inside-the...
https://projects.propublica.org/nonprofits/organizations/270...
What's telling is the fact that they never targeted the U.S. and U.S. policy-makers EVER, despite being mostly Washington guys with lended tech credibility of SF VC's.
https://en.wikipedia.org/wiki/Thorn_(organization)
How comes US celebrities have to create their foundation in Sweden instead of the US?
"As of July 2013, Thorn is in talks with leading internet companies (Facebook, Microsoft, Google, Twitter and at least three others) to collaborate on creating a database of millions of child abuse images on the web."
So if one messed up person likes that stuff, I guess they might aim towards working there?
Wouldn‘t be the first time something like this happens
When left unchecked and unaccountable, regulators will grow to fill the volume of their container
If this has the effect its proponents claim it will, it seems like substantially the larger outcome of this will be that government agents will be reviewing people's sexts. They say that false positives are rare, but how often is it okay for the government to be reviewing peoples' sexts? I found it a little hard to get concrete info on how exactly their image hashes work, but it sounds quite literally that if you've got a couple of young people (whether teens or twentysomethings) who are sexting, and their sexts look a bit like some piece of "known CSAM" if you squint, then a government agent will review it and possibly harass them.
Seems like eventually the law will get some poor girl killed when the authorities contact her parents about "CSAM," discover that it was the girl herself who took the picture and sent it to her boyfriend, her dad finds out she was having sex and does an honor killing.
But we're just supposed to trust that these image hashes have a small false positive rate, when there's no way to have transparent review without making it easy for adversaries to avoid the scan.
Even if they have a small false positive rate, the absolute figures will be staggering. 500 million people and all texts are being scanned, with more than 99% not being CSAM.. you do the maths..
Isn't democracy rendered impossible with laws like this?
I mean, if slavery was still legal or LGPT still illegal, would the government have been able to use this technology to smother political movements before they ever start? Wouldn't the government be able to add client-side scanning for words or phrases they don't like (not just images of child abuse)?
For democracy to work at all, people must at least be able to freely discuss there contrarian thoughts amongst themselves, even if they run contrary to the ruling party's wishes. I did not expect the cradle of democracy to be the one to kill it.
It's already impossible thanks to the DSA.
Start with protecting children. Then something about misinformation. Then about defending democracy. Then about stopping terrorism. And soon you can escalate your authoritarian policy to just about anything.
This is why having the structure of fundamental civil rights, like in the US constitution, is important. I’m surprised the EU doesn’t seem to have such protections for free speech and privacy and against warrantless surveillance.
Between FISC, the Patriot Act/USA Freedom Act, and such it doesn't seem like the US constitution is doing a good job at protecting anyone. There is a long wikipedia article named Mass surveillance in the United States, but not yet one for the EU.
> There is a long wikipedia article named Mass surveillance in the United States, but not yet one for the EU.
I agree with your other points. There is this though:
https://en.wikipedia.org/wiki/Mass_surveillance#European_Uni...
I don’t disagree. But there is still far more protection for free speech in the US than in the EU, where wrongthink is not acceptable to the powers that be. It is a huge regression and for some reason, culturally Europe seems to be modeling itself more after China than the US, with whom it shares more history and values.
i have lived in all three places (15 years in china) and i have to respond with an empathic no.
what we are seeing is that thanks to social media, more discourse is public. which leads to more prosecutions. that is not a regression. that stuff has always been prosecuted. and they go against hate speech, not wrong think.
Hate speech is wrong think.
Threats are something different
hate speech is no clearly defined, so maybe we need to talk about that. wikipedia translates the german term "Volksverhetzung" to "incitement to hatred", but that's not actually a good translation, because it rather means "incitement to hatred against a whole people". besides that here is strong language directed against individuals that is designed to hurt them. in germany that is defined as insult to your honor or dignity and incitement to violence. the devil is in the details of course, and there are many expressions that are borderline and depend on context. but i think we can agree that such speech is generally not wanted. whether it should be punished is another question, but in my opinion "wrong think" goes way beyond what i described here. one topic that does go beyond hate speech that may be problematic is expressions that threatens the democracy. i couldn't find any good examples for that yet other than democracy being threatened by radicalization, polarization and political violence. so presumably anything that leads to that, most of which is already covered by hate speech.
I don’t agree with that. Inciting violence is wrong. Lying is wrong. But pointing out crime figures of for example the imported migrant Muslims is true, yet also hate speech?
I think we’re far beyond hate speech being thought crime. It also means you can’t be honest about your reasons or viewpoint, thereby poisoning the public debate.
i can't comment on specific examples without knowing more details about the context and what actually happened. the problem in such cases is often that crime figures are cited in isolation without comparing them to local crime figures as if there was no local crime or ignoring the fact that a lot of "crime" by immigrants is violations against immigration law. something a local can't possibly violate. i understand the same thing is happening in the US. so yes, if you twist statistics to deliberately make immigrants look worse than they are, then that is hate speech.
if that is not what you are talking about then we will have to look at he actual numbers being pointed out and the message they come with and the response to that.
The problem is that already some countries, including Germany, are not reporting on the background of criminals anymore because it could lead to hate speech.
hate speech is a hazy definition that depends only on the party in power, so it means no protection if you rely on that
I dunno, right now America bans or locks up travelers for having fat Vance memes on their phone. So you tell me who is turning more towards China.
Stop spreading fake news, no one was detained or denied entry for a Vance meme.
Customs officers everywhere have almost unlimited discretion to deny entry.
While I think the Vance meme reflects very poorly on my country, it is always advisable to remember that you have very limited rights in every country while crossing the border and that it best not to piss off the officers. Travel StackExchange is filled with Q&A’s about how to what to do when the customs officials of various rich countries apply their discretion to deny entry, often for reasons even more petty than having a meme.
> While I think the Vance meme reflects very poorly on my country
The only thing it should reflect poorly on is reporters who ran with this fake story for clicks.
Putting people in near-torture jail is not "denying entry".
American exceptionalism is crazy. US is one of the more abusive countries, not some civilized safe haven of individual liberties.
> I dunno, right now America bans or locks up travelers for having fat Vance memes on their phone
That has never happened.
I have long campaigned against Fourth Amendment violations in the US, but to compare the US and the EU is laughable. The difference is night and day in every aspect, from constitutional rights to privacy (virtually worthless in most EU constitutions vs quite broad in the US) to practical surveillance (far deeper and broader in the EU) to court requirements for access for typical requests (commonplace in the US, rare in the EU.)
As an example of one of those points, the US right to privacy was long considered so broad that it served as the _foundation of the right to abortion_ in the US for decades! By contrast, to pick an EU example, the Dutch right to privacy is so weak that it is quite literally written into the Dutch constitution as “except as limited by law”; in other words, nearly worthless.
To compare them by presence of a Wikipedia page is beyond ridiculous.
But what exactly does privacy entail in the US?
Your address and phone number are publicly available with a Google search. I've been stalked and had someone show up at my house after moving (and I have zero social media presence) because, for some reason, my personal info was all online and easily found by googling my name.
People can take a video of you, shame you for some random thing, and have your face and name known to millions by the end of the day.
The NSA can access all your online data and share it with whoever they want. Companies do it on their behalf as well. Cops can dig through your car just by saying it smells funny.
A right to privacy somehow was construed as the right to an abortion. But the right to privacy never meant you have the right to keep anything private. In some other countries, you can easily have your data taken down from public view online and sue (and win against) people who violate that right. That's an uphill battle in the US.
American freedom is general is based on “might makes right”, whether that’s the well armed gunslinger in the old west, the lawyered up millionaire in the courts, or the billion dollar company using their freedom of speech to obliterate yours.
Everyone has the same freedom to use their resources to maximise that freedoms to help with where the fiat meets the nose.
In the US, mugshots of people are published before they have been found guilty.
Comparing privacy laws by example is beyond ridiculous. And there are big cultural differences what "privacy" entails.
Americans have the right to privacy "except as limited by capitalism". For example, your location history and purchasing history are actively sold for the ad industry. No it is not sufficiently anonymized.
FISA and patriot act are very controversial, the EU doing the same thing but far worse isn’t a good argument to stand on merely because the US gets talked about more on Wikipedia and therefore the press (which is one of the primary acceptable sources for a wiki article). Not to mention places like Germany and France did much of what NSA was doing back in the 2000s, often with even more leeway.
If anything censorship and extensive government oversight of peoples lives in EU and UK is far less controversial so there isn’t much of a push back. As you can see every time this comes up on HN where people in the EU defend it.
> FISA and patriot act are very controversial
They are controversial with the public. They are not controversial within the government.
I suspect they aren’t controversial with the public either.
With certain subsets of the public sure.
Similar response to the “give your passport to shady company” act in the U.K - the majority of the public support it.
* I’m surprised the EU doesn’t seem to have such protections for free speech and privacy and against warrantless surveillance*
individual countries, such as germany do have these protections.
Is this supposed to be a joke? Germany has about the worst speech restrictions of any western democracy.
Unless you oppose genocide, in which case your freedom of speech evaporates.
Agreed. We have that in common with the US.
The biggest set of propaganda is that America has “free speech”
According to Wikipedia, the Russian constitution mentions the following:
1. Everyone shall have the right to the inviolability of private life, personal and family secrets, the protection of honour and good name.
2. Everyone shall have the right to privacy of correspondence, of telephone conversations, postal, telegraph and other messages. Limitations of this right shall be allowed only by court decision.
And yet, they have the SORM and SORM-2 laws.
> This is why having the structure of fundamental civil rights, like in the US constitution, is important.
How's that structure working out in upholding fundamental civil rights in the USA?
I want to be not snarky but I can't:
Which constitution are you talking about? The one that includes the House of Congress' right to militia to defend the constitution...or the one without that article?
Lately, the constitution of the US is as much worth as toilet paper, because the Trump administration does everything to exploit it using the "invasion excuse".
In Europe, there is the EU charta of fundamental human rights. If they are violated, laws can be fought above country level.
[1] https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex:12...
The US has a long tradition of creatively interpreting their constitution, really no reason to bring trump into this discussion.
>"Start with protecting children..."
This is exactly what I think about it: https://youtu.be/J07wReeRF7Y?si=_VfrNiGRnG-_7dHX
Covid was only 5 years ago can you imagine what people would have used this sort of power for during the lockdowns? How are people's memories so short especially with regards to such a traumatic experience that we all had?
People generally cheered along the authoritarian measures that were employed during covid.
if the framing is “pandemic controls bad because my rights are more important than public health in a global pandemic” it’s not a very convincing argument.
we should stick to actual fact and issue here which is that these tools are bad for human rights NOW. not some mythic pandemic is bad bogeyman
How is the framing of “chat control bad because my rights are more important than saving the kids from sex abuse” any different? I bet you good money you understand the fallacy in my example. I only wish people could see it for things that “their side” championed as well.
Most people in Europe were happy with the pandemic response, so that's a non-issue.
Quoting from proposed text:
> When executing the detection order, providers should take all available safeguard measures to ensure that the technologies employed by them cannot be used by them or their employees for purposes other than compliance with this Regulation, nor by third parties, and thus to avoid undermining the security and confidentiality of the communications of users.
EU demands impossible.
Nudge the door open with child abuse "concern" and then expand to your hearts content later. The analogy of it being like a police officer standing next to you while you chat online to a friend was great. He was joking when he said "lets cancel cars" but it might happen in the distant future. Letting people control heavy projectiles doesnt seem like such a great idea.
When you put "concern" in scare quotes like that... are you saying that there isn't actually anything to be concerned about regarding the safety of children using the internet?
of course its concerning, but i doubt its the ultimate objective and it also seems contrived given the other dangers to children that abound.
I guess you're right. I doubt there are actually any children being prayed on on streaming apps and the like, and even if there are I highly doubt it has any lasting impact on their mental health.
The problem is obviously real, but a lot of people disagree with this proposed solution. Nobody is trying to argue whether child abuse is a problem or not.
I don't think there's a workable solution that both protects kids and protects society from sliding into 1984.
It essentially feels like a referendum on "should we just accept it?" It being whichever over those you think is the lesser over two evils. Figuring that out is an exercise left to the reader.
Maybe not let your kids unattended on the internet. Require default settings on vendor products to child protected mode, punish parent negligence while in parallel crawl the web for illegal content.
if only these children had parents to raise them. nope can't think of how that would work. it's better to control everybody else.
How would that work? Please explain.
parents take an interest in their kids lives. parents talk to them about things that are good and bad for them. it's a novel concept.
That's the system we already have. It clearly has severe limitations.
yes, parents take no interest in their kids and want the state to raise them.
All you have to do is be honest and say it. "I'm ok with those kids being collateral if it means I personally retain my privacy".
Or you could just ban under 18s from the internet entirely.
And enforce it how?
Its these sorts of straw men that keep the conversation going in the wrong direction.
Straw man? It happened to my niece on a streaming app. She was 11. It started out as innocently as "what's that shirt you're wearing? Can you show me?" and progressed from there.
Straw man my ass.
Edit: I'm against the mass surveillance and direction things trending in, but I think either way we are facing a significant negative externality whichever way we choose. Either there's real people suffering real harm, or we're getting screwed by sliding into 1984. Both of those horrible. If we pick one horrible over the other, we're essentially saying "I'm ok accepting this horrible reality in order to avoid a different horrible reality".
I just don't think we can have our cake and eat it too on this issue.
Why was your 11 year old niece on a streaming service?
I'd bet is a concern troll. There is no way someone can type that as if it's natural to allow children unattended on a streaming website.
We're supposed to be smart around here right? No 11 year old kid of mine would have access to anything other than offline educational material.
[dead]
[dead]
As roer said above "Nobody is trying to argue whether child abuse is a problem or not.". You just built a straw man argument around something that isn't even being discussed.
If it's a given that it's a problem, and that we want to do something about it, then the discussion is what should we do about it? So we have to pick something.
The only suggestions I see are things like Chat Control and things like "how about be a better parent". In practice, neither of these work. Chat Control we lose out on too much privacy and get dangerously closer to 1984. "Just be a better parent" is basically the strategy we have now, and it isn't working. I wrote in another comment what happened to my niece, I won't repeat it, but TL;DR as a parent you don't know what you don't know and your best efforts can go in vain.
Let me guess- preventing child abuse- unless it's done by an israeli government official of course https://www.theguardian.com/us-news/2025/aug/16/nevada-arres...
Did you really have to add the Israeli thing there?
News flash: every country in the world has an Epstein. Even Epstein has been replaced and a new guy is doing his work. Or does anybody really believe that child abuse among elites in the US and globally has suddenly stopped when Epstein was suicided?
This isn't even epstein, it's an active member of the likud party, but since you've mentioned epstein i guess i should say that the former prime minister of israel also visited his island numerous times and bolster my point. And yeah, it's my moral obligation to include it.
I hate the "protect the children" argument so much.
Birth rates are so low that a lot of people don't even have kids. Why should we preference other people's children to a total invasion of our privacy? Shouldn't those parents mind their own offspring?
Stop putting god and other people's children in my life. That's none of the government's business.
The other point is that people don't even care. Teachers with CP possession don't do any time, just one or two year suspended sentence. Most of the terrorists, be it by bus, truck, gun or knife, were well known to the police ahead of time. Did that stop the attacks? Would more "chat control" change any of that? Fuck no....
It's an interesting argument that with a declining birth rate childrens protection should be less in the picture. I'm more inclined to think that we owe it to the next generation to give them something viable and recognisable as a childhood, and it's communities obligation to raise them. Those who want privacy will usually find it.
> we owe it to the next generation to give them something viable and recognisable as a childhood
Poverty and bad parenting is the problem, not the Internet.
> it's communities obligation to raise them.
I'd favor taxing bad parents instead of taxing the broader society.
If you don't want your kids seeing content you disagree with, don't give them access. It's a parent's responsibility.
I find it hard to believe that this is the top priority.
> Those who want privacy will usually find it.
Increasingly impossible. Privacy is evaporating.
Coupled with the increasing amounts of censorship, freedom of speech is disappearing too.
The next step is to leverage these tools to control the population. It's already happening.
Right now these systems are being used to coerce powerful politicians and business leaders. It's a trap that becomes a blunt instrument.
One day in the not too distant future you'll have to sign in with your government photo ID to make queries or posts online. If you say something "bad", the government will fine you and limit your social mobility. Your jobs, your opportunities, your money will all be suspended, subject to your pending social rehabilitation.
The only way to stop that is to shut it down now.
Sorry that the kiddies might see boobies. Maybe mom and dad need to limit smartphone access or install filters.
If we're being honest with ourselves, we'd crack down on all the rampant sex trafficking in Roblox. But we know that protecting kids isn't the real reason these things are being developed.
I don't like that argument either.
However, the continued existence of society requires other people's children, so maybe it's a pretty important investment?
> society requires other people's children
Does it really require knee-capping the internet and privacy though?
Is this really the pressing issue for society?
There's really no logical reason for humans to exist
> Stop putting god and other people's children in my life. That's none of the government's business
This is very naive worldview.
No it's not. People need to leave other people alone.
Stop imposing religion, lifestyle, judgment. Live and let live.
What people do with their own lives is none of anybody else's business.
It is naive - you mistake reality and your expectations.
What makes you think he is unaware of reality? He just expresses his demands at this reality, or rather the small part of reality that human society occupies.
I am pretty sure he is aware that the default is rather intrusive - but that doesn't mean that is the right default.
Because of:
What people do with their own lives is none of anybody else's business.
One of the main characteristics of the society is that its members take business in what other people do with their own lives.
Saying that it shouldn't be the case is not a proposal for a different society, but for abolishing it altogether, and thus naive.
"One of the main characteristics of the society is that its members take business in what other people do with their own lives."
That is your definition of societey, but one I consider close to totalitarian. And yeah, sadly it is the standard, but there are societies that stick together, so each member has better chances of living their own live and not so each members lives the live that the others force them to live.
That's arguably a selfish way to live- where no one cares about anyone but themselves. You would just be people living next to eachother, not a community.
Missundertanding (hopefully).
Saying other people may not interfer uninvited in my life is not the same as saying people may not care about me.
I care about other people and interfer in their life, because in the case of my kids, they cannot sustain on their own and they want me as their parent. So there is consent in general about it.
But I am not telling my neibghors that they must wear a warm jacket when it is cold.
(Or that they may not consume porn, to not go to hell)
There is a slight difference between offering help for example and forcing someone to do things in a different way, no matter how well intentioned.
Liberty is good, but individuation and atomisation can break a community if it goes too far. If you don't feel any obligation to the state that helped you what hope do you have for national unity.
[flagged]
[dead]
HN discovers there is unsolvable tension between public, its interest and its institutions, Ep. 1234.
but what if whatsapp refuses? majority of eu population rely on whatsapp for everyday life, they are going to revolt if whatsapp is pulled.
Does anyone know where to find the text of the proposal? I wasn't able to find it.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A20...
Louis makes it sound that its actually for protecting the children but we all know its just an excuse for surveillance, control, and ultimately jailing people for wrong opinions (a real threat in the EU since there is no protection of Freedom of Speech anywhere)
The European Convention of Human Rights explicitly protects freedom of expression.
Yeah but look how many exceptions there are: https://en.wikipedia.org/wiki/Article_10_of_the_European_Con...
If it doesn't protect someone denying the holocaust then it won't protect any other expression that the government in power doesn't like.
nope. part 2 of the article 10 basically nullifes the freedom of speech for any bs reason given by the government. that counts for nothing.
The judiciary deciding about reasons is independent from the governments.
national security is not up to the judiciary
> The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.
[flagged]
October, 2018: "In Europe, Speech Is an Alienable Right: [the European Court of Human Rights] upheld an Austrian woman’s conviction for disparaging the Prophet Muhammad."
>On Thursday, the European Court of Human Rights (ECHR) upheld her 2011 conviction for “disparagement of religious precepts,” a crime in Austria. The facts of what E.S. did are not in dispute. She held “seminars” in which she presented her view that Muhammad was indeed a child molester. Dominant Islamic traditions hold that Muhammad’s third wife, Aisha, was 6 at the time of their marriage and 9 at its consummation. Muhammad was in his early 50s. The Austrian woman repeated these claims, and the Austrian court ruled that she had to pay 480 euros or spend 60 days in the slammer. The ECHR ruled that Austria had not violated her rights.
https://www.theatlantic.com/ideas/archive/2018/10/its-not-fr...
[dead]
jailing people for wrong opinions (a real threat in the EU since there is no protection of Freedom of Speech anywhere)
how do you figure that? the freedom of opinion is explicitly enshrined in the german constitution for example. there are limitations, but these are very specific and not arbitrary.
gemany is in fact one of the countries the provides the most protection for your opinion world wide, as long as that opinion is not based on obvious falsehoods (like holocaust denial), or stirs up hatred against a group of people. you can however criticize others and at this point germany provides even more protection than the US.
"Hatred against a group of people" has been stretched to the breaking point in recent years.
in germany? examples please.
After a minute of searching... https://www.nytimes.com/2022/09/23/technology/germany-intern... I admit that these cases are arguable but by the same token the police don't have to respond to every mistake with a dawn raid. Even the US Secret Service has more discretion than this.
i agree with the overuse of raids, but i didn't see anything mentioned that didn't warrant at least some investigation.
Not even the multiple cases of an individual doing nothing but call a politician a dick on social media?
> Last year, Andy Grote, a city senator responsible for public safety and the police in Hamburg, broke the local social distancing rules — which he was in charge of enforcing — by hosting a small election party in a downtown bar.
> After Mr. Grote later made remarks admonishing others for hosting parties during the pandemic, a Twitter user wrote: “Du bist so 1 Pimmel” (“You are such a penis”).
> Three months later, six police officers raided the house of the man who had posted the insult, looking for his electronic devices. The incident caused an uproar.
...
> In response to a message by [politician] Mr. Jurca criticizing Muslims, Mr. Mai posted a link to a picture of the mural [saying “Du bist so 1 Pimmel”].
> Several weeks later, four police officers pounded on Mr. Mai’s door at 6 a.m. with a warrant to confiscate his electronics. Mr. Jurca had filed a police report claiming the link to the photo was an insult.
call a politician a dick on social media
in germany that is covered under insult against the honor and dignity of an individual. i don't know about this case, but this is generally only prosecuted when the insulted asks for it, and in most cases is a civil matter. that the incident caused an uproar shows that the response this case is an example of overreach, but overreach happens everywhere, and is an issue in itself. he question here is, is the risk for overreach more dangerous than removing the law/protection. this is certainly debatable.
The continual harassment of socialist parties by the government, including declarations that any group following Marxist philosophy is necessarily acting towards an unconstitutional goal.
because they are calling for a revolution, not reforms. revolution is an unconstitutional goal. if they believe that marxist philosophy can be achieved without a revolution they better ought to make that very clear. and to my knowledge the treatment of communists in the US was way worse.
Yes, well, calling for a revolution is protected speech in the United States.
It is only if your words are likely to promptly cause someone to commit violence that you can be prosecuted for it.
there is a difference between individuals calling for a revolution and organized groups that have that in their program as a goal. the latter is not a theoretical threat but one that has historical precedent.
in France for example
https://www.france24.com/en/live-news/20230329-french-woman-...
Right now, in the suppression of protest against the genocide in Palestine.
we need to be more specific here. peaceful demonstrations are certainly allowed. it becomes a problem when those demonstrations become violent. suppression would be not allowing these demonstrations in the first place. and if that is the case we need to look at how often that happens and whether the risk for a planned demonstration turning violent justifies not allowing it to take place.
> peaceful demonstrations are certainly allowed
That's just not true. Germany has banned slogans in favour of Palestinian freedom.
What's allowed is government-sanctioned gathering, which is the opposite of freedom of speech.
Germany has banned slogans in favour of Palestinian freedom.
do you have any references?
and what do you mean by "government-sanctioned"? reality is that any kind of large public demonstration requires registration and is subject to permission. the question is whether permission is granted to all groups equally, or whether certain groups are getting limited. if that is what you mean then we would have to look at actual statistics. demonstrations in favor of palestina certainly did happen.
> do you have any references?
Staatsräson: https://en.wikipedia.org/wiki/Censorship_in_Germany#Restrict...
> and what do you mean by "government-sanctioned"? reality is that any kind of large public demonstration requires registration and is subject to permission.
In Germany. That's not true in the majority of the democratic world and is not what any reasonable person would call freedom of expression. Nothing that requires permission is a right and civil rights don't require permission.
> demonstrations in favor of palestina certainly did happen.
And the protestors have faced consequences both immediate and in long-tail harassment from the German State.
i can't think of any country where it would be legal to block traffic without some kind of permit.
for the rest, i can't comment on your claims without knowing more details about them
You don't just need permission for a demonstration in Germany if you plan to block traffic. See e.g. how covid policy protesters were treated. But I guess you agree with those policies so think that's ok.
What are you talking about? I see those (clearly very well funded) protests calling for literal unambiguous genocide of the Israeli people "from the river to the sea" almost weekly in every major train station and city center in the EU (and also China which means CCP gov backs the message)?!
Open jew hate in Europe hasn't been this elevated since WWII.
> Open jew hate in Europe hasn't been this elevated since WWII.
Opposition to genocide or to Israel is not anti-Semitism.
The result of all of the hubbub over privacy in past years is that many people left more centralized services for other private servers, which means that the government can no longer just ask Twitter for your data and it’s a pita for them.
Once they can read everything again, and more, the next step will be to use your own network, a.k.a. the multinet, which is mostly an advanced form of the disparate networks in the 20th century. Even ARPANET was just another network, which evolved into the B.S. we have today. We also don’t have to use the same protocol stack, routing, etc. We could get rid of name resolution and just use some long IDs.
that's what I am thinking, EU made GDPR that is good move prevent any third party to extract privacy data illegally but still doing it to themselves anyway
like what's happening????
Nobody is doing it. The law doesn't exist yet in the EU.
I voted for the only candidate that was clearly against this. However, the companies are suppose to do the scanning, not the police. Corporations like Meta already does things like this for sure. The difference is that they now will have to share potential crimes with the police. For Signal it is worse since it can't be added.
Every single fucking day the whole world gets worse and worse. I am so sick and tired of this life.
for ages I was saying "do not ignore crime that is now allowed to scale and proliferate thanks to e2e" (very much similar to crypto). If you accept this reality and work with the government you can arrive at a decent compromise that is not 100% bad. If you ignore reality and cover your ears and shout "nananana", the government will find a way and I guarantee you it will be a dumb way that undermines privacy way more. News at 11, the government did.
Let's pick our pitchforks up and pretend sexual abuse monetization or human trafficking are not taken to the next level thanks to end to end encryption. We gotta make police do their damn jobs right? It's not our fault we invent new and improved ways that prevent police from doing that.
Is the EU investigating the Epstein client list then?
[dead]
EUSSR, an unvoted for central dystopian committee, led by WEF line Schwab, warmongers like Rutte and career aristocracy like Ausgeleiert (von der Leyen).
[flagged]
[flagged]
Up until about 100 years ago, most civilian communication was either totally ephemeral (in-person speech) or transmitted on physical artifacts. Surveillance required either physical mail piece interception, physical presence, or individual communications with knowing parties. That the Powers That Be are even capable of reliable remote surveillance—-let alone that they’re _entitled to do so_—-is very much a recent occurrence.
> That the Powers That Be are even capable of reliable remote surveillance... is very much a recent occurrence.
Yep. Many of our laws and regulations sorely need updating to match the world in which nearly anyone can set up 24/7 surveillance very, very, very cheaply and cops can go to a handful of businesses to find out who we talk to, what we're saying, and what we're reading about. Things that made sense when you had to put a guy in a place to keep watch, to follow a guy to see who he talks to, or go door to door to ask folks in a neighborhood what happened on a particular date are much less likely to make sense in the world we live today.
> Surveillance required either physical mail piece interception
It was explicitly understood that if you used the UK or US post offices, your correspondence could be read. Because it became government/state property the moment you handed it to the post office (this is still the case, I think). Pretty sure this is how all postal services worked.
Telegrams, likewise, were implicitly intercepted.
Sure you can argue that surveillance is new. But so, actually, is privacy. The right to have a private conversation is also new; the idea that your private words were your own and your patriarch/clan leader/priest/boss/judge/monarch/patriarch would not simply be able to demand, with threats, that one or all of the parties recount them would have been shocking. There are surely many things you simply wouldn’t have voiced because one of those people might find out.
Projecting our modern ideas of free speech and privacy onto a pre-communication-age society doesn’t make any real sense.
> Pretty sure this is how all postal services worked.
Nope. For ages (and possibly still today), the only thing that can be casually read by the US post office are the parts of the mailpiece that can be seen without opening the mailpiece. So, the entire contents of postcards can be read at any time. The entire contents of envelopes, packages, and the like cannot.
Engage your brain for a second and ask yourself if the "Founding Fathers" would really have set up a system where the government gets to root through its citizens' private communications without a warrant.
And yes, you can point to how the third-party doctrine enables all sorts of warrantless investigation of the private communications of modern day USians, but the state of the world was way different back when that doctrine was solidified. In a just world, we'd see massive reform to the doctrine to bring it in line with how folks interact with third-parties these days, but authoritarians don't like to be stripped of their tools of oppression and clandestine, unchecked surveillance and will fight very hard to keep them.
> Until about 20 years ago, very little civilian communications were encrypted. Ten years before that, virtually no civilian communications were encrypted.
It does not feel like the world is a more dangerous place than 30 years ago. I need to see evidence that crime is increasing because of encryption before taking arguments against encryption seriously.
If it were really that disruptive we'd see crime rise and police effectiveness reduce drastically. This isn't the case. Society is just as safe as 20 years ago if not safer.
I'm sure sometimes this has an effect but most criminals are still caught. Because they make mistakes too. Communication is only a small part of the chain.
Zero day compromises of most devices are available to state actors. If they get a warrant to compromise your device they get everything on the screen, no need to break encryption.
Yes, it’s hard. Surveillance should be hard. Just because it -could- be trivially easy does not mean it is in the public’s interest that it -should- be.
The privacy exposure is so huge with chat control et al that there is effectively no expectation of privacy anywhere ever, from a practical point of view. That is not conducive to a functioning democracy, which only works when there is a delicate and deliberate balance of power between the individual and the state.
doing nothing hands over too much power to criminals
you either have encryption, or you don't. there is no middle ground. any measure to force access to encrypted messages would effectively disable encryption entirely.
I was going to respond to this part of GP but along the lines of communication being (mostly?) not a crime in an of itself. Committing crimes in the physical world is still illegal.
I just want to make that clear, governments don’t need complete access to your digital life to make the legal system go round.
Unfortunately the argument of strong privacy for everyone loses compared to the emotional argument of “we could have prevented this horrific crime if we had access to XYZ”, in the emotional political arenas
> stirring up paranoia is not going to solve the problem
There are reasonable tools that have been deployed and are existing for police enforcement ; notably with the coordination of ISP providers. The fact that encryption has been democratized does indeed change the situation for enforcement but this does not mean everybody should be spied on by default.
Here's the thing, more appropriate tools for criminal activity encompass not only encryption but stenography technics, maybe even just signaling.
It's so easy to bypass that it only steer up the problem an order of magnitude further, makes the life harder for everybody, and creates a situation where everybody's data is basically on some server.
Now, knowing how capable institutions are able to protect data ; well i'm telling you there is 0 way I envision continuing my journey on the internet if it means that everything i look at, say or have an opinion on can be used against me eventually.
You probably meant steganography.
i did
> law enforcement is in a difficult situation
Are they? More so than usual? This rhetorical device or similar seems to be always used, no matter the situation or time.
"Criminals are so sophisticated, our jobs are so hard, we need more power" - every police force ever.
"We actually need fewer capabilities and more checks and balances" - no police force ever.
> Now they are facing a situation where not just virtually all communications are encrypted
No, they aren't. Phone is unencrypted. Email is unencrypted. SMS is unencrypted. Some messengers are unencrypted.
Communications can be encrypted; I guess only criminals do that. Or banks. Or businesses. Or the government.
> but virtually all forms of evidence that document a crime are encrypted.
No, they aren't. Etc
> On the other hand, doing nothing hands over too much power to criminals
What ever happened to innocent until proven guilty?
Any form of blanket surveillance flips this into “maybe guilty so capture and archive surveillance data, and if ever (even years after) are possibly suspicious, comb through archived data to find some form of proof and then build up your pre-text for a warrant… in other words - “maybe guilty until proven guilty’
Law enforcement needs to do their job instead of trying to outsource it to service providers.
We've had end-to-end encryption for a few years now and there seem to be very few cases that have been thwarted by it. Criminals are actually dumb. (Yes, the FBI has 10,000 locked iPhones that they would love to unlock but it's not clear that it would make a difference.)
> but virtually all forms of evidence that document a crime are encrypted
These are good points, though I'm wondering if the burden of proof has just increased? E.g. in the past there was little permanent evidence, so do we really need to break encryption to prove beyond a reasonable doubt?
It's like lack of DNA evidence making cases seem "unprovable", but then what did we do before DNA was available?
A lot of innocent people were convicted back in the day.
[flagged]
European governments are all for free speech whilst imposing sanctions and invading other countries to export “democracy and human rights.”
Fascinating to watch.
(Downvoted, as expected. The hypocrisy on this site is absolutely adorable.)
Which countries have been invaded by European countries to bring democracy? Because America started multiple wars for that in the last 70 years, not Europe.
Iraq, Afghanistan, Mali, Somalia. The expeditionary European powers like the UK, Spain, etc can't hide behind the US when they were willing participants.
It's probably just one single guy scrolling through all the posts and downvoting covered in sweat.
[Confirmed]
Isn’t EU’s justification that they protect you from companies / private industry but they want full government/police control because that’s trusted / socialist?
The EU is at its heart a neoliberal institution, not at all socialist.
Capitalist doesn’t really fit with the gdpr. And anything but full trust of government also wouldn’t fit with chat control.
> Capitalist doesn’t really fit with the gdpr.
What makes you say that? A lot of it was heavily impacted by industry, who were by far the biggest contributors during the drafting process.
> And anything but full trust of government also wouldn’t fit with chat control.
I agree with this, but chat control isn't a top-down proposal. It's based on a solid grassroots movement aiming to combat CSAM. Personally I think it's misguided, but there is a _lot_ of public support for online regulation to stem the endless cases of CSAM.
It's a real blind-spot of HN and devs to miss this, as if we don't find ways to effectively end CSAM online, stronger less-targeting regulation like the proposed Regulation to Prevent and Combat Child Sexual Abuse is inevitable>
Idk pretty sure Google and Facebook hate it
Yes, privacy has worked that way for a long time. There's no gotcha here.
It's good to see there are still rational Americans.
At least we got the cookies banners, that must count for something, right?
Please stop repeating this nonsense. The GDPR never mentioned cookie banners. This is the industry‘s shitty solution to forcing users to consent with tracking.
You can run a perfectly fine website with zero cookie banners if you simply don’t track your users and don’t expose them to third parties that do track them.
Hence, all websites implementing cookie banners are the culprits here, not the GDPR.
If the law incentivises bad behaviour, it's a bad law.
Is your base assumption that putting up a cookie banner is worse than silently stalking users without permission ?
That's a false dichotomy - clearly there's more options than these two. There's definitely a better way to address this issue.
On the other hand, between those two, it arguably is worse, because we now live in worst of both worlds - we still get a ton of stalking but we now have those cookie banners on top of that.
Absolutely yes.
I can block coockies using simple addons, which is WAY lower effort than clicking through a deliberate dark-pattern that is different on EVERY website (or using complex addons with lookup tables for every website).
It's not about cookies specifically, they're just one of the many ways you can be tracked.
You can't realistically block fingerprinting without serious effort, and you can't block your IP without using a VPN (which causes a bunch of other problems with sites not serving you).
the behaviour was already bad (sharing your personal information with 1000s of “trusted partners”), companies just want to keep doing it even if it inconveniences their users.
Having to pay for train tickets incentivises people to jump ticket barriers. Is that a bad law?
The only problem with GDPR is the lack of serious enforcement against data abusers and their political adverts (“cookie banners”)
Terrible analogy.
The correct analogy would be California’s toxic substance regulations.
They’re vaguely worded and enforcement is applied randomly based on whatever company is getting bad press at the time. So virtually everything sold in California carries a sticker saying essentially that “this product may cause birth defects.”
Even companies selling products that don’t contain any of these chemicals do so, out of fear of the asymmetric power wielded by the state.
Do a majority of train passengers jump the ticket barriers because they are afraid they might get fined billions of euros if they don’t?
The majority of companies have cookie banners because they want to track and monetise their customers and hope they can trick them into agreeing
I hate to confront you with reality, but this is just not true.
The laws necessitating cookie banners came into effect long before GDPR. That would be the 2002 EU ePrivacy Directive. The GDPR (2018) concerns the handling and storing of personal information, the mandatory disclosure of how this is done, and the mandatory right users to ask what data is being stored and deleting that data. There aren't any cookie banners in native apps. But they still need to comply with GDPR. And you can get into trouble for mishandling privacy sensitive information.
That law has been pretty successful to the point where there have been debates in the US about adopting similar laws.
The common US media company interpretation to declare their websites an abusive UX disaster zone and put their contempt and complete disregard for their main product (users) on full display is entirely on them and their sleazy lawyers trying to find ways where they can still do their sleazy business. This is made worse by incompetent web designers deciding that this is apparently "the way things should be done" without questioning that. Most cookie banners are just the result of their (mis)interpretation of the law, lazy copying of some shitty website they once saw, and the perceived need to provide lots of legal ass coverage for what under GDPR is flat out just not allowed at all.
Worse, the jury is actually still out on whether the highly misleading language, dark patterns, etc. are actually not illegal in themselves. They might very well be. Lots of companies got some really bad advice regarding GDPR. And some EU companies have actually been fined for doing it wrong.
does the law incentivise bad behaviour here or greed?
> You can run a perfectly fine website with zero cookie banners if you simply don’t track your users and don’t expose them to third parties that do track them.
I run an extremely simple static website with some JavaScript that lets the user keep track of their state between visits. I have no way to access their cookie, and nothing on the website sends data to me (in fact, can't, since it's a static site running on Cloudflare pages). I never really thought about whether or not I need to add a cookie banner, I just... Didn't.
Legally though... Do I need to?
Please stop repeating this nonsense defense of poorly designed policy.
When everybody is using it wrong, the problem isn’t “everybody.” The problem is your design.
Cookie consent should be a centralized browser based setting and nothing more. And the default should be some middle ground compromise that both the most privacy obsessed people AND businesses are not happy with.
So why do so many European government websites have cookie banners?
See, for instance: https://www.info.gouv.fr
Because you could sit down and read the GDPR in an afternoon, and actually understand it yourself. After all, you've had 9 years to do that.
I challenge you to demonstrate the supposed understanding you have that would explain why that website is following "industry‘s shitty solution to forcing users to consent with tracking." (and not even each industry website does such stupid full page banners) instead of using non-shitty solutions.
It's a good question, which has a very obvious answer: even government websites are built by clueless people and/or marketers and/or using shitty tech.
Which you can see when you click on "personalise" in the cookie banner.
That's why GitHub reneged on their "no cookies policy" for example: they got taken over by shitty people with shitty tech: https://github.blog/news-insights/company-news/no-cookie-for...
You've failed the challenge because your answer doesn't depend on wasting your afternoon to read and understand GDPR
You expect too much.
Obviously you haven’t either, because GDPR says nothing about cookie banners.
Cookie banners are the result of a different piece of legislation, the ePrivacy directive. Have you read that one too?
What about all the latest judicial actions regarding data transfers to 3rd parties that have gone back and forth due to ongoing legal cases? Legislation is totally irrelevant without the context of the latest judicial precedent.
Did you read the entirely of the schrems decisions and the analysis of what that means for using or offering any technology services? Having read GDPR is irrelevant when one day Google analytics is okay to use and the next day it's not due to one court case.
What about the latest data transfer agreements between the US and EU that invalidated the use of standard contractual clauses, and the above prior Schrems decisions? You've had years at this point.
Do you think it’s good to insult and assume bad faith from your fellow internet commenters about a topic you actually don't understand yourself?
> Cookie banners are the result of a different piece of legislation, the ePrivacy directive. Have you read that one too?
The huge obnoxious cookie banners that everyone pretends are due to GDPR are neither due to GDPR nor due to ePrivacy.
It's the industry's unashamed deliberate sabotage of GDPR
Oh definitely, the decentralized private market absolutely got together in secret to devise a plan to undermine the beautifully designed EU legislation by using cookie banners.
My flower shop down the street that has a cookie banner on their Wix website is secretly trying to undermine the government.
It couldn't possibly be that the largely unaccountable central planners in the EU's technocratic maze of a government designed a dumb piece of legislation.
> got together in secret
Who said anything about secret? They are doing it all in the open.
> My flower shop down the street that has a cookie banner on their Wix website is secretly trying to undermine the government.
Oh, your flower shop only sells you flowers. The 1421 "partners" on their website however are really glad that they tricked clueless people to include their "GDPR-compliant privacy-preserving" solutions.
> It couldn't possibly be that the largely unaccountable central planners in the EU's technocratic maze of a government got something wrong.
GDPR doesn't require huge obnoxious banners.
ePrivacy doesn't require huge obnoxious banners.
Industry: let's create huge obnoxious banners with all sorts of dark patterns to trick people into "consent" through innocent inconspicuous tool vendors like Interactive Advertising Bureau, and blame GDPR for requiring them.
Poor, poor sweet innocent companies. It's GDPR making them collect and keep your precise geolocation for 12 years across thousands of partners who care about your privacy: https://x.com/dmitriid/status/1817122117093056541
Sorry, cookie banners are a direct result of EU legislation, it really is that simple.
While your "evil data broker malicious compliance conspiracy" narrative is a popular one, especially on this website, that doesn't make it true and you've offered zero facts to support it either.
I've dealt directly with multiple companies in regards to this legislation, and know exactly why we made the decisions we did based on the legal advice given in each instance.
But I will not argue further. You want this conspiracy narrative to be true as it plugs into the tapestry of religious narratives that form your identity. Any facts or logic I can offer against this are no match.
However, could you not agree that moving forward, a centralized browser-based setting is the better solution for all parties involved?
> Sorry, cookie banners are a direct result of EU legislation, it really is that simple.
Please write to me the relevant part of the legislation that require a full screen cookie banner that requires you to manually click "no" on each of the 1000+ "partners".
> you've offered zero facts to support it either.
Ah yes, and you've provided a lot of support to your "cookie banners as we see them implemented by literal ad business industry groups are the result of the legislation"
> and know exactly why we made the decisions we did based on the legal advice given in each instance.
Oh, I do, too. The legal council is "since you insist on using fifteen different marketing tools each relying on tracking, we have to include these banners developed by the advertising and tracking industry to cover our assess".
> You want this conspiracy narrative
Once again: it's not a conspiracy theory. It's literally done in the open.
> could you not agree that moving forward, a centralized browser-based setting is the better solution for all parties involved?
GDPR has been around for 9 years now.
Somehow, world's largest advertising and user tracking company that incidentally makes the world's most popular browser came up with exactly zero proposals to do that.
In the same time they have come up with at least three to keep tricking people into tracking. The latest one was literally "how to build a more private web? by turning on tracking" https://x.com/dmitriid/status/1664682689591377923 ("no thanks" in those screenshots turns off data sharing and tracking)
But yes do tell me how this blatant open flaunting of user privacy is "conspiracy thinking".
Edit: also please tell me whether "we're creating a user profile on you, collect device identifiers and precise geolocation information, and storing that data for 12 years" is conspiracy thinking and the direct result of GDPR?
You can, and I have, and it clearly requires almost any modern website to have a cookie banner. Which shouldn't be too surprising, when you go to gdpr.eu and see the cookie banner at the bottom. It's possible in principle to jump through the crazy hoops required to avoid it, but the only sites I've ever seen do so are national Data Protection Authorities.
Only if you define "almost any modern website" as one that does precisely what the GDPR set out to deal with. If tracking wasn't as widespread we wouldn't have needed the regulation in the first place.
I see no cookie banners on this site.
Ok, but others do.
On HN?
no, sorry, misunderstood you
Because American websites often don't bother with preemptive GDPR compliance, and DPAs consider first-party cookies of small websites to be a pretty low enforcement priority. My browser shows four persistent cookies, one for news.ycombinator.com and three for .ycombinator.com, that definitely require GDPR consent. In particular note that merely keeping you logged in across browser sessions requires a cookie banner, because that persistence is not strictly essential to the site's functionality; the official GDPR explainer (https://gdpr.eu/cookies/) calls this a "preferences cookie".
> it clearly requires almost any modern website to have a cookie banner.
It doesn't
> when you go to gdpr.eu and see the cookie banner at the bottom.
Imagine if you also read why they have it
They publicly go to privacy church every Sunday, but meanwhile they are worshipping the surveillance state cult in the back rooms.
Can you hear that Mr.Anderson? That is the sound of inevitability..
sniff encrypted chats, hahaha. Some law makers are completely clueless. I like Louis Rossmann. He looks like he’s been up stressed for weeks, yet his arguments are pretty level headed.
What if we make chats obfuscated instead of encrypted? So send a lot more data per sentence/word. It would need some sort of key on both sides to make sense of the data but it would be hard to use it without it. Or would that fall under the definition encryption?
Security by obscurity is generally known to be ineffective; it's not an obstacle for even sightly dedicated thread-actors.