EU Chat Control and the UK Online Safety Bill are perilously close to passing. Come on, folks! Act!

[oswaldkelso]

^ No I don't. Though I did do a quick search but the only result anywhere near "Surveillance socialism" on the first page was referring to Lenin in 1917... I don't think they used computers back then or if they did they certainly kept them well hidden. Get with the program and at lest do a little search.

https://en.wikipedia.org/wiki/Surveillance_capitalism

[fch]

right, if it's on wikipedia it must be true.

[oswaldkelso]

https://assets.publishing.service.gov.u ... marked.pdf

[oswaldkelso]

Signal threatens to quit the UK
https://www.theguardian.com/technology/ ... encryption

Signal looking to boost it's user base. Free-software so if signal quits the UK I guess a lot of folks will be installing from other countries. I use a fork called Molly. I can see a lot of forking going on.

[canci]

Frankly, I never got into Signal. They refuse to allow builds outside of Google Play Store, meaning I can't install it from F-Droid. They also nudge you into revealing your phone number and you have to resort to tricks not to do it. The infrastructure is centralised. By that logic, I can just keep using Telegram.

[oswaldkelso]

It's Free-software. Where they put their binaries is up to them. So long as we get access to the source we're golden

Android & iOS: GPL-3.0-only. Desktop &Server: AGPL-3.0-only

https://github.com/signalapp/Signal-Android

I use this https://molly.im/

Only the Telegram client is Free-software the server is slaveware.

[canci]

The suggestion about Telegram was cynical. Of course, Telegram is just as bad.

For me personally, it's more than just access to the source. Nudging people into using Google Play and pretending that all other builds are unofficial, and making you go through hoops if you don't want to use a phone number, is not ethical in my book.

And your suggestion Molly says on their website

Molly, like Signal, uses Google’s proprietary code to support some features.

I'd prefer more people to use XMPP or something. But sadly the momentum on XMPP is dead.

[oswaldkelso]

My bad. There are two versions of molly. molly and molly-foss. I'm obviously using molly-foss

Molly-FOSS is 100% free and open-source with zero property blobs

re xmpp. I believe there has been a slight revival by some community resources are struggling with the bloat of hosting things like matrix I run it on my freedombox.

[canci]

Thanks, I'll look into Molly-FOSS.

I quite liked the idea of Movim ( https://mov.im/ ) which is a social network where you can just log in with your XMPP account. But sadly not many users there and a lot of them only posting in French, which I sadly don't speak.

[fabien]

From EDRi (a network of NGOs defending rights and freedoms online):
Member States want internet service providers to do the impossible in the fight against child sexual abuse

The main problem with the Commission proposal is the practical implementation: blocking orders at the URL level is technically impossible when HTTPS is used for accessing a website because the full URL is end-to-end encrypted between the user’s browser and the web server.
[...]
Besides blocking known CSA material [...] ISPs should also block unknown CSA material. This would effectively require ISPs to monitor the content of internet traffic for all users and rely on error-prone artificial intelligence technology to detect unknown CSA material
[...]
This type of general monitoring of internet traffic is prohibited by EU law [...] On a more practical level, the traffic analysis necessary to implement blocking of unknown CSA material is technically impossible when internet traffic is encrypted.

From EDPB-EDPS Joint Opinion 04/2022:
p.27-29

European data protection authorities have consistently advocated for the widespread availability of strong encryption tools and against any type of backdoors. This is because encryption is important to ensure the enjoyment of all human rights offline and online.
[...]
In the context of interpersonal communications, end-to-end encryption (‘E2EE’) is a crucial tool for ensuring the confidentiality of electronic communications [...] Preventing or discouraging in any way the use of E2EE [...] would entail the risk that providers offer less encrypted services in order to better comply with the obligations, thus weakening the role of encryption in general and undermining the respect for the fundamental rights of European citizens.
[...]
The deployment of tools for the interception and analysis of interpersonal electronic communications is fundamentally at odds with E2EE, as the latter aims to technically guarantee that a communication remains confidential between the sender of the receiver.
[...]
Therefore, even though the Proposal does not establish a systematic interception obligation for providers, the mere possibility that a detection order might be issued is likely to weigh heavily on the technical choices made by providers [...] In practice, this might lead certain providers to stop using E2EE.
[...]
To ensure that the proposed Regulation does not undermine the security or confidentiality of electronic communications of European citizens, the EDPB and EDPS consider that the enacting terms of the Proposal should clearly state that nothing in the proposed Regulation should be interpreted as prohibiting or weakening encryption

p.36

While the EDPB and EDPS welcome the Commission’s efforts to ensure effective action against child sexual abuse online, they consider that the Proposal raises serious data protection and privacy concerns. Therefore, the EDPB and EDPS would invite the co-legislators to amend the proposed Regulation, in particular to ensure that the envisaged detection obligations meet the applicable necessity and proportionality standards and do not result in the weakening or degrading of encryption on a general level.

[fabien]

WhatsApp would not remove end-to-end encryption for UK law and would not comply with the requirements set out in online safety bill - 9/03/2023

The UK government already has the power to demand the removal of encryption thanks to the 2016 investigatory powers act, but WhatsApp has never received a legal demand to do so [...] The online safety bill is a concerning expansion of that power
[...]
Under the bill, the government or Ofcom could require WhatsApp to apply content moderation policies that would be impossible to comply with without removing end-to-end encryption. If the company refused to do, it could face fines of up to 4% of its parent company Meta’s annual turnover – unless it pulled out of the UK market entirely.

Similar legislation in other jurisdictions, such as the EU’s digital markets act, explicitly defends end-to-end encryption for messaging services
[...]
The online safety bill is expected to return to parliament this summer. If passed, it will give Ofcom significant new powers as the internet regulator, and enable it to require effective content moderation under the penalty of large fines.

Signal app warns it will quit UK if law weakens end-to-end encryption - 24/02/2023

The bill has been criticised by privacy campaigners for a provision allowing Ofcom, the communications watchdog, to order a platform to use certain technologies to identify and take down child sexual exploitation and abuse material.
[...]
Privacy advocates warn the bill could force encrypted messaging services such as Signal, WhatsApp and Apple’s iMessage to monitor users’ messages and create vulnerabilities in their platforms that could be exploited by rogue actors and governments.

Whittaker [Meredith Whittaker, head of Signal] told the BBC it was “magical thinking” to believe there can be privacy “but only for the good guys”, adding that the bill was an example of this thinking. She said: “Encryption is either protecting everyone or it is broken for everyone.”
[...]
Whittaker also criticised a system called client-side scanning, where images are scanned before being encrypted.
[...]
Whittaker said such a system would turn everyone’s phone into a “mass surveillance device that phones home to tech corporations and governments and private entities”. She added that technological “back doors” into encrypted services could be hijacked by “malignant state actors” and “create a way for criminals to access these systems”.