"What do you mean you and your friend chat over Signal when there are dozens of other chat apps? Sounds like you two have something to hide, if you ask me." [0]
Whenever I hear someone telling me they have nothing to hide, I ask them to unlock their phone and hand it to me. The joke still goes over people heads sometimes.
That's a bad argument - people trust the government differently than each-other. They also (should) mistrust the government differently. Voting is secret for a reason. How much of a chance do you think we have of meaningfully changing a government, if they can guess with 80% degree accuracy how everyone voted, based on their chats and social networks? When they know ahead of time who is assembling a new political party? When they know all of their friend's friends dirty secrets, and will tactically leak them to the press? Or simply prosecute them for spreading hate/antisemitism/homosexual propaganda/some other vague crime?
Knowledge is power. Does it feel like the balance of power is currently tilted too far in favor of individuals?
> How much of a chance do you think we have of meaningfully changing a government, if they can guess with 80% degree accuracy how everyone voted, based on their chats and social networks
This doesnt really detract from your overall point, but you may be underestimating how easy it already is for the government to tell how you will vote, without use of networking information. Just knowing someone’s educational level and zip code is enough to guess their voting preferences to a high degree of accuracy (the latter component being the reason why gerrymandering is so effective).
I think it's better to move past the individual question entirely. I tell them to imagine whatever political power they fear the most and ask themselves how it would likely behave if it knew nobody could coordinate against it in secret.
I have rather little to hide myself but I want desperately for you to be able to hide something. Otherwise we're together a worse deterrent against authorities behaving badly as we would otherwise be.
> I ask them to unlock their phone and hand it to me
Let’s say they do that. What would you do next? Go over their photos? Private messages with their so? And then what? Laugh at something that you found there? Would you feel then that you proved some point? I just don’t understand how this scenario would play out in real life
These things should first be tested for 5 years on every politician and every civil servant, including their families, including their children.
Security researches should be given the freedom to hack that system as much as they can, in order to find security problems, no prosecution guaranteed.
Every access to data should be logged on a public blockchain with pseudonymization of who accessed whose data.
After those 5 years, reports and statistical analysis about the usefulness should be published: how many crimes were prevented, who went to jail for what, who had to go to court for what, with references to the logged data in the blockchain.
Then the public gets to vote on if they want this or not.
Total surveillance, which we are talking about here, is extremely damaging to the subject, eventually all their dirty secrets will be out, legal and illegal.
I also argue that allowing the state to monitor its citizens fundamentally changes it closer a state I don’t want to exist. Nothing good can come out a surveillance state, no matter how small.
The issue I have with this proposal is that politicians won't change their behavior. The optimum politician is an absolute pragmatist without any moral values. That is what you need to be to succeed in a federalistic democracy.
Regarding Chat Control: Do we know who is lobbying for it so much? Maybe journalists should focus on finding dirt on the lobbying organizations, so that everyone knows about them.
Oh we know who's behind it: a Hollywood celebrity-run charity that shadily hired multiple high-ranking Europol politicians.
Their whole deal is to convince legislators that scanning every image on your device for CSAM is absolutely necessary (https://www.thorn.org/) and then selling a tool to do that to companies (https://safer.io/).
If it's legally required, what else are you gonna do but go to them for a "solution"?
The problem is that _we don't want every crime to be caught or solved_.
The worst thing that could happen to freedom is that the system would actually work as advertised. Because then resistance would be impossible.
If a government is so powerful they can stop even just 99% of crimes, they are so powerful that people can't rise up against it. At that point it's only a matter of time until authoritarians get elected and get rid of elections. The probability is not 0 which means it'll happen eventually with a probability of 1.
We need to be able to resist. Look at how many democracies were created by violent revolutions. How many bad people had to be killed before they stopped trying for a while. How many bad people had to be threatened with being killed before they gave up power "voluntarily".
You think the Velvet revolution was peaceful? Imagine you're an asshole who oppressed 10M people for years until they got fed up and 1M of them are now in the square right in front of your eyes, angry and shouting. What do you think is gonna happen if the implied violence materializes? How many cops do you need to stop 1M people and how many of those cops are actually gonna turn their weapons against you too? The real power is always held by men with guns (and these days with drones).
Or look at Syria. You think the cunt in charge fled out of goodwill to stop the bloodshed? No, he fled because he didn't wanna end up bleeding out on the pavement and then be hung up at a gas station as a temporary flag of freedom.
We need to be able to resist and that includes being able to talk about violence, even promote it when the violence is just (not legally but morally). We need to be able to make people angry, to promote hate against injustice. And we need to be able to organize without the government knowing until it's too late for them. And yes, those abilities will be used by bad people too but that's the price we need to pay.
Drop the “chat” and just call it “control”. The current proposal is so vague it would cover anything with online sharing/syncing people can sign up for. Any SaaS, any app, any service. Chat, email, file syncing, todo lists, doesn’t matter.
I am pretty sure now that this ChatControl thing is the result of the EU being unable to setup an US type NSA/echelon type stealth mass surveillance system.
They might have gone so far to have paid for an implementation but it didn't work (like the EU search engine, cloud or whatever) because they are really incompetent.
So now the solution is to do it in the open, just write a dystopian law and force it through the fake parliament. Our only hope now is the practical implementation of ChatControl will also be in practice ineffective.
We are not really living in 1984 or Brave New World, in the EU we are in the 1985 movie Brazil.
And what people in western, democratic world think about it? That this is just fine? I live in autocratic, almost dictatorship regime country and for the past 100 years we've just gotten used to the idea that we don't have any rules here. But I thought in EU and US things are different. All these news stories about Control, UK surveillance, age verification, all this stuff with no significant reaction baffle me.
> And what people in western, democratic world think about it?
People are usually asked to 'think about the children'. Pedophiles, drugs, suicides, self-harm, cyberbullying; and whatever other horror stories the media has at hand. This maneuver is usually sufficient to neutralize the opposition.
I live in the United States and it baffles me just as much, trust me. Fine, maybe I didn't have the biggest expectations for the general public, but I really expected the Internet to react much more viscerally to what is happening. In the past, the Internet was much more defensive about Internet policing that was significantly less dystopian. Now, it feels like no matter how rapidly things decline, it's just another Tuesday; most people are unwilling to make any sort of sacrifice or risk for any cause, and nobody (including me, I guess) is really sure what to do anyways.
It really wasn't that long ago that we were all talking about SOPA.
Additionally, keep in mind that controversial laws or proposals, at least in France, are often announced or passed during summer vacation when people are away, limiting scrutiny and attention.
This is, ironically, one of the reasons we need a more decentralized public square.
Large gatekeepers get flack from politicians if they allow "the wrong people" to organize. First they claim there is a huge problem with terrorists/nazis/pedos/etc., maybe even find a couple of real instances of those things, and use that to demand that the gatekeepers Do Something, i.e. set up a censorship apparatus.
But the modern ones are subtle. You don't try to read something and get refused, it just goes to the bottom of the feed where you won't see it. Take advantage of the human failing that busybodies will take petty satisfaction in causing harm to strangers they've been told are their enemies. Let them issue false reports against anyone pointing out the emperor has no clothes. Have the algorithm take those reports seriously, with useless or non-existent customer service that can do nothing about adversarial report brigading. Make it known that this is what happens to people who don't toe the party line so people self-censor and people who don't get shadow banned.
It's an assault on the ability of the public to defend itself from bad ideas.
> But I thought in EU and US things are different.
Different indeed.
Privacy is enforced through compliance and civil court actions. In 2018, one of the largest actual data breaches at the time (~300 million customer records) netted about $0.25 per record in penalties, after several years of lawyering. ($52 million (US)/$23 million (UK)).
The EU makes more money fining companies for policy violations:
A €1.2 billion ($1.3 billion) fine was imposed by the Irish Data Protection Commission (DPC) for transferring Facebook users' personal data from the EU to the US in violation of GDPR.
In my country that has managed to free itself from communism just 35 years ago everyone I know opposes it.
Politicians from countries like Germany have tried to make EU decide things like this on the "majority principle" for ages (because they know they can bully smaller countries into submission), but we still have the consensus principle.
Every country has to agree. So it takes only one country to put a stop to it.
The problem with the consensus principle is that it will always be profitable for the Putins and Xis of this world to pay off an Orban or Fico to block EU decisions they dont like.
Which is why I am for majority principle, even though I am from a small country that would lose out on power. Countries still can leave using article 50 if it is not palatable for them.
Given the state and amount of lobbying, I'd rather have some good stuff blocked due to lack of consensus, than more of this anti-democratic nonsense approved because Thorn and the EPP are buddies.
I think that the dictate of majority is one of the worst things about "democracies". As for buying politicians for a purpose - the whole of the EU looks like US lapdog.
> In my country that has managed to free itself from communism just 35 years ago everyone I know opposes it.
That tends to confirm my feeling that people in countries that have not suffered from tyrannical government for a long time have forgotten the value of privacy and freedom of speech because they have not seen the consequences in living memory. This is coming when the last of the people who remember the pre WW2 era are dying. Dictatorship is no longer part of living memory.
There has definitely need a cultural change in the UK in the last few decades. People have far more trust in the system (government and big business) or have learned helplessness (in a recent discussion about privacy people told me I was naive to think I could stop my private data being collected anyway so should not bother trying). This was in the context about what people say about their kids (specifically education, mental health, family problems) on Facebook.
> Every country has to agree. So it takes only one country to put a stop to it.
A lot of pressure can be brought on bear on any one country by the rest though.
The government of a country may not have the same view as the people. When the UK was in the EU the government pushed EU surveillance regulation, IMO so they could then then say it was not their fault it was introduced, they had to follow the EU directive (many years ago when there was strong public opposition to more surveillance).
That tends to confirm my feeling that people in countries that have not suffered from tyrannical government for a long time have forgotten the value of privacy and freedom of speech
I think it is more complex than that, see Hungary and Poland (though Poland is a bit on the rebound).
I tried I2P not so long ago and was quite impressed by the design decisions and the quality of the technology. It's truly an amazing piece of software that covers basically everything you need for a distributed network.
The only thing missing is actually the community and usage, because the technology has a network effect, and more users with stable routers provide faster and a more reliable network. So it's indeed slow at the moment. I highly recommend giving it a chance and playing a bit with it. Even for non-anonymity and security cases, it's fun to play with hole punching, global addressing by public keys, and stuff like that, which you can see in things like Iroh and libp2p.
It provides a simple universal SAM interface and libraries to work with it to plug other apps.
I2P doesn't have exit nodes like Tor, so it's essentially the same thing as running a Tor relay from an outside perspective, with a few positive differences.
I2P is mainly an overlay network that routes traffic only inside the network. The upside is that providers won't ban your IP for participation if you run a node. I know that with Tor, many datacenters/CDNs don't care whether it's a relay or exit node and will blanket ban all known IPs of the network. You also won't attack someone on the clearnet or somehow participate as a scapegoat in clearnet crimes.
I've never heard about any consequences for running non-exit relays in Tor, though if you're in a country that strictly punishes usage of any anonymous technology, that might be risky anyway.
I2P has several commercial "outproxies" that proxy traffic to the usual internet, but that's not the intended usage and it's not enabled on typical users' routers.
UPD: Anyway, if you feel uncomfortable sharing others' traffic and want to only use it as a client, you can disable transit traffic completely in both Java and C++ implementations.
If this has the effect its proponents claim it will, it seems like substantially the larger outcome of this will be that government agents will be reviewing people's sexts. They say that false positives are rare, but how often is it okay for the government to be reviewing peoples' sexts? I found it a little hard to get concrete info on how exactly their image hashes work, but it sounds quite literally that if you've got a couple of young people (whether teens or twentysomethings) who are sexting, and their sexts look a bit like some piece of "known CSAM" if you squint, then a government agent will review it and possibly harass them.
Seems like eventually the law will get some poor girl killed when the authorities contact her parents about "CSAM," discover that it was the girl herself who took the picture and sent it to her boyfriend, her dad finds out she was having sex and does an honor killing.
But we're just supposed to trust that these image hashes have a small false positive rate, when there's no way to have transparent review without making it easy for adversaries to avoid the scan.
Even if they have a small false positive rate, the absolute figures will be staggering. 500 million people and all texts are being scanned, with more than 99% not being CSAM.. you do the maths..
Is it possible to make an encrypted messenger app without a central authority? Like BitTorrent magnet links. We all share the messages to support the network bandwidth, but can only see the messages which pertain to us? From my really novice understanding of cryptography, this should be possible. And it seems like the only privacy focused solution for the future.
Once upon a time, prior to Microsoft or eBay purchasing it, this is what Skype was. It required a set of central instances to be supernodes to facilitate discovery, then each client communicated with others directly. And IIRC any client up long enough and with sufficient compute and bandwidth, could become a supernode.
Skype and iChat both did direct client-to-client communication. Skype was bought by MS, and Apple got sued by a CIA front company over iChat. The result was the same both ways: all comms started getting routed through a central server that could log metadata.
Historically, source IP was a lot more readily available. Every IRC user's source IP was visible, every UNIX login session's source IP was visible, and lots of people hosted their own websites which meant they saw your IP address there too. The implications of it used to be more like having an email address from a specific university. Skype happened relatively early in the world of online privacy.
I don't understand why obsolete technologies by MS are often upvoted on HN and become the first replies, while the corresponding working, decentralized technologies go to the bottom. Matrix exists and has a preliminary P2P version [0,1]. Other messengers were also mentioned in the comments here. Another example of such tendency is here: [2].
https://chatiwi.com/ seems to be the only real e2e encrypted chat without installling an app (can check the network and source code as it’s just JavaScript)
Yes,it is possible to create a p2p encrypted messenger without any central node. It is even possible to have a relatively good UX in it.
What's nearly impossible is to make it easy and popular among "normal users". Onboarding would be pretty involved. Adding your friends to the contact list would require jumping through a number of hoops. Having several sessions open (phone and laptop, typically) would not be trivially easy, and synchronizing between them would not be very easy, or automatic. Also, forget about push notifications.
It might be far easier to run an instance of Matrix, or whatever Jabber server, etc, on a private host, with full disk encryption, and only accessible via Wireaguard. It's not hard to set up fully automatically from an app; see how Amnezia Proxy does that.
It, of course, will have a special node (the server), but it's definitely not a public service, and it cannot be encountered by accident. It of course would be limited only to people you would invite. Should be enough for family, friends, a small project community, and other such limited circles. It would not require much tech savvy to set up.
But a grand social media kind of network, like FB or Twitter, can't be run this way, because the UX friction would inevitably be too high for a lay person to care.
Why would it be illegal, if I'm not offering it publicly? Is running a VPN between my family computers illegal? Is ssh-ing onto a host and using the talk command illegal?
I suppose only public services, advertised for new users, are the target of the "chat control" directive. You can't join pseudonymously. But joining my VPN-based chat server would require being my acquaintance; should I ask an ID from a person I met at a pub? If so, should I ask their ID before I engage in a small talk with them in the pub?
The world has more than one country in it. People in free countries have the right and duty to create technologies to the benefit of people in authoritarian countries.
There are different solutions with different levels of decentralization. Briar is peer-to-peer. Matrix has servers but in a federated model, so there is no central authority but in some sense each server is an "authority" for users on that server.
Well, conversely, if you figure you have already lost anyway, why not try the technical solutions?
We've tried the political solutions for so long, but this thing just keeps coming back. We have to put our lives and day jobs on hold to push back against this, while the authoritarian camp's agenda is carried by people for whom advancing it is their day job. Therefore it costs them nothing to try over and over again, and they only need to succeed once.
I mean, we enjoy workers rights only after decades of violent protests and many deaths, and yet they are still constantly threatened, because its is a nature of power and politics.
But pro-privacy people consider writing a petition a peak of political struggle, and when it fails it is over for them.
> If you try combat political issues mainly through technological solutions, you have already lost.
This is what people say when they're afraid that technological solutions would actually work.
Technologies have a network effect. If the rest of the world is using a technology which is resistant to censorship or surveillance, any given country will have a harder time banning it, and those technologies defend against governments that violate privacy rights in secret even when the law prohibits them from doing it.
Build privacy into every internet standard and protocol. Make it seven layers deep with no single point of compromise. Make attempts to break it an exercise in futility because it's built so thick into so many things that stripping even a piece of it back out would break the whole world and still not compromise the security of the system.
Is it really? I can think of approximately one political battle the tech crowd won (the Crypto Wars), to dozens of lost ones. Meanwhile, the battles where a strong technical solution was fielded are looking fairly good even when the political side was surrendered with nary a fight - I can still easily torrent most books and software, download scientific papers, emulate modern consoles and securely exchange data with people in any country less locked down than North Korea.
The cliché about how you should not approach political problems with technical solutions is recited all the time in these threads, but nobody ever presents evidence for this claim. It seems like a meme that is disproportionately useful for those who are confident in their abilities to win any political contest.
> I can still easily torrent most books and software, download scientific papers, emulate modern consoles and securely exchange data with people in any country less locked down than North Korea
You can also go to jail for any of the above, should your particular government authority decide to throw the book at you.
Technical capability is necessary, but rarely sufficient.
Although the chance of getting a large fraction of the population to use a decentralised censorship resistant messenger is low, it's still higher than the chance of somehow stopping the Eureaucracy from continuously pushing authoritarian policies.
You have a spectrum of options going from centralised (Signal, WhatsApp, …) to federated (XMPP, Matrix) to P2P.
In my opinion, federated is the sweet spot: you do have to trust the server with your account management, but that server can easily be yours, or one you ethically align with, and through it, you will be able to talk with anyone on the network.
P2P sounds great on the surface but in a mobile-first messenging world, that comes with practical tradeoffs in bandwidth and battery consumption, unless you offload discovery and push to trusted servers, at which point you are back to federation with more steps.
The problem I see with decentralized protocols is that node owners can easily be spotted, and then crushed under legal constraints that will make them more insecure than a strong multinational who's there just for profit and can balance legal fight for a relative privacy with it's own interest in protecting its customers.
Don't you think that it makes them obvious high-value targets? I mean, that's not even like this profusely pragmatic take has no precedent in the real world: the Snowden revelations showed that all major tech companies were in bed with the NSA to spy extrajudicially on everyone. It's a leap of optimism to think they would "fight legally for its own interest in protecting its customers".
Then, compare that to the low-scale/low-value/hobbyist/residential service providers. How high do you think the chances are for a malicious state-actor to "corrupt" many service operators without it widely being known and publicly dealt with? There's also a deniability dimension to this: XMPP uses OMEMO as a zero-knowledge encryption scheme: whatever the users are doing is none of the operator's business, and the choice of encryption scheme and implementation is purely a client-side affair, so now you are no longer dealing with "reluctant" operators, but potentially millions of end-users using strong encryption. And that is assuming the server is operating in the open, but nothing prevents service operators from offering it over tor (with very little impact on the end-user-side), further raising the bar for the malicious state actor.
Maybe https://delta.chat/en/ : completely decentralized as based on email infrastructure, e2e encryption, easy registration without providing personal data.
You can send encrypted email. That's how email already works.
You can also send encrypted messages over any other medium. You don't need the messenger app to encrypt your messages for you.
One of the common arguments that PGP is bad is that it's "inevitable" that someone will send a message in cleartext, defeating the whole purpose of encrypting your messages. I don't understand this. The fact that this is possible to do is obviously an artifact of the idea that the user should be unable to tell whether the messages they send and receive are encrypted or not. Do the encryption and decryption yourself, and this is not a mistake it's possible to make. Don't confuse the encryption, which is something you do, with the delivery, which is something the channel does. The point of encryption is that the channel can't be trusted!
You can encrypt the email content with PGP or Age, sure. However, metadata such as the Subject line, sender and receiver are in plaintext. Lavabit fixed this, but requires money. You can use i2p tools to fix this too.
If you can agree with your communication target on a common DNS server under your or their control that doesn’t respect authoritative DNS servers, and both of you can securely connect to said server, then you already have a continued, trusted communication mechanism that you may as well use for your communication. You’re just arguing a pretty pointless technicality.
> If you can agree with your communication target on a common DNS server under your or their control that doesn’t respect authoritative DNS servers, and both of you can securely connect to said server, then you already have a continued, trusted communication mechanism that you may as well use for your communication.
Why? It can easily be the case that that traffic is observable by outside parties. You'd still need to encrypt your communication.
Connecting to the DNS server "securely" doesn't really get you anything except some DOS resistance.
If I know Marisa's public key and Marisa knows Omar's public key, she can sign a message to me saying, "Omar's public key hash is c2ecc3b9b9eb94dcafe228f8d23b1e798597d526358177c95effa6bc0ded3a35". I can then use that key hash to authenticate messages from "Marisa's Omar". If she gives Omar mine too, he and I can set up a private channel without further involving Marisa.
Hopefully we aren't just talking to Marisa's MitM proxy. If other mutuals also know him as "Omar" then I can ask them for his key too, and if I get the same response, I can have more confidence that Marisa isn't playing that trick on us.
Never total confidence, though. You need some way to bootstrap a non-MitMed connection; no evidence can ever prove conclusively that you aren't a Boltzmann brain floating in the post-heat-death void, or Descartes being tricked by his evil demon that controls all his perceptions, or Neo in the Matrix.
But meeting up with one of your friends in person once to exchange either public keys or a shared secret, even before you start using the system, can go a long way to ensuring that you are all actually enjoying privacy.
actually though? storing a very small but important info (public keys, domain ownership and such) would have been a perfect use case, which also keeps the chain small...
The new version of Bitchat (from Jack Dorsey) is interesting: it's a chat over BLE mesh, but says that it'll continue the chat on the nostr infrastructure if two (in principle anonymous) participants fave each other in the app. Haven't had able to try this out yet.
No chance in hell my country agrees to it (despite the darling of EU being the current prime minister). It is still a minority government and both the president and the people oppose it.
It will die this time and they will try to bring it back in 2 years time.
One thing I do not understand is why people in Denmark allow this to happen. Where are the large scale protests against the party that brought this zombie back to life?
EU logic: Want to centrally track users with personally identifiably information? Great! Want to store anonymized data with local cookies, that the user can delete, disable, or doctor at any time? That should be heavily restricted with constant intrusive warnings.
Local governments all over the EU tried to push internet surveillance for a long time. Today, apparently the political landscale is ripe for their success.
Considering the endurance and BS justifications they brought up for so long tells me, there is a is a coordinated effort behind the scenes going on for decades now.
Dissmissing it with incompetence, like "EU logic" is naive, imo.
I have the same opinion, but I can't think of who or what would be pushing for that?
Unless it's just the US and NSA again actually somehow having trouble with bypassing encryption? Like just push the EU to do some more spying that the US/NSA can then use to see more? I find this somewhat hard to believe since in my mind the NSA is on every US server and can probably just get unencrypted everything from spyware (the OS itself) on all end-points.
Maybe governments/humans simply eventually naturally pivot to power grabbing and this was going to happen all along everywhere?
It's also not an EU-only thing. It's been happening all over the west, partners of the US and even outside of the west: UK, Australia, Colombia, Mexico, the Koreas, China, Russia, etc.
Our own governments are pushing for it, simple as that. I live in Spain, and both left and right parties, and to a lesser degree their voters, are increasingly leaning authoritarian and tacitly agree to extend surveillance; the police and specially the gendarmerie lobby for it as well.
So our parties are drooling at the idea of extending surveillance by EU directive so they can point fingers at the EU instead of risking losing votes.
It's no surprise to me, then, that in the document leaked to Wired in 2023[1], our country's position was the most extreme:
> In our view, it would be desirable to legislatively prevent EU-based service providers from
implementing end-to-end encryption.
There may have been external lobbying, but it wasn't necessary.
> coordinated effort behind the scenes going on for decades
It's an open conspiracy among the global ruling class, including people and organizations collaborating at places like the World Economic Forum and Bilderberg meetings. *Adjusts tin-foil hat.*
The interests of the rich and powerful are aligned to coordinate an international effort for more surveillance of the public, control of information flow and communication. It's part of the rising tide of authoritarianism and frankly fascism.
I could call the recent right-shift in the west a coordinated effort too and in many cases, this would be a decent explanation, catching private media outlets, biased and centralizes social media, spineless populistic politicians and the donor class behind them but ...
Some cases are much more benign. Like the police, only seeing their need for more privacy invasions to achive their goals, meeting a tumbling elected politician with the need to pose as tough on crime. Both sides ignore anything beyong their horizon. Here, you have good old incompetence, esp on the politicians side. Pair that again with the populus feeling the need, that something drastical has to be done and you would have an alternative explanation.
As sad as it sounds, but a fascistic government, comming out of a democracy is not a failure of democracy. Many people dont care about big topics, correlations and history repeating itself. They are willing to sacrifice rights, piece by piece, others have fought died for. Besides a lack of governmental transparency, this ignorance, small and large scale, and its todays normalization are the problems i see here.
I cant help it, but i realized first hand (as i assume, many others did too) that this ignorance is often more than just a small mistakem done by individuals. Today, i see it as a cognitive deficiency.
Take one extreme for example, flat earthers. There are many simple physical experiments or celestial observations one could do, to conclude, that the earth is a sphere, but not for them. Confronting FEs with contradictions will only lead to reactance (ad hoc rejection), no matter how polite or enduring you are or striking your arguments are. I know this first hand. If you are lucky, you might encounter and open state of mind that struggles with the cognitive dissonance, you have induced, but only for a short time. Having lasting effects on some strongly biased mind resembles something like a long term therapy: an open mind / willingness for therapy and regular confrontig sessions. If all those self proclaimed critical thinkers were able, to not only change their minds on a whim but would actively seek contradictions in their believes on their own, the world would be a much better place. Can you tell me any historical atrocity commited by societies, where some believe about a superior truth or some absolute good/evil was not at the very core of it? I cant.
The same biased reasoning about a superior truth can be found in modern politics today. In essence, its people rallying around some vague group identity or against some other group (in/out group characteristics) and irrationally attack/discard $symbol criticism as if its fight-or-flight time because the apes survival dependeds of the tribe. MAGA accolytes could realize them selfs, that 1st gen. mexican migrants have a significant lower crime rate and thus crime emerges from within the US, but they dont. It doesnt cross their mind 0, that someone willing to migrate is also willing to work for a stable future. Instead, they rally arround "mass deportation" and will post hoc rationalize any atrocity of their supreme leader.
After Nazi-germany lost the war, the tribe was shattered and it was tabu to speak about or do $symbol in public. For a brief moment in time, it looked like the populus could actually learn, that history is not a loop but even though most AFD accolytes agree on the evil atrocities of that time, they still fall for the nostalgic unity strength and role model of it, they would like to see "tribe great again" and absolute evil being dealt with and ignore anything beyong, including your well-meaning, factual arguments. So why even try?
I cant help it, but i think changing the message to a primarily emotional one might be a better strategy. I am not saying we should ignore factual arguments but since disgust towards out groups can be such a strong source of bias, why not use it against them and make xenophobia disgusting again, like its 1945.
I like Gavin Newsoms recent trolling and hope he doesnt degrade into simple insults only. He does, what is neede, wresling with a pig and i think we all should convey the same derogatory message, while the communication channels are still unfiltered. The other side does not want to have a truley open discourse, they want us to be silent.
I know, this can be seen as inflammatory and counter productive but i think the polite approach is even more futile.
a fascistic government, coming out of a democracy is not a failure of democracy. Many people don't care about big topics, correlations and history repeating itself.
i disagree. people not caring about important topics is a failure of democracy. one issue is the reason why they don't care. in many cases it is the feeling of being unable to influence change. and that most certainly is a failure of the system.
my conclusion though is that it isn't a failure of democracy itself, but rather that it makes the system less democratic.
The EU lets you store whatever you want in cookies as long as they are truly anonymous (do not contain unique identifiers.) What you call "anonymized data" is literally the opposite.
EU logic is only government should be able to track personal information
US logic is only billion dollar companies should track personal information
Personally I prefer the former as governments will spend my tax money on getting the data from the billion dollar companies anyway, and those companies will exponentially monetise it because they are required to
DSA was pushed by the very controversial Thierry Breton, former CEO of Atos, then European commissioner for the internal market, now on the advisory council of Bank of America.
Atos btw is the company that leads in receiving money to construct Europe's virtual security infrastructure.
But the proposal was ultimately supported by a substantial majority in parliament, led by the christians, socialists. liberals and greens.
> DSA was pushed by the very controversial Thierry Breton, former CEO of Atos
It's a clown show, that "French Big Tech company" Atos stock price went from 10000 to 40 euros in 25 years [0] and is now being sold into pieces because it has 5B debt [1] and is hopeless .
I heard him talk once on youtube he is a total moron.
> Atos btw is the company that leads in receiving money to construct Europe's virtual security infrastructure.
Great if those type of people are in charge there is nothing to worry about. The only downside is the Internet might get slower in Europe.
At the end EU citizen might just be told to put the EU in CC of every messages you send, invited to every chat group, and tagged on every social media posts. If you don't you go to prison.
I mean during Covid the french gov mandated them to print and fill a new form every time they took their dog out to pee. So that is not far fetch.
Its board, as well as boards of the related orgs, is crawling with ex-State guys, even some CIA assets (most recently Fernando Ruiz Perez) etc. They're in bed with WeProtect (State Dept) as well as McCain Institute guys. The connection is not obvious, but see this as starting point https://balkaninsight.com/2023/09/25/who-benefits-inside-the...
What's telling is the fact that they never targeted the U.S. and U.S. policy-makers EVER, despite being mostly Washington guys with lended tech credibility of SF VC's.
"As of July 2013, Thorn is in talks with leading internet companies (Facebook, Microsoft, Google, Twitter and at least three others) to collaborate on creating a database of millions of child abuse images on the web."
So if one messed up person likes that stuff, I guess they might aim towards working there?
Are politicians really exempt? Must be some really high profile pedophiles, or pedophile supporters between them, like those in the Hungarian government - they support this by the way.
I wonder what the chances are that the ECJ could look at employing actions for annulment against chat control, if it is passed. It is possible for private individuals to ask the court to annul an EU act that directly concerns them. So even if governmental structures across EU does not want it challenged, the issue could still be brought to the court.
> When executing the detection order, providers should take all available safeguard measures to ensure that the technologies employed by them cannot be used by them or their employees for purposes other than compliance with this Regulation, nor by third parties, and thus to avoid undermining the security and confidentiality of the communications of users.
Isn't democracy rendered impossible with laws like this?
I mean, if slavery was still legal or LGPT still illegal, would the government have been able to use this technology to smother political movements before they ever start? Wouldn't the government be able to add client-side scanning for words or phrases they don't like (not just images of child abuse)?
For democracy to work at all, people must at least be able to freely discuss there contrarian thoughts amongst themselves, even if they run contrary to the ruling party's wishes. I did not expect the cradle of democracy to be the one to kill it.
Nudge the door open with child abuse "concern" and then expand to your hearts content later. The analogy of it being like a police officer standing next to you while you chat online to a friend was great. He was joking when he said "lets cancel cars" but it might happen in the distant future. Letting people control heavy projectiles doesnt seem like such a great idea.
When you put "concern" in scare quotes like that... are you saying that there isn't actually anything to be concerned about regarding the safety of children using the internet?
I guess you're right. I doubt there are actually any children being prayed on on streaming apps and the like, and even if there are I highly doubt it has any lasting impact on their mental health.
The problem is obviously real, but a lot of people disagree with this proposed solution. Nobody is trying to argue whether child abuse is a problem or not.
I don't think there's a workable solution that both protects kids and protects society from sliding into 1984.
It essentially feels like a referendum on "should we just accept it?" It being whichever over those you think is the lesser over two evils. Figuring that out is an exercise left to the reader.
Straw man? It happened to my niece on a streaming app. She was 11. It started out as innocently as "what's that shirt you're wearing? Can you show me?" and progressed from there.
Straw man my ass.
Edit: I'm against the mass surveillance and direction things trending in, but I think either way we are facing a significant negative externality whichever way we choose. Either there's real people suffering real harm, or we're getting screwed by sliding into 1984. Both of those horrible. If we pick one horrible over the other, we're essentially saying "I'm ok accepting this horrible reality in order to avoid a different horrible reality".
I just don't think we can have our cake and eat it too on this issue.
Start with protecting children. Then something about misinformation. Then about defending democracy. Then about stopping terrorism. And soon you can escalate your authoritarian policy to just about anything.
This is why having the structure of fundamental civil rights, like in the US constitution, is important. I’m surprised the EU doesn’t seem to have such protections for free speech and privacy and against warrantless surveillance.
Between FISC, the Patriot Act/USA Freedom Act, and such it doesn't seem like the US constitution is doing a good job at protecting anyone. There is a long wikipedia article named Mass surveillance in the United States, but not yet one for the EU.
I don’t disagree. But there is still far more protection for free speech in the US than in the EU, where wrongthink is not acceptable to the powers that be. It is a huge regression and for some reason, culturally Europe seems to be modeling itself more after China than the US, with whom it shares more history and values.
i have lived in all three places (15 years in china) and i have to respond with an empathic no.
what we are seeing is that thanks to social media, more discourse is public. which leads to more prosecutions. that is not a regression. that stuff has always been prosecuted. and they go against hate speech, not wrong think.
hate speech is no clearly defined, so maybe we need to talk about that. wikipedia translates the german term "Volksverhetzung" to "incitement to hatred", but that's not actually a good translation, because it rather means "incitement to hatred against a whole people". besides that here is strong language directed against individuals that is designed to hurt them. in germany that is defined as insult to your honor or dignity and incitement to violence. the devil is in the details of course, and there are many expressions that are borderline and depend on context. but i think we can agree that such speech is generally not wanted. whether it should be punished is another question, but in my opinion "wrong think" goes way beyond what i described here. one topic that does go beyond hate speech that may be problematic is expressions that threatens the democracy. i couldn't find any good examples for that yet other than democracy being threatened by radicalization, polarization and political violence. so presumably anything that leads to that, most of which is already covered by hate speech.
Customs officers everywhere have almost unlimited discretion to deny entry.
While I think the Vance meme reflects very poorly on my country, it is always advisable to remember that you have very limited rights in every country while crossing the border and that it best not to piss off the officers. Travel StackExchange is filled with Q&A’s about how to what to do when the customs officials of various rich countries apply their discretion to deny entry, often for reasons even more petty than having a meme.
I have long campaigned against Fourth Amendment violations in the US, but to compare the US and the EU is laughable. The difference is night and day in every aspect, from constitutional rights to privacy (virtually worthless in most EU constitutions vs quite broad in the US) to practical surveillance (far deeper and broader in the EU) to court requirements for access for typical requests (commonplace in the US, rare in the EU.)
As an example of one of those points, the US right to privacy was long considered so broad that it served as the _foundation of the right to abortion_ in the US for decades! By contrast, to pick an EU example, the Dutch right to privacy is so weak that it is quite literally written into the Dutch constitution as “except as limited by law”; in other words, nearly worthless.
To compare them by presence of a Wikipedia page is beyond ridiculous.
Your address and phone number are publicly available with a Google search. I've been stalked and had someone show up at my house after moving (and I have zero social media presence) because, for some reason, my personal info was all online and easily found by googling my name.
People can take a video of you, shame you for some random thing, and have your face and name known to millions by the end of the day.
The NSA can access all your online data and share it with whoever they want. Companies do it on their behalf as well. Cops can dig through your car just by saying it smells funny.
A right to privacy somehow was construed as the right to an abortion. But the right to privacy never meant you have the right to keep anything private. In some other countries, you can easily have your data taken down from public view online and sue (and win against) people who violate that right. That's an uphill battle in the US.
American freedom is general is based on “might makes right”, whether that’s the well armed gunslinger in the old west, the lawyered up millionaire in the courts, or the billion dollar company using their freedom of speech to obliterate yours.
Everyone has the same freedom to use their resources to maximise that freedoms to help with where the fiat meets the nose.
Americans have the right to privacy "except as limited by capitalism". For example, your location history and purchasing history are actively sold for the ad industry. No it is not sufficiently anonymized.
FISA and patriot act are very controversial, the EU doing the same thing but far worse isn’t a good argument to stand on merely because the US gets talked about more on Wikipedia and therefore the press (which is one of the primary acceptable sources for a wiki article). Not to mention places like Germany and France did much of what NSA was doing back in the 2000s, often with even more leeway.
If anything censorship and extensive government oversight of peoples lives in EU and UK is far less controversial so there isn’t much of a push back. As you can see every time this comes up on HN where people in the EU defend it.
According to Wikipedia, the Russian constitution mentions the following:
1. Everyone shall have the right to the inviolability of private life, personal and family secrets, the protection of honour and good name.
2. Everyone shall have the right to privacy of correspondence, of telephone conversations, postal, telegraph and other messages. Limitations of this right shall be allowed only by court decision.
Which constitution are you talking about? The one that includes the House of Congress' right to militia to defend the constitution...or the one without that article?
Lately, the constitution of the US is as much worth as toilet paper, because the Trump administration does everything to exploit it using the "invasion excuse".
In Europe, there is the EU charta of fundamental human rights. If they are violated, laws can be fought above country level.
Covid was only 5 years ago can you imagine what people would have used this sort of power for during the lockdowns? How are people's memories so short especially with regards to such a traumatic experience that we all had?
if the framing is “pandemic controls bad because my rights are more important than public health in a global pandemic” it’s not a very convincing argument.
we should stick to actual fact and issue here which is that these tools are bad for human rights NOW. not some mythic pandemic is bad bogeyman
Did you really have to add the Israeli thing there?
News flash: every country in the world has an Epstein. Even Epstein has been replaced and a new guy is doing his work. Or does anybody really believe that child abuse among elites in the US and globally has suddenly stopped when Epstein was suicided?
This isn't even epstein, it's an active member of the likud party, but since you've mentioned epstein i guess i should say that the former prime minister of israel also visited his island numerous times and bolster my point. And yeah, it's my moral obligation to include it.
I hate the "protect the children" argument so much.
Birth rates are so low that a lot of people don't even have kids. Why should we preference other people's children to a total invasion of our privacy? Shouldn't those parents mind their own offspring?
Stop putting god and other people's children in my life. That's none of the government's business.
The other point is that people don't even care. Teachers with CP possession don't do any time, just one or two year suspended sentence. Most of the terrorists, be it by bus, truck, gun or knife, were well known to the police ahead of time. Did that stop the attacks? Would more "chat control" change any of that? Fuck no....
It's an interesting argument that with a declining birth rate childrens protection should be less in the picture. I'm more inclined to think that we owe it to the next generation to give them something viable and recognisable as a childhood, and it's communities obligation to raise them. Those who want privacy will usually find it.
What makes you think he is unaware of reality?
He just expresses his demands at this reality, or rather the small part of reality that human society occupies.
I am pretty sure he is aware that the default is rather intrusive - but that doesn't mean that is the right default.
"One of the main characteristics of the society is that its members take business in what other people do with their own lives."
That is your definition of societey, but one I consider close to totalitarian. And yeah, sadly it is the standard, but there are societies that stick together, so each member has better chances of living their own live and not so each members lives the live that the others force them to live.
That's arguably a selfish way to live- where no one cares about anyone but themselves. You would just be people living next to eachother, not a community.
Saying other people may not interfer uninvited in my life is not the same as saying people may not care about me.
I care about other people and interfer in their life, because in the case of my kids, they cannot sustain on their own and they want me as their parent. So there is consent in general about it.
But I am not telling my neibghors that they must wear a warm jacket when it is cold.
(Or that they may not consume porn, to not go to hell)
There is a slight difference between offering help for example and forcing someone to do things in a different way, no matter how well intentioned.
Liberty is good, but individuation and atomisation can break a community if it goes too far. If you don't feel any obligation to the state that helped you what hope do you have for national unity.
The result of all of the hubbub over privacy in past years is that many people left more centralized services for other private servers, which means that the government can no longer just ask Twitter for your data and it’s a pita for them.
Once they can read everything again, and more, the next step will be to use your own network, a.k.a. the multinet, which is mostly an advanced form of the disparate networks in the 20th century. Even ARPANET was just another network, which evolved into the B.S. we have today. We also don’t have to use the same protocol stack, routing, etc. We could get rid of name resolution and just use some long IDs.
Louis makes it sound that its actually for protecting the children but we all know its just an excuse for surveillance, control, and ultimately jailing people for wrong opinions (a real threat in the EU since there is no protection of Freedom of Speech anywhere)
October, 2018: "In Europe, Speech Is an Alienable Right: [the European Court of Human Rights] upheld an Austrian woman’s conviction for disparaging the Prophet Muhammad."
>On Thursday, the European Court of Human Rights (ECHR) upheld her 2011 conviction for “disparagement of religious precepts,” a crime in Austria. The facts of what E.S. did are not in dispute. She held “seminars” in which she presented her view that Muhammad was indeed a child molester. Dominant Islamic traditions hold that Muhammad’s third wife, Aisha, was 6 at the time of their marriage and 9 at its consummation. Muhammad was in his early 50s. The Austrian woman repeated these claims, and the Austrian court ruled that she had to pay 480 euros or spend 60 days in the slammer. The ECHR ruled that Austria had not violated her rights.
> The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.
jailing people for wrong opinions (a real threat in the EU since there is no protection of Freedom of Speech anywhere)
how do you figure that? the freedom of opinion is explicitly enshrined in the german constitution for example. there are limitations, but these are very specific and not arbitrary.
gemany is in fact one of the countries the provides the most protection for your opinion world wide, as long as that opinion is not based on obvious falsehoods (like holocaust denial), or stirs up hatred against a group of people. you can however criticize others and at this point germany provides even more protection than the US.
After a minute of searching... https://www.nytimes.com/2022/09/23/technology/germany-intern... I admit that these cases are arguable but by the same token the police don't have to respond to every mistake with a dawn raid. Even the US Secret Service has more discretion than this.
Not even the multiple cases of an individual doing nothing but call a politician a dick on social media?
> Last year, Andy Grote, a city senator responsible for public safety and the police in Hamburg, broke the local social distancing rules — which he was in charge of enforcing — by hosting a small election party in a downtown bar.
> After Mr. Grote later made remarks admonishing others for hosting parties during the pandemic, a Twitter user wrote: “Du bist so 1 Pimmel” (“You are such a penis”).
> Three months later, six police officers raided the house of the man who had posted the insult, looking for his electronic devices. The incident caused an uproar.
...
> In response to a message by [politician] Mr. Jurca criticizing Muslims, Mr. Mai posted a link to a picture of the mural [saying “Du bist so 1 Pimmel”].
> Several weeks later, four police officers pounded on Mr. Mai’s door at 6 a.m. with a warrant to confiscate his electronics. Mr. Jurca had filed a police report claiming the link to the photo was an insult.
in germany that is covered under insult against the honor and dignity of an individual. i don't know about this case, but this is generally only prosecuted when the insulted asks for it, and in most cases is a civil matter. that the incident caused an uproar shows that the response this case is an example of overreach, but overreach happens everywhere, and is an issue in itself. he question here is, is the risk for overreach more dangerous than removing the law/protection. this is certainly debatable.
The continual harassment of socialist parties by the government, including declarations that any group following Marxist philosophy is necessarily acting towards an unconstitutional goal.
because they are calling for a revolution, not reforms. revolution is an unconstitutional goal. if they believe that marxist philosophy can be achieved without a revolution they better ought to make that very clear. and to my knowledge the treatment of communists in the US was way worse.
there is a difference between individuals calling for a revolution and organized groups that have that in their program as a goal. the latter is not a theoretical threat but one that has historical precedent.
we need to be more specific here. peaceful demonstrations are certainly allowed. it becomes a problem when those demonstrations become violent. suppression would be not allowing these demonstrations in the first place. and if that is the case we need to look at how often that happens and whether the risk for a planned demonstration turning violent justifies not allowing it to take place.
What are you talking about? I see those (clearly very well funded) protests calling for literal unambiguous genocide of the Israeli people "from the river to the sea" almost weekly in every major train station and city center in the EU (and also China which means CCP gov backs the message)?!
Open jew hate in Europe hasn't been this elevated since WWII.
I voted for the only candidate that was clearly against this. However, the companies are suppose to do the scanning, not the police. Corporations like Meta already does things like this for sure. The difference is that they now will have to share potential crimes with the police. For Signal it is worse since it can't be added.
that's what I am thinking, EU made GDPR that is good move prevent any third party to extract privacy data illegally but still doing it to themselves anyway
for ages I was saying "do not ignore crime that is now allowed to scale and proliferate thanks to e2e" (very much similar to crypto). If you accept this reality and work with the government you can arrive at a decent compromise that is not 100% bad. If you ignore reality and cover your ears and shout "nananana", the government will find a way and I guarantee you it will be a dumb way that undermines privacy way more. News at 11, the government did.
Let's pick our pitchforks up and pretend sexual abuse monetization or human trafficking are not taken to the next level thanks to end to end encryption. We gotta make police do their damn jobs right? It's not our fault we invent new and improved ways that prevent police from doing that.
Which countries have been invaded by European countries to bring democracy? Because America started multiple wars for that in the last 70 years, not Europe.
Iraq, Afghanistan, Mali, Somalia. The expeditionary European powers like the UK, Spain, etc can't hide behind the US when they were willing participants.
Isn’t EU’s justification that they protect you from companies / private industry but they want full government/police control because that’s trusted / socialist?
Please stop repeating this nonsense. The GDPR never mentioned cookie banners. This is the industry‘s shitty solution to forcing users to consent with tracking.
You can run a perfectly fine website with zero cookie banners if you simply don’t track your users and don’t expose them to third parties that do track them.
Hence, all websites implementing cookie banners are the culprits here, not the GDPR.
That's a false dichotomy - clearly there's more options than these two. There's definitely a better way to address this issue.
On the other hand, between those two, it arguably is worse, because we now live in worst of both worlds - we still get a ton of stalking but we now have those cookie banners on top of that.
I can block coockies using simple addons, which is WAY lower effort than clicking through a deliberate dark-pattern that is different on EVERY website (or using complex addons with lookup tables for every website).
It's not about cookies specifically, they're just one of the many ways you can be tracked.
You can't realistically block fingerprinting without serious effort, and you can't block your IP without using a VPN (which causes a bunch of other problems with sites not serving you).
the behaviour was already bad (sharing your personal information with 1000s of “trusted partners”), companies just want to keep doing it even if it inconveniences their users.
The correct analogy would be California’s toxic substance regulations.
They’re vaguely worded and enforcement is applied randomly based on whatever company is getting bad press at the time. So virtually everything sold in California carries a sticker saying essentially that “this product may cause birth defects.”
Even companies selling products that don’t contain any of these chemicals do so, out of fear of the asymmetric power wielded by the state.
Do a majority of train passengers jump the ticket barriers because they are afraid they might get fined billions of euros if they don’t?
The laws necessitating cookie banners came into effect long before GDPR. That would be the 2002 EU ePrivacy Directive. The GDPR (2018) concerns the handling and storing of personal information, the mandatory disclosure of how this is done, and the mandatory right users to ask what data is being stored and deleting that data. There aren't any cookie banners in native apps. But they still need to comply with GDPR. And you can get into trouble for mishandling privacy sensitive information.
That law has been pretty successful to the point where there have been debates in the US about adopting similar laws.
The common US media company interpretation to declare their websites an abusive UX disaster zone and put their contempt and complete disregard for their main product (users) on full display is entirely on them and their sleazy lawyers trying to find ways where they can still do their sleazy business. This is made worse by incompetent web designers deciding that this is apparently "the way things should be done" without questioning that. Most cookie banners are just the result of their (mis)interpretation of the law, lazy copying of some shitty website they once saw, and the perceived need to provide lots of legal ass coverage for what under GDPR is flat out just not allowed at all.
Worse, the jury is actually still out on whether the highly misleading language, dark patterns, etc. are actually not illegal in themselves. They might very well be. Lots of companies got some really bad advice regarding GDPR. And some EU companies have actually been fined for doing it wrong.
> You can run a perfectly fine website with zero cookie banners if you simply don’t track your users and don’t expose them to third parties that do track them.
I run an extremely simple static website with some JavaScript that lets the user keep track of their state between visits. I have no way to access their cookie, and nothing on the website sends data to me (in fact, can't, since it's a static site running on Cloudflare pages). I never really thought about whether or not I need to add a cookie banner, I just... Didn't.
Please stop repeating this nonsense defense of poorly designed policy.
When everybody is using it wrong, the problem isn’t “everybody.” The problem is your design.
Cookie consent should be a centralized browser based setting and nothing more. And the default should be some middle ground compromise that both the most privacy obsessed people AND businesses are not happy with.
I challenge you to demonstrate the supposed understanding you have that would explain why that website is following "industry‘s shitty solution to forcing users to consent with tracking." (and not even each industry website does such stupid full page banners) instead of using non-shitty solutions.
It's a good question, which has a very obvious answer: even government websites are built by clueless people and/or marketers and/or using shitty tech.
Which you can see when you click on "personalise" in the cookie banner.
Obviously you haven’t either, because GDPR says nothing about cookie banners.
Cookie banners are the result of a different piece of legislation, the ePrivacy directive. Have you read that one too?
What about all the latest judicial actions regarding data transfers to 3rd parties that have gone back and forth due to ongoing legal cases? Legislation is totally irrelevant without the context of the latest judicial precedent.
Did you read the entirely of the schrems decisions and the analysis of what that means for using or offering any technology services? Having read GDPR is irrelevant when one day Google analytics is okay to use and the next day it's not due to one court case.
What about the latest data transfer agreements between the US and EU that invalidated the use of standard contractual clauses, and the above prior Schrems decisions? You've had years at this point.
Do you think it’s good to insult and assume bad faith from your fellow internet commenters about a topic you actually don't understand yourself?
Oh definitely, the decentralized private market absolutely got together in secret to devise a plan to undermine the beautifully designed EU legislation by using cookie banners.
My flower shop down the street that has a cookie banner on their Wix website is secretly trying to undermine the government.
It couldn't possibly be that the largely unaccountable central planners in the EU's technocratic maze of a government designed a dumb piece of legislation.
Who said anything about secret? They are doing it all in the open.
> My flower shop down the street that has a cookie banner on their Wix website is secretly trying to undermine the government.
Oh, your flower shop only sells you flowers. The 1421 "partners" on their website however are really glad that they tricked clueless people to include their "GDPR-compliant privacy-preserving" solutions.
> It couldn't possibly be that the largely unaccountable central planners in the EU's technocratic maze of a government got something wrong.
GDPR doesn't require huge obnoxious banners.
ePrivacy doesn't require huge obnoxious banners.
Industry: let's create huge obnoxious banners with all sorts of dark patterns to trick people into "consent" through innocent inconspicuous tool vendors like Interactive Advertising Bureau, and blame GDPR for requiring them.
Poor, poor sweet innocent companies. It's GDPR making them collect and keep your precise geolocation for 12 years across thousands of partners who care about your privacy: https://x.com/dmitriid/status/1817122117093056541
You can, and I have, and it clearly requires almost any modern website to have a cookie banner. Which shouldn't be too surprising, when you go to gdpr.eu and see the cookie banner at the bottom. It's possible in principle to jump through the crazy hoops required to avoid it, but the only sites I've ever seen do so are national Data Protection Authorities.
sniff encrypted chats, hahaha. Some law makers are completely clueless. I like Louis Rossmann. He looks like he’s been up stressed for weeks, yet his arguments are pretty level headed.
What if we make chats obfuscated instead of encrypted? So send a lot more data per sentence/word. It would need some sort of key on both sides to make sense of the data but it would be hard to use it without it. Or would that fall under the definition encryption?
"What do you mean you and your friend chat over Signal when there are dozens of other chat apps? Sounds like you two have something to hide, if you ask me." [0]
Whenever I hear someone telling me they have nothing to hide, I ask them to unlock their phone and hand it to me. The joke still goes over people heads sometimes.
[0]: https://idiallo.com/blog/nothing-to-hide
That's a bad argument - people trust the government differently than each-other. They also (should) mistrust the government differently. Voting is secret for a reason. How much of a chance do you think we have of meaningfully changing a government, if they can guess with 80% degree accuracy how everyone voted, based on their chats and social networks? When they know ahead of time who is assembling a new political party? When they know all of their friend's friends dirty secrets, and will tactically leak them to the press? Or simply prosecute them for spreading hate/antisemitism/homosexual propaganda/some other vague crime?
Knowledge is power. Does it feel like the balance of power is currently tilted too far in favor of individuals?
> How much of a chance do you think we have of meaningfully changing a government, if they can guess with 80% degree accuracy how everyone voted, based on their chats and social networks
This doesnt really detract from your overall point, but you may be underestimating how easy it already is for the government to tell how you will vote, without use of networking information. Just knowing someone’s educational level and zip code is enough to guess their voting preferences to a high degree of accuracy (the latter component being the reason why gerrymandering is so effective).
We’re already living in a world where FB and Google know this. Probably many others. No point adding to the list, but still. That ship sailed.
"The ship is already leaking, so we may as well drill more holes and make it illegal to plug them, instead of plugging the existing holes."
As I said, “no point adding to the list”
So I am not suggesting drilling holes. I am pointing out the obvious.
I think it's better to move past the individual question entirely. I tell them to imagine whatever political power they fear the most and ask themselves how it would likely behave if it knew nobody could coordinate against it in secret.
I have rather little to hide myself but I want desperately for you to be able to hide something. Otherwise we're together a worse deterrent against authorities behaving badly as we would otherwise be.
> I ask them to unlock their phone and hand it to me
Let’s say they do that. What would you do next? Go over their photos? Private messages with their so? And then what? Laugh at something that you found there? Would you feel then that you proved some point? I just don’t understand how this scenario would play out in real life
> I ask them to unlock their phone and hand it to me.
Alternatively, you also ask them to release the Epstein files... :-)
IDK man. I don't think everyone has access to that one.
Again, again and again:
These things should first be tested for 5 years on every politician and every civil servant, including their families, including their children.
Security researches should be given the freedom to hack that system as much as they can, in order to find security problems, no prosecution guaranteed.
Every access to data should be logged on a public blockchain with pseudonymization of who accessed whose data.
After those 5 years, reports and statistical analysis about the usefulness should be published: how many crimes were prevented, who went to jail for what, who had to go to court for what, with references to the logged data in the blockchain.
Then the public gets to vote on if they want this or not.
I don’t think this is a fair treatment of anyone.
Total surveillance, which we are talking about here, is extremely damaging to the subject, eventually all their dirty secrets will be out, legal and illegal.
I also argue that allowing the state to monitor its citizens fundamentally changes it closer a state I don’t want to exist. Nothing good can come out a surveillance state, no matter how small.
The point is that this way the public doesn't have to protest against it.
The politicians and civil servants will do that for us, which is what we are paying them for anyway: to work for us.
This way they'll think twice if they really want this to get started.
Yes, I understood the point. I don’t think it’s a good idea.
The issue I have with this proposal is that politicians won't change their behavior. The optimum politician is an absolute pragmatist without any moral values. That is what you need to be to succeed in a federalistic democracy.
Regarding Chat Control: Do we know who is lobbying for it so much? Maybe journalists should focus on finding dirt on the lobbying organizations, so that everyone knows about them.
To be honest, the journalists already focused on finding dirt
https://balkaninsight.com/2023/09/25/who-benefits-inside-the...
https://balkaninsight.com/2023/09/29/europol-sought-unlimite...
Oh we know who's behind it: a Hollywood celebrity-run charity that shadily hired multiple high-ranking Europol politicians.
Their whole deal is to convince legislators that scanning every image on your device for CSAM is absolutely necessary (https://www.thorn.org/) and then selling a tool to do that to companies (https://safer.io/).
If it's legally required, what else are you gonna do but go to them for a "solution"?
Good idea, maybe this way we would have Ursula von der Leyen's sms with Pfizer!
The problem is that _we don't want every crime to be caught or solved_.
The worst thing that could happen to freedom is that the system would actually work as advertised. Because then resistance would be impossible.
If a government is so powerful they can stop even just 99% of crimes, they are so powerful that people can't rise up against it. At that point it's only a matter of time until authoritarians get elected and get rid of elections. The probability is not 0 which means it'll happen eventually with a probability of 1.
We need to be able to resist. Look at how many democracies were created by violent revolutions. How many bad people had to be killed before they stopped trying for a while. How many bad people had to be threatened with being killed before they gave up power "voluntarily".
You think the Velvet revolution was peaceful? Imagine you're an asshole who oppressed 10M people for years until they got fed up and 1M of them are now in the square right in front of your eyes, angry and shouting. What do you think is gonna happen if the implied violence materializes? How many cops do you need to stop 1M people and how many of those cops are actually gonna turn their weapons against you too? The real power is always held by men with guns (and these days with drones).
Or look at Syria. You think the cunt in charge fled out of goodwill to stop the bloodshed? No, he fled because he didn't wanna end up bleeding out on the pavement and then be hung up at a gas station as a temporary flag of freedom.
We need to be able to resist and that includes being able to talk about violence, even promote it when the violence is just (not legally but morally). We need to be able to make people angry, to promote hate against injustice. And we need to be able to organize without the government knowing until it's too late for them. And yes, those abilities will be used by bad people too but that's the price we need to pay.
Drop the “chat” and just call it “control”. The current proposal is so vague it would cover anything with online sharing/syncing people can sign up for. Any SaaS, any app, any service. Chat, email, file syncing, todo lists, doesn’t matter.
I am pretty sure now that this ChatControl thing is the result of the EU being unable to setup an US type NSA/echelon type stealth mass surveillance system.
They might have gone so far to have paid for an implementation but it didn't work (like the EU search engine, cloud or whatever) because they are really incompetent.
So now the solution is to do it in the open, just write a dystopian law and force it through the fake parliament. Our only hope now is the practical implementation of ChatControl will also be in practice ineffective.
We are not really living in 1984 or Brave New World, in the EU we are in the 1985 movie Brazil.
dictionary have wiretap. so just call it wireless tap.
And what people in western, democratic world think about it? That this is just fine? I live in autocratic, almost dictatorship regime country and for the past 100 years we've just gotten used to the idea that we don't have any rules here. But I thought in EU and US things are different. All these news stories about Control, UK surveillance, age verification, all this stuff with no significant reaction baffle me.
There is significant opposition from civil rights and privacy groups, from courts as well as from the EU Parliament: https://en.wikipedia.org/wiki/Regulation_to_Prevent_and_Comb...
> And what people in western, democratic world think about it?
People are usually asked to 'think about the children'. Pedophiles, drugs, suicides, self-harm, cyberbullying; and whatever other horror stories the media has at hand. This maneuver is usually sufficient to neutralize the opposition.
I live in the United States and it baffles me just as much, trust me. Fine, maybe I didn't have the biggest expectations for the general public, but I really expected the Internet to react much more viscerally to what is happening. In the past, the Internet was much more defensive about Internet policing that was significantly less dystopian. Now, it feels like no matter how rapidly things decline, it's just another Tuesday; most people are unwilling to make any sort of sacrifice or risk for any cause, and nobody (including me, I guess) is really sure what to do anyways.
It really wasn't that long ago that we were all talking about SOPA.
A website was set up to inform and facilitate contacting MEPs: https://fightchatcontrol.eu
Additionally, keep in mind that controversial laws or proposals, at least in France, are often announced or passed during summer vacation when people are away, limiting scrutiny and attention.
Expect to hear more outrage come September
This is, ironically, one of the reasons we need a more decentralized public square.
Large gatekeepers get flack from politicians if they allow "the wrong people" to organize. First they claim there is a huge problem with terrorists/nazis/pedos/etc., maybe even find a couple of real instances of those things, and use that to demand that the gatekeepers Do Something, i.e. set up a censorship apparatus.
But the modern ones are subtle. You don't try to read something and get refused, it just goes to the bottom of the feed where you won't see it. Take advantage of the human failing that busybodies will take petty satisfaction in causing harm to strangers they've been told are their enemies. Let them issue false reports against anyone pointing out the emperor has no clothes. Have the algorithm take those reports seriously, with useless or non-existent customer service that can do nothing about adversarial report brigading. Make it known that this is what happens to people who don't toe the party line so people self-censor and people who don't get shadow banned.
It's an assault on the ability of the public to defend itself from bad ideas.
Large gatekeepers delenda est.
Gee I don't know, maybe if the press and journalists weren't a bunch of useless pr peddlers maybe we could have a better gauge of it
> But I thought in EU and US things are different.
Different indeed.
Privacy is enforced through compliance and civil court actions. In 2018, one of the largest actual data breaches at the time (~300 million customer records) netted about $0.25 per record in penalties, after several years of lawyering. ($52 million (US)/$23 million (UK)).
The EU makes more money fining companies for policy violations:
A €1.2 billion ($1.3 billion) fine was imposed by the Irish Data Protection Commission (DPC) for transferring Facebook users' personal data from the EU to the US in violation of GDPR.
That is what privacy is about.
https://nationalcioreview.com/articles-insights/extra-bytes/...
In my country that has managed to free itself from communism just 35 years ago everyone I know opposes it.
Politicians from countries like Germany have tried to make EU decide things like this on the "majority principle" for ages (because they know they can bully smaller countries into submission), but we still have the consensus principle.
Every country has to agree. So it takes only one country to put a stop to it.
> but we still have the consensus principle.
Beware attacks on checks and balances like this. If they actually work, someone will try to get rid of them.
The problem with the consensus principle is that it will always be profitable for the Putins and Xis of this world to pay off an Orban or Fico to block EU decisions they dont like.
Which is why I am for majority principle, even though I am from a small country that would lose out on power. Countries still can leave using article 50 if it is not palatable for them.
Given the state and amount of lobbying, I'd rather have some good stuff blocked due to lack of consensus, than more of this anti-democratic nonsense approved because Thorn and the EPP are buddies.
I think that the dictate of majority is one of the worst things about "democracies". As for buying politicians for a purpose - the whole of the EU looks like US lapdog.
> In my country that has managed to free itself from communism just 35 years ago everyone I know opposes it.
That tends to confirm my feeling that people in countries that have not suffered from tyrannical government for a long time have forgotten the value of privacy and freedom of speech because they have not seen the consequences in living memory. This is coming when the last of the people who remember the pre WW2 era are dying. Dictatorship is no longer part of living memory.
There has definitely need a cultural change in the UK in the last few decades. People have far more trust in the system (government and big business) or have learned helplessness (in a recent discussion about privacy people told me I was naive to think I could stop my private data being collected anyway so should not bother trying). This was in the context about what people say about their kids (specifically education, mental health, family problems) on Facebook.
> Every country has to agree. So it takes only one country to put a stop to it.
A lot of pressure can be brought on bear on any one country by the rest though.
The government of a country may not have the same view as the people. When the UK was in the EU the government pushed EU surveillance regulation, IMO so they could then then say it was not their fault it was introduced, they had to follow the EU directive (many years ago when there was strong public opposition to more surveillance).
That tends to confirm my feeling that people in countries that have not suffered from tyrannical government for a long time have forgotten the value of privacy and freedom of speech
I think it is more complex than that, see Hungary and Poland (though Poland is a bit on the rebound).
Yes, undoubtedly more complex than that, but I think it is an important factor - people do not value what they have taken for granted.
I tried I2P not so long ago and was quite impressed by the design decisions and the quality of the technology. It's truly an amazing piece of software that covers basically everything you need for a distributed network.
The only thing missing is actually the community and usage, because the technology has a network effect, and more users with stable routers provide faster and a more reliable network. So it's indeed slow at the moment. I highly recommend giving it a chance and playing a bit with it. Even for non-anonymity and security cases, it's fun to play with hole punching, global addressing by public keys, and stuff like that, which you can see in things like Iroh and libp2p.
It provides a simple universal SAM interface and libraries to work with it to plug other apps.
https://geti2p.net/en/
And if you don't want to install Java, there's also a C++ implementation: https://i2pd.website/
I have been hearing good things about I2P for 2 decades but what are the risks when using that thing?
Is this like running a Tor node where you could potentially get a knock on the door because somebody else went on some pedo website?
I2P doesn't have exit nodes like Tor, so it's essentially the same thing as running a Tor relay from an outside perspective, with a few positive differences.
I2P is mainly an overlay network that routes traffic only inside the network. The upside is that providers won't ban your IP for participation if you run a node. I know that with Tor, many datacenters/CDNs don't care whether it's a relay or exit node and will blanket ban all known IPs of the network. You also won't attack someone on the clearnet or somehow participate as a scapegoat in clearnet crimes.
I've never heard about any consequences for running non-exit relays in Tor, though if you're in a country that strictly punishes usage of any anonymous technology, that might be risky anyway.
I2P has several commercial "outproxies" that proxy traffic to the usual internet, but that's not the intended usage and it's not enabled on typical users' routers.
UPD: Anyway, if you feel uncomfortable sharing others' traffic and want to only use it as a client, you can disable transit traffic completely in both Java and C++ implementations.
You got me into i2p. My rpi router and dozens of servers are now i2p floodfill nodes!
Thanks!
what is thing you are talking about? can you share some links?
If this has the effect its proponents claim it will, it seems like substantially the larger outcome of this will be that government agents will be reviewing people's sexts. They say that false positives are rare, but how often is it okay for the government to be reviewing peoples' sexts? I found it a little hard to get concrete info on how exactly their image hashes work, but it sounds quite literally that if you've got a couple of young people (whether teens or twentysomethings) who are sexting, and their sexts look a bit like some piece of "known CSAM" if you squint, then a government agent will review it and possibly harass them.
Seems like eventually the law will get some poor girl killed when the authorities contact her parents about "CSAM," discover that it was the girl herself who took the picture and sent it to her boyfriend, her dad finds out she was having sex and does an honor killing.
But we're just supposed to trust that these image hashes have a small false positive rate, when there's no way to have transparent review without making it easy for adversaries to avoid the scan.
Even if they have a small false positive rate, the absolute figures will be staggering. 500 million people and all texts are being scanned, with more than 99% not being CSAM.. you do the maths..
Is it possible to make an encrypted messenger app without a central authority? Like BitTorrent magnet links. We all share the messages to support the network bandwidth, but can only see the messages which pertain to us? From my really novice understanding of cryptography, this should be possible. And it seems like the only privacy focused solution for the future.
Edit: looks like it exists, and is called Briar.
Once upon a time, prior to Microsoft or eBay purchasing it, this is what Skype was. It required a set of central instances to be supernodes to facilitate discovery, then each client communicated with others directly. And IIRC any client up long enough and with sufficient compute and bandwidth, could become a supernode.
Skype and iChat both did direct client-to-client communication. Skype was bought by MS, and Apple got sued by a CIA front company over iChat. The result was the same both ways: all comms started getting routed through a central server that could log metadata.
It also had the side effect of having far better latency than any modern day popular video calling app can offer.
It also had the side effect of making it possibly for any of your contacts to DDoA you because they had accès to your IPv4 address through Skype.
Historically, source IP was a lot more readily available. Every IRC user's source IP was visible, every UNIX login session's source IP was visible, and lots of people hosted their own websites which meant they saw your IP address there too. The implications of it used to be more like having an email address from a specific university. Skype happened relatively early in the world of online privacy.
I don't understand why obsolete technologies by MS are often upvoted on HN and become the first replies, while the corresponding working, decentralized technologies go to the bottom. Matrix exists and has a preliminary P2P version [0,1]. Other messengers were also mentioned in the comments here. Another example of such tendency is here: [2].
[0] https://arewep2pyet.com/
[1] https://news.ycombinator.com/item?id=23393935
[2] https://news.ycombinator.com/item?id=44898242#44898884
https://delta.chat/en/download Seems the best app (no web version)
https://chatiwi.com/ seems to be the only real e2e encrypted chat without installling an app (can check the network and source code as it’s just JavaScript)
https://briarproject.org/ and https://tox.chat/ requires to install an app and doesn’t work on iOS.
Briar seems discontinued
“Latest News
AUGUST 31, 2023
Briar Desktop 0.6.0-beta released - blogs“
Yes,it is possible to create a p2p encrypted messenger without any central node. It is even possible to have a relatively good UX in it.
What's nearly impossible is to make it easy and popular among "normal users". Onboarding would be pretty involved. Adding your friends to the contact list would require jumping through a number of hoops. Having several sessions open (phone and laptop, typically) would not be trivially easy, and synchronizing between them would not be very easy, or automatic. Also, forget about push notifications.
It might be far easier to run an instance of Matrix, or whatever Jabber server, etc, on a private host, with full disk encryption, and only accessible via Wireaguard. It's not hard to set up fully automatically from an app; see how Amnezia Proxy does that.
It, of course, will have a special node (the server), but it's definitely not a public service, and it cannot be encountered by accident. It of course would be limited only to people you would invite. Should be enough for family, friends, a small project community, and other such limited circles. It would not require much tech savvy to set up.
But a grand social media kind of network, like FB or Twitter, can't be run this way, because the UX friction would inevitably be too high for a lay person to care.
Will be in illegal. Why risk jail?
Why would it be illegal, if I'm not offering it publicly? Is running a VPN between my family computers illegal? Is ssh-ing onto a host and using the talk command illegal?
I suppose only public services, advertised for new users, are the target of the "chat control" directive. You can't join pseudonymously. But joining my VPN-based chat server would require being my acquaintance; should I ask an ID from a person I met at a pub? If so, should I ask their ID before I engage in a small talk with them in the pub?
The world has more than one country in it. People in free countries have the right and duty to create technologies to the benefit of people in authoritarian countries.
There are different solutions with different levels of decentralization. Briar is peer-to-peer. Matrix has servers but in a federated model, so there is no central authority but in some sense each server is an "authority" for users on that server.
If you try combat political issues mainly through technological solutions, you have already lost.
Well, conversely, if you figure you have already lost anyway, why not try the technical solutions?
We've tried the political solutions for so long, but this thing just keeps coming back. We have to put our lives and day jobs on hold to push back against this, while the authoritarian camp's agenda is carried by people for whom advancing it is their day job. Therefore it costs them nothing to try over and over again, and they only need to succeed once.
> We've tried the political solutions for so long
I mean, we enjoy workers rights only after decades of violent protests and many deaths, and yet they are still constantly threatened, because its is a nature of power and politics.
But pro-privacy people consider writing a petition a peak of political struggle, and when it fails it is over for them.
> If you try combat political issues mainly through technological solutions, you have already lost.
This is what people say when they're afraid that technological solutions would actually work.
Technologies have a network effect. If the rest of the world is using a technology which is resistant to censorship or surveillance, any given country will have a harder time banning it, and those technologies defend against governments that violate privacy rights in secret even when the law prohibits them from doing it.
Build privacy into every internet standard and protocol. Make it seven layers deep with no single point of compromise. Make attempts to break it an exercise in futility because it's built so thick into so many things that stripping even a piece of it back out would break the whole world and still not compromise the security of the system.
Exactly. Part of the tech crowd is so naive when it comes to this sort of discussions…
Is it really? I can think of approximately one political battle the tech crowd won (the Crypto Wars), to dozens of lost ones. Meanwhile, the battles where a strong technical solution was fielded are looking fairly good even when the political side was surrendered with nary a fight - I can still easily torrent most books and software, download scientific papers, emulate modern consoles and securely exchange data with people in any country less locked down than North Korea.
The cliché about how you should not approach political problems with technical solutions is recited all the time in these threads, but nobody ever presents evidence for this claim. It seems like a meme that is disproportionately useful for those who are confident in their abilities to win any political contest.
> I can still easily torrent most books and software, download scientific papers, emulate modern consoles and securely exchange data with people in any country less locked down than North Korea
You can also go to jail for any of the above, should your particular government authority decide to throw the book at you.
Technical capability is necessary, but rarely sufficient.
Although the chance of getting a large fraction of the population to use a decentralised censorship resistant messenger is low, it's still higher than the chance of somehow stopping the Eureaucracy from continuously pushing authoritarian policies.
> Eureaucracy from continuously pushing authoritarian policies.
There is no "Eureaucracy", Council decides, countries may or may not implement.
Countries could face penalties if they don't implement or follow EU regulations.
https://commission.europa.eu/law/application-eu-law/implemen...
Are not governments of member states in control of Council?
Besides Briar, BitTorrent used to have a client like that for a brief time: https://www.bittorrent.com/blog/2015/05/12/bleep-private-mes...
You have a spectrum of options going from centralised (Signal, WhatsApp, …) to federated (XMPP, Matrix) to P2P.
In my opinion, federated is the sweet spot: you do have to trust the server with your account management, but that server can easily be yours, or one you ethically align with, and through it, you will be able to talk with anyone on the network.
P2P sounds great on the surface but in a mobile-first messenging world, that comes with practical tradeoffs in bandwidth and battery consumption, unless you offload discovery and push to trusted servers, at which point you are back to federation with more steps.
The problem I see with decentralized protocols is that node owners can easily be spotted, and then crushed under legal constraints that will make them more insecure than a strong multinational who's there just for profit and can balance legal fight for a relative privacy with it's own interest in protecting its customers.
> a strong multinational
Don't you think that it makes them obvious high-value targets? I mean, that's not even like this profusely pragmatic take has no precedent in the real world: the Snowden revelations showed that all major tech companies were in bed with the NSA to spy extrajudicially on everyone. It's a leap of optimism to think they would "fight legally for its own interest in protecting its customers".
Then, compare that to the low-scale/low-value/hobbyist/residential service providers. How high do you think the chances are for a malicious state-actor to "corrupt" many service operators without it widely being known and publicly dealt with? There's also a deniability dimension to this: XMPP uses OMEMO as a zero-knowledge encryption scheme: whatever the users are doing is none of the operator's business, and the choice of encryption scheme and implementation is purely a client-side affair, so now you are no longer dealing with "reluctant" operators, but potentially millions of end-users using strong encryption. And that is assuming the server is operating in the open, but nothing prevents service operators from offering it over tor (with very little impact on the end-user-side), further raising the bar for the malicious state actor.
Maybe https://delta.chat/en/ : completely decentralized as based on email infrastructure, e2e encryption, easy registration without providing personal data.
You can send encrypted email. That's how email already works.
You can also send encrypted messages over any other medium. You don't need the messenger app to encrypt your messages for you.
One of the common arguments that PGP is bad is that it's "inevitable" that someone will send a message in cleartext, defeating the whole purpose of encrypting your messages. I don't understand this. The fact that this is possible to do is obviously an artifact of the idea that the user should be unable to tell whether the messages they send and receive are encrypted or not. Do the encryption and decryption yourself, and this is not a mistake it's possible to make. Don't confuse the encryption, which is something you do, with the delivery, which is something the channel does. The point of encryption is that the channel can't be trusted!
You can encrypt the email content with PGP or Age, sure. However, metadata such as the Subject line, sender and receiver are in plaintext. Lavabit fixed this, but requires money. You can use i2p tools to fix this too.
The subject line is content set by the user. What are you thinking of?
Regular encrypted email relies on a certificate authority
S/MIME does. PGP doesn’t (but only serves part of S/MIME’s purpose). That said, email does rely on a central authority—DNS.
In practice yes, but it's good to know the smtp rfc does support domain literals, ie user@IP.
DNS isn't a central authority. Everyone selects their own DNS server. It can say whatever it wants.
This is a rare case where it's centralized in practice and yet the option to do your own thing hasn't been removed from the relevant software.
If you can agree with your communication target on a common DNS server under your or their control that doesn’t respect authoritative DNS servers, and both of you can securely connect to said server, then you already have a continued, trusted communication mechanism that you may as well use for your communication. You’re just arguing a pretty pointless technicality.
> If you can agree with your communication target on a common DNS server under your or their control that doesn’t respect authoritative DNS servers, and both of you can securely connect to said server, then you already have a continued, trusted communication mechanism that you may as well use for your communication.
Why? It can easily be the case that that traffic is observable by outside parties. You'd still need to encrypt your communication.
Connecting to the DNS server "securely" doesn't really get you anything except some DOS resistance.
DNS already supports encryption on the protocol level. And even if you can’t use DOH/DOT, you can use PGP or age or whatever in your clear text too.
pgp or gpg relies on you dealing with the keys.
What?
Isn't that sort of like how Tor works?
Yes but it requires exchanging public keys out of band.
You could use Granovetter introduction.
If I know Marisa's public key and Marisa knows Omar's public key, she can sign a message to me saying, "Omar's public key hash is c2ecc3b9b9eb94dcafe228f8d23b1e798597d526358177c95effa6bc0ded3a35". I can then use that key hash to authenticate messages from "Marisa's Omar". If she gives Omar mine too, he and I can set up a private channel without further involving Marisa.
Hopefully we aren't just talking to Marisa's MitM proxy. If other mutuals also know him as "Omar" then I can ask them for his key too, and if I get the same response, I can have more confidence that Marisa isn't playing that trick on us.
Never total confidence, though. You need some way to bootstrap a non-MitMed connection; no evidence can ever prove conclusively that you aren't a Boltzmann brain floating in the post-heat-death void, or Descartes being tricked by his evil demon that controls all his perceptions, or Neo in the Matrix.
But meeting up with one of your friends in person once to exchange either public keys or a shared secret, even before you start using the system, can go a long way to ensuring that you are all actually enjoying privacy.
Couldn’t we spend a small amount of crypto to write our public key into a blockchain to avoid the MITM threat?
actually though? storing a very small but important info (public keys, domain ownership and such) would have been a perfect use case, which also keeps the chain small...
Did you just recommend actually using some kind of crypto and blockchain on HN?
TLDR: That sounds like it is some kind or grift.
In all seriousness, google the Sidetree Protocol. Daniel Bruchner promoted it at Microsoft. And now we can even do zk-rollups too.
Where was I? Oh yes, some kind of grift!
The new version of Bitchat (from Jack Dorsey) is interesting: it's a chat over BLE mesh, but says that it'll continue the chat on the nostr infrastructure if two (in principle anonymous) participants fave each other in the app. Haven't had able to try this out yet.
Didn't Cwtch promise this? Not sure on the current state though.
BitChat from Jack Dorsey
Tox also.
No chance in hell my country agrees to it (despite the darling of EU being the current prime minister). It is still a minority government and both the president and the people oppose it.
It will die this time and they will try to bring it back in 2 years time.
One thing I do not understand is why people in Denmark allow this to happen. Where are the large scale protests against the party that brought this zombie back to life?
Follow the money. This and the sudden wave of internet censorship comes partly from AI companies lobbying trying to sell their new AI thing.
EU logic: Want to centrally track users with personally identifiably information? Great! Want to store anonymized data with local cookies, that the user can delete, disable, or doctor at any time? That should be heavily restricted with constant intrusive warnings.
Local governments all over the EU tried to push internet surveillance for a long time. Today, apparently the political landscale is ripe for their success.
Considering the endurance and BS justifications they brought up for so long tells me, there is a is a coordinated effort behind the scenes going on for decades now.
Dissmissing it with incompetence, like "EU logic" is naive, imo.
I have the same opinion, but I can't think of who or what would be pushing for that?
Unless it's just the US and NSA again actually somehow having trouble with bypassing encryption? Like just push the EU to do some more spying that the US/NSA can then use to see more? I find this somewhat hard to believe since in my mind the NSA is on every US server and can probably just get unencrypted everything from spyware (the OS itself) on all end-points.
Maybe governments/humans simply eventually naturally pivot to power grabbing and this was going to happen all along everywhere?
It's also not an EU-only thing. It's been happening all over the west, partners of the US and even outside of the west: UK, Australia, Colombia, Mexico, the Koreas, China, Russia, etc.
Any other ideas?
Our own governments are pushing for it, simple as that. I live in Spain, and both left and right parties, and to a lesser degree their voters, are increasingly leaning authoritarian and tacitly agree to extend surveillance; the police and specially the gendarmerie lobby for it as well.
So our parties are drooling at the idea of extending surveillance by EU directive so they can point fingers at the EU instead of risking losing votes.
It's no surprise to me, then, that in the document leaked to Wired in 2023[1], our country's position was the most extreme:
> In our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption.
There may have been external lobbying, but it wasn't necessary.
[1]: https://www.techdirt.com/2023/05/26/leaked-document-shows-sp...
> coordinated effort behind the scenes going on for decades
It's an open conspiracy among the global ruling class, including people and organizations collaborating at places like the World Economic Forum and Bilderberg meetings. *Adjusts tin-foil hat.*
The interests of the rich and powerful are aligned to coordinate an international effort for more surveillance of the public, control of information flow and communication. It's part of the rising tide of authoritarianism and frankly fascism.
I could call the recent right-shift in the west a coordinated effort too and in many cases, this would be a decent explanation, catching private media outlets, biased and centralizes social media, spineless populistic politicians and the donor class behind them but ...
Some cases are much more benign. Like the police, only seeing their need for more privacy invasions to achive their goals, meeting a tumbling elected politician with the need to pose as tough on crime. Both sides ignore anything beyong their horizon. Here, you have good old incompetence, esp on the politicians side. Pair that again with the populus feeling the need, that something drastical has to be done and you would have an alternative explanation.
As sad as it sounds, but a fascistic government, comming out of a democracy is not a failure of democracy. Many people dont care about big topics, correlations and history repeating itself. They are willing to sacrifice rights, piece by piece, others have fought died for. Besides a lack of governmental transparency, this ignorance, small and large scale, and its todays normalization are the problems i see here.
I cant help it, but i realized first hand (as i assume, many others did too) that this ignorance is often more than just a small mistakem done by individuals. Today, i see it as a cognitive deficiency.
Take one extreme for example, flat earthers. There are many simple physical experiments or celestial observations one could do, to conclude, that the earth is a sphere, but not for them. Confronting FEs with contradictions will only lead to reactance (ad hoc rejection), no matter how polite or enduring you are or striking your arguments are. I know this first hand. If you are lucky, you might encounter and open state of mind that struggles with the cognitive dissonance, you have induced, but only for a short time. Having lasting effects on some strongly biased mind resembles something like a long term therapy: an open mind / willingness for therapy and regular confrontig sessions. If all those self proclaimed critical thinkers were able, to not only change their minds on a whim but would actively seek contradictions in their believes on their own, the world would be a much better place. Can you tell me any historical atrocity commited by societies, where some believe about a superior truth or some absolute good/evil was not at the very core of it? I cant.
The same biased reasoning about a superior truth can be found in modern politics today. In essence, its people rallying around some vague group identity or against some other group (in/out group characteristics) and irrationally attack/discard $symbol criticism as if its fight-or-flight time because the apes survival dependeds of the tribe. MAGA accolytes could realize them selfs, that 1st gen. mexican migrants have a significant lower crime rate and thus crime emerges from within the US, but they dont. It doesnt cross their mind 0, that someone willing to migrate is also willing to work for a stable future. Instead, they rally arround "mass deportation" and will post hoc rationalize any atrocity of their supreme leader.
After Nazi-germany lost the war, the tribe was shattered and it was tabu to speak about or do $symbol in public. For a brief moment in time, it looked like the populus could actually learn, that history is not a loop but even though most AFD accolytes agree on the evil atrocities of that time, they still fall for the nostalgic unity strength and role model of it, they would like to see "tribe great again" and absolute evil being dealt with and ignore anything beyong, including your well-meaning, factual arguments. So why even try?
I cant help it, but i think changing the message to a primarily emotional one might be a better strategy. I am not saying we should ignore factual arguments but since disgust towards out groups can be such a strong source of bias, why not use it against them and make xenophobia disgusting again, like its 1945.
I like Gavin Newsoms recent trolling and hope he doesnt degrade into simple insults only. He does, what is neede, wresling with a pig and i think we all should convey the same derogatory message, while the communication channels are still unfiltered. The other side does not want to have a truley open discourse, they want us to be silent.
I know, this can be seen as inflammatory and counter productive but i think the polite approach is even more futile.
Now you know about my ideas :)
a fascistic government, coming out of a democracy is not a failure of democracy. Many people don't care about big topics, correlations and history repeating itself.
i disagree. people not caring about important topics is a failure of democracy. one issue is the reason why they don't care. in many cases it is the feeling of being unable to influence change. and that most certainly is a failure of the system.
my conclusion though is that it isn't a failure of democracy itself, but rather that it makes the system less democratic.
The EU lets you store whatever you want in cookies as long as they are truly anonymous (do not contain unique identifiers.) What you call "anonymized data" is literally the opposite.
EU logic is only government should be able to track personal information
US logic is only billion dollar companies should track personal information
Personally I prefer the former as governments will spend my tax money on getting the data from the billion dollar companies anyway, and those companies will exponentially monetise it because they are required to
The GDPR isn’t about anonymized data stored in local cookies.
Who are the actors behind the ChatControl initiative?
I remember reading their names being blacked out.
DSA was pushed by the very controversial Thierry Breton, former CEO of Atos, then European commissioner for the internal market, now on the advisory council of Bank of America.
Atos btw is the company that leads in receiving money to construct Europe's virtual security infrastructure.
But the proposal was ultimately supported by a substantial majority in parliament, led by the christians, socialists. liberals and greens.
https://howtheyvote.eu/votes/139040
> DSA was pushed by the very controversial Thierry Breton, former CEO of Atos
It's a clown show, that "French Big Tech company" Atos stock price went from 10000 to 40 euros in 25 years [0] and is now being sold into pieces because it has 5B debt [1] and is hopeless . I heard him talk once on youtube he is a total moron.
> Atos btw is the company that leads in receiving money to construct Europe's virtual security infrastructure.
Great if those type of people are in charge there is nothing to worry about. The only downside is the Internet might get slower in Europe.
At the end EU citizen might just be told to put the EU in CC of every messages you send, invited to every chat group, and tagged on every social media posts. If you don't you go to prison.
I mean during Covid the french gov mandated them to print and fill a new form every time they took their dog out to pee. So that is not far fetch.
- [0] https://finance.yahoo.com/quote/ATO.PA/
- [1] https://en.wikipedia.org/wiki/Atos#Financial_difficulties
Danes and Swedes are in the forefront
They say it's the Swedes, but that's not accurate. Thorn is a NSA-run charity that has been lobbying for this since 2012.
Interesting. Do you have a source for the connection between the NSA and Thorn?
Its board, as well as boards of the related orgs, is crawling with ex-State guys, even some CIA assets (most recently Fernando Ruiz Perez) etc. They're in bed with WeProtect (State Dept) as well as McCain Institute guys. The connection is not obvious, but see this as starting point https://balkaninsight.com/2023/09/25/who-benefits-inside-the...
https://projects.propublica.org/nonprofits/organizations/270...
What's telling is the fact that they never targeted the U.S. and U.S. policy-makers EVER, despite being mostly Washington guys with lended tech credibility of SF VC's.
https://en.wikipedia.org/wiki/Thorn_(organization)
How comes US celebrities have to create their foundation in Sweden instead of the US?
"As of July 2013, Thorn is in talks with leading internet companies (Facebook, Microsoft, Google, Twitter and at least three others) to collaborate on creating a database of millions of child abuse images on the web."
So if one messed up person likes that stuff, I guess they might aim towards working there?
Wouldn‘t be the first time something like this happens
Are politicians really exempt? Must be some really high profile pedophiles, or pedophile supporters between them, like those in the Hungarian government - they support this by the way.
Just one example from the many:
https://edition.cnn.com/2024/02/17/europe/hungary-child-abus...
Sure, Daniel Cohn Bendit, MEP for 20 years, was a big promoter of pedophilia [0].
Here he is on television promoting it in 1982 [1].
- [0] https://en.wikipedia.org/wiki/Daniel_Cohn-Bendit#Allegations...
- [1] https://www.youtube.com/watch?v=6IOAaSFpVCw
I wonder what the chances are that the ECJ could look at employing actions for annulment against chat control, if it is passed. It is possible for private individuals to ask the court to annul an EU act that directly concerns them. So even if governmental structures across EU does not want it challenged, the issue could still be brought to the court.
has the ECJ ever done anything like that before?
Yes all the time. Seems like there is a handful cases a year. Poland, as an example, has won 19 annulments between 2004–2023.
The big one in 2020 I think was this one where they ruled against data retention.
https://curia.europa.eu/jcms/upload/docs/application/pdf/202...
When left unchecked and unaccountable, regulators will grow to fill the volume of their container
Quoting from proposed text:
> When executing the detection order, providers should take all available safeguard measures to ensure that the technologies employed by them cannot be used by them or their employees for purposes other than compliance with this Regulation, nor by third parties, and thus to avoid undermining the security and confidentiality of the communications of users.
EU demands impossible.
Isn't democracy rendered impossible with laws like this?
I mean, if slavery was still legal or LGPT still illegal, would the government have been able to use this technology to smother political movements before they ever start? Wouldn't the government be able to add client-side scanning for words or phrases they don't like (not just images of child abuse)?
For democracy to work at all, people must at least be able to freely discuss there contrarian thoughts amongst themselves, even if they run contrary to the ruling party's wishes. I did not expect the cradle of democracy to be the one to kill it.
It's already impossible thanks to the DSA.
Surprise: The EUSSR is a dictatorship. Who would have thought THAT?
HN discovers there is unsolvable tension between public, its interest and its institutions, Ep. 1234.
Nudge the door open with child abuse "concern" and then expand to your hearts content later. The analogy of it being like a police officer standing next to you while you chat online to a friend was great. He was joking when he said "lets cancel cars" but it might happen in the distant future. Letting people control heavy projectiles doesnt seem like such a great idea.
When you put "concern" in scare quotes like that... are you saying that there isn't actually anything to be concerned about regarding the safety of children using the internet?
of course its concerning, but i doubt its the ultimate objective and it also seems contrived given the other dangers to children that abound.
I guess you're right. I doubt there are actually any children being prayed on on streaming apps and the like, and even if there are I highly doubt it has any lasting impact on their mental health.
The problem is obviously real, but a lot of people disagree with this proposed solution. Nobody is trying to argue whether child abuse is a problem or not.
I don't think there's a workable solution that both protects kids and protects society from sliding into 1984.
It essentially feels like a referendum on "should we just accept it?" It being whichever over those you think is the lesser over two evils. Figuring that out is an exercise left to the reader.
if only these children had parents to raise them. nope can't think of how that would work. it's better to control everybody else.
How would that work? Please explain.
parents take an interest in their kids lives. parents talk to them about things that are good and bad for them. it's a novel concept.
Its these sorts of straw men that keep the conversation going in the wrong direction.
Straw man? It happened to my niece on a streaming app. She was 11. It started out as innocently as "what's that shirt you're wearing? Can you show me?" and progressed from there.
Straw man my ass.
Edit: I'm against the mass surveillance and direction things trending in, but I think either way we are facing a significant negative externality whichever way we choose. Either there's real people suffering real harm, or we're getting screwed by sliding into 1984. Both of those horrible. If we pick one horrible over the other, we're essentially saying "I'm ok accepting this horrible reality in order to avoid a different horrible reality".
I just don't think we can have our cake and eat it too on this issue.
Why was your 11 year old niece on a streaming service?
Start with protecting children. Then something about misinformation. Then about defending democracy. Then about stopping terrorism. And soon you can escalate your authoritarian policy to just about anything.
This is why having the structure of fundamental civil rights, like in the US constitution, is important. I’m surprised the EU doesn’t seem to have such protections for free speech and privacy and against warrantless surveillance.
Between FISC, the Patriot Act/USA Freedom Act, and such it doesn't seem like the US constitution is doing a good job at protecting anyone. There is a long wikipedia article named Mass surveillance in the United States, but not yet one for the EU.
> There is a long wikipedia article named Mass surveillance in the United States, but not yet one for the EU.
I agree with your other points. There is this though:
https://en.wikipedia.org/wiki/Mass_surveillance#European_Uni...
I don’t disagree. But there is still far more protection for free speech in the US than in the EU, where wrongthink is not acceptable to the powers that be. It is a huge regression and for some reason, culturally Europe seems to be modeling itself more after China than the US, with whom it shares more history and values.
i have lived in all three places (15 years in china) and i have to respond with an empathic no.
what we are seeing is that thanks to social media, more discourse is public. which leads to more prosecutions. that is not a regression. that stuff has always been prosecuted. and they go against hate speech, not wrong think.
Hate speech is wrong think.
Threats are something different
hate speech is no clearly defined, so maybe we need to talk about that. wikipedia translates the german term "Volksverhetzung" to "incitement to hatred", but that's not actually a good translation, because it rather means "incitement to hatred against a whole people". besides that here is strong language directed against individuals that is designed to hurt them. in germany that is defined as insult to your honor or dignity and incitement to violence. the devil is in the details of course, and there are many expressions that are borderline and depend on context. but i think we can agree that such speech is generally not wanted. whether it should be punished is another question, but in my opinion "wrong think" goes way beyond what i described here. one topic that does go beyond hate speech that may be problematic is expressions that threatens the democracy. i couldn't find any good examples for that yet other than democracy being threatened by radicalization, polarization and political violence. so presumably anything that leads to that, most of which is already covered by hate speech.
hate speech is a hazy definition that depends only on the party in power, so it means no protection if you rely on that
I dunno, right now America bans or locks up travelers for having fat Vance memes on their phone. So you tell me who is turning more towards China.
> I dunno, right now America bans or locks up travelers for having fat Vance memes on their phone
That has never happened.
Customs officers everywhere have almost unlimited discretion to deny entry.
While I think the Vance meme reflects very poorly on my country, it is always advisable to remember that you have very limited rights in every country while crossing the border and that it best not to piss off the officers. Travel StackExchange is filled with Q&A’s about how to what to do when the customs officials of various rich countries apply their discretion to deny entry, often for reasons even more petty than having a meme.
Putting people in near-torture jail is not "denying entry".
American exceptionalism is crazy. US is one of the more abusive countries, not some civilized safe haven of individual liberties.
I have long campaigned against Fourth Amendment violations in the US, but to compare the US and the EU is laughable. The difference is night and day in every aspect, from constitutional rights to privacy (virtually worthless in most EU constitutions vs quite broad in the US) to practical surveillance (far deeper and broader in the EU) to court requirements for access for typical requests (commonplace in the US, rare in the EU.)
As an example of one of those points, the US right to privacy was long considered so broad that it served as the _foundation of the right to abortion_ in the US for decades! By contrast, to pick an EU example, the Dutch right to privacy is so weak that it is quite literally written into the Dutch constitution as “except as limited by law”; in other words, nearly worthless.
To compare them by presence of a Wikipedia page is beyond ridiculous.
But what exactly does privacy entail in the US?
Your address and phone number are publicly available with a Google search. I've been stalked and had someone show up at my house after moving (and I have zero social media presence) because, for some reason, my personal info was all online and easily found by googling my name.
People can take a video of you, shame you for some random thing, and have your face and name known to millions by the end of the day.
The NSA can access all your online data and share it with whoever they want. Companies do it on their behalf as well. Cops can dig through your car just by saying it smells funny.
A right to privacy somehow was construed as the right to an abortion. But the right to privacy never meant you have the right to keep anything private. In some other countries, you can easily have your data taken down from public view online and sue (and win against) people who violate that right. That's an uphill battle in the US.
American freedom is general is based on “might makes right”, whether that’s the well armed gunslinger in the old west, the lawyered up millionaire in the courts, or the billion dollar company using their freedom of speech to obliterate yours.
Everyone has the same freedom to use their resources to maximise that freedoms to help with where the fiat meets the nose.
In the US, mugshots of people are published before they have been found guilty.
Comparing privacy laws by example is beyond ridiculous. And there are big cultural differences what "privacy" entails.
Americans have the right to privacy "except as limited by capitalism". For example, your location history and purchasing history are actively sold for the ad industry. No it is not sufficiently anonymized.
FISA and patriot act are very controversial, the EU doing the same thing but far worse isn’t a good argument to stand on merely because the US gets talked about more on Wikipedia and therefore the press (which is one of the primary acceptable sources for a wiki article). Not to mention places like Germany and France did much of what NSA was doing back in the 2000s, often with even more leeway.
If anything censorship and extensive government oversight of peoples lives in EU and UK is far less controversial so there isn’t much of a push back. As you can see every time this comes up on HN where people in the EU defend it.
> FISA and patriot act are very controversial
They are controversial with the public. They are not controversial within the government.
I suspect they aren’t controversial with the public either.
With certain subsets of the public sure.
Similar response to the “give your passport to shady company” act in the U.K - the majority of the public support it.
* I’m surprised the EU doesn’t seem to have such protections for free speech and privacy and against warrantless surveillance*
individual countries, such as germany do have these protections.
Unless you oppose genocide, in which case your freedom of speech evaporates.
Agreed. We have that in common with the US.
The biggest set of propaganda is that America has “free speech”
According to Wikipedia, the Russian constitution mentions the following:
1. Everyone shall have the right to the inviolability of private life, personal and family secrets, the protection of honour and good name.
2. Everyone shall have the right to privacy of correspondence, of telephone conversations, postal, telegraph and other messages. Limitations of this right shall be allowed only by court decision.
And yet, they have the SORM and SORM-2 laws.
I want to be not snarky but I can't:
Which constitution are you talking about? The one that includes the House of Congress' right to militia to defend the constitution...or the one without that article?
Lately, the constitution of the US is as much worth as toilet paper, because the Trump administration does everything to exploit it using the "invasion excuse".
In Europe, there is the EU charta of fundamental human rights. If they are violated, laws can be fought above country level.
[1] https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex:12...
> This is why having the structure of fundamental civil rights, like in the US constitution, is important.
How's that structure working out in upholding fundamental civil rights in the USA?
>"Start with protecting children..."
This is exactly what I think about it: https://youtu.be/J07wReeRF7Y?si=_VfrNiGRnG-_7dHX
Covid was only 5 years ago can you imagine what people would have used this sort of power for during the lockdowns? How are people's memories so short especially with regards to such a traumatic experience that we all had?
if the framing is “pandemic controls bad because my rights are more important than public health in a global pandemic” it’s not a very convincing argument.
we should stick to actual fact and issue here which is that these tools are bad for human rights NOW. not some mythic pandemic is bad bogeyman
Most people in Europe were happy with the pandemic response, so that's a non-issue.
Does anyone know where to find the text of the proposal? I wasn't able to find it.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A20...
Let me guess- preventing child abuse- unless it's done by an israeli government official of course https://www.theguardian.com/us-news/2025/aug/16/nevada-arres...
Did you really have to add the Israeli thing there?
News flash: every country in the world has an Epstein. Even Epstein has been replaced and a new guy is doing his work. Or does anybody really believe that child abuse among elites in the US and globally has suddenly stopped when Epstein was suicided?
This isn't even epstein, it's an active member of the likud party, but since you've mentioned epstein i guess i should say that the former prime minister of israel also visited his island numerous times and bolster my point. And yeah, it's my moral obligation to include it.
I hate the "protect the children" argument so much.
Birth rates are so low that a lot of people don't even have kids. Why should we preference other people's children to a total invasion of our privacy? Shouldn't those parents mind their own offspring?
Stop putting god and other people's children in my life. That's none of the government's business.
The other point is that people don't even care. Teachers with CP possession don't do any time, just one or two year suspended sentence. Most of the terrorists, be it by bus, truck, gun or knife, were well known to the police ahead of time. Did that stop the attacks? Would more "chat control" change any of that? Fuck no....
It's an interesting argument that with a declining birth rate childrens protection should be less in the picture. I'm more inclined to think that we owe it to the next generation to give them something viable and recognisable as a childhood, and it's communities obligation to raise them. Those who want privacy will usually find it.
I don't like that argument either.
However, the continued existence of society requires other people's children, so maybe it's a pretty important investment?
There's really no logical reason for humans to exist
> Stop putting god and other people's children in my life. That's none of the government's business
This is very naive worldview.
No it's not. People need to leave other people alone.
Stop imposing religion, lifestyle, judgment. Live and let live.
What people do with their own lives is none of anybody else's business.
It is naive - you mistake reality and your expectations.
What makes you think he is unaware of reality? He just expresses his demands at this reality, or rather the small part of reality that human society occupies.
I am pretty sure he is aware that the default is rather intrusive - but that doesn't mean that is the right default.
Because of:
What people do with their own lives is none of anybody else's business.
One of the main characteristics of the society is that its members take business in what other people do with their own lives.
Saying that it shouldn't be the case is not a proposal for a different society, but for abolishing it altogether, and thus naive.
"One of the main characteristics of the society is that its members take business in what other people do with their own lives."
That is your definition of societey, but one I consider close to totalitarian. And yeah, sadly it is the standard, but there are societies that stick together, so each member has better chances of living their own live and not so each members lives the live that the others force them to live.
That's arguably a selfish way to live- where no one cares about anyone but themselves. You would just be people living next to eachother, not a community.
Missundertanding (hopefully).
Saying other people may not interfer uninvited in my life is not the same as saying people may not care about me.
I care about other people and interfer in their life, because in the case of my kids, they cannot sustain on their own and they want me as their parent. So there is consent in general about it.
But I am not telling my neibghors that they must wear a warm jacket when it is cold.
(Or that they may not consume porn, to not go to hell)
There is a slight difference between offering help for example and forcing someone to do things in a different way, no matter how well intentioned.
Liberty is good, but individuation and atomisation can break a community if it goes too far. If you don't feel any obligation to the state that helped you what hope do you have for national unity.
The result of all of the hubbub over privacy in past years is that many people left more centralized services for other private servers, which means that the government can no longer just ask Twitter for your data and it’s a pita for them.
Once they can read everything again, and more, the next step will be to use your own network, a.k.a. the multinet, which is mostly an advanced form of the disparate networks in the 20th century. Even ARPANET was just another network, which evolved into the B.S. we have today. We also don’t have to use the same protocol stack, routing, etc. We could get rid of name resolution and just use some long IDs.
Louis makes it sound that its actually for protecting the children but we all know its just an excuse for surveillance, control, and ultimately jailing people for wrong opinions (a real threat in the EU since there is no protection of Freedom of Speech anywhere)
The European Convention of Human Rights explicitly protects freedom of expression.
Yeah but look how many exceptions there are: https://en.wikipedia.org/wiki/Article_10_of_the_European_Con...
October, 2018: "In Europe, Speech Is an Alienable Right: [the European Court of Human Rights] upheld an Austrian woman’s conviction for disparaging the Prophet Muhammad."
>On Thursday, the European Court of Human Rights (ECHR) upheld her 2011 conviction for “disparagement of religious precepts,” a crime in Austria. The facts of what E.S. did are not in dispute. She held “seminars” in which she presented her view that Muhammad was indeed a child molester. Dominant Islamic traditions hold that Muhammad’s third wife, Aisha, was 6 at the time of their marriage and 9 at its consummation. Muhammad was in his early 50s. The Austrian woman repeated these claims, and the Austrian court ruled that she had to pay 480 euros or spend 60 days in the slammer. The ECHR ruled that Austria had not violated her rights.
https://www.theatlantic.com/ideas/archive/2018/10/its-not-fr...
nope. part 2 of the article 10 basically nullifes the freedom of speech for any bs reason given by the government. that counts for nothing.
The judiciary deciding about reasons is independent from the governments.
national security is not up to the judiciary
> The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.
jailing people for wrong opinions (a real threat in the EU since there is no protection of Freedom of Speech anywhere)
how do you figure that? the freedom of opinion is explicitly enshrined in the german constitution for example. there are limitations, but these are very specific and not arbitrary.
gemany is in fact one of the countries the provides the most protection for your opinion world wide, as long as that opinion is not based on obvious falsehoods (like holocaust denial), or stirs up hatred against a group of people. you can however criticize others and at this point germany provides even more protection than the US.
"Hatred against a group of people" has been stretched to the breaking point in recent years.
in germany? examples please.
After a minute of searching... https://www.nytimes.com/2022/09/23/technology/germany-intern... I admit that these cases are arguable but by the same token the police don't have to respond to every mistake with a dawn raid. Even the US Secret Service has more discretion than this.
i agree with the overuse of raids, but i didn't see anything mentioned that didn't warrant at least some investigation.
Not even the multiple cases of an individual doing nothing but call a politician a dick on social media?
> Last year, Andy Grote, a city senator responsible for public safety and the police in Hamburg, broke the local social distancing rules — which he was in charge of enforcing — by hosting a small election party in a downtown bar.
> After Mr. Grote later made remarks admonishing others for hosting parties during the pandemic, a Twitter user wrote: “Du bist so 1 Pimmel” (“You are such a penis”).
> Three months later, six police officers raided the house of the man who had posted the insult, looking for his electronic devices. The incident caused an uproar.
...
> In response to a message by [politician] Mr. Jurca criticizing Muslims, Mr. Mai posted a link to a picture of the mural [saying “Du bist so 1 Pimmel”].
> Several weeks later, four police officers pounded on Mr. Mai’s door at 6 a.m. with a warrant to confiscate his electronics. Mr. Jurca had filed a police report claiming the link to the photo was an insult.
call a politician a dick on social media
in germany that is covered under insult against the honor and dignity of an individual. i don't know about this case, but this is generally only prosecuted when the insulted asks for it, and in most cases is a civil matter. that the incident caused an uproar shows that the response this case is an example of overreach, but overreach happens everywhere, and is an issue in itself. he question here is, is the risk for overreach more dangerous than removing the law/protection. this is certainly debatable.
The continual harassment of socialist parties by the government, including declarations that any group following Marxist philosophy is necessarily acting towards an unconstitutional goal.
because they are calling for a revolution, not reforms. revolution is an unconstitutional goal. if they believe that marxist philosophy can be achieved without a revolution they better ought to make that very clear. and to my knowledge the treatment of communists in the US was way worse.
Yes, well, calling for a revolution is protected speech in the United States.
It is only if your words are likely to promptly cause someone to commit violence that you can be prosecuted for it.
there is a difference between individuals calling for a revolution and organized groups that have that in their program as a goal. the latter is not a theoretical threat but one that has historical precedent.
in France for example
https://www.france24.com/en/live-news/20230329-french-woman-...
Right now, in the suppression of protest against the genocide in Palestine.
we need to be more specific here. peaceful demonstrations are certainly allowed. it becomes a problem when those demonstrations become violent. suppression would be not allowing these demonstrations in the first place. and if that is the case we need to look at how often that happens and whether the risk for a planned demonstration turning violent justifies not allowing it to take place.
> peaceful demonstrations are certainly allowed
That's just not true. Germany has banned slogans in favour of Palestinian freedom.
What's allowed is government-sanctioned gathering, which is the opposite of freedom of speech.
What are you talking about? I see those (clearly very well funded) protests calling for literal unambiguous genocide of the Israeli people "from the river to the sea" almost weekly in every major train station and city center in the EU (and also China which means CCP gov backs the message)?!
Open jew hate in Europe hasn't been this elevated since WWII.
> Open jew hate in Europe hasn't been this elevated since WWII.
Opposition to genocide or to Israel is not anti-Semitism.
I voted for the only candidate that was clearly against this. However, the companies are suppose to do the scanning, not the police. Corporations like Meta already does things like this for sure. The difference is that they now will have to share potential crimes with the police. For Signal it is worse since it can't be added.
that's what I am thinking, EU made GDPR that is good move prevent any third party to extract privacy data illegally but still doing it to themselves anyway
like what's happening????
Nobody is doing it. The law doesn't exist yet in the EU.
for ages I was saying "do not ignore crime that is now allowed to scale and proliferate thanks to e2e" (very much similar to crypto). If you accept this reality and work with the government you can arrive at a decent compromise that is not 100% bad. If you ignore reality and cover your ears and shout "nananana", the government will find a way and I guarantee you it will be a dumb way that undermines privacy way more. News at 11, the government did.
Let's pick our pitchforks up and pretend sexual abuse monetization or human trafficking are not taken to the next level thanks to end to end encryption. We gotta make police do their damn jobs right? It's not our fault we invent new and improved ways that prevent police from doing that.
European governments are all for free speech whilst imposing sanctions and invading other countries to export “democracy and human rights.”
Fascinating to watch.
(Downvoted, as expected. The hypocrisy on this site is absolutely adorable.)
Which countries have been invaded by European countries to bring democracy? Because America started multiple wars for that in the last 70 years, not Europe.
Iraq, Afghanistan, Mali, Somalia. The expeditionary European powers like the UK, Spain, etc can't hide behind the US when they were willing participants.
It's probably just one single guy scrolling through all the posts and downvoting covered in sweat.
[Confirmed]
Isn’t EU’s justification that they protect you from companies / private industry but they want full government/police control because that’s trusted / socialist?
The EU is at its heart a neoliberal institution, not at all socialist.
Yes, privacy has worked that way for a long time. There's no gotcha here.
Every single fucking day the whole world gets worse and worse. I am so sick and tired of this life.
It's good to see there are still rational Americans.
At least we got the cookies banners, that must count for something, right?
Please stop repeating this nonsense. The GDPR never mentioned cookie banners. This is the industry‘s shitty solution to forcing users to consent with tracking.
You can run a perfectly fine website with zero cookie banners if you simply don’t track your users and don’t expose them to third parties that do track them.
Hence, all websites implementing cookie banners are the culprits here, not the GDPR.
If the law incentivises bad behaviour, it's a bad law.
Is your base assumption that putting up a cookie banner is worse than silently stalking users without permission ?
That's a false dichotomy - clearly there's more options than these two. There's definitely a better way to address this issue.
On the other hand, between those two, it arguably is worse, because we now live in worst of both worlds - we still get a ton of stalking but we now have those cookie banners on top of that.
Absolutely yes.
I can block coockies using simple addons, which is WAY lower effort than clicking through a deliberate dark-pattern that is different on EVERY website (or using complex addons with lookup tables for every website).
It's not about cookies specifically, they're just one of the many ways you can be tracked.
You can't realistically block fingerprinting without serious effort, and you can't block your IP without using a VPN (which causes a bunch of other problems with sites not serving you).
the behaviour was already bad (sharing your personal information with 1000s of “trusted partners”), companies just want to keep doing it even if it inconveniences their users.
Having to pay for train tickets incentivises people to jump ticket barriers. Is that a bad law?
The only problem with GDPR is the lack of serious enforcement against data abusers and their political adverts (“cookie banners”)
Terrible analogy.
The correct analogy would be California’s toxic substance regulations.
They’re vaguely worded and enforcement is applied randomly based on whatever company is getting bad press at the time. So virtually everything sold in California carries a sticker saying essentially that “this product may cause birth defects.”
Even companies selling products that don’t contain any of these chemicals do so, out of fear of the asymmetric power wielded by the state.
Do a majority of train passengers jump the ticket barriers because they are afraid they might get fined billions of euros if they don’t?
The majority of companies have cookie banners because they want to track and monetise their customers and hope they can trick them into agreeing
The laws necessitating cookie banners came into effect long before GDPR. That would be the 2002 EU ePrivacy Directive. The GDPR (2018) concerns the handling and storing of personal information, the mandatory disclosure of how this is done, and the mandatory right users to ask what data is being stored and deleting that data. There aren't any cookie banners in native apps. But they still need to comply with GDPR. And you can get into trouble for mishandling privacy sensitive information.
That law has been pretty successful to the point where there have been debates in the US about adopting similar laws.
The common US media company interpretation to declare their websites an abusive UX disaster zone and put their contempt and complete disregard for their main product (users) on full display is entirely on them and their sleazy lawyers trying to find ways where they can still do their sleazy business. This is made worse by incompetent web designers deciding that this is apparently "the way things should be done" without questioning that. Most cookie banners are just the result of their (mis)interpretation of the law, lazy copying of some shitty website they once saw, and the perceived need to provide lots of legal ass coverage for what under GDPR is flat out just not allowed at all.
Worse, the jury is actually still out on whether the highly misleading language, dark patterns, etc. are actually not illegal in themselves. They might very well be. Lots of companies got some really bad advice regarding GDPR. And some EU companies have actually been fined for doing it wrong.
does the law incentivise bad behaviour here or greed?
> You can run a perfectly fine website with zero cookie banners if you simply don’t track your users and don’t expose them to third parties that do track them.
I run an extremely simple static website with some JavaScript that lets the user keep track of their state between visits. I have no way to access their cookie, and nothing on the website sends data to me (in fact, can't, since it's a static site running on Cloudflare pages). I never really thought about whether or not I need to add a cookie banner, I just... Didn't.
Legally though... Do I need to?
Please stop repeating this nonsense defense of poorly designed policy.
When everybody is using it wrong, the problem isn’t “everybody.” The problem is your design.
Cookie consent should be a centralized browser based setting and nothing more. And the default should be some middle ground compromise that both the most privacy obsessed people AND businesses are not happy with.
So why do so many European government websites have cookie banners?
See, for instance: https://www.info.gouv.fr
Because you could sit down and read the GDPR in an afternoon, and actually understand it yourself. After all, you've had 9 years to do that.
I challenge you to demonstrate the supposed understanding you have that would explain why that website is following "industry‘s shitty solution to forcing users to consent with tracking." (and not even each industry website does such stupid full page banners) instead of using non-shitty solutions.
It's a good question, which has a very obvious answer: even government websites are built by clueless people and/or marketers and/or using shitty tech.
Which you can see when you click on "personalise" in the cookie banner.
That's why GitHub reneged on their "no cookies policy" for example: they got taken over by shitty people with shitty tech: https://github.blog/news-insights/company-news/no-cookie-for...
You've failed the challenge because your answer doesn't depend on wasting your afternoon to read and understand GDPR
You expect too much.
Obviously you haven’t either, because GDPR says nothing about cookie banners.
Cookie banners are the result of a different piece of legislation, the ePrivacy directive. Have you read that one too?
What about all the latest judicial actions regarding data transfers to 3rd parties that have gone back and forth due to ongoing legal cases? Legislation is totally irrelevant without the context of the latest judicial precedent.
Did you read the entirely of the schrems decisions and the analysis of what that means for using or offering any technology services? Having read GDPR is irrelevant when one day Google analytics is okay to use and the next day it's not due to one court case.
What about the latest data transfer agreements between the US and EU that invalidated the use of standard contractual clauses, and the above prior Schrems decisions? You've had years at this point.
Do you think it’s good to insult and assume bad faith from your fellow internet commenters about a topic you actually don't understand yourself?
> Cookie banners are the result of a different piece of legislation, the ePrivacy directive. Have you read that one too?
The huge obnoxious cookie banners that everyone pretends are due to GDPR are neither due to GDPR nor due to ePrivacy.
It's the industry's unashamed deliberate sabotage of GDPR
Oh definitely, the decentralized private market absolutely got together in secret to devise a plan to undermine the beautifully designed EU legislation by using cookie banners.
My flower shop down the street that has a cookie banner on their Wix website is secretly trying to undermine the government.
It couldn't possibly be that the largely unaccountable central planners in the EU's technocratic maze of a government designed a dumb piece of legislation.
> got together in secret
Who said anything about secret? They are doing it all in the open.
> My flower shop down the street that has a cookie banner on their Wix website is secretly trying to undermine the government.
Oh, your flower shop only sells you flowers. The 1421 "partners" on their website however are really glad that they tricked clueless people to include their "GDPR-compliant privacy-preserving" solutions.
> It couldn't possibly be that the largely unaccountable central planners in the EU's technocratic maze of a government got something wrong.
GDPR doesn't require huge obnoxious banners.
ePrivacy doesn't require huge obnoxious banners.
Industry: let's create huge obnoxious banners with all sorts of dark patterns to trick people into "consent" through innocent inconspicuous tool vendors like Interactive Advertising Bureau, and blame GDPR for requiring them.
Poor, poor sweet innocent companies. It's GDPR making them collect and keep your precise geolocation for 12 years across thousands of partners who care about your privacy: https://x.com/dmitriid/status/1817122117093056541
You can, and I have, and it clearly requires almost any modern website to have a cookie banner. Which shouldn't be too surprising, when you go to gdpr.eu and see the cookie banner at the bottom. It's possible in principle to jump through the crazy hoops required to avoid it, but the only sites I've ever seen do so are national Data Protection Authorities.
I see no cookie banners on this site.
Ok, but others do.
On HN?
no, sorry, misunderstood you
> it clearly requires almost any modern website to have a cookie banner.
It doesn't
> when you go to gdpr.eu and see the cookie banner at the bottom.
Imagine if you also read why they have it
They publicly go to privacy church every Sunday, but meanwhile they are worshipping the surveillance state cult in the back rooms.
sniff encrypted chats, hahaha. Some law makers are completely clueless. I like Louis Rossmann. He looks like he’s been up stressed for weeks, yet his arguments are pretty level headed.
Can you hear that Mr.Anderson? That is the sound of inevitability..
What if we make chats obfuscated instead of encrypted? So send a lot more data per sentence/word. It would need some sort of key on both sides to make sense of the data but it would be hard to use it without it. Or would that fall under the definition encryption?
Security by obscurity is generally known to be ineffective; it's not an obstacle for even sightly dedicated thread-actors.