Submitted 1 day ago by schizoidman@lemmy.zip to technology@lemmy.world
https://www.bluewin.ch/en/news/signal-app-boss-threatens-to-withdraw-from-europe-2897197.html
Signal CEO Whittaker said that in the worst case scenario, they would work with partners and the community to see if they could find ways to circumvent these rules. Signal also did this when the app was blocked in Russia or Iran. “But ultimately, we would leave the market before we had to comply with dangerous laws like these.”
This is why we need the ability to sideload apps.
I have become convinced by Cory Doctorow’s (tech writer and inventor of the term “enshittification”) argument that the fact that we’re even discussing this in terms of “sideloading” is a massive win for tech companies. We used to just call that “installing software” but now for some reason because it’s on a phone it’s something completely weird and different that needs a different term. It’s completely absurd to me that we as a society have become so accustomed to not being able to control our own devices, to the point of even debating whether or not we should be allowed to install our own software on our own computers “for safety.” It should be blatantly obvious that this is all just corporate greed and yet the general public can’t or refuses to see it.
There are groups to support:
And in the UK:
Some political groups are better than others, but most politicians are clueless.
The key is to get muggles to understand we are living in Technofeudalism and why being digital serfs is bad. The problem is ineffective competition law and that monopolies are bad. That monopolies and standards are not the same thing. I have no idea how. Most people are just naturally compliant and unquestioning of something seemingly so abstract.
In the 80’s (I’m that old), many home computers came with the programming manual, and the impetus was to learn to code and run your programs on your own device. Even with Android it’s not especially hard (with LLM’s even less so than it used to be) to download Android Studio, throw some shit onto the screen, hit build, and run your own helper app or whatever sideloaded installed via usb cable (or wirelessly) on your own device.
In certain cases (cars, health related hw etc.) I get why it’s probably for the best if the user is not supposed to mod their device outside preinstalled sw’s preferences/settings. But when it comes to computers (i.e. smartphones, laptops, tablets, tv boxes etc.) I fully agree with Cory here. Such a shame everything must go to shit.
Most of the general public buries their head in the sand. They are convinced being politically involved is either a waste of time or makes you crazy.
TBH I was confused when I came across the term “sideloading” for the first few times because I thought it was something new. Part if the plan I guess. Damn.
That means nothing when the servers stop taking EU traffic. I get your point, but the real solution here is putting a bullet (double tap) in Chat Control, once and for all.
putting a bullet (double tap) in Chat Control,
Yes, please.
once and for all.
LOL, no. They’ll come back again with some other bullshit to Save the Children!™, it’s a never-ending whack-a-mole.
That means nothing when the servers stop taking EU traffic
I don’t use any of these apps, so I’m not quite sure how they work. But couldn’t you just make an app that keeps a local private and public key pair. Then when you send a message (say via regular sms) it includes under the hood your public key. Then the receiver when they reply uses your public key to encrypt the message before sending to you?
Unless the sms infrastructure is going to attempt to detect and reject encrypted content, this seems like it can be achieved without relying on a server backend.
Signal has never done that. Whilst the app might not be available in some regions they’ve been proud to talk about how people can use it to avoid government barriers.
You can run your own server for signal by the look of it
Most likely the reason, among others, they’re fighting tooth & nail to remove side loading too.
Even the OPLus phones are planning to softlock their phones in newer models
I hope more follow, would be funny if “all chat apps have to include a back door” leads to “there are no official chat apps”
Do you really think Meta would ignore the opportunity to both be the default option And have justification to read users’ messages?
Nah i don’t.
Haha! Do it if the EU does not give up on their Orwellian control!
Wait, I’m in the EU and I use Signal!
Why are so many European countries doing this? Why the sudden push for chat control and internet restriction laws?
Basically, but what you forget is that Signal is also the standard for every Politician for their group chats because it’s secure, so the idea that they might lose their secure, leak-free* form of communication should worry MEPs and other politicians into taking action. Will it? I don’t know, politicians are very stupid when it comes to tech it seems.
There’s an explicit clause that exempts politicians from the ban. They get privacy because they need it, but nobody else does.
Screenshots, or just adding a journalist to the group chat.
where are the companys lobbying against this btw?? i mean it is their data they will be leaked aswell
Where would be the loss with that?
We wouldn’t have a simple and secure way of communicating?
The apple/Facebook alternatives are not good at all.
Simplex, xmpp, deltachat briar, matrix, even session.
Anything is better than signal that relies on a centralised proprietary server and requires a phone number.
The world does not end after apple or Facebook.
maybe because of this headline some more politicians change their minds
Separate airgapped device running an encryption app. Type text on it, it spits out a ciphertext, then, use internet connected device to scan the ciphertext, OCR*, then send to target receipient, they also use this same airgap encryption device and they OCR, then decrypt using their key.
*Instead of OCR, you could also use a QR code to have error correction
Tell me how they can ban this? Anyone using a raspberry pi with a battery and touch display attached into one compact thing, is a criminal?
What if we just start using One Time Pad? Can they ban that?
Steganography?
Like seriously, how do you even stop “criminals” using steganography?
So, to Big Gov, here’s my question: Are you gonna ban talking to other people becuause criminals also talk to other people?
They don’t care about your messages, they don’t care about terrorists or pedophiles.
They do care about the general population, and wants to control it. That’s what this is all about. The hard right wants to have effective tools to slam down on dissent when they get in power.
A game as old as humanity.
Shameless plug, because I’m trying to do my part ☺️ : Tenfingers sharing
Signal is considered one of the most secure messengers.
I mean lol, they require a phone number to sign up, which you can only get with an ID in many countries. You chat with a gestapo officer and they know where you life.
Signal IS GARBAGE. Fucking garbage article, gaslighting bullshit. Fuck this timeline. Honestly this article is fucking terrorism.
You’re confusing privacy with anonymity.
They’re not mutually exclusive.
Because you’re not anonymous, you lose out on privacy.
Of course, you’re just trying to fit in with other idiots on the internet so you are incapable of understanding this basic fact.
You are confusing security with privacy. But keep on ranting if you like.
i would even more say with anonymity, considering the chats are still private and the main use case for messanger apps is to communicate with people who know who you are
There can be no security without privacy and a central server that can be extorted. But keep lying if you like.
Why are you giving gestapo your phone number instead of your username?
peek rage bait
Jesus lad relax.
Just let it happen
About freedom, not freedom and various other things - might want to extend the common logic of gun laws to the remaining part of the human societies’ dynamics.
Signal is scary in the sense that it’s a system based on cryptography. Cryptography is a reinforcement, not a basis, if we are not discussing a file encryption tool. And it’s centralized as a service and as a project. It’s not a standard, it’s an application.
It can be compared to a gun - being able to own one is more free, but in the real world that freedom affects different people differently, and makes some freer than the other.
Again, Signal is a system based on cryptography most people don’t understand. Why would there not be a backdoor? Those things that its developers call a threat to rapid reaction to new vulnerabilities and practical threats - these things are to the same extent a threat against monoculture of implementations and algorithms, which allows backdoors in both.
It is a good tool for people whom its owners will never be interested to hurt - by using that backdoor in the open most people are not qualified to find, or by pushing a personalized update with a simpler backdoor, or by blocking their user account at the right moment in time.
It’s a bad tool even for them, if we account for false sense of security of people, who run Signal on their iOS and Android phones, or PCs under popular OSes, and also I distinctly remember how Signal was one of the applications that motivated me to get an Android device. Among weird people who didn’t have one then (around 2014) I might be even weirder, but if not, this seems to be a tool of soft pressure to turn to compromised suppliers.
Signal discourages alternative implementations, Signal doesn’t have a modular standard, and Signal doesn’t want federation. In my personal humble opinion this means that Signal has their own agenda which can only work in monoculture. Fuck that.
I don’t think you understand anything you wrote about. Signal is open source, is publicly audited by security researchers, and publishes its protocol, which has multiple implementations in other applications. Messages are encrypted end-to-end, so the only weaknesses are the endpoints: the sender or recipients.
Security researchers generally agree that backdoors introduce vulnerabilities that render security protocols unsound. Other than create opportunities for cybercriminals to exploit, they only serve to amplify the powers of the surveillance state to invade the privacy of individuals.
I don’t think you understand anything you wrote about. Signal is open source,
I don’t think you should comment on security if “open source” means anything to you in that regard. For finding backdoors binary disassembly is almost as easy or hard as looking in that “open source”. It’s very different for bugs introduced unintentionally, of course.
Also why the hell are you even saying this, have you looked at that source for long enough? If not, then what good it is for you? Magic?
I suppose you are an illustration to the joke about Raymond’s “enough eyeballs” quote, the joke is that people talking about “enough eyeballs” are not using their eyeballs for finding bugs\backdoors, they are using them and their hands for typing the “enough eyeballs” bullshit.
“Given enough good people with guns, all streets in a town are safe”. That’s how this reads for a sane person who has at least tried to question that idiotic narrative about “open source” being the magic pill.
Stallman’s ideology was completely different, sort of digital anarchism, and it has some good parts. But the “open source” thing - nah.
is publicly audited by security researchers,
Exactly, and it’s not audited by you, because you for the life of you won’t understand WTF happens there.
Yes, it’s being audited by some security researchers out there, mostly American. If you don’t see the problem you are blind.
and publishes its protocol, which has multiple implementations in other applications.
No, there are no multiple implementations of the same Signal thing. There are implementations of some mechanisms from Signal. Also have you considered that this is all fucking circus and having a steel gate in a flimsy wooden fence? Or fashion, if that’s easier to swallow.
Can you confidently describe what zero-knowledge means there, how is it achieved, why any specific part in the articles they’ve published matters? If you can’t, what’s the purpose of it being published, it’s like a schoolboy saying “but Linux is open, I can read the code and change it for my needs”, yeah lol.
Security researchers generally agree that backdoors introduce vulnerabilities that render security protocols unsound.
Do security researches have to say anything on DARPA that funds many of them? That being an American military agency.
And on how that affects what they say and what they don’t say, what they highlight and what they pretend not to notice.
In particular, with a swarm of drones in the sky at some point, do you need to read someone’s messages, or is it enough to know that said someone connected to Signal servers 3 minutes ago from a very specific location and send one of those drones. Hypothetically.
Other than create opportunities for cybercriminals to exploit, they only serve to amplify the powers of the surveillance state to invade the privacy of individuals.
Oh, the surveillance state will be fine in any case!
And cybercriminals we should all praise for showing us what the surveillance state would want to have hidden, to create the false notion of security and privacy. When cybercriminals didn’t yet lose the war to said surveillance state, every computer user knew not to store things too personal in digital form on a thing connected to the Internet. Now they expose everything, because they think if cybercriminals can no longer abuse them, neither can the surveillance state.
Do you use Facebook, with TLS till its services and nothing at all beyond that? Or Google - the same?
Now Signal gives you a feeling that at least what you say is hidden from the service. But can you verify that, maybe there’s a scientific work classified yet, possibly independently made in a few countries. This is a common thing with cryptography, scientific works on that are often state secret.
You are also using AES with NSA-provided s-boxes all the time.
I suggest you do some playing with cryptography in practice. Too few people do, while it’s very interesting and enlightening.
that’s a lot of words to say you generally accuse any programm that isn’t federated of having an agenda targeted at its userbase.
And lots of social woo-woo that doesn’t extend much further than “people don’t understand cryptography and think it’s therefore scary”.
A pretty weird post, and one which I don’t support any statement from because I think you’re wrong.
that’s a lot of words to say you generally accuse any programm that isn’t federated of having an agenda targeted at its userbase
No, that’s not what I’m saying. I used the word monoculture, it’s pretty good.
And lots of social woo-woo that doesn’t extend much further than “people don’t understand cryptography and think it’s therefore scary”.
Not that. Rather “people don’t understand cryptography, but still rely upon it when they shouldn’t”.
A pretty weird post, and one which I don’t support any statement from because I think you’re wrong.
I mean, you’ve misread those two you thought you understood.
I think you may need some sleep man. wtf are you talking about
Perhaps you need to get some sleep if you don’t understand what I’m talking about.
Mio@feddit.nu 6 hours ago
If the law is implemented, I would selfhost my own chat server. I don’t see this as Signal fault.
But everybody can`t selfhost. That is a problem I am struggling with.
I am now sure what I would do about email, I assume it is affected as well?
wurstgulasch3000@feddit.org 4 hours ago
I already self host my own matrix server. Everybody can’t do that, but everybody can use someone’s matrix server. They can’t shut it down because it’s decentralised and federated. It would theoretically be illegal to use but I don’t see how they would be able to stop it.
Email with PGP would then also be illegal but impossible to effectively stop. That’s why the whole discussion is so stupid. It only hurts the normies. Criminals and tech savvy people will find a way around it and still use encryption without mandated backdoors.
Mubelotix@jlai.lu 5 hours ago
If the law is implemented I will self host my own signal proxy and distribute patched apps to those in need
Valmond@lemmy.world 4 hours ago
I looked into signal servers some years ago and found nothing, are you meaning like tunnel things to another country?