cross-posted from: https://discuss.tchncs.de/post/48813307
!!! IF YOU ARE AN EU CITIZEN, PLEASE DO THE FOLLOWING FORM !!!
https://fightchatcontrol.eu/#contact-tool
Be especially sure to select your home country’s permanent representation in the Committee, but selecting everyone the website proposes is a very good idea (and done by default).
Raise your voices and flood their inbox, this might be the last chance we ever get
Besides the privacy implications : trying to protect children from grooming by forbidding specific apps, is like trying to treat chickenpox with concealer.
The real problem is that our society is even producing people who would groom a child.
But as always, politicians will try to “prevent” crime at the latest possible point in the action chain, instead of going back to the source.
I dont want to understate the fact that going to the source is extremely hard to do in many cases ; but maybe people would be less disinterested in politics, if we were actually choosing between different treatments - instead of different brands of concealer - to treat our various collective cases of chicken pox.
Don’t forget that the groomers include those drafting the legislation.
Just a question from my ignorance: but is this really enforceable, outside of mainstream apps/services? What happens if someone creates a custom app relying on a custom sever and uses it only among few trusted people?
For the moment, that would not be enforceable in respect to people with technical knowledge. Enforcing it would require authoritarian control and even China’s Great Firewall has way to circumvent it.
On the other hand, this is already far more difficult than you might think. You could not install such an app from a server authenticated with TLS because the TLS keys might be subverted - the certification chain has national institutions as the top certificate authorities. You would also not be able to install such an app on an Android phone because Google has decided it needs developer attestation to install apps in a way accesible to end users. You can run Linux now but if all that is taken seriously, your options to run Linux might become limited. E.g. you already can’t run many banking apps on phones with user-controlled OS software. Railway apps like the German one already don’t work. In future, you might not even be able to use a municipial library’s or bookstore’s website this way.
But more to the point, the real application case for this kind of civil rights is not some nerd kids which want to play DnD or minecraft on their own server or test their self-written IRC service. The real application case is what we see in the US, people being dragged out of their house and disappearing just because of their ancestry, how they look, being poor or the area they live in. They don’t have time to compile software or configure port-knocking protocols.
Somebody has called these systems of “democratic” mass surveillance uncovered by Snowden “Turnkey Dictatorship” . I for sure wish they would have been wrong.
Well… I assume that might be illegal. Or maybe these rules would only apply to public software? For sure it wouldn’t be enforceable, and it would still allow criminals to use it to communicate privately between each other, but it would make it harder to exploit mainstream public apps (e.g.: WhatsApp) to scam or exploit weaker individuals.
mainstream
is the keyword here. Mainstream is really big.
They come for the lions share first. You do nothing because you think you’re unaffected. Then later they will come for you. And nobody will do anything for you either.
Of course, professional criminals like yourself (sarcasm) will find a way to escape the law. But I doubt it’s nice to live on the edge of society like that anyway, being unable to interact with most services.
Yeah, criminals are smarter than politicians anyway. And far more knowledge, with respect to technology.
Just an example: Of course you can use a private email service. You don’t need to give a copy of all your communications to Google Mail or outlook. Or medical data.
But what helps that, if 97% of the people you communicate with (including your doctor) use outlook or gmail, and all messages you write them are kindly stored there “for them”?
Able, but no reason to.
Question for a the Fight Chat Control website: My country’s primary language is not English, do I need to translate the e-mail?
Yes you should, and it would be even better to use it as a template to write it yourself.
MEPs will pay more attention to messages that seem genuine and from their voters rather than mass-produced by foreigners.
“outlaws anonymous communication” - This sends chills down me more than anything else I can remember. The people and organisations that benefit from this can’t be trusted.
The only thing this does is control the law abiding public. Criminals are already breaking the law, and won’t care. It is trivial to build an anonymous communication app. There will always be a workaround.
Anonymity, and free speak should be human rights.
“Outlaws anonymous communication by requiring every citizen to verify their age…”
To me that reads similarly to age restricted websites asking you to verify your age before accessing it, where you just input a date that says you’re old enough and then you’re set. I’ve been 99 years old for the last decade. Given what they’re trying to do, I wouldn’t be surprised if they use more extensive verification measures, but I haven’t read into that yet. If it’s just an age/DOB input, then it’s not really outlawing anything.
Except those same websites are now being forced to verify age using photos or government ID which will definitely be required in this case as well
Wasn’t banishing anonymous communication literally what the bad guys in Mirror’s Edge did? And facilitating that anonymous communication was literally the entire livelihood of the protagonist’s faction?
Parkour fans rejoice as skill finally becomes useful
if i’m not an eu citizen, what can i do to help
outlaws anonymous communication by requiring every citizen to verify their age before accessing a service
This is likely to be the case in practice, but technologically, it does not have to be the case.
If the age verifiers (which IMO should be the governments themselves[1], but could also be a private third-party, as long as it’s not the same as the social media company) only ever receive a blinded token representing the user, verify the user’s age, and then the user brings that token back to the social media site, unblind it, and present them the signed token, there is no way for the age verifier to track which sites a person visits, and no way for the sites to have any detail about who their users are (other than what they already have).
obviously, it actually shouldn’t be anyone at all: parents should be put in charge of their own kids, and maybe given the tools with robust parental control software to handle it client-side. Government server-side age verification is just not a good option. But if we assume they’re going to do that, we should at least discuss the way it could be done in the least-bad way. ↩︎
parents should be put in charge of their own kids,
So convenient that governments and their corporate masters take such a keen interest in watching our kids, after making all their parents spend most of their lives at miserable jobs.
We could also require isps to educate and aid parents in protecting their kids, sending guides and offering to send a guy to set it up, ect. Perhaps with a legal penalty for the parents for failing to do so if their kid actually is harmed somehow. Then the onus is where it belongs, which makes it harder to justify this kind of shit
Or we just sell anonymous age verified serial numbers at gas stations like prepaid phone cards.
Yeah, but then you can just share them with anyone. In this case, privacy always contradicts effectiveness, and that is why we need to fight the whole idea of age verification altogether.
And for anyone actually bothering to read the legislation instead of joining the band wagon, that’s is literally exactly what the EU proposal calls for: Zero Knowledge Proof.
Scan your biometric proof (passport, id card or log into government issued service), get a set of ZKP tokens which the app can release on demand. These tokens are not traceable back to your identity.
euronazis
Why is this specifically relevant to Linux users?
Well,
- controlling end-to-end encrypted messages is only possible if either the keys/certificates are not secret (which is possible with TLS), or the software on the end-users device is not controlled any more by the user (but perhaps by law enforcement, or companies). This overturns the basis of any FLOSS software system where trust is based on transparency and user control.
- age verification will typically done by a form of attestation, a highly problematic concept. Again, this would require to run software on the users device which can’t be controlled by him or her, which is deceptively called “trusted computing”. (Technically, age verification could be done by other means, but this is not what these proposals aim for).
- in the world of public-key cryptography, which is what TLS , GnuPG, and most other modern systems are based in, encryption and digital signatures are nothing but two sides of the same coin: Who breaks encryption keys necessarily also breaks signature keys. This means it is not possible any more to sign software such as the Linux kernel, or Email clients, or browser packages. Or even banking apps or bootloaders for smart phones. Which means to give control away to the entities, groups or induviduals controlling these keys. Ironically, this will make computing lot less safe, and also undermine trust in communication networks, because communication where we can’t be sure that the communicated symbols are genuine is for humans as worthless as the numbers on fake money. (As a corollary, it is also bad for business: All business is based on some amount of trust. Would you do important business with somebody if the only communication channel you have happens to be a messanger which is a compulsory liar?)
To sum up, this is a massive transfer of control.
him or her
Just say them
These politicians really aren’t afraid of those they were elected to represent…
For their sake I hope they stop this FAFO, before more damage is done.@HaraldvonBlauzahn This is the most clear and concise technical summary detailing the dangers of EU Chat Control so far. Thank you.
Lol what a crock
Will this actually happen with 9 member states opposing? I thought they need every memeber state to support it?
All that means it’s that it won’t become EU-wide, could still become applied in those “Yes” voters off their own initiatives
That’s not a surprise, but that’s sad!!
Let’s continue to fight against!!!
I’m tired, boss.
On your feet, comrade. This is no place to die.
I feel you
So am I, but they are not.
I was against it until I realized they would also ban minors from Roblox.
That’s kind of weird, but it would be awesome to invade the now empty lego game, filled with only adults…
As a parent, I ban my own kids from Roblox. Because it’s my job to protect my own children, not the government’s job to treat everyone like children. This policy would put my children in more danger because they’ll need free speech once they’re adults.
This is one of the many reasons that prohibition doesn’t work. Anything prohibited gets pushed underground and criminalised, but can’t be stopped. The best option, like with drugs, is to decriminalise and educate. Teach kids so they “know” before they become adults, otherwise dangerous stuff is a surprise waiting to burn kids when they turn 18.
I don’t get it. If an email was encrypted with PGP between a friend and myself, how would anyone else without the private keys be able to decrypt it?
They can’t, but that is not the purpose. If the chat control passes then all big services will be forced to leave EU or build in a backdoor. That will give them control over more than 90 % of the population and satisfies their goal. You and your friends are a rounding error. And if you would perform a crime, or are suspected of one, they can use the fact that you encrypt your messages against you.
How is the Union that gave its people the GDPR is the same Union pulling this?
