pull down to refresh
If that genie is out of the bottle, it is out globally. That's why resisting this is important.
Here's the backdoors I can think of:
- Direct in-app. Most likely: they'll just force Apple/Google to ban apps from the app stores that don't comply. Also remember your post re: Obtainium about sideloading, even though it was "weakened". Note that this is built this way into iOS already since forever.
- Input capture. Think keystroke logging on keyboards. Signal used to have a built-in keyboard, but I think it's gone (at least from Android) so this is problematic.
- OS level capture.
- Just record the screen like MS
- Or capture at the SDK level.
- Microcode level capture: just wrap
spy()around, say, the built-incryptoextensions in ARM's microcode. Intel and AMD use this method to "fix" bugs in hardware (many of them cryptographic extensions), so you could in theory use it to implement spyware. - You do what was the standard until '96 or so (when Zimmerman/Bernstein etc successfully challenged it in court): you whitelist a bunch of encryption schemes that you have compromised and then you outlaw everything not on the list.
I neither of these cases are you safe when you're outside of the UK, because each has impact on development.
naively I assumed that you were only referring to 5 in your earlier response. the keyboard thing is something I hadn't thought about. But thinking about all these other avenues for state capture of my device, I am now sad.
How optimistic would you say you are on the future that avoids these sorts of things? Like it's a 50-50 shot right now, or pretty much most devices will be openly[1] backdoored in 5 years?
'openly' because I suspect many devices are already secretly backdoored (given how much is closed source...) ↩
If I were to propose an encryption backdoor, that's what I'd mean [1], yes, but that is not what politicians mean. What they mean is: force developers to build spyware of any kind and regulate everything that circumvents it away. If all you have is a hammer...
How optimistic would you say you are on the future that avoids these sorts of things?
I'm optimistic that I can personally avoid it, probably I'm overconfident in my own abilities though. I'm extremely pessimistic for everyone that cannot code their own functionality without the help of an LLM. It's both awesome and awful at the same time that we're finally going back to the resistance 90s. It means that
"we" failed to normalize personal sovereignty, real cybersecurity for the individual, and most importantly privacy.
pretty much most devices will be openly backdoored in 5 years?
I think it won't be "openly". It will just be done.
Edit: like, now that allegedly the Chinese have hacked the FBI's own backdoors into the telco systems, suddenly "the Chinese are capturing everything". This implies that before the Chinese gained access, the feds were already capturing everything. Do we really believe in the benevolence of our own governments in 2026?
But even if that were the only case, it is expensive to maintain different kinds of encryption based on jurisdiction. The nerfed version will become the standard. ↩
I assume that this gets implemented by having UK-specific apps that do this "client-side" scanning stuff before messages are encrypted.
My understanding is that this is something that the regulators will require to be added to apps almost as a separate function (ie. do bigbrother-scan, if data = naughty, do phone-home, else do encrypt and proceed as per usual). Is it fair to say the encryption is backdoored? The app is backdoored, the encryption has become illegal unless content is shown to big brother first, but it seems that this is an app issue.
If I message from my non-backdoored app with someone who is backdoored, yes, there's a problem. But if I message with people who are not under the auspices of Ofcom and we are probably not so badly off. So it would probably mean, don't use apps that bend the knee, even if they say they're only bending it in the UK.
As far as does it matter where I live, I think it does in the sense of this is a domino that hasn't yet fallen in the US. I'm sure there will be pressures to implement such things here, but at least we aren't there yet.