EU to ban end to end encryption \ stacker news ~tech

8555 sats \ 44 comments \ @rybka 9 Nov 2023 tech

End-to-end encrypted messaging has been a thorn in the side of lawmakers for a while now, and although many companies like Apple already offer backdoors and pre-screening of messages for illegal content as demanded by the US government, this is new for the EU. The eIDAS regulation aims to force software companies to create backdoors into such messaging services. What precedent does this set for say, hardware wallets? What are the options if this passes?

https://www.eff.org/deeplinks/2023/11/article-45-will-roll-back-web-security-12-years

https://last-chance-for-eidas.org/

Article 45 forbids browsers from enforcing modern security requirements on certain CAs without the approval of an EU member government. Which CAs? Specifically the CAs that were appointed by the government, which in some cases will be owned or operated by that selfsame government. That means cryptographic keys under one government’s control could be used to intercept HTTPS communication throughout the EU and beyond.

view all related items

222 sats \ 6 replies \ @frostdragon 9 Nov 2023

This is a misleading title.

First off - You physically cannot ban E2EE anymore than you can ban math, because that's what cryptography is - a math equation.

There's HTTPS, and there's E2EE. HTTPS is a protocol which does encrypt traffic, and it relies on a trusted third party, called a certificate authority (CA) to ensure the integrity of the encryption as well as the identity of the party you're intending to exchange data with.

If I'm understanding this correctly, Article 45 is an attempt for the government to force browsers to unconditionally accept CAs that have been approved by the government's arbitrary standards. This means HTTPS security could be weakened, and the worst case is they could implement back doors.

That's an incredibly ridiculous and horrible idea, but it doesn't have anything to do with E2EE.

With E2EE, the data you're transmitting is encrypted BEFORE it gets sent via HTTPS, or any other protocol, and it isn't decrypted until it reaches the other end. In other words, you can typically use E2EE w/ a completely insecure channel. E2EE makes eavesdropping impossible.

At the end of the day, even if the government forced you to trust it's certificates for protocols like HTTPS, and they had some kind of backdoor to monitor the data you're transmitting, you can still use an app (like signal) that encrypts your before it goes through channels controlled by third parties and be just fine.

TL;DR - this is a bad thing they're trying to do, but it doesn't even come close to being an E2EE ban.

1523 sats \ 5 replies \ @petertodd 9 Nov 2023

You physically cannot ban E2EE anymore than you can ban math, because that's what cryptography is - a math equation.

...and marijuana, opium, and cocaine are just plants.

Of course you can ban E2EE! Government simply declares it illegal, and throws people caught using it in jail. That doesn't mean every single usage of E2EE will be stopped. But a hell of a lot of it will.

Especially these days now that most phones are already so locked down that average users can't install their own apps. With an E2EE ban, you can guarantee that Google will be told to lock down Android too.

The phrase "it's just math" is particularly ridiculous, because E2EE is math that you can't reasonably do without the use of a computer... and governments absolutely can control computing. Fact is IC manufacturing is inherently centralized because of the truly enormous amount of infrastructure necessary to do it.

The solution is to fight these battles politically. Don't get complacent and assume "the market will fix this" or "bitcoin will fix this". Fight. Now.

1120 sats \ 0 replies \ @elvismercury 10 Nov 2023

The solution is to fight these battles politically. Don't get complacent and assume "the market will fix this" or "bitcoin will fix this". Fight. Now.

This is a nice example of the "disengage from the system" strategy being really flawed. Interacting in the political arena is the opposite of fun or sexy; but for stuff like this, especially, it's consequential. Perhaps on generational timescales the technological force latent in the world will be too strong to resist, and politics will give way, as with the printing press.

But on the timescale of a human life, plain vanilla political pressure gives high leverage. Ceding control of the political arena means it takes an extra decade or two to unwind stupidity that affects hundreds of millions of people. Bad ROI.

10 sats \ 0 replies \ @lonestarr 9 Nov 2023

I'm starting to agree. This might have the be settled in the streets

10 sats \ 0 replies \ @frostdragon 10 Nov 2023

Again, this isn’t even relevant in the first place because it’s not happening.

I’m sorry, but this is just kind of an ignorant argument. It’s ridiculous to say “you’re not allowed to perform a math equation in your code”. All of cyber security relies on that - you wouldn’t just be giving a data to the government, you’d be giving it to everyone.

If you're talking forcing all electronic data transmission to flow through government controlled channels, surely you can see why that’s as infeasible as hacking bitcoin.

Bitcoin works because it’s internet money, and the internet is irreversible decentralized information. There’s no going back on that.

0 sats \ 0 replies \ @jinformatique 10 Nov 2023

exactly! Fight or silently let friends and family move off controlled messaging app and convince them to use SimpleX chat. Once people understand the power in it, they too will help spread the message. A bit like Bitcoin.

FOSS will continue to exists the same way government try to stop Bitcoin. But we need to let people know about it in an peaceful, kind and self-sovereign way, letting the government and lobby talk about banning FOSS in an empty void.

0 sats \ 0 replies \ @jk_14 9 Nov 2023

The solution is to fight these battles politically.

So... I'm inside EU, and I see what people from the '68 generation - did to the quite beautiful initial EU concept. I'm not young enough to wait and see when (and if) all these dumb socialists/marxists finally lose the power in EU (or die).

See you some day in Salvador, then (or Argentina?)

1535 sats \ 2 replies \ @mf 9 Nov 2023

https://old.reddit.com/r/privacy/comments/17gt55m/european_parliament_adopts_final_position_on_eu/

This afternoon the EU Parliament will hold a press conference outlining their formal position on the EU Commission's controversial CSAM (ChatControl) proposal.

In the press conference it will be announced that the EU Parliament have agreed NOT to move forward with the proposal as it has been presented by the EU Commission but have instead adopted an approach which will remove many of the concerns.

There will be no mass surveillance of digital communications. The EU Parliament instead propose that surveillance will be limited to targeted surveillance of individuals and groups reasonably suspected of dissemination of CSAM and will only be permitted with a judicial warrant. There will be no interference with e2ee and services providing e2ee will be exempt from the provisions. Providers of communications services will be required to develop their services in more secure ways to help reduce the risk of CSAM being distributed on their platforms.

5 sats \ 1 reply \ @quark 9 Nov 2023

There will be no mass surveillance 😂

0 sats \ 0 replies \ @mf 9 Nov 2023

Of course not.

333 sats \ 6 replies \ @KesterBils 9 Nov 2023

They officially want to keep track of everything we're doing... This is not looking good, I believe lightning will also play a big role in sending messages in the future where I can send 1sats and include my message as they note... Good luck tracking that.

51 sats \ 3 replies \ @WeAreAllSatoshi 9 Nov 2023

Those notes are sent as URL query params. Not e2e encrypted. Be careful

63 sats \ 2 replies \ @SpaceHodler 9 Nov 2023

I've never sent LN notes. Are they sent over http or https? If it's the latter, the URL is encrypted and only the domain is visible.

12 sats \ 1 reply \ @WeAreAllSatoshi 9 Nov 2023

True, good point. HTTPS. Thank you for the call out

31 sats \ 0 replies \ @handsome_latino 9 Nov 2023

Was about to comment on this. This is the most nerdy community in the world. I love it.

0 sats \ 1 reply \ @dieselbaby 9 Nov 2023

Why would you do that? Wouldn't be hard to trace whatsoever.

10 sats \ 0 replies \ @KesterBils 9 Nov 2023

How will they be able to trace the message to my identity?

225 sats \ 0 replies \ @JesseJames 9 Nov 2023

El Salvador properties look better and better every day...lol. Bye Felicia

167 sats \ 1 reply \ @DarthCoin 9 Nov 2023

I don't give a shit about these meaningless so called laws.

10 sats \ 0 replies \ @KesterBils 9 Nov 2023

They get annoying every time.

31 sats \ 1 reply \ @Zepasta 9 Nov 2023

deleted by author

0 sats \ 0 replies \ @YuckFou 10 Nov 2023

Tor is open source too.

https://github.com/torproject/torbrowser-launcher

71 sats \ 0 replies \ @ssaurel 9 Nov 2023

Generally speaking, the EU gives you only one guarantee: to always choose the worst thing.

Incompetent people vote for disastrous things without ever taking into account the warnings raised by the experts in the different fields involved.

22 sats \ 1 reply \ @9ener1c 9 Nov 2023

Very damaging to EU-based technology businesses and their prospective customers in those countries, and it will just accelerate the flight to open source applications.

These EU bureaucrats are delusional. Who advises them!?

0 sats \ 0 replies \ @Nuttall 9 Nov 2023

The EU is all about confiscating property for the few, the proud, the slaves.

20 sats \ 0 replies \ @xz 9 Nov 2023

Let's face it. Controlling encryption is the very definition of totalitarianism.

42 sats \ 0 replies \ @SpaceHodler 9 Nov 2023

Use a FOSS browser, edit the government CAs out manually.

111 sats \ 2 replies \ @BitByBit21 9 Nov 2023

Bring back the guillotine!

0 sats \ 1 reply \ @lonestarr 9 Nov 2023

I could see the French doing that

0 sats \ 0 replies \ @BitByBit21 9 Nov 2023

Sadly not contemporary French people

41 sats \ 1 reply \ @knorozov 9 Nov 2023

0 sats \ 0 replies \ @Nuttall 9 Nov 2023

Lol

10 sats \ 0 replies \ @PRA3S3NT1A 9 Nov 2023

Law is protecting the elit and limiting the middle and poor class

10 sats \ 0 replies \ @0xbitcoiner 9 Nov 2023

fuck article 45

1 sat \ 0 replies \ @billiam 9 Nov 2023

Fuck these fuckers. E2ee is impossible to stop.

1 sat \ 0 replies \ @davidw 9 Nov 2023

Leave.

0 sats \ 0 replies \ @BitcoinIsTheFuture 10 Nov 2023

Good luck enforcing it. It’s like China banning bitcoin. That was a epic fail!

0 sats \ 0 replies \ @Coinosphere 9 Nov 2023

The future of decentralized chat apps like Nostr's 0xchat.com looks brighter all the time!

0 sats \ 0 replies \ @Nuttall 9 Nov 2023

This is another proof that you can not vote yourself out of tyranny. Once again there is no one organization that harms it's own citizens like government. Meanwhile the actual criminals who work for the government will make their own CA as we all can and they will tell their people what the hash signature is.

Fiat currency is paying for this and it's time for people to stop buying crap that makes FIAT organizations valuable.

0 sats \ 0 replies \ @Ribbit 9 Nov 2023

Non-ironically, that mean its working.

0 sats \ 0 replies \ @xz 9 Nov 2023

I really hope that that it doesn't pass. It would be the death knell for civilization in Europe.