This is a most excellent place for technology news and articles.
Signal CEO Whittaker said that in the worst case scenario, they would work with partners and the community to see if they could find ways to circumvent these rules. Signal also did this when the app was blocked in Russia or Iran. "But ultimately, we would leave the market before we had to comply with dangerous laws like these."
This is why we need the ability to sideload apps.
That means nothing when the servers stop taking EU traffic. I get your point, but the real solution here is putting a bullet (double tap) in Chat Control, once and for all.
putting a bullet (double tap) in Chat Control,
Yes, please.
once and for all.
LOL, no. They'll come back again with some other bullshit to Save the Children!™, it's a never-ending whack-a-mole.
We need to get the right to privacy and control over our own devices enshrined as fundamental rights, like so many other rights the EU protects.
And they only have to win once, we have to fight and win every time they introduce a new variant. Its exhausting.
That means nothing when the servers stop taking EU traffic
I don’t use any of these apps, so I’m not quite sure how they work. But couldn’t you just make an app that keeps a local private and public key pair. Then when you send a message (say via regular sms) it includes under the hood your public key. Then the receiver when they reply uses your public key to encrypt the message before sending to you?
Unless the sms infrastructure is going to attempt to detect and reject encrypted content, this seems like it can be achieved without relying on a server backend.
That is how the signal protocol works, it's end to end encrypted with the keys only known between the two ends.
The issue is that servers are needed to relay the connections (they only hold public keys) because your phone doesn't have a static public IP that can reliably be communicated to. The servers are needed to communicate with people as they switch networks constantly throughout the day. And they can block traffic to the relay servers.
That makes the assumption you want to use your phone number at all. And I'm sure the overhead of encryption would break SMS due to the limits on character counts.
That makes the assumption you want to use your phone number at all
Can't use Signal without a phone number.
It is potentially doable:
A short message is 140 bytes of gsm7-bit packed characters (I.e. each character is translated to "ascii" format which only take up 7-bit space, which also is packed together forming unharmonic bytes), so we can probably get away with 160 characters per SMS.
According to crypto.stackexchange, a 2048-bit private key generates a base64 encoded public key of 392 characters.
That would mean 3 SMSs per person you send your public key to. For a 4096-bit private key, this accounts to 5 SMSs.
As key exchange only has to be sent once per contact it sounds totally doable.
After you sent your public key around, you should now be able to receive encrypted short messages from your contacts.
The output length of a ciphertext depends on the key size according to crypto.stackexchange and rfc8017. This means we have 256 bytes of ciphertext for each 2048-bit key encrypted plaintext message, and 512 bytes for 4096-bit keys. Translated into short messages, it would mean 2 or 4 SMSs for each text message respectively, a 1:2, or 1:4 ratio.
Hope you have a good SMS plan 😉
Signal has never done that. Whilst the app might not be available in some regions they've been proud to talk about how people can use it to avoid government barriers.
You can run your own server for signal by the look of it
Not officially I don't think. And even if you did, you'd need a customized app to point to said server, and then you wouldn't be interoperable with the regular signal network
I have become convinced by Cory Doctorow's (tech writer and inventor of the term "enshittification") argument that the fact that we're even discussing this in terms of "sideloading" is a massive win for tech companies. We used to just call that "installing software" but now for some reason because it's on a phone it's something completely weird and different that needs a different term. It's completely absurd to me that we as a society have become so accustomed to not being able to control our own devices, to the point of even debating whether or not we should be allowed to install our own software on our own computers "for safety." It should be blatantly obvious that this is all just corporate greed and yet the general public can't or refuses to see it.
TBH I was confused when I came across the term "sideloading" for the first few times because I thought it was something new. Part of the plan I guess. Damn.
There are groups to support:
And in the UK:
Some political groups are better than others, but most politicians are clueless.
The key is to get muggles to understand we are living in Technofeudalism and why being digital serfs is bad. The problem is ineffective competition law and that monopolies are bad. That monopolies and standards are not the same thing. I have no idea how. Most people are just naturally compliant and unquestioning of something seemingly so abstract.
Most likely the reason, among others, they're fighting tooth & nail to remove side loading too.
Haha! Do it if the EU does not give up on their Orwellian control!
Wait, I'm in the EU and I use Signal!
Basically, but what you forget is that Signal is also the standard for every Politician for their group chats because it's secure, so the idea that they might lose their secure, leak-free* form of communication should worry MEPs and other politicians into taking action. Will it? I don't know, politicians are very stupid when it comes to tech it seems.
* Baring screenshots
Screenshots, or just adding a journalist to the group chat.
Screenshots, or just adding a journalist to the group chat.
no software can prevent PEBKAC errors. It's like locking a door and then giving the key to a thief and being shocked when people steal your shit
There's an explicit clause that exempts politicians from the ban. They get privacy because they need it, but nobody else does.
Why are so many European countries doing this? Why the sudden push for chat control and internet restriction laws?
It's understandable from law enforcement perspective that it's important to snoop on actual criminal communications. The EU has pretty reasonable measures and good at cracking down on continental-wide criminal activities. However, can we trust authorities that they won't over reach with the chat control and violate privacy and freedom of speech? Like, come on, nothing good ever came from spying on communications. Catching criminals and/or terrorists is a convenient excuse to spy on dissidents.
We've seen it happen in America with the PATRIOT Act. People dismissed the opposition to it with "nothing to hide" thought terminating cliche, or accuse you of pedophile or terrorist for not wanting spying on communications. Then twenty years later, Americans have a fascist government who allowed a corporate asshole to steal information from the federal government. And those information will be used for surveillance capitalism. The same will happen to us in the EU if we don't push back hard on this Orwellian desires of politicians.
I hope more follow, would be funny if "all chat apps have to include a back door" leads to "there are no official chat apps"
Do you really think Meta would ignore the opportunity to both be the default option And have justification to read users' messages?
Nah i don't. I can hope though and the backdoor is a threat not just for consumers but also companies.
If the law is implemented, I would selfhost my own chat server. I don't see this as Signal fault.
But everybody can`t selfhost. That is a problem I am struggling with.
I am now sure what I would do about email, I assume it is affected as well?
I already self host my own matrix server. Everybody can't do that, but everybody can use someone's matrix server. They can't shut it down because it's decentralised and federated. It would theoretically be illegal to use but I don't see how they would be able to stop it.
Email with PGP would then also be illegal but impossible to effectively stop. That's why the whole discussion is so stupid. It only hurts the normies. Criminals and tech savvy people will find a way around it and still use encryption without mandated backdoors.
If the law is implemented I will self host my own signal proxy and distribute patched apps to those in need
I looked into signal servers some years ago and found nothing, are you meaning like tunnel things to another country?
Yes, just to bypass any blocking
That's actually a smart idea!
Not more legal or something (if that stupid laws becomes reality) I guess but who cares ☺️.
I hate this framing. They don't "THREATEN" to leave europe.
Europe is about to change laws that makes their product illegal.
Separate airgapped device running an encryption app. Type text on it, it spits out a ciphertext, then, use internet connected device to scan the ciphertext, OCR*, then send to target receipient, they also use this same airgap encryption device and they OCR, then decrypt using their key.
*Instead of OCR, you could also use a QR code to have error correction
Tell me how they can ban this? Anyone using a raspberry pi with a battery and touch display attached into one compact thing, is a criminal?
What if we just start using One Time Pad? Can they ban that?
Steganography?
Like seriously, how do you even stop "criminals" using steganography?
So, to Big Gov, here's my question: Are you gonna ban talking to other people becuause criminals also talk to other people?
They don't care about your messages, they don't care about terrorists or pedophiles.
They do care about the general population, and wants to control it. That's what this is all about. The hard right wants to have effective tools to slam down on dissent when they get in power.
A game as old as humanity.
Shameless plug, because I'm trying to do my part ☺️ : Tenfingers sharing
So now where will Signal go ?
Let's collectively fund an island where we can host Signal, Tor nodes and ThePirateBay in international waters.
maybe because of this headline some more politicians change their minds
