Before I say anything else, I should mention that this is nothing ground-breaking, neither is it terribly difficult to implement. This is simply how I envision a simple solution.
Basically, the EU and the UK want the secret keys to your encrypted media/messages. Which essentially breaks encryption completely, ending E2EE usage.
The alternative is, then, for the user to utilise their own form of E2EE. How though? The answer, in my opinion, is personal exchange of keys utilising asymmetrical encryption. Exchanging public keys in plaintext is fine as long as they don’t have your private key. Which means unencrypted services like SMS could also be secured using this method (for example, have the public key of a user in their profile). I believe QKSMS employed encryption for SMSes for as long as it lasted, but no idea about the kind of encryption).
Technically, if everyone started to use p2p messengers with asymmetrical encryption, the EU would have very little they could do without compromising every mobile in the region and preventing people from downloading APKs somehow (sorry iOS users but you’re never going to have privacy anyway).
However, this is only possible with a FOSS project, because a company would have to fork over the keys anyway to stay alive. A FOSS project can simply be forked once the OG maintainer stops working on it due to government pressure. That is where the problem comes, since FOSS projects can’t really run their own servers to store media, making p2p the only viable option. But with some people behind CG-NAT, that becomes harder for non-technical users.
I don’t have a way to solve this other than the general population becoming tech-savvy enough to give a damn.
Tl:dr; FOSS projects are best suited for implementing personal E2EE between users, but that makes p2p the only viable option without a back-end, which makes it difficult for people behind CG-NAT.
Cheers
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
Vote, contact your representatives, supoort lawsuits. The problem is a legal and political one, so there is no technical solution that doesn’t put yourself at risk of imprisonment or fines or what have you.
It’s possible to find holes in the wording of anti encryption law but that will only work until someone fails to get convicted and politicians fix their law.
A interesting thing to note is that encryption that can’t be broken was actually considered military technology, or at least dual use technology, that can’t be spread or used willy-nilly. The general public has had access to good encryption for about 25 years or so (depending on the country you live in) and policitians have tried to ban it ever since.
So far, this has failed, and several EU countries have put out statements against banning the practice in its entirety, so the hard work of the EFF and all similar organisations has not been for nothing. In fact, the EU has come out in favour of secure encryption for its citizens.
Despite the shitty politicians’ best attempts, we still have privacy, and as long as we keep voting for sensible people, we will keep it so.
Wait, if the EU is in favour of secure encryption, then who is opposing it in the EU? I haven’t heard of encryption being broken in America
The EU is made up of many countries. Some are firmly against banning E2EE, others are in favour. Based on this list by one of Chat Control’s most influential opposers, the following countries are in favour of banning real E2EE:
I would be wary of any of those countries’ governments and the laws they propose within their national jurisdiction.
Thr UK’s attempt to ban E2EE messaging has been weakened under pressure. It still requires scanning for CSAM before transmitting messages, but it’s not as bad as it could’ve been.
It was getting dangerously close to passing, though, and like the scary American internet laws from a few years back, I’m sure there will be renewed attempts to ban E2EE in a few years after the next big pedo/terrorist scandal. These proposed laws come in waves, and with the news saturated about this stuff, sometimes one makes it through.
Thanks for the list. I live in the US but I’ll keep this in mind