The controversial CSAM scanning plan keeps coming back – and being rejected

It is the definitive moment to change instant messaging application. I have switched to the XMPP protocol with clients like Gajim or Profanity. There are also applications for smartphones.

Just watched a video of Low level: https://www.youtube.com/watch?v=tRATnT577Aw

Although this is about the US this is EXACTLY the shit that will happen to this whole chat scanning BS

Those damn Chinese and their censorship… oh wait

Some suggestions: Scan, Privacy, Control

Why are they still thinking they can justify this? People which do illegal stuff are just going to use old apps self-host or bypass it with another way.

However they want to do it, it will undermine a key principle of democracy and a human right: the right to privacy and private communication.

To clarify: eMail, web chats, gaming chats, Signal, Threema and so on are affected as well

@davidebro@lemmy.ml
link
fedilink
1
edit-2
10d

I don’t think Startmail will be affected. Ofcourse using Gmail is free pass to your data. But look at this https://www.startmail.com/ . I think if you also use Proton or other mailing services you’re 99,9% safe. I sometimes play video games, some of my friends are kids who are cursing in gamechats. How will gaming chats be affected? Does the government have access already?

Does the government have access already?

Via a subpoena, yes. Or directly via the NSA’s PRISM program.

@airikr@lemmy.ml
link
fedilink
7
edit-2
17d

Self-hosted XMPP using OMEMO included? OMEMO are based on Signal, hence my question.

First I’d ever heard of OMEMO, thanks dude

Self-hosted Matrix is obviously unaffected.

You say this but Matrix is largely centralized so it would be easy to get the biggest node to comply. Servers are quite costly to run too which is a big problem.

Federated protocols are not centralized in principle. It might not scale to one user-one server (which probably even Lemmy can’t handle) but if you’re signing up for a central server, you’re doing it wrong™. Don’t do that. The nice thing about Matrix client is that it allows end to end encryption, including groups. So that greatly limits what Mallory can do in principle. As to servers being costly to run, given what documented Synapse requirements are, you’re looking at less than 5 EUR/month for a single server. Which can be shared among several users, obviously. This is in the same range as costs for a monthly VPN.

Synapse boasts about 50,000 concurrent users on a node. Ejabberd has been tuned to 2,000,000 concurrent users which shows how efficient & scalable the setup can be. €5/mo is a lot for many folks.

Monero-paid VPSes cost more, and given this fact, my €5 VPS (with a few other services already running there) would apparently not be enough for Synapse… But an XMPP server runs perfectly.

Poor people (who still can afford the end devices and an Internet plan) can of course share the costs in a community, or use one of the many free servers, as long as they are aware of the tradeoffs. Beigers not being choosers, and all that.

You can also choose to use technologies that aren’t such resource hogs. The eventual consistency model of Matrix alone & storage costs causud many medium-sized operations to shut their doors. Distroot.org for instance had to move to XMPP to deal with costs—& I have personally seen others.

While storage is my main concern (my VPS is very limited in this regard), there is also the fact that you can very well end up with nasty materials stored on your server without a convenient way to delete it. Even if you don’t let strangers have accounts on your server.

Does XMPP have feature parity with Matrix? I presume that bridges exist?

His point was the main Matrix.org server being way too prominent. In every given groupchat, chances are somebody is on this particular server. It is also the default for many clients.

Well, yes, but privacy in the current world is not free, even if it involves some own thought and planning. Being wary of defaults and being aware of implications one’s choices bring is of course too inconvenient for many. But these do not get to complain.

The default links many folks/projects share specifically log you into Element & on Matrix.org as well which advertizes more folks to be on that centralized node. Furthermore, Matrix provides hosting for some of the other big servers as well even if they are not using matrix.org in the address.

@bloubz@lemmygrad.ml
link
fedilink
2
edit-2
17d

This is why Matrix is infinitely better than Signal. This and not having been funded by the CIA through Radio Free Asia. Even with weaker architecture

Can we have the names in the headlines of which MPs keeps consistently putting this crap on the agenda multiple times every year for the last couple of decades?

I add my voice to this request. Cough up the names.

Emberleaf
link
fedilink
2017d

They can’t scan chats that don’t exist. Time to make a switch, folks!

A switch to what? To nothing?

Emberleaf
link
fedilink
0
edit-2
16d

Signal would be the best choice, imho. Next best would be SimpleX for android or iOS. The desktop version is currently not great.

Snail mail

Self hosting Matrix comes to mind. With deployment automation it’s reasonably painless.

You are severally over-estimating the computer skills of the general population. Here is some data on that.

Thanks. It’s slightly worse than I thought. I’m kinda limited to communication with my small peer group, so I don’t notice that other user classes exist.

Is that like a decentralised WhatsApp?

It’s a federated communication protocol and open source implementation thereof, including servers and clients.

https://matrix.org/docs/chat_basics/matrix-for-im/

What is it?

Matrix works a little like email, but instantaneous and secure:

You need to register an account at a provider Whatever your provider is, you can talk to people using other providers In the same way you can use Outlook or Thunderbird with the same email account, you can use different Matrix apps for the same Matrix account. Several apps exist, but we’re going to go with Element for the sake of simplicity, as it’s among the most fully-featured Matrix apps on the market.

Once you are more comfortable with the basics and if you want to use another app, head to the clients section of this website.

@toastal@lemmy.ml
link
fedilink
3
edit-2
17d

WhatsApp runs on unfederated XMPP; why not just run your own decentralized XMPP node?

How difficult is that to a complete amateur?

Its more similar to discord.

just don’t use whatsapp? problem solved!

#returntoemail

Matt
link
fedilink
717d

Email is unencrypted.

Not if you use pgp

Matt
link
fedilink
-117d

Or Proton/Tuta.

@uis@lemm.ee
link
fedilink
417d

It will not E2EE for you.

eMail is affected as well. There is no alternative. And mails are not private if not all participants use end to end encryption

Stop fear mongering, of course there is alternatives

Of course there are alternatives. That’s the cherry on top of this crap pile: only regular non tech folks are affected. Nerds and actual criminals will just run an xmpp or simplex server and not care about the legislation.

RiQuY
link
fedilink
1117d

Then go tell that to all of your WhatsApp contacts, people won’t change apps.

I have zero such contacts. For the moment, I tolerate Signal. When it falls I’ll switch to self-hosted Matrix.

I’m not touching an app owned by Meta. If people want to message me, they can use Signal.

Turns out, this policy has weeded out lots of useless conversations from my life. So, I see it as a win.

but that’s the beaury of email! people don’t need to be on the same app to communicate with each other!

that arbitrary walled-off garden of whatsapp doesn’t hamper anyone here!

RiQuY
link
fedilink
417d

Of course there are alternatives, that’s not the main problem, it’s the adoption by people not familiar or interested in tech.

https://activitypub.rocks/

Right attitude, wrong solution.

Email is very much not private

Protonmail is

Edit: At least it is if both the sender and recripient uses protonmail. Its open source so you could verify the client to make sure that the contents are encrypted. As for IP address and subject lines tho, that’s up to the Protonmail company to honor your privacy, and just hope they don’t betray you.

Protonmail is definitely more private than google or Microsoft, but you shouldn’t hold 100% trust in any provider. Ultimately your data is still on their hardware and they have control of it. Also, as others have pointed out, both sides need to be secure otherwise all that data is accessible on the other side.

You can mitigate it yourself a bit by hosting your own email server, but I highly recommend against that as its a massive headache to secure and basically every provider will reject your messages anyway.

@coolusername@lemmy.ml
link
fedilink
-1
edit-2
17d

protonmail is CIA https://encryp.ch/blog/disturbing-facts-about-protonmail/

besides the above, their open support for regime change in China is NOT something a Taiwanese company would do. I live in Taiwan and have worked here for over a decade. Executives here try to keep their head down and just make money. They do not champion any causes.

I have read that blog entry and some of its references. The evidence provided for this strong claim seems to be very weak. I would not judge anything based on the listed talking points. Now, knowthing is impossible and such services are sure in the interest of governments around the world. I also want to remind people on the Swiss Crypto AG which sold compromised analog encryption machines for decades.

That user also claims Signal and Matrix are CIA and refuses to provide sources for those claims

davel [he/him]
link
fedilink
617d

The body of the messages arguably are, but the metadata is not, and that includes the subject line and the sender & recipient addresses.

Even if you have 100% confidence in your own provider, you also need 100% confidence in every other recipients provider, which is basically impossible.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.12K Posts
  • 78.1K Comments
  • Modlog