Email or username:

Password:

Forgot your password?
Meredith Whittaker

📣Official statement: the new EU chat controls proposal for mass scanning is the same old surveillance with new branding.

Whether you call it a backdoor, a front door, or “upload moderation” it undermines encryption & creates significant vulnerabilities

signal.org/blog/pdfs/upload-mo

New Branding, Same Scanning: “Upload Moderation”
Undermines End-to-End Encryption
A statement from Meredith Whittaker, Signal President, in the context of the EU debate
End-to-end encryption is the technology we have to enable privacy in an age of unprecedented state and
corporate surveillance. And the dangerous desire to undermine it never seems to die. For decades, experts have
been clear: there is no way to both preserve the integrity of end-to-end encryption and expose encrypted
contents to surveillance. But proposals to do just this emerge repeatedly — old wine endlessly repackaged in
new bottles, aided by expensive consultancies that care more about marketing than the very serious stakes of
these issues. These embarrassing branding exercises do not, of course, sway the expert community. But too
often they work to convince non-experts that the risks of the previous plan to undermine end-to-end encryption
are not present in the shiny new proposal. This is certainly how the EU chat control debate has proceeded.
In November, the EU Parliament lit a beacon for global tech policy when it voted to exclude end-to-end
encryption from mass surveillance orders in the chat control legislation.
39 comments
Draken BlackKnight

@Mer__edith I'm willing to bet either Blumenthal, Blackburn, or both keep advising whatever crazies keep proposing this, because every time similar legislation happens here their names are on it.

stux⚡

@Mer__edith Agreed! Keep up the good work 🔒

thomas bohn

@Mer__edith every EU citizen should contact their local MEP about this. even if encrypted messaging will be spared in the end, unencrypted messages or emails shouldn't be subject to mass surveilance!

JoeBecomeTheSun

@Mer__edith The answer is simple, do not comply. If signal allowed sending messages over activitypub secured over the signal protocol and end to end encrypted file transfer via the Kubo IPFS daemon then the end to end encrypted chat using the signal protocol would be decentralized and more competitive, with companies not only competing on features and price but also shopping around for jurisdiction. Companies like Proton, Vivaldi, Mailfence, Tutanota, Mullvad, Mozilla, Psiphon, IVPN, Cloudflare and others could offer their own e2ee messaging services and we would have a choice while preserving interoperability.

@Mer__edith The answer is simple, do not comply. If signal allowed sending messages over activitypub secured over the signal protocol and end to end encrypted file transfer via the Kubo IPFS daemon then the end to end encrypted chat using the signal protocol would be decentralized and more competitive, with companies not only competing on features and price but also shopping around for jurisdiction. Companies like Proton, Vivaldi, Mailfence, Tutanota, Mullvad, Mozilla, Psiphon, IVPN, Cloudflare and...

DELETED

@JoeBecomeTheSun @Mer__edith
That seems a lot like Matrix (just without the IPFS stuff)

JoeBecomeTheSun

@tester1121 @Mer__edith Except that Matrix is not as secure as signal. IPFS would make file transfer more efficient so long as the encryption keys are transferred encrypted through the signal protocol so that it remains secure.

Vick Forcella ™🌈🌳❄️☑️:verifi

@Mer__edith Now that more and more countries become right wing extremist safe grounds it is nice to know they now have mass surveillance at their fingertips.
Who would have expected this?

nicnym
I would get off signal now
Shrimpney

@Mer__edith It’s almost reassuring, in a way, that they keep trotting this out: it acts as a warrant canary letting us know the intelligence agencies haven’t broken encryption yet. Once they stop asking for it we should start asking questions ☺️

8tpercent

@Mer__edith Now THAT is what you call a fantastic press release. Team Signal is fabulous 👏

Mayor of Nerdocrumbesia 🏡

@Mer__edith

This is a good reminder to download versions of your favorite encryption tools like #Veracrypt while you still can.

veracrypt.fr/en/Downloads.html

Orca🌻 | 🏴🏳️‍⚧️

@Mer__edith@mastodon.world
By the way PhantomSecure and EncroChat goes, people can clearly see criminals would opt to buy shady encryption devices in the gray area, instead of using publically-available communication services (no matter the latter is backdoored (like AN0M) or not), and police still has their way to the data they want.

Why all the shitty politicians still vow to backdoor encryption shouldn't be a question that needs to be asked anymore. Clearly it's meant to destroy the privacy provided by strong encryption and control the citizens even more.

@Mer__edith@mastodon.world
By the way PhantomSecure and EncroChat goes, people can clearly see criminals would opt to buy shady encryption devices in the gray area, instead of using publically-available communication services (no matter the latter is backdoored (like AN0M) or not), and police still has their way to the data they want.

Why all the shitty politicians still vow to backdoor encryption shouldn't be a question that needs to be asked anymore. Clearly it's meant to destroy the privacy provided...

Seb

@Mer__edith
Thx a lot for this clear statement 😉

margo🌈

@Mer__edith The people continue voting for conservatives and far-right...

rusty

@Mer__edith Part of me wonders how long it's going to be before we build AI agents on Ollama that act as client interfaces for our social media and chat platforms, where personal conversations between two people thes agents turn it into normal dull text messages. Part of it will likely include having the agents discussing 'War and Piece' 'Dune' 'The Ring of Life', etc., that provide an overwhelming amount of content for the monitors to try to pick through when invading people's privacy.

LukefromDC

@Mer__edith Nobody is going to use the compliant apps. Instead, they will allow installing apps from "untrusted sources," download something like Signal(which will never allow backdoors) from servers not in the EU (since Google Play and Crapple will have to remove it or exit the EU market), and ignore this law. It would take effort on the scale of China's Great Firewall to prevent this and even that would leak, as does China's censorship.

If their ISP blocks the download, they will go to Tor or a VPN and bypass ISP filtering

@Mer__edith Nobody is going to use the compliant apps. Instead, they will allow installing apps from "untrusted sources," download something like Signal(which will never allow backdoors) from servers not in the EU (since Google Play and Crapple will have to remove it or exit the EU market), and ignore this law. It would take effort on the scale of China's Great Firewall to prevent this and even that would leak, as does China's censorship.

Misuse Case

@LukefromDC @Mer__edith Most people don’t know how to do stuff like this. Regular folks using WhatsApp will get surveiled and have their lives ruined by false positives.

LukefromDC

@MisuseCase @Mer__edith Than it will be up to that to make this as accessable as we can and to broadcast information and warnings.

Those the government most wants to surveill will as always be the ones they miss. From organizers to underground direct action crews, from the best freedom fighters to the worst terrorists, they won't be able to read ANY of that traffic.

This will be like trying to prevent drones from delivering guns and drugs into prisons by monitoring the nearest airport.

In other words, the surveillance will hammer the civilian populace while completely missing its intended audience, same way IOF bombs do.

@MisuseCase @Mer__edith Than it will be up to that to make this as accessable as we can and to broadcast information and warnings.

Those the government most wants to surveill will as always be the ones they miss. From organizers to underground direct action crews, from the best freedom fighters to the worst terrorists, they won't be able to read ANY of that traffic.

LukefromDC

@MisuseCase @Mer__edith First step: In Android permissions you can with one "click" enable installing apps from one existing app. Got to settings->apps->Files (or whatever you have)->advanced/Install Unknown Apps and set to "allowed" and you can then install downloaded apps from the file manager.

In older versions, it was under "security" and would allow installing non-Google Play apps from any program on the device that could open them. This of course had the potential disadvantage of allowing silent installation of malware from the browser.

@MisuseCase @Mer__edith First step: In Android permissions you can with one "click" enable installing apps from one existing app. Got to settings->apps->Files (or whatever you have)->advanced/Install Unknown Apps and set to "allowed" and you can then install downloaded apps from the file manager.

In older versions, it was under "security" and would allow installing non-Google Play apps from any program on the device that could open them. This of course had the potential disadvantage of allowing silent...

Misuse Case

@LukefromDC @Mer__edith It’s okay I have Signal and I know how to use it

Schneckbert 🐌

@LukefromDC @Mer__edith The problem is not only bypassing the monitoring and surveillance - the problem is BEING monitored; watched and classified. It changes behavior. It's not freedom. If you have to hide that you are communicating (encrypted or not) the game is over. It's not a government anymore.

LukefromDC

@waldschnecke @Mer__edith Note that I am operating from what is effectively a wartime perspective, in which the government is treated as the enemy. In my case I am also very well known, so this becomes a conflict between combatants who are already aware of oneanother, as is almost always the case in meatspace (realspace).

They can see WHO I am, can read my public posts, but cannot read my private Signal messages. Seeing that I am a Signal user gives them exactly zero new information, and they cannot even see who I am talking too.

Putting it another way, I am one of those the government MOST wants to be able to monitor what I say to whom, but whom this sort of legislation is least effective against. It's like trying to stop a tank with tire spike strips

@waldschnecke @Mer__edith Note that I am operating from what is effectively a wartime perspective, in which the government is treated as the enemy. In my case I am also very well known, so this becomes a conflict between combatants who are already aware of oneanother, as is almost always the case in meatspace (realspace).

Schneckbert 🐌

@LukefromDC @Mer__edith Yea, you're not wrong.
It's very unfortunate for all of us - whatever the outcome is - because even if it doesn't go through, parts of the governments WANT(ed) this. Which is unacceptable - and all this comes with more problems. Even if not in place, who do I trust? Based on what?

Kevin Karhan :verified:

@Mer__edith so will @signalapp stop collecting #PII like #PhoneNumbers and actively work towards making #compliance with such #cyberfacist demands impossible by truly #decentralizing and moving onto @torproject for it's infrastructure...

If not, why?
infosec.space/@kkarhan/1126362

Karl Heinz Häsliprinz

@Mer__edith So what happens if we were to a string of 0s and 1s through text that, when compiled, encodes an image? This whole law is so silly from a technology regulation perspective.

They need to show their code before they can pass the law that forces every provider to use their code... But also: How decentral can you go with Signal node hosting costs?
I understand the law says home-hosted servers are exempted from the law as long as they never touch state money?

Gerrit Eicker

@Mer__edith What an embarrassing development. The #EU urgently needs to return to the core values of European societies. /cc @ton

TeslaLiberty
How does this affect signal users ?
Hex

Edward #Snowden reacted:

EU apparatchiks aim to sneak a terrifying mass surveillance measure into law despite UNIVERSAL public opposition (no thinking person wants this) by INVENTING A NEW WORD for it—"upload moderation"—and hoping no one learns what it means until it's too late. Stop them, Europe!

x.com/Snowden/status/180312759

Biggles

@Mer__edith It honestly stuns me that Europe has forgotten STASI so quickly.

Private communication between individuals is a fundamental requirement for democracy.
Removing that capacity endangers democracy.

Nomad@trustbutverify

@Mer__edith does bigstate in EU try to obtain what has been already obtained by bigstate un US/China via their control of bigtech?

DELETED

@Mer__edith

But we have to give up our rights! FOR SAFETY!

We get fingered and groped by the TSA for our SAFETY!

Christian

@Mer__edith It's nothing but the same old surveillance tactics wrapped in a shiny new package. Whether they label it a backdoor, a front door, or disguise it as "upload moderation," this proposal is a direct threat to encryption. The audacity to push this under the false pretense of protecting children is beyond belief. The EU council must not let this pass. Our security and freedoms are at stake, and we must stand against this deception!

neo

@Mer__edith@mastodon.world They know & are hoping to induce "care fatigue"

Graydon

@Mer__edith And this shit is not going to go away until the institutional actors determined to enact it have been abolished.

It'd be appropriate to abruptly and comprehensively and completely defund whatever EU agencies keep insisting on authoritarian social controls.

Go Up