I think the headline is missleading, if I understand it correctly.
ChatControl is already possible, and implemented for major communication service providers that most of the people use. It’s just not mantadory.
Currently a regulation is in place allowing providers to scan communications voluntarily (so-called “Chat Control 1.0”). So far only some unencrypted US communications services such as GMail, Facebook/Instagram Messenger, Skype, Snapchat, iCloud email and X-Box apply chat control voluntarily (more details here). source
The article states that they decided that they will not blanketly require it, but I don’t think it says anything about rolling back the first version of ChatControl that’s already in effect.
EDIT: I was wrong, the article actually does mention it, even though on pretty vague terms:
The current voluntary chat control of private messages (not social networks) by US internet companies is being phased out. Targeted telecommunication surveillance and searches will only be permitted with a judicial warrant and only limited to persons or groups of persons suspected of being linked to child sexual abuse material."
The new law would have required breaking end-to-end encryption (E2EE) as the companies would be required to scan messages. CSAM is just the pretext they use to compromise all communication. Same as “think of the children” is used to steal other rights.
That is true, but can’t they (a company that wants to, not the goverment) do that already if they want to, under ChatControl 1.0? And I wouldn’t say that whether a service is E2EE or not makes any difference here - scanning private user messages shouldn’t be allowed, whether they are encrypted or not. IMO if ChatControl 2.0 passed and was made mantadory for everyone, the fact that it is mostly noticable on E2EE apps is only a side-effect of blanket surveilance, and not the main issue with the proposition.
What’s the point of them agreeing that they will let the 1% of users of E2EE services keep their privacy, while they already scan 90% of communication (I mean, just GMail + FB/IG + iCloud, that is already being scanned, makes for most of the worlds communication) for the past year or so?
Now I’m curious whether Facebook/Instagram, who does offer encrypted chats and also scans all your content under ChatControl 1.0 voluntarily, also scans the encrypted chats or not. I’d vager they do, but that’s just a speculation.
But they did briefly mention that they will begin “phasing out” chatcontrol 1.0. I wonder what does that means, and how long will it take.
That’s the goal of end-to-end encryption. To make it impossible to scan. With E2EE company doesn’t have the decryption key, so there is no legible content to scan.
P.S. It’s still possible to collect metadata like when or who the message was sent, which is why services like WhatsApp which have E2EE are not recommended, but the content is safe.
the fact that it is mostly noticable on E2EE apps is only a side-effect of blanket surveilance, and not the main issue with the proposition.
Isn’t it though? We moved past the non encryption communication being safe a long time ago. And just because they will phase the old law, it doesn’t remove the ability of companies to still scan the messages or cops to request that data from those companies. Those companies still have access to the server and your encryption key where your messages are stored. E2EE on the other hand makes it technically impossible even if they want to do that or court orders them to do that.
I don’t create anon accounts nearly as much as you say you do, but when I do I a correct-horse generator, and just pick the first two words and mash them together. It has never produced a conflict yet.
keepass2android’s password generator can generate these on mobile, and there are several for the command line.
I usually just use a fake name generator to create a name and use it as a username this takes care of my inability to think of random usernames, birth date and other stuff that most websites these days ask. And it also makes me look like another dumb idiot and not a l33t haxor.
You hear that, plebes? The governments of the world have already won, so you shouldn’t even try being an independent human being with a sliver of privacy.
You’re not entirely wrong but the defeatist attitude screams “I love the flavor of this boot.”
“The “Overlords” of this world are that smart and special, maybe you should just let them be in charge” is a real wild fuckin take. Especially when the last fifteen years have been nothing but evidence that the “Overlords” of the world are absolute fucking dipshits just like anyone else.
In my opinion, the most significant achievement lies in giving justice authorities the power to make decisions regarding time-limited and targeted enforcement responses. Regardless of the technology employed, it is crucial to have independent decision-making processes that prioritize the preservation of individual liberties.
this does not affect Google, Meta or any other Big Tech at all. This law was trying to break encryption or do some sort of client side scanning. And it didn’t got approved.
This does not force Google or Meta to encrypt your chats if they weren’t doing so. Or to remove their own backdoors in the encryption if they had them. It’s just a law that was not passed. So your comment does not make any sense.
PS: it’s not like Google or Meta care too much about encrypting the contents. They’ll happily take your metadata which is super valuable. This is what Meta does with WhatsApp.
agreed. sounds propaganda-ey. also sounds kinda like that other run-on sentence post in privacy recently about how being concerned rUiNs yOuR sOCiaL liFe 🙄
My guy, you can’t fool us, we know accounts like you exist solely for this. only question is are you paid by your corporate owner or your local government’s intelligence agencies?
Yeah I am open to anyone who can prove this wrong/correct. I saw it and thought it needs sharing. I am more than willing to ask forgiveness afterwards :-) Luckily I too only use Thunderbird.
privacy
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.