Ok how do they plan to enforce that?
By banning HTTPS at the ISP level?
Edit: and then how do they enforce GPDR? Because you better believe everyone and their mother is going to snoop on every communication made.
Blocking HTTPS would be frighteningly hilarious. My employer is one of thousands of websites that utilizes HSTS, which tells web browsers to use HTTPS. Our implementation of HSTS, like lots of banks etc. is also listed with HSTSpreload, which means browsers like chrome will only ever use HTTPS with our site.
What if they just do MITM with a Trusted root? Does HSTS provide a method to do cert pinning?
HSTS just enforces HTTPS over HTTP.
I seriously doubt Chrome or Firefox would ever be coerced into trusting a cert like that. If they did then you would see a very rapid shift away from those browsers to one or more of the open source alternatives.
And any CA that issued such a cert that allowed for wholesale MITM access like that would be blacklisted by all the browsers very quickly as well. That would put the CA out of business very quickly.
By forcing Whatsapp Signal etc to implement backdoors
Signal wouldn’t, or if it did, it would be labeled as such as an insecure fork for EU conpliance only and make that fork stale immediately.
By banning HTTPS at the ISP level?
I think you might not be aware of it but big institutions like governments and such can basically already circumvent HTTPS encryption by supplying fake root certificates and forcing the ISP to redirect traffic through their own servers.
That is why End-to-End encryption is such a big deal. Because it cannot be circumvented by the government alone. If done right (proper key exchange), it cannot be broken by anyone but the legitimate recipients. The way WhatsApp does it today, Meta could technically break it too, though i’m not sure whether they do.
That’s not necessarily very easy. These certs would have to show up in public certificate transparancy logs for most browsers to accept them. If this happens on a government scale it would surely get noticed, though the question remains what you’re left to do if the government forces it anyways…
See https://en.m.wikipedia.org/wiki/Certificate_Transparency section “Mandatory certificate transparency”
not necessarily very easy
admittedly, but i still assume that the CIA could do it if it tried.
edit: thanks for the link though, this seems very interesting :D
I’m just so tired of it all. At this point I would not be surprised about ending up in prison a decade from now for using encrypted communication.
Thanks for sharing the link to contact the MEPs. Thats actually very useful.
It’s ironic to use a meme from a movie depicting a fascistic government, to protest against a fascistic measure.
I suppose the better meme would be “it ain’t much, but it’s honest work”
I’ve contacted them yesterday evening. Funnily enough, all the AfD opposes chat control. They’re clever. If chat control were to pass, they could campaign on having opposed it, and then mission creep it once elected.
In many cases this could be argued as unconstitutional.
In germany, it’s not technically unconstitutional (i checked last week because i assumed it should be) but it definitely feels like it should be unconstitutional. After WW2, there was a consensus to not surveil your own population, and this is a very important constraint to keep in mind.
Where did you check that? The Vorratsdatenspeicherung has been ruled unconstitutional twice for example
Art. 10 GrundGesetz: https://dejure.org/gesetze/GG/10.html
In Lithuania privacy is defined as a fundamental right and it includes correspondence, digital or otherwise.
Would that prevent passing laws enabling chat control? Doubt it, but I can see it as a good legal argument against it.
According to the EU constitution?
Yes, the right to privacy is a fundamental right in the eu charter.
I yhink the declaration of the rights of man and citizens is in there somewhere. But I haven’t really looked at it since the Schengen treaty mess.
According to constitutions of member states.
At least here it’s worded in a way that chat control could be argued as unconstitutional (not a lawyer tho).I would not be surprised that any other sane constitution protects privacy, and by extension digital correspondence, under fundamental rights.
Also get those MPs imprisoned
EU politicians are probably the only ones who ought to be scanned
If it passes in the EU, it will pass in the United States. This affects all of us.
The site failed at the last step… Fortunately all my reps are opposed
I’m not an EU citizen yet, and as a non-citizen brown man, i doubt the MEP would listen to me. How can I do my part anyway?
This is why Russian, Chinese and other messaging apps (good one is Telegram) are spiking in EU. The kremlin will have my chats, but I never plan on travelling to Russia anyways.
This is the worst thing in ages. I’m 50+, very good with IT, and I understand that we MUST act against it.
But I’m tired, boss.
Surrounded by lemmings and sheep that love Facebook and WhatsApp. People are stupid. I don’t have the energy to fight so much ignorance and stupidity - willful or otherwise.
Also, they keep trying. You fight it one year, they’re back the next. Extremely undemocratic.
Precisely. You need to keep winning, while they just need to win once. Would love it if repeat offenders like these would just stop being considered entirely after being rejected multiple times.
I’m overwhelmed by this stupidity and collective ignorance all the time. Not just in data privacy regards.
Some days I just want to give up and say “screw it”. But damn, I can’t. And a lot of others will not stop. If you do, thats alright, it is okay to rest.
Thank you, kind stranger.
The provided link will let you contact MPs with just a few lazy clicks.
Oh shit - I thought they dropped this! JFC, EU! What TF are you doing?
There seems to be some kind of group repeatedly pushing this crap every other year, with increasingly shady tactics.
I would for sure like to know from where this emanates…
It’s the pro-surveilance people that want to monetize your data. They try and lean on fear and push this “only ISIS uses Signal” narrative that is obviously false.
It’s just so preposterous - businesses and payment processors rely on e2ee just as much as anyone else does. The one time we’re on the same team they just want a carve out for businesses or something I expect.
ISIS also breathes oxygen.
Oh no! Get it all out of here!!! Ah!
So that’s why their quiz is stacked this weird way:
Yeah, classic juked survey. Not objective at all, only someone that is “pro-crime!” would say no.
Yeah, I think this whole survey is written in a somewhat suggestive way. Even more important to fill it out
Not enough people are aware of just how evil Peter Theil really is
Agreed. I’ve tried to tell people about https://en.wikipedia.org/wiki/Dark_Enlightenment but friends and family brush it off like it’s some small cult thing instead of being silently funded by billionaires
I swear that fuckface is part Ellen Degeneres
This would not break encrypted messaging but forbid it.
What if I just transmit a bunch of random ass digits to someone?
The claim I’ve seen from an MEP is that they wouldn’t compromise the e2e encryption itself but instead mandate a backdoor so they can remotely access the unencrypted messages on your device. Which is arguably worse.
