- cross-posted to:
- europe@lemmy.ml
- cross-posted to:
- europe@lemmy.ml
- According to Whittaker, the bill requires the encrypted messaging app Signal to install so-called backdoors in the software.
There needs to be a messaging app which provides a backdoor for every government that requests it. Every time some dumbass legislator asks for a super-giga-secure-backdoor they promise not to misuse, they should be directed to that app.
Imagine the complexity of the encryption algo with 100 different custom made backdoors!
That’s the secret you give them all the same backdoor.
But each of them is special!
This law cannot go through! This is a threat to democracy in our country.
Privacy matter. You must be able to talk to your friends without needing to worry about if the government is listening to you. This will not help to catch the bad guys as they will just change to some other protocol. But it opens up the possiblity for third party doing something that they should not even be able to do. Stop this now.
And now it starts. Programs specifically designed to be encrypted getting attacked.
“Now”? Apps like Signals are constantly under fire. Whitaker already told the whole EU it would just leave if they introduced the “chat control” legislation.
I’m a bit surprised that the armed forces are openly opposing this, but good for them!
That is because they just decided to switch to use it for internal communications. This means that they would have to roll back that decision.
It would have been good of the article to mention that important tidbit…
It happened like 2 weeks ago so I will forgive them for missing it.
I mean beyond everything else, any group actually interested in the safety and security of citizens (so, not politicians or cops anywhere apparently), should be pushing everything to be encrypted everywhere. In the modern digital world anything not properly encrypted is at risk for ate tracks by bad actors.
The Swedish politicians tried adding backdoors to encrypted apps for at least 20 years :P I don’t really understand why they still (ever) think it is a good idea
The problem is that politicians don’t understand cyber security, whta their asking is basically the equivalent of closing the front door of a house and leaving the backdoor open. It was already proven to be a bad idea, eternalblue is a good example.
Is this law broad enough to also catch up Proton and its services?
This attack by governments on encryption is getting more and more concerning.
Proton is a company claiming to operate under Swiss law (which is doubtful,as the company itself is US based).
Sadly Swiss data privacy laws are shit and it’s intelligence agencies are known for overreach, especially when it comes to cross border data traffic.
Proton is swiss
And gobbles Trump’s knob publicly.
They won’t need a law to force compliance.
Sci-fi writing in here I see
EDIT: For the downvoters:
- He clearly didn’t support Trump in general, but he did praise Trump’s pick for the antitrust position.
- Proton code for the clients is opensource, so it’s not possible to add backdoors without being discovered (encryption happens in the clients).
- Proton business model is inherently disincentivizing them to do so. They are a profitable company with a clear profile that would lose so many customers if they decide to do so.
- Proton is incorporated in Switzerland, it’s unclear what the benefit would be to “appease” Trump.
- Proton is controlled by a nonprofit. In the board of this nonprofit there are people like Carissa Veliz (author of “Privacy is power”) and Tim Berners Lee. So even if Andy Yen was a full on MAGA, he still wouldn’t have autonomy to decide that. Note that he ceded control himself.
- There is absolutely nothing in the history of Proton that suggests they would be open to backdooring their software.
- There is a long track record of choices to protect users’ privacy. This also includes yearly substantial donations to nonprofits who work in this space.
If this is not enough, I don’t know what is, but for sure the baseless accusations of a random user shouldn’t be enough as well.
He clearly didn’t support Trump in general
lie
so it’s not possible to add backdoors
lie
Proton business model is inherently disincentivizing them to do so. They are a profitable company with a clear profile that would lose so many customers if they decide to do so.
Didn’t work on you
Proton is incorporated in Switzerland, it’s unclear what the benefit would be to “appease” Trump.
Straw man
So even if Andy Yen was a full on MAGA, he still wouldn’t have autonomy to decide that.
being a non profit and him owning enough of it to do what he wants are unrelated.
There is absolutely nothing in the history of Proton that suggests they would be open to backdooring their software.
There is a long track record of choices to protect users’ privacy.
Tell that french activist they turned logging on for and gave up to the authorities.
lie
We have the tweet, the context, his direct statements saying he didn’t. You have your own interpretation. See also https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e
so it’s not possible to add backdoor
lie
Quoting an incomplete sentence is peak bad faith. Please, elaborate on how they can backdoor the email communication without the change be visible in the clients. Take a proton to proton communication, and show me how they can backdoor the PGP encryption. I will propose 2 ways:
- maliciously patch the JS code of the webmail client, which will show the change in the browser, network communications etc.
- simply backdoor the client which will make it visible in the repo.
Didn’t work on you
Because they didn’t do anything that indicates they are violating my privacy. If they would, I would redirect my domain and drop them in a blink of an eye.
Straw man
It’s not a strawman lol. Pointing out the fact that it’s not evident what the advantage would be is an actual argument against saying that they would backdoor the software in compliance with trump’s wishes. Asking what the benefit is for such an immoral and illegal action seems reasonable to me?
being a non profit and him owning enough of it to do what he wants are unrelated
False. He gave away his stocks of the for profit company, which is now controlled by the nonprofit where he is 1 out of 5 (or 6?) In the board. A decision like this realistically will need to be approved by the board. Explain how he “owns enough to do what he wants” please.
Tell that french activist they turned logging on for and gave up to the authorities.
what would you expect any organization could do in that position? If there is a culprit there, it is the government. Complying with legal orders (which BTW they are transparent about and they challenge lots of them too) is a requirement for a company to operate. There are 2 cases that I know of so far (in the other they have been forced to give all the data they had about a user, and the only data they gave was a recovery email address), and they are 100% expected. Unless you want to be a rogue organization, there is nothing you can do in those cases. This if anything is a good test that shows how little data they collect or have. Unfortunately for logs of VPN connection there is no technical solution that will ever prevent from logging data again (mullvad is now experimenting with a double tunnel, but that is just a small nuisance for law enforcement), like there is for encryption (I.e., encryption happened with keys we cannot retrieve, sorry can’t help you).
If y’all are expecting (and relying on) legal businesses to tell police raiding their offices to fuck off, then you clearly don’t understand secops.
How dare you go against the lemmy hive mind. We need to shit on Proton or you will be punished with negative numbers!
you will be punished with negative numbers!
Thanks for making me chuckle.
Is this law broad enough to also catch up Proton and its services?
They don’t need a law, they already logged and complied on request
Meanwhile, the Swedish Armed Forces recently decided to use Signal for secure communication: https://www.forsvarsmakten.se/sv/aktuellt/2025/02/forsvarsmakten-anvander-appen-signal-for-oppen-kommunikation-med-mobiltelefoner/
Half of the original article:
The Armed Forces, on the other hand, are negative and write in a letter to the government that the proposal cannot be realized “without introducing vulnerabilities and backdoors that can be exploited by third parties”, reports SVT.
So that’s covered.
The “if” to that “then” being that if they pass a law that would make Signal illegal in Sweden, then Signal will leave Sweden.
Illegal unless they install the backdoors. They could choose to do that instead of leaving Sweden, but they are choosing to leave Sweden.
If they did that, Signal would no longer exist at all. Nobody anywhere in the world would want to continue using it.
I think you wildly misunderstand the average person’s motivations and how they weigh decisions.
We’re talking about Signal, not FB Messenger. People use Signal because of the encryption, and they would leave.
Nice PR move, but when do you announce leaving the US, which is the much bigger issue right now?
I’m not familiar with EU law, but wouldn’t this set a precidence across the whole EU?
There is no such thing as a precedent in EU law. Any court can in general disagree with any other court. Appeals still exist, but they are only valid for that one case.
Judges don’t make laws here.
Don’t worry we stopped that in the US too. Congress doesn’t make laws either. We are post-laws.
What about Threema? 🤔
I found the other Threema user! 🎉
Next in line should be matrix. People say it’s hard to use but the devs have gone through like 3 app revisions since then. Main instance requires email but a lot are fully anon.
DeltaChat makes so much more sense imho for texting. It is based on E-Mail. You can either use their e-mail service (requiring only a username) or you can use your existing imap-email account. End-End encryption is handled automatically.
Did they figure out forward security and metadata yet? Last I saw they sort of handwaved it.
It’s worth noting that mullvad is based in Sweden
Mullvad has proven time and time again that they don’t log anything at all. Even if they give backdoor access, there’s nothing to record.
Literally the first sentence of the article: “The government wants Signal and Whatsapp to be forced to store messages sent using the apps.”
WireGuard protocol logs very little information by default. There is literally no way to make it log more than it does by default.
Even then, Mullvad has no customer information. You’re given a customer number, which is intentional.
I stand by my initial post in that there is very little, if anything, to record on a Mullvad server. If I’m not mistaken, Mullvad recently announced they are running all VPN services through a RAM only setup, therefore, there aren’t even any drives to record customer information even if they chose to.
There absolutely is a way to make it log more. Simply add a function to dump the data passing through it. Just because right now there is no such function does not mean one cannot be added.