The government wants Signal and Whatsapp to be forced to store messages sent using the apps
  • According to Whittaker, the bill requires the encrypted messaging app Signal to install so-called backdoors in the software.
  • HSR🏴‍☠️@lemmy.dbzer0.comEnglish
    4·
    18 days ago

    There needs to be a messaging app which provides a backdoor for every government that requests it. Every time some dumbass legislator asks for a super-giga-secure-backdoor they promise not to misuse, they should be directed to that app.

  • Mio@feddit.nuEnglish
    3·
    17 days ago

    This law cannot go through! This is a threat to democracy in our country.

    Privacy matter. You must be able to talk to your friends without needing to worry about if the government is listening to you. This will not help to catch the bad guys as they will just change to some other protocol. But it opens up the possiblity for third party doing something that they should not even be able to do. Stop this now.

  • cygnus@lemmy.caEnglish
    2·
    18 days ago

    I’m a bit surprised that the armed forces are openly opposing this, but good for them!

    • mumblerfish@lemmy.worldEnglish
      2·
      18 days ago

      That is because they just decided to switch to use it for internal communications. This means that they would have to roll back that decision.

      • cygnus@lemmy.caEnglish
        1·
        18 days ago

        It would have been good of the article to mention that important tidbit…

        • lud@lemm.eeEnglish
          1·
          18 days ago

          It happened like 2 weeks ago so I will forgive them for missing it.

    • Savaran@lemmy.worldEnglish
      1·
      18 days ago

      I mean beyond everything else, any group actually interested in the safety and security of citizens (so, not politicians or cops anywhere apparently), should be pushing everything to be encrypted everywhere. In the modern digital world anything not properly encrypted is at risk for ate tracks by bad actors.

  • visnae@lemmy.worldEnglish
    2·
    18 days ago

    The Swedish politicians tried adding backdoors to encrypted apps for at least 20 years :P I don’t really understand why they still (ever) think it is a good idea

    • themachinestops@lemmy.dbzer0.comEnglish
      1·
      18 days ago

      The problem is that politicians don’t understand cyber security, whta their asking is basically the equivalent of closing the front door of a house and leaving the backdoor open. It was already proven to be a bad idea, eternalblue is a good example.

  • harsh3466@lemmy.mlEnglish
    2·
    18 days ago

    Is this law broad enough to also catch up Proton and its services?

    This attack by governments on encryption is getting more and more concerning.

    • philpo@feddit.orgEnglish
      1·
      17 days ago

      Proton is a company claiming to operate under Swiss law (which is doubtful,as the company itself is US based).

      Sadly Swiss data privacy laws are shit and it’s intelligence agencies are known for overreach, especially when it comes to cross border data traffic.

        • sudneo@lemm.eeEnglish
          0·
          18 days ago

          Sci-fi writing in here I see

          EDIT: For the downvoters:

          • He clearly didn’t support Trump in general, but he did praise Trump’s pick for the antitrust position.
          • Proton code for the clients is opensource, so it’s not possible to add backdoors without being discovered (encryption happens in the clients).
          • Proton business model is inherently disincentivizing them to do so. They are a profitable company with a clear profile that would lose so many customers if they decide to do so.
          • Proton is incorporated in Switzerland, it’s unclear what the benefit would be to “appease” Trump.
          • Proton is controlled by a nonprofit. In the board of this nonprofit there are people like Carissa Veliz (author of “Privacy is power”) and Tim Berners Lee. So even if Andy Yen was a full on MAGA, he still wouldn’t have autonomy to decide that. Note that he ceded control himself.
          • There is absolutely nothing in the history of Proton that suggests they would be open to backdooring their software.
          • There is a long track record of choices to protect users’ privacy. This also includes yearly substantial donations to nonprofits who work in this space.

          If this is not enough, I don’t know what is, but for sure the baseless accusations of a random user shouldn’t be enough as well.

          • rumba@lemmy.zipEnglish
            0·
            18 days ago

            He clearly didn’t support Trump in general

            lie

            so it’s not possible to add backdoors

            lie

            Proton business model is inherently disincentivizing them to do so. They are a profitable company with a clear profile that would lose so many customers if they decide to do so.

            Didn’t work on you

            Proton is incorporated in Switzerland, it’s unclear what the benefit would be to “appease” Trump.

            Straw man

            So even if Andy Yen was a full on MAGA, he still wouldn’t have autonomy to decide that.

            being a non profit and him owning enough of it to do what he wants are unrelated.

            There is absolutely nothing in the history of Proton that suggests they would be open to backdooring their software.

            https://techcrunch.com/2021/09/06/protonmail-logged-ip-address-of-french-activist-after-order-by-swiss-authorities/

            There is a long track record of choices to protect users’ privacy.

            Tell that french activist they turned logging on for and gave up to the authorities.

            • sudneo@lemm.eeEnglish
              1·
              18 days ago

              lie

              We have the tweet, the context, his direct statements saying he didn’t. You have your own interpretation. See also https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e

              so it’s not possible to add backdoor

              lie

              Quoting an incomplete sentence is peak bad faith. Please, elaborate on how they can backdoor the email communication without the change be visible in the clients. Take a proton to proton communication, and show me how they can backdoor the PGP encryption. I will propose 2 ways:

              • maliciously patch the JS code of the webmail client, which will show the change in the browser, network communications etc.
              • simply backdoor the client which will make it visible in the repo.

              Didn’t work on you

              Because they didn’t do anything that indicates they are violating my privacy. If they would, I would redirect my domain and drop them in a blink of an eye.

              Straw man

              It’s not a strawman lol. Pointing out the fact that it’s not evident what the advantage would be is an actual argument against saying that they would backdoor the software in compliance with trump’s wishes. Asking what the benefit is for such an immoral and illegal action seems reasonable to me?

              being a non profit and him owning enough of it to do what he wants are unrelated

              False. He gave away his stocks of the for profit company, which is now controlled by the nonprofit where he is 1 out of 5 (or 6?) In the board. A decision like this realistically will need to be approved by the board. Explain how he “owns enough to do what he wants” please.

              Tell that french activist they turned logging on for and gave up to the authorities.

              what would you expect any organization could do in that position? If there is a culprit there, it is the government. Complying with legal orders (which BTW they are transparent about and they challenge lots of them too) is a requirement for a company to operate. There are 2 cases that I know of so far (in the other they have been forced to give all the data they had about a user, and the only data they gave was a recovery email address), and they are 100% expected. Unless you want to be a rogue organization, there is nothing you can do in those cases. This if anything is a good test that shows how little data they collect or have. Unfortunately for logs of VPN connection there is no technical solution that will ever prevent from logging data again (mullvad is now experimenting with a double tunnel, but that is just a small nuisance for law enforcement), like there is for encryption (I.e., encryption happened with keys we cannot retrieve, sorry can’t help you).

            • Miaou@jlai.luEnglish
              1·
              18 days ago

              If y’all are expecting (and relying on) legal businesses to tell police raiding their offices to fuck off, then you clearly don’t understand secops.

          • yyprum@lemmy.dbzer0.comEnglish
            0·
            18 days ago

            How dare you go against the lemmy hive mind. We need to shit on Proton or you will be punished with negative numbers!

            • sudneo@lemm.eeEnglish
              11·
              18 days ago

              you will be punished with negative numbers!

              Thanks for making me chuckle.

    • corsicanguppy@lemmy.caEnglish
      3·
      18 days ago

      Half of the original article:

      The Armed Forces, on the other hand, are negative and write in a letter to the government that the proposal cannot be realized “without introducing vulnerabilities and backdoors that can be exploited by third parties”, reports SVT.

      So that’s covered.

  • kbal@fedia.io
    1·
    18 days ago

    The “if” to that “then” being that if they pass a law that would make Signal illegal in Sweden, then Signal will leave Sweden.

    • Mesophar@lemm.eeEnglish
      0·
      18 days ago

      Illegal unless they install the backdoors. They could choose to do that instead of leaving Sweden, but they are choosing to leave Sweden.

      • kbal@fedia.io
        1·
        18 days ago

        If they did that, Signal would no longer exist at all. Nobody anywhere in the world would want to continue using it.

        • Kichae@lemmy.caEnglish
          11·
          18 days ago

          I think you wildly misunderstand the average person’s motivations and how they weigh decisions.

  • poVoq@slrpnk.netMEnglish
    1·
    18 days ago

    Nice PR move, but when do you announce leaving the US, which is the much bigger issue right now?

    • ℍ𝕂-𝟞𝟝@sopuli.xyzEnglish
      0·
      18 days ago

      There is no such thing as a precedent in EU law. Any court can in general disagree with any other court. Appeals still exist, but they are only valid for that one case.

      Judges don’t make laws here.

      • easily3667@lemmus.orgEnglish
        1·
        17 days ago

        Don’t worry we stopped that in the US too. Congress doesn’t make laws either. We are post-laws.

    • easily3667@lemmus.orgEnglish
      0·
      17 days ago

      Next in line should be matrix. People say it’s hard to use but the devs have gone through like 3 app revisions since then. Main instance requires email but a lot are fully anon.

      • Prism@feddit.orgEnglish
        0·
        17 days ago

        DeltaChat makes so much more sense imho for texting. It is based on E-Mail. You can either use their e-mail service (requiring only a username) or you can use your existing imap-email account. End-End encryption is handled automatically.

        • easily3667@lemmus.orgEnglish
          1·
          16 days ago

          Did they figure out forward security and metadata yet? Last I saw they sort of handwaved it.

    • anon@lemmus.orgEnglish
      0·
      18 days ago

      Mullvad has proven time and time again that they don’t log anything at all. Even if they give backdoor access, there’s nothing to record.

      • Rednax@lemmy.worldEnglish
        0·
        18 days ago

        Literally the first sentence of the article: “The government wants Signal and Whatsapp to be forced to store messages sent using the apps.”

        • anon@lemmus.orgEnglish
          0·
          18 days ago

          WireGuard protocol logs very little information by default. There is literally no way to make it log more than it does by default.

          Even then, Mullvad has no customer information. You’re given a customer number, which is intentional.

          I stand by my initial post in that there is very little, if anything, to record on a Mullvad server. If I’m not mistaken, Mullvad recently announced they are running all VPN services through a RAM only setup, therefore, there aren’t even any drives to record customer information even if they chose to.

          • LH0ezVT@sh.itjust.worksEnglish
            1·
            17 days ago

            There absolutely is a way to make it log more. Simply add a function to dump the data passing through it. Just because right now there is no such function does not mean one cannot be added.