this post was submitted on 18 Jun 2024
245 points (100.0% liked)
Privacy
31975 readers
740 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is what I guessed the other day when a post here didn't clarify what the censorship meant.
While I'm not a fan of this stupid regulation, it doesn't sound like being the armageddon that turns e2ee into ashes.
(Given that Signal doesn't like it, I might be wrong though.)
As long as we trust, say, Signal, it will possibly be able to do the scan without sending a good chunk of the image data that the user is sending. URLs can be hashed before sending it to the scanner.
The remaining piece for privacy is to use open source and to guarantee that the binaries are free of modification from the original. This problem always existed on the Apple ecosystem btw.
Its a slippery slope thing. Sure, technically it doesn't break e2ee, but it basically forces app developers to integrate a trojan into their app that scans messages before they are encrypted and send. Right now it is "only" for images, but once this is in place and generally accepted, what is stopping lawmakers to extend it to scanning all messages?
I think the parent is distinguishing between messages & the attachments as they are stored differently & often in different places in many systems. But I agree with you in assuming that the goal would ultimately be to then start scanning messages too.
Imagine governments used something like SHA1 that has conflicts & now you have collision potential--you could even fabricate attachments that could cause a collision to get someone throw in jail since all you have to rely on is the file hashes. If you can’t scan the actually content & you are just using hashes, then you also don’t prevent new content that those in power deem ‘bad’ from being flagged either which doesn’t really stop the proliferation of the ‘bad thing’ just specific known ‘bad things’. If I were implementing clients, I would start adding random bits to the metadata so the hashes always change.
The only way this system even works is if there are centralized points the governments/corporations can control. Chalk this up as another point for supporting decentralization & lightweight self-hosting since it would be impossible to have oversight over such a system if anyone can spin up a personal server in their bedroom.