• Talaraine@fedia.io
    link
    fedilink
    arrow-up
    148
    ·
    10 days ago

    Literally on the heels of the revelation that China is spying on all chats and phone calls, these clowns still think back doors are safe in any way.

    I swear, humanity is simply failing the IQ test here.

  • CosmoNova@lemmy.world
    link
    fedilink
    English
    arrow-up
    112
    ·
    10 days ago

    What we need are laws to prevent this kind of court trolling because courts all over europe are wasting time and money on these repeated proposals. Politicians should be held accountable for wasting everyone’s time.

    • rottingleaf@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      8 days ago

      I thought a lot about fair government and such when I was 16-17.

      And it came down to any such action being individual, thus having an initiator, who is the responsible person, or a group of such.

      And such laws, when not passing through courts, should require a huge payment (should be tied to total GDP, I think), equally split among members of that group (so a group does not become an entity).

      No person from among them can initiate anything such until having paid the previous.

      It seems logical, I mean. If something IRL is being overloaded, it should just be a paid service. Same here.

      Should be expensive enough so to not be an acceptable cost of doing business for a corrupt politician.

      Also the cost should depend on which tier of laws this is - suppose regulation of milk products is lower tier than total fscking surveillance.

      Also the court should be able to determine whether a rejected initiative is a repetition, in which case the cost will be, say, order x 12 x “last year’s GDP” x coefficient x tier.

      It’s ridiculous that lawmaking is free, with the amount of value it redistributes.

  • ERROR: Earth.exe has crashed@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    79
    arrow-down
    1
    ·
    edit-2
    10 days ago

    If y’all wanna know why is this stupid

    Take a look at the so-called “TSA-Approved Locks”

    The locks that lets TSA have a “special key” to unlock your bags to search then without cutting it open.

    The same “special key” is available to buy on amazon.

    🤣

    It’s even worse than no locks, since someone could plant drugs in your bag using the “special key”, and since there’s no evidence of tampering, and the bag is also locked, the blame falls on you.

    • wurstgulasch3000@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      10 days ago

      Oh no you don’t understand, with this legislation bad actors and foreign intelligence would not be allowed to use these back doors. So they can’t do it because it’s illegal. That’s why it’s 100% safe. I mean don’t you trust the it competence of 60+ year old law makers?

      OK I will stop now

    • daggermoon@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      10 days ago

      For anyone else who’s curious about the history I actually went and looked this up. Photos of the keys were accidentally leaked on the Travel Sentry website. This made it very easy to copy. The website says “Sensitive Information – do not post, copy or disseminate”. Clearly someone elected to do the opposite.

        • Adincar@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          7
          ·
          10 days ago

          I believe DeviantOllam recommends putting a gun in your bag (from memory a starter gun counts as a gun to TSA but doesn’t have the whole licence restrictions of an actual firearm). Because you have a gun you are allowed to lock it with an actual padlock and the TSA can’t just go through your stuff. If you put a padlock on otherwise they’ll just cut it off and you’re back to square one.

      • cmnybo@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        14
        ·
        10 days ago

        I just use a zip tie. It keeps the bag shut and it’s obvious if they open it. Of course they could potentially replace it with an identical zip tie. You can get security seals that are serial numbered if you want to protect against that.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          7
          ·
          10 days ago

          Good idea. And you could easily add a mark (maybe green permanent marker?) and they’re most likely not going to replicate it. Prep a few and carry the zip ties in your personal item or something.

          That said, zip ties seem kind of annoying since you’ll need to cut them at the destination, without being able to being a knife with you.

    • DacoTaco@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      10 days ago

      Even worse btw, you can 3d print the tsa master keys. I have them printed, and confirmed them working.

      Tsa knows about this, and they have publicly said they dont care

    • Mr_Blott@feddit.uk
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      10 days ago

      Where I am, we have “Post Office approved” locks, cam locks for your post box that can be opened with your key plus a special key that the postie has, in case they have a parcel that won’t go in the slot.

      Yes, you can get one of the special keys if you know where to look

      No, it isn’t a problem because we’re not a bunch of fucking savages 😂

      • ERROR: Earth.exe has crashed@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        8
        ·
        10 days ago

        Yea, a mailbox near your house all the time is not the same as a luggage that to through MILLIONS of people in a busy airport. Only take one scum out of a million to ruin it.

        Fun fact: I never actually had a porch pirate. Well other than a neighbor’s kid being a dipshit (or maybe mistaken it to be their package, who knows), but that eventually got returned, and one time, the delivery driver kinda stole it before it ever arrived on the porch, so it was not technically porch theft. Reported that one and got refunded.

        Like never a random dude (or gal) that just walked up and grabbed a package. Like never!

      • Valmond@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 days ago

        This metaphor is so bad. You expect people on the internet to act like good neighbours?

    • Wrufieotnak@feddit.org
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      10 days ago

      It was the one good thing the german liberal party FDP was good for, but they aimed to destroy the coalition from the inside (literally! they made plans and discussion meetings when the best time to destroy it would be). And now they are out and we have the SPD and the Greens left. So one party who really has a hard on for surveillance and the other one who is undecided.

  • latenightnoir@lemmy.world
    link
    fedilink
    English
    arrow-up
    35
    arrow-down
    1
    ·
    10 days ago

    1000010988

    In all seriousness, the EU has become beyond frustrating in so many ways… Kudos for fighting against corporate monoliths, but… c’moon!

    • themurphy@lemmy.ml
      link
      fedilink
      English
      arrow-up
      35
      arrow-down
      1
      ·
      10 days ago

      I don’t think you get the EU. It’s a democracy and everyone can submit proposals.

      This is a proposal from pro-Russian Orban from Hungary, and not EU’s opinion.

      • latenightnoir@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 days ago

        I see your point, although I still can’t shake the impression that the entire EU’s shifting away from its potential of being the best example. Sure, it’s down to individual people with individual views, but we’re still to see if it’s greater than the sum of its parts, to be honest…

        Don’t get me wrong, I’d still rather we have the EU than not have it, but I’d wish to see a lot more reasonable and rational minds on the council and have it be felt throughout its policies.

      • rottingleaf@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        10
        ·
        10 days ago

        It’s a democracy where the European Commission (which is actually the main governing body of the EU and not EP) is comprised of people put there by bureaucracies.

        I don’t think you get the EU. It’s a failed attempt at powerful democratic version of USSR, that has been retconned into a successful confederacy, only it’s not that too.

          • jagged_circle@feddit.nl
            link
            fedilink
            English
            arrow-up
            2
            ·
            10 days ago

            Yes. Specifically the top secret slide that listed Signal and Tor as being “disastrous” to their dragnet surveillance systems

            • UnderpantsWeevil@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              10 days ago

              And I’m sure in the intervening ten years they haven’t done anything about that

              https://blog.dijit.sh/i-don-t-trust-signal/

              Signal is not open source

              Why would I say something so provably untrue? “Of course signal is open source, it’s on f-droid! (it’s not, actually1); there are even sources on github!” … I can already hear it coming.

              How is it then dear reader, that they developed MobileCoin integrations for over a year without anyone knowing?

              That would be because, they stopped updating sources. We can be reasonably sure that private & unpublished code was in production, otherwise they left some security vulnerabilities unpatched for a long time2. This throws into question the entire nature of what they consider “open source” to mean, they are clearly comfortable deploying non-public software.

              It’s also vanishingly small amounts of people who will use the from-FOSS versions of the client, nearly everyone will be downloading it from Google Play or Apple’s App Store; and they have a long way to go when it comes to verified builds which seems to work when you google it and there’s a page; but in reality if you read the page you’d realise is not possible.

              Which gives a false appearance in my opinion, and that is a large part of my issue honestly; that there is a surface level of “everything is by the book” but underlying it all is: nothing, really. Signal doesn’t give you any option to verify their claims

              If I were in a situation to be signal, if there was a competing implementation that I could point my clients to (similar to how headscale is an implementation of tailscale’s control server); I’d certainly be a lot more comfortable, since then I could be in a situation where I can see all traffic to my server and jail/inspect all traffic coming from the binary distributed Signal client; thus it would allow for independent verification of the binary distributions delivered via Play or the iOS App Store.

              As it stands the whole thing is built on trust and people believe that someone else will do the hard part of reverse engineering every version.

              Which I don’t have to tell you is significantly more effort, requires much more advanced skills and might not even yield results even if there were concerning items yet to be discovered.

              “Moxie says you can run your own server though!”3; I’d like to see where I can change the endpoint in the signal app that’s distributed via Play or App Store; my claim is purely that I can’t verify those and that few enough people run the custom compiled versions to be meaningful. If I was to be smart and want to hide a back door I’d only need one side of every conversation. – please note though, I’m not saying they do this, I’m just saying that they could do this and the only thing that says they don’t is “trust me”.

              • Laurel Raven@lemmy.zip
                link
                fedilink
                English
                arrow-up
                1
                ·
                10 days ago

                That sounds pretty bad, but 1) the article is 3 and a half years old (not that big of a deal really, but an update on the current status would be useful at this point), and 2) I see plenty of commits to all five of their pubic facing repos.

                I’m not saying they’re wrong…I’m not going to presume to understand it better than them… But I’m not seeing how that translates to them hiding things from public view, or if they were that they’re still doing so. If you’re aware of something I’m missing there, I’m very much interested in hearing about it.

                But yes, trust should not be implicit, it should be verified.

    • ambitiousslab@lemmy.ml
      link
      fedilink
      English
      arrow-up
      14
      ·
      10 days ago

      To answer seriously: unfortunately, the UK is one step ahead with the Online Safety Act. They’ve already given Ofcom the power to enforce client-side scanning. Ofcom themselves are deciding whether they want to use this power yet and this should happen sometime next year.

        • ambitiousslab@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 days ago

          I think (and hope!) it would likely only get applied to the biggest services, and would be enforced by removal from the app stores.

          Then, the logical next step for the government when this doesn’t work would be to allow this requirement at the OS level.

    • Valmond@lemmy.world
      link
      fedilink
      English
      arrow-up
      30
      ·
      10 days ago

      First they came for whatsapp. I didn’t say anything because I don’t use whattsapp.

    • Petter1@lemm.ee
      link
      fedilink
      English
      arrow-up
      12
      ·
      10 days ago

      It would concern all messaging apps, which is beyond stupid. Lol, even nato uses the matrix protocol.

        • Petter1@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 days ago

          Oh, I thought that was clear by context…

          I definitely would sideload the secure versions, if I was affected, which got more easy thanks to EU, lol

          • jagged_circle@feddit.nl
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            10 days ago

            Again, no sideloading needed. You’re misunderstanding the executive.

            They enforce this by freezing bank accounts and issuing fines to corporations, not by internet censorship.

            So any company that doesn’t have money flowing through the EU is unaffected. And any company that does have money flowing through the EU has a choice to either pull out of the EU or to fuck over their users.

            • Petter1@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              ·
              10 days ago

              I’m sure, that they would ask apple and google to remove all messaging apps from organisations with no EU money flow?

              Or do you not think so too?

              • EngineerGaming@feddit.nl
                link
                fedilink
                English
                arrow-up
                2
                ·
                9 days ago

                I don’t see how this would be a problem either except on Apple. Blocking the sites offering the apk/deb/exe/etc - good luck, doubt their censorship skills are that good given that they’re unlikely to want a ton of collateral damage like more authoritarian places.

    • Free_Opinions@feddit.uk
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      17
      ·
      edit-2
      10 days ago

      And instead use what? Signal? And then chat with the zero other people who use it?

      Telling europeans to not use whatsapp is like telling people not to use the power grid. It’s more popular here than iMessages are in the US.

      • Lazycog@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        12
        ·
        edit-2
        10 days ago

        I’m European using signal, I frequent in two countries very often (not neighbouring countries) and for the past two years I’ve noticed more and more people using signal.

        Ditched whatsapp half a year ago and haven’t had problems. Some friends use both signal and whatsapp.

        Not saying many in whole Europe use signal but it certainly is not only popular in US.

        Edit: but not saying using signal will change anything if this bill passes. No matter what popular app we use we are going to have no privacy at all if this thing passes…

        • woelkchen@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          10 days ago

          WhatsApp uses the same encryption as Signal and chat screening won’t be exclusive to WhatsApp anyway, so whatever WhatsApp will need to implement to comply, Signal will have to follow.

            • woelkchen@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              10 days ago

              Good luck setting up your own server and convincing everybody else to use that.

              Signal is not federated. It relies on a central server, meaning for all intends and purposes Signal controls the entire chain.

              • Zetta@mander.xyz
                link
                fedilink
                English
                arrow-up
                1
                ·
                10 days ago

                End to end encrypted, I think chat control is all about client-side scanning so the app being open source is a big deal and would prevent client-side scanning because even if they build in client-side scanning, it’s open source and people can remove it.

                • EngineerGaming@feddit.nl
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  9 days ago

                  Signal is pretty control freak-y, so would not be surprised if they can somehow prohibit third-party modifications entirely. That would be out-of-character for them, though, so doubt they would actually go through with this.

                  Still, if that went through, I’d discount all the centralized solutions.

      • daggermoon@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        6
        ·
        10 days ago

        Why do you assume I’m American? I am, but you would have no way of knowing that. I could be Croatian for all you know.

        • Free_Opinions@feddit.uk
          link
          fedilink
          English
          arrow-up
          3
          ·
          10 days ago

          I haven’t made any assumptions about where you’re from. I’m only arguing against the blanket statement of telling everyone to stop using whatsapp.

          • daggermoon@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            10 days ago

            Sorry but if you want private messaging Signal is your only option. I’m sorry you all have to deal with it but now is a good time to bully friends and family into switching to Signal.

      • 0x0@infosec.pub
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        7
        ·
        10 days ago

        I dont know a single euroepean that is using WhatsApp, and im european… i mostly encounter asian people that use it.

        • woelkchen@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          10 days ago

          Then you’re in a weird bubble. Nearly everyone uses it. I do. I hate it, I think its usability is bad, why can I only link four devices, etc.

        • Brumefey@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          ·
          10 days ago

          WhatsApp is everywhere. Even at school it’s used for parents discussions. I have Signal but not using it since nobody has it…

  • MonkderVierte@lemmy.ml
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    10 days ago

    Look, it was discussed for years already and we have a consensus; it’s technically and legally not possible without giving you the keys (methaphorically and literally) and we can’t give you the keys because that would quickly lead to you abusing the power given to you.

  • sunbeam60@lemmy.one
    link
    fedilink
    English
    arrow-up
    8
    ·
    10 days ago

    I actually don’t really understand how they would do this. Isn’t WhatsApp end to end by protocol? They’d have to share messages at the client side. What a mess.

  • Teknikal@eviltoast.org
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    10 days ago

    I use signal but I always kind of wanted to switch people to threema but in reality it’s hard enough getting them to install signal.

    • MaggiWuerze@feddit.org
      link
      fedilink
      English
      arrow-up
      6
      ·
      10 days ago

      Threema really doesn’t do a good job of making it easy to switch. For the regular user there is too much that can go wrong and its too easy to lose your chats when migrating to a new phone