- cross-posted to:
- privacy@lemmy.ml
- europe@feddit.org
- cross-posted to:
- privacy@lemmy.ml
- europe@feddit.org
cross-posted from: https://lemmy.world/post/22814154
Literally on the heels of the revelation that China is spying on all chats and phone calls, these clowns still think back doors are safe in any way.
I swear, humanity is simply failing the IQ test here.
Google “TSA-Approved Locks”
This is the same stupid thing, but digital.
What we need are laws to prevent this kind of court trolling because courts all over europe are wasting time and money on these repeated proposals. Politicians should be held accountable for wasting everyone’s time.
In the US somebody recently found a way to account powerful people.
Yay murder.
Yes, murder. That’s what his company did to many families.
But it didn’t work, ended up just with bruises.
I thought a lot about fair government and such when I was 16-17.
And it came down to any such action being individual, thus having an initiator, who is the responsible person, or a group of such.
And such laws, when not passing through courts, should require a huge payment (should be tied to total GDP, I think), equally split among members of that group (so a group does not become an entity).
No person from among them can initiate anything such until having paid the previous.
It seems logical, I mean. If something IRL is being overloaded, it should just be a paid service. Same here.
Should be expensive enough so to not be an acceptable cost of doing business for a corrupt politician.
Also the cost should depend on which tier of laws this is - suppose regulation of milk products is lower tier than total fscking surveillance.
Also the court should be able to determine whether a rejected initiative is a repetition, in which case the cost will be, say, order x 12 x “last year’s GDP” x coefficient x tier.
It’s ridiculous that lawmaking is free, with the amount of value it redistributes.
If y’all wanna know why is this stupid
Take a look at the so-called “TSA-Approved Locks”
The locks that lets TSA have a “special key” to unlock your bags to search then without cutting it open.
The same “special key” is available to buy on amazon.
🤣
It’s even worse than no locks, since someone could plant drugs in your bag using the “special key”, and since there’s no evidence of tampering, and the bag is also locked, the blame falls on you.
Oh no you don’t understand, with this legislation bad actors and foreign intelligence would not be allowed to use these back doors. So they can’t do it because it’s illegal. That’s why it’s 100% safe. I mean don’t you trust the it competence of 60+ year old law makers?
OK I will stop now
For anyone else who’s curious about the history I actually went and looked this up. Photos of the keys were accidentally leaked on the Travel Sentry website. This made it very easy to copy. The website says “Sensitive Information – do not post, copy or disseminate”. Clearly someone elected to do the opposite.
Do I seriously need to put always on cameras in my luggage?
I mean, thats why you don’t use TSA locks. Use a normal lock, and when it gets broken, now you have plausible deniability.
I believe DeviantOllam recommends putting a gun in your bag (from memory a starter gun counts as a gun to TSA but doesn’t have the whole licence restrictions of an actual firearm). Because you have a gun you are allowed to lock it with an actual padlock and the TSA can’t just go through your stuff. If you put a padlock on otherwise they’ll just cut it off and you’re back to square one.
I just use a zip tie. It keeps the bag shut and it’s obvious if they open it. Of course they could potentially replace it with an identical zip tie. You can get security seals that are serial numbered if you want to protect against that.
You can undo and reuse a zip tie by just lifting up the flap with a small object.
Good idea. And you could easily add a mark (maybe green permanent marker?) and they’re most likely not going to replicate it. Prep a few and carry the zip ties in your personal item or something.
That said, zip ties seem kind of annoying since you’ll need to cut them at the destination, without being able to being a knife with you.
I put a cheap pair of wire cutters in the front pocket of the suitcase to cut the zip tie off with.
If your bag has an exposed zipper, then a malicious actor doesn’t need to pick your lock, they can just get through the zipper with a pen usually, and they can still zip it up after.
I guess it could be better to not lock it at all and use some other form of tamper detection?
Or I guess I could just travel with a pelican case so they have to defeat the lock to get in.
Be sure to put a flare gun in it. Then you’re actually allowed/required to lock it.
That kinda leave evidence tho.
Like they can probably steal shit, but not plant drugs and frame you for it.
It’s in the video how he closes it again to remove the evidence. https://youtu.be/wpIJVWXsBBI?t=93
Oh I didn’t watch the video at first and I was thinking of the ones where the locking mechanism is stationary and attached to the suitcase, not a separate lock that you use.
Those stationary ones, you cannot rezip.
Yeah, okey. That makes sense. I would be difficult to hide the intrusion if you can’t move the zippers.
Ink bombs like some ATMs have.
I’m sure the TSA would love that…
wow, a lock that decreases your security
Even worse btw, you can 3d print the tsa master keys. I have them printed, and confirmed them working.
Tsa knows about this, and they have publicly said they dont care
Where I am, we have “Post Office approved” locks, cam locks for your post box that can be opened with your key plus a special key that the postie has, in case they have a parcel that won’t go in the slot.
Yes, you can get one of the special keys if you know where to look
No, it isn’t a problem because we’re not a bunch of fucking savages 😂
Yea, a mailbox near your house all the time is not the same as a luggage that to through MILLIONS of people in a busy airport. Only take one scum out of a million to ruin it.
Fun fact: I never actually had a porch pirate. Well other than a neighbor’s kid being a dipshit (or maybe mistaken it to be their package, who knows), but that eventually got returned, and one time, the delivery driver kinda stole it before it ever arrived on the porch, so it was not technically porch theft. Reported that one and got refunded.
Like never a random dude (or gal) that just walked up and grabbed a package. Like never!
Context: https://en.wikipedia.org/wiki/Regulation_to_Prevent_and_Combat_Child_Sexual_Abuse
How your representatives in EU parliament voted: https://mepwatch.eu/9/vote.html?v=134463&country=fr|de
Looks like it’s mostly german representatives that block it. They remember the stasi.
It was the one good thing the german liberal party FDP was good for, but they aimed to destroy the coalition from the inside (literally! they made plans and discussion meetings when the best time to destroy it would be). And now they are out and we have the SPD and the Greens left. So one party who really has a hard on for surveillance and the other one who is undecided.
In all seriousness, the EU has become beyond frustrating in so many ways… Kudos for fighting against corporate monoliths, but… c’moon!
I don’t think you get the EU. It’s a democracy and everyone can submit proposals.
This is a proposal from pro-Russian Orban from Hungary, and not EU’s opinion.
I see your point, although I still can’t shake the impression that the entire EU’s shifting away from its potential of being the best example. Sure, it’s down to individual people with individual views, but we’re still to see if it’s greater than the sum of its parts, to be honest…
Don’t get me wrong, I’d still rather we have the EU than not have it, but I’d wish to see a lot more reasonable and rational minds on the council and have it be felt throughout its policies.
It’s a democracy where the European Commission (which is actually the main governing body of the EU and not EP) is comprised of people put there by bureaucracies.
I don’t think you get the EU. It’s a failed attempt at powerful democratic version of USSR, that has been retconned into a successful confederacy, only it’s not that too.
The EU is cosplaying a democracy.
*USA
Here we go again Good old Child abuse.
Is this a Brexit benefit?
Not when the UK is already a member of Five Eyes.
Isn’t that a burger restaurant?
Yeah, they’re a burgers & spies joint.
Not quite
https://en.wikipedia.org/wiki/Five_Eyes
An Anglosphere intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. These countries are party to the multilateral UK-USA Agreement, a treaty for joint cooperation in signals intelligence.
Woosh
Even the US let’s us use encrypted messaging apps
The PRISM leak demonstrated how much that’s worth
Yes. Specifically the top secret slide that listed Signal and Tor as being “disastrous” to their dragnet surveillance systems
And I’m sure in the intervening ten years they haven’t done anything about that
https://blog.dijit.sh/i-don-t-trust-signal/
Signal is not open source
Why would I say something so provably untrue? “Of course signal is open source, it’s on f-droid! (it’s not, actually1); there are even sources on github!” … I can already hear it coming.
How is it then dear reader, that they developed MobileCoin integrations for over a year without anyone knowing?
That would be because, they stopped updating sources. We can be reasonably sure that private & unpublished code was in production, otherwise they left some security vulnerabilities unpatched for a long time2. This throws into question the entire nature of what they consider “open source” to mean, they are clearly comfortable deploying non-public software.
It’s also vanishingly small amounts of people who will use the from-FOSS versions of the client, nearly everyone will be downloading it from Google Play or Apple’s App Store; and they have a long way to go when it comes to verified builds which seems to work when you google it and there’s a page; but in reality if you read the page you’d realise is not possible.
Which gives a false appearance in my opinion, and that is a large part of my issue honestly; that there is a surface level of “everything is by the book” but underlying it all is: nothing, really. Signal doesn’t give you any option to verify their claims
If I were in a situation to be signal, if there was a competing implementation that I could point my clients to (similar to how headscale is an implementation of tailscale’s control server); I’d certainly be a lot more comfortable, since then I could be in a situation where I can see all traffic to my server and jail/inspect all traffic coming from the binary distributed Signal client; thus it would allow for independent verification of the binary distributions delivered via Play or the iOS App Store.
As it stands the whole thing is built on trust and people believe that someone else will do the hard part of reverse engineering every version.
Which I don’t have to tell you is significantly more effort, requires much more advanced skills and might not even yield results even if there were concerning items yet to be discovered.
“Moxie says you can run your own server though!”3; I’d like to see where I can change the endpoint in the signal app that’s distributed via Play or App Store; my claim is purely that I can’t verify those and that few enough people run the custom compiled versions to be meaningful. If I was to be smart and want to hide a back door I’d only need one side of every conversation. – please note though, I’m not saying they do this, I’m just saying that they could do this and the only thing that says they don’t is “trust me”.
That sounds pretty bad, but 1) the article is 3 and a half years old (not that big of a deal really, but an update on the current status would be useful at this point), and 2) I see plenty of commits to all five of their pubic facing repos.
I’m not saying they’re wrong…I’m not going to presume to understand it better than them… But I’m not seeing how that translates to them hiding things from public view, or if they were that they’re still doing so. If you’re aware of something I’m missing there, I’m very much interested in hearing about it.
But yes, trust should not be implicit, it should be verified.
To answer seriously: unfortunately, the UK is one step ahead with the Online Safety Act. They’ve already given Ofcom the power to enforce client-side scanning. Ofcom themselves are deciding whether they want to use this power yet and this should happen sometime next year.
I wonder how in the world Ofcom could enforce that?
I think (and hope!) it would likely only get applied to the biggest services, and would be enforced by removal from the app stores.
Then, the logical next step for the government when this doesn’t work would be to allow this requirement at the OS level.
That would only really work on mobile, though - and that’s assuming the OS isn’t custom.
You shouldn’t be using whatsapp anyway.
It would concern all messaging apps, which is beyond stupid. Lol, even nato uses the matrix protocol.
Lots of defense uses XMPP as well
No, this would only affect the ones run by corporations with a presence in the EU
Oh, I thought that was clear by context…
I definitely would sideload the secure versions, if I was affected, which got more easy thanks to EU, lol
Again, no sideloading needed. You’re misunderstanding the executive.
They enforce this by freezing bank accounts and issuing fines to corporations, not by internet censorship.
So any company that doesn’t have money flowing through the EU is unaffected. And any company that does have money flowing through the EU has a choice to either pull out of the EU or to fuck over their users.
I’m sure, that they would ask apple and google to remove all messaging apps from organisations with no EU money flow?
Or do you not think so too?
I dont think that would be legal, no.
I don’t see how this would be a problem either except on Apple. Blocking the sites offering the apk/deb/exe/etc - good luck, doubt their censorship skills are that good given that they’re unlikely to want a ton of collateral damage like more authoritarian places.
And instead use what? Signal? And then chat with the zero other people who use it?
Telling europeans to not use whatsapp is like telling people not to use the power grid. It’s more popular here than iMessages are in the US.
I’m European using signal, I frequent in two countries very often (not neighbouring countries) and for the past two years I’ve noticed more and more people using signal.
Ditched whatsapp half a year ago and haven’t had problems. Some friends use both signal and whatsapp.
Not saying many in whole Europe use signal but it certainly is not only popular in US.
Edit: but not saying using signal will change anything if this bill passes. No matter what popular app we use we are going to have no privacy at all if this thing passes…
WhatsApp uses the same encryption as Signal and chat screening won’t be exclusive to WhatsApp anyway, so whatever WhatsApp will need to implement to comply, Signal will have to follow.
Signal is open source, so no it will always be available without chat control. https://github.com/signalapp
Good luck setting up your own server and convincing everybody else to use that.
Signal is not federated. It relies on a central server, meaning for all intends and purposes Signal controls the entire chain.
End to end encrypted, I think chat control is all about client-side scanning so the app being open source is a big deal and would prevent client-side scanning because even if they build in client-side scanning, it’s open source and people can remove it.
Just have the server link a hidden device, boom, all chats decrypted.
Signal is pretty control freak-y, so would not be surprised if they can somehow prohibit third-party modifications entirely. That would be out-of-character for them, though, so doubt they would actually go through with this.
Still, if that went through, I’d discount all the centralized solutions.
Only if they do business in the EU…
Very true. It wont matter what pops up in the appstore after either.
Why do you assume I’m American? I am, but you would have no way of knowing that. I could be Croatian for all you know.
Nobody assumed that, but you still haven’t answered the question…
I haven’t made any assumptions about where you’re from. I’m only arguing against the blanket statement of telling everyone to stop using whatsapp.
Sorry but if you want private messaging Signal is your only option. I’m sorry you all have to deal with it but now is a good time to bully friends and family into switching to Signal.
I dont know a single euroepean that is using WhatsApp, and im european… i mostly encounter asian people that use it.
Then you’re in a weird bubble. Nearly everyone uses it. I do. I hate it, I think its usability is bad, why can I only link four devices, etc.
WhatsApp is everywhere. Even at school it’s used for parents discussions. I have Signal but not using it since nobody has it…
Look, it was discussed for years already and we have a consensus; it’s technically and legally not possible without giving you the keys (methaphorically and literally) and we can’t give you the keys because that would quickly lead to you abusing the power given to you.
I actually don’t really understand how they would do this. Isn’t WhatsApp end to end by protocol? They’d have to share messages at the client side. What a mess.
They want to force WhatsApp to scan your private messages on your device.
End-to-end encryption is worthless, when it’s done by a company like meta in a closed source project.
If you own the client, you own the message, agreed.
End to end encrypted with keys stored on Meta’s servers.
Just kidding but I’m sure there’s a backdoor somewhere.
I use signal but I always kind of wanted to switch people to threema but in reality it’s hard enough getting them to install signal.
Threema really doesn’t do a good job of making it easy to switch. For the regular user there is too much that can go wrong and its too easy to lose your chats when migrating to a new phone
And its fucking back again