Ah, I see. Sorry, the text was too long and I’m not dutch so it was hard to spot that for me too.

But I interpret that part differently. I think them saying that there’s an ambiguous section about risks does not necessarily mean that the ambiguity is in the responsibility of those who choose to not implement the detection… it could be the opposite: risks related to the detection mechanism, when a service has chosen to add it.

I think we would need to actually see the text of the proposal to see where is that vague expression used that she’s referring to.

It seems the reason companies are currently allowed to do this in the EU is because there was in 2020 a temporary derogation from certain provisions of the e-Privacy Directive.

But it was temporary, so it will expire in April 2026. With this new law the intention is to make that “voluntary detection” a permanent thing they allow service providers to do, as a norm. The providers still have the choice to not do it, so I don’t think this affects services like signal, as far as I understand.

Thanks for the link, and the clarification (I didn’t know about april 2026)… although it’s still confusing, to be honest. In your link they seem to allude to this just being a way to maintain a voluntary detection that is “already part of the current practice”…

If that were the case, then at which point “the new law forces [chat providers] to have systems in place to catch or have data for law inforcements”? will services like signal, simplex, etc. really be forced to monitor the contents of the chats?

I don’t find in the link discussion about situations in which providers will be forced to do chat detection. My understanding from reading that transcript is that there’s no forced requirement on the providers to do this, or am I misunderstanding?

Just for reference, below is the relevant section translated (emphasis mine).

In what form does voluntary detection by providers take place, she asks. The exception to the e-Privacy Directive makes it possible for services to detect online sexual images and grooming on their services. The choice to do this lies with the providers of services themselves. They need to inform users in a clear, explicit and understandable way about the fact that they are doing this. This can be done, for example, through the general terms and conditions that must be accepted by the user. This is the current practice. Many platforms are already doing this and investing in improving detection techniques. For voluntary detection, think of Apple Child Safety — which is built into every iPhone by default — Instagram Teen Accounts and the protection settings for minors built into Snapchat and other large platforms. We want services to take responsibility for ourselves. That is an important starting point. According to the current proposal, this possibility would be made permanent.

My impression from reading the dutch, is that they are opposing this because of the lack of “periodic review” power that the EU would have if they make this voluntary detection a permanent thing. So they aren’t worried about services like signal/simplex which wouldn’t do detection anyway, but about the services that might opt to actually do detection but might do so without proper care for privacy/security… or that will use detection for purposes that don’t warrant it. At least that’s what I understand from the below statement:

Nevertheless, the government sees an important risk in permanently making this voluntary detection. By permanently making the voluntary detection, the periodic review of the balance between the purpose of the detection and privacy and security considerations disappears. That is a concern for the cabinet. As a result, we as the Netherlands cannot fully support the proposal.

It seems the article is misinterpreting things. It’s not that it’s “voluntary for individual EU states”… but rather “voluntary” for service providers. The service providers don’t have to implement this chat detection if they don’t want to.

The thing is that if they don’t pass something like this, then by April 2026 a bunch of current services that are already doing CP detection would be breaking the law, since the temporary derogation of the e-Privacy Directive will expire. But I don’t think this affects services like signal/simplex who voluntarily choose to not try to detect it.

Where is this explained? the article might be wrong then, because it does state the opposite:

scanning is now “voluntary” for individual EU states to decide upon

It makes it sound like it’s each state/country the one deciding, and that the reason “companies can still be pressured to scan chats to avoid heavy fines or being blocked in the EU” was because of those countries forcing them.

Who’s the one deciding what is needed to reduce “the risks of the of the chat app”? if it’s each country the ones deciding this, then it’s each country who can opt to enforce chat scanning… so to me that means the former, not the latter.

In fact, isn’t the latter already a thing? …I believe companies can already scan chats voluntarily, as long as they include this in their terms, and many do. A clear example is AI chats.

The thing is… that even if there are countries publicly rejecting this, once the infrastructure is in place and a backdoor exists due to it being enforced by some other country, how can you be sure it’s not being used / exploited?

Even in the (hypothetical) case that the government is not using it (regardless of what they might say to the public), I wouldn’t trust that this backdoor would be so secure that nobody else than a government could make use of it.

I believe Germany is now in favor of this new proposal, according to https://fightchatcontrol.eu/

Only Italy, Netherlands, Czech Republic and Poland are against. This seems to be based on “leaked documents from the September 12 meeting of the EU Council’s Law Enforcement Working Party”.

I’m not sure if that’d be what it’d look like… distributions are hardly ever that heterogeneous.

I’d bet all the GrapheneOS users would get together in their own corner and nerd out about their customizations.

For the record: 1 in 25 is 4% …the image gives (intentionally?) the illusion of the proportion being higher.

3. The Pixel is easily unlockable, so one can install custom firmware without being a “pro”, its hardware is (or was reverse-engineered to be) compatible enough to make the experience seamless, with a whole firmware project / community that it’s exclusively dedicated on that specific range of hardware devices, making it a target for anyone looking for a phone where to install custom Android firmware on.

But I’d bet it’s a mix of 2 and 3.

Yep. I just confirmed it… restarting Firefox seems to make the ID in https://demo.supercookie.me/ change. Thought as long as you keep Firefox session open the id will be the same.

I’m not sure if the links you reference are the whole story though, because they are talking about partitioning the cache per top-level domain, which I would expect wouldn’t have been enough, since the demo is specific to its top-level domain and it’s not necessarily about cross-domain id.

Enforcing the restriction through a browser web standard, instead of a popup susceptible to anti-patterns, is a good idea. Sure, you could configure your browser to say “yes to all”, but you control the browser. You could also configure it to say “no to all” if that’s what you want. It’d be the equivalent of a popup, just automated by you. It’s the way I always thought the cookie permissions should have been done. The same way as when a website asks about permissions for notifications, or camera/mic access.

But I don’t think this is what the article is talking about. They are not talking about using a web standard or anything like that, they are talking about how the very definition of “personal data” is being changed, and that does not look good.

Is that really what this is about? I feel the GDPR is a different thing, independent of the cookies popup being a browser standard or not. The article talks about altering the definition of “personal data”. I don’t see why you can’t keep the same definition while requesting websites to follow a browser standard… so I feel these are different things.

Or are you implying that the EU doesn’t get proposals to gut privacy/data protections? (regardless of whether they’re accepted)

The “formal” part comes from “formal system”, which is essentially the use of rules of inference based on an initial set of presuppositions, with an exact/mathematical approach to “truth”.

The idea of “informal logic” is something some people have wanted to put forward, but it’s a much younger and not as well defined term, and whether it should really be considered “logic” is something that has criticisms: https://en.wikipedia.org/wiki/Informal_logic#Criticisms

Perhaps in the end all logic is formal logic, the problem is that we know from Gödel’s incompleteness theorems that not everything is computable and translatable into a formal system… to solve this you’d have to model the statements into a Gödel/Lobian machine (at which point you are essentially building an AI).

You are probably right… it’s just one hope I had, I’m not expecting it to happen, but I’ll be hopeful until the end.

Hope for the best, prepare for the worst.

Or distributed serverless P2P communication (like SimpleX does). Specially when it comes to an app that is just meant for person-to-person communications to begin with.

Will the banks in Korea, EU and many other areas where Samsung phones are very common keep that restriction if it meant alienating that many users? I doubt it. That’s why I think the support of a big player on this would be a killing move.

Also I’m not 100% convinced that it’s impossible to have some verification without it depending on this one change.

I mean, you can hack/root most devices, even right now. I expect that’s not changing.

Samsung s22 and s25

I’m still holding some hope that maybe Samsung’s flavor of the OS won’t have the restriction of requiring Google keys. Specially considering that Samsung has its own “Galaxy Store” with app submissions controlled by them, not Google.

Though it’s possible they might simply extend the signatures accepted to include also the ones signed by them ^^U …still it would give them a competitive edge to remove the restriction so they might be incentivized to do it.

I’ve commented it in the other post, but in my opinion, the issue of the “nothing to hide” -> “no worry in showing” statement is that in between lines (specially in the context for which it’s used) it seems to want to imply that having something to hide must be something rare or perhaps wrong… as if it were not possible to want to hide things that are good for society to keep hidden.

This isn’t a formal, logical fallacy, but an informal one: https://en.wikipedia.org/wiki/Informal_fallacy

From a perspective free of presuppositions and biases, I don’t think the logic of the argument on itself is wrong, because of course I wouldn’t be worried about my privacy if I had no interest in keeping my private information hidden… but the premise isn’t true here! the context in which the argument is used is the problem… not the logic of it.

It’s not incorrect to say: “nothing to hide” -> “no worry in showing” …what’s incorrect is assuming that the “nothing to hide” antecedent is true for all law abiding citizens …as if people didn’t have an interest in keeping perfectly legal and legitimate things hidden and safe from as many prying eyes as possible. The fallacy is in the way that it’s used, they are pretending that this means people shouldn’t be worried, when in fact it means the opposite, since everyone does, in fact, have information that should remain hidden. For our own safety and the safety of our society! …so everyone should in fact be worried about breaches in privacy.

In my opinion, this looks more like an informal fallacy, the problem is in the context and the intent that is given to the statement, not so much in the logic of it.

The postulate has some ambiguity… because in between lines it seems to want to imply that having something to hide must be something rare or perhaps wrong… as if it were not possible to want to hide things that are good for society to keep hidden.

This isn’t a formal, logical fallacy, but an informal one: https://en.wikipedia.org/wiki/Informal_fallacy

From a perspective free of presuppositions and biases, I don’t think the logic of the argument on itself is wrong, because of course I wouldn’t be worried about my privacy if I had no interest in keeping my private information hidden… but that premise isn’t true here! the context in which the argument is used is the problem… not the logic of it.

It’s not incorrect to say: “nothing to hide” -> “No worry for showing it” …what’s incorrect is assuming that the “nothing to hide” antecedent is true for all law abiding citizens …as if people didn’t have an interest in keeping perfectly legal and legitimate things hidden. So it’s not that the statement isn’t logically sound, the fallacy is in the way that it’s used, they are pretending that this means people shouldn’t be worried, when in fact it means the opposite, since everyone does, in fact, have information that should remain hidden. For our own safety and the safety of our society!