this post was submitted on 09 Oct 2024
332 points (99.4% liked)

Technology

59409 readers
2902 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Another month, another attempt: Even though Hungary had to cancel the latest EU Council's vote on the Child Sexual Abuse (CSA) Regulation in June 2024 because there was no majority among member states, it tried again this Wednesday - without success. The tipping point was that the Dutch secret service clearly issued their opinion on the enormous threat to everybody's security should end-to-end encryption be weakened. Encryption is paramount for the digital resilience in Europe.

all 18 comments
sorted by: hot top controversial new old
[–] [email protected] 57 points 1 month ago

A backdoor is a backdoor. No amount of spin will change that fact. Backdoors, especially known ones, are an open invitation to get hacked.

[–] [email protected] 40 points 1 month ago (1 children)

Client-side scanning - if required by law - would ask tech companies to scan communications for illegal content on the client before the encryption takes place and send suspicious content to the authorities. The Hungarian Presidency claims that this can coexist with end-to-end encryption, but this is fundamentally untrue.

JFC.

[–] [email protected] 8 points 1 month ago (1 children)

I mean, it's true. It can. Just defeats the purpose.

[–] [email protected] 2 points 1 month ago (1 children)

Downvoted for speaking the (technical) truth

[–] [email protected] 2 points 1 month ago (1 children)

The last sentence should have been enough for the person who pressed that button

[–] [email protected] 2 points 1 month ago (1 children)

You can scan before the encryption step. It defeats the purpose of the encryption such that only the privileged actor gets plaintext while everyone downstream gets encrypted bytes, but technically it’s possible.

It’s only a matter of time until a vulnerability in the privilege is found and silently exploited by a nefarious monkey, and that’s precisely why adding backdoors should never be done.

[–] [email protected] 0 points 1 month ago

Yes. Just like saying that Microsoft and Google don't have a monopoly, or, for Americans, that modern automatic weapons are "not what the founding fathers intended", or, of what I care about, that Artsakh is "legally part of Azerbaijan".

Politicians use the salami strategy, always. They'll always milk to the bone every such detail as, for example, the fact that E2EE itself is not compromised here. It's only spyware on the endpoints which everyone is going to be obligated to install.

So fighting politicians we should never give up cards. Even if an argument is false, the very fact they have to fight it is good. Because otherwise they'll be able to dedicate all their resources to fight the good arguments.

[–] [email protected] 30 points 1 month ago (1 children)

A secret service that protects its own people instead of taking every opportunity to spy on them. remarkable.

[–] [email protected] 9 points 1 month ago (2 children)

Unfortunately, I kinda doubt their motives. 😅

[–] [email protected] 9 points 1 month ago

Your cattle is not your friend's cattle. They don't want their population under surveillance from potentially hostile parties. Regardless of how they treat their own surveillance.

Secret services are not wizards in business of giving out cookies and gifts, but when they are at least functional, they should act in this exact way.

Unlike some other secret services sharing their means of surveillance with Israel, the Commonwealth, possibly Turkey, possibly Arab monarchies and who not. Such a small thing between friends, right.

[–] [email protected] 23 points 1 month ago (1 children)

Apparently Dutch secret service can be bothered to do their fucking job on a case-to-case basis instead of compromising everyone to make some trash feel powerful.

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago) (1 children)

Often when it comes to international cybercrime and dismantling "secure messaging apps" for drug gangs, Dutch secret services often seem to be involved. So yeah, I think they'll have ways to get the info they need if needed.

It doesn't help for Orban the current prime-minister is a former boss of the general secret service.

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago)

and dismantling “secure messaging apps” for drug gangs

Which are usually not secure.

Of what I've heard, gangsters seem to be amazingly naive in the sense of really acting along the movie model of "finding that smart nerd guy who'll make the obscurest thing in existence". They don't know the thumb rules of "don't roll out your own crypto" and "security through obscurity" being bad and that math doesn't pick sides.

So - they look at respected solutions, like Signal or something else, and think that they are smarter and to be safer, they'll find someone real, and they do. And the person or group or company they find is usually employed with some secret service.

Then the "directed by Robert B Weide" caps appear.

In some sense that's similar to what Israel did to Hezbollah with pagers.

[–] [email protected] 21 points 1 month ago

Not to mention that Chinese intelligence was just revealed to use exactly this kind of government backdoor to spy on people

[–] [email protected] 7 points 1 month ago (1 children)

Proud of our secret service

[–] [email protected] 2 points 1 month ago

Who knew they did more than release an annual puzzle?