It's only possible to target services that have a central point of contact / administration. I don't want to invoke 'web 3.0' specifically, but the essentially headless decentralisation of encrypted communications services would be like trying to catch 'all the gas in the room' in your hand with a single clap, wouldn't it?
It feels like, even if they win this battle in the crypto wars, the real battleground has actually moved on anyway.
As an aside, that recent "Ghost Chat" infiltration[0][1] that apparently took down a few international crime gangs, wouldn't a Matrix / Synapse server and clients be a better option for encrypted communications than a custom phone/app?
[0]: https://www.abc.net.au/news/2024-09-17/afp-raids-ghost-app-f...
Most ISP's have a central point of contact / administration, and can be compelled to only forward encrypted traffic if it's explicitly permitted. I think that covers most everything, besides the chattering of a few ham radio operators here and there.
It wouldn't cover steganography. What looks like an unencrypted video file may have an encrypted message hidden in the noise.
Assuming the compression is lossless. As it is you have to go looking for places on the web that will even host a bit-for-bit copy of an image you've uploaded. Though I suppose there will always be options.
But if they become too much of a hassle they'll become the domain of people who have something to hide, which would be a significant downgrade.
I myself have nothing to hide, but I want to provide cover in case you do.
Also wouldn’t cover encrypted messages sent in the clear. Exchange keys ahead of time and you’re just sending noise to each other. I guess you could still target users sending random noise under the assumption they are using encryption.
Do you think they'd be trying to take encryption away if they weren't already inspecting the packets deeply enough to notice the difference between natural language and encryption noise? One has to imagine that the whole point is to read the underlying message, right?
It's extremely costly to deeply inspect terabytes of traffic.
It doesn't have to be absolute. Just cross some threshold of inconvenience.
> Most ISP's have a central point of contact / administration, and can be compelled to only forward encrypted traffic if it's explicitly permitted.
We standardized https. So it should be a lot harder than usual techniques.
That feels like a large escalation from where we're currently at though. That would put a dagger through a majority of self-hosters.
They can apply for an approved key if they need to, that way that key can be revoked if they misbehave.
I know it sounds drastic but imagine the kind of person who would try to prevent encryption in the first place. We should expect drastic steps from them.
Let me guess, its the usual justifications. CSAM, terrorism?
Well, if you give the government too much power, sooner or later they will become the child abusers and terrorists. And at that point, there will be no police you can really call, since those in power will be able to act with absolute power and absolute impunity.
Hungary is widely acknowledged to be in a state of nascent dictatorship anyway.
I don’t think it really works to call out a potential slippery slope when the country is already overtly on that pathway. Those in power there can already operate with relative impunity.
(This is the reason that when Trump says “Orban likes me!” it’s not actually a flex)
As per my comment above, this draft law has nothing to do with Hungary.
The only reason Hungary is currently associated with the "Chat control" draft is because Hungary currently holds the EU presidency and as part of their mandate they are free to set goals and negotiate with other countries in order to come up with future laws.
First, these drafts mostly originate from the EU commission, so Hungary is not the one who came out with it in the first place. Secondly, Belgium which had the presidency a couple of months ago also tried (and failed) to get this draft across the line.
So yes, Hungary, which may or may not be on it's way to become a dictatorship is very happy to keep pushing for these negotiations to happen but let's also take a moment and remember that Sweden, France, Spain and many more countries are also happy with it.
So to me, the question is how can we take EU countries seriously when they talk about privacy when so many of them are ready to create a system of blanket surveillance on all their citizens?
> So to me, the question is how can we take EU countries seriously when they talk about privacy when so many of them are ready to create a system of blanket surveillance on all their citizens?
Well I guess they draw a distinction between allowing state-level actors to access information in the name of stopping crimes and/or national security concerns and allowing the same sort of access to commercial entities.
I'm not saying that justifies it, but it's a different threat model - accessing data about your own citizens for state reasons, rather than collecting data about everyone for commercial gain.
Let's hope it gets knocked back again.
In that case then the definition of privacy needs to change because to me privacy is a binary state. Either I have it or I don't.
Secondly, this piece of legislation is not only a threat to the people of Europe, it is actually a gift to the autocracies of the world like China, Russia and Iran and more who as soon as it is implemented will deploy tremendous amounts of efforts to break into it.
By going forward with this law, we are advertising to the world, hey we got a backdoor here, come and use it! Instead of making it harder for foreign powers to break into our system, we are creating multiple points of failures where the data could be intercepted.
> In that case then the definition of privacy needs to change because to me privacy is a binary state. Either I have it or I don't.
That seems a little, well, binary.
I don't have (nor want) a lot of privacy from my partner. I have a lot more from my boss, who clearly doesn't need to know about the pimple on my ass. He also doesn't need to know my car registration, which the government does, or parts of the government. You need to look at your threat model and understand what it is you want to protect and from whom. "Privacy" is a bit more complex than on/off.
I agree, the backdoor is a poorly thought out idea, it's an authoritarian fantasy which (like many authoritarian fantasies) doesn't take into account the practicality of the idea or the second order consequences. That back door will indeed be a target, so the people of the EU have to worry about not only their own governments misusing the data but (as you say) other powers finding ways in as well.
On the corporate side, the threat model is different - companies don't want the expense of doing security well and they have a profit motive of being able to sell data. This treasure trove could also be useful to foreign actors, or those (like Cambridge Analytica) who would use it for domestic political aims. EU citizens are relatively well protected from this type of threat at the moment, US citizens not so much.
Should weakness in one mean you don't listen to anything out of the EU when it comes to privacy? Again I think that's too binary. The EU has some great ideas and laws about protecting us from the excesses of corporate data hoarding, those should be celebrated, just as we excoriate them on attempts to create a state panopticon.
The title is terrible. I was also misled.
Based on election results and popularity, the Hungarian government is more democratically legitimate than the French and German ones.
The wide acknowledgement is only wide in a particular EU bubble.
> Based on election results
That's a bad place to start when looking at autocracies which distort the democratic system to provide an illusion of legitimacy. But you knew that.
Hungary is a democracy. The election was monitored by the OSCE, which concluded that the elections “were well administered and professionally managed but marred by the absence of a level playing field”.
I don’t see how that’s worse than the French people voting Macron out and France still being governed by Macron and his people.
Throwing around words like autocracy is by now lame and tired, just like those crying racism all the time.
> Hungary is widely acknowledged to be in a state of nascent dictatorship anyway.
I'm Hungarian, I hate Orban [1], but your comment is not accurate. It's not "widely acknowledged" and nobody is seriously using the word "dictatorship" to describe Hungary or Orban's regime, including Orban's fiercest opponents [in Hungary]. We have had various forms of dictatorships in Hungary, and this isn't one of them.
What we have today is most commonly referred to as an authoritarian form of democracy. But we have elections every 4 years, and if people were to vote against Orban, he'd be gone. The last one, in 2022, there were 20k opposition observers in the voting offices and they certified that everything was legit. Having said that there are multiple aspects that make the elections unfair. As we say in Hungary, the "football field is tilted to favor one side". For example, the election map is heavily optimized to favor Orban. Or, state media and 100% of state funds has been captured by Orban to run his misinformation campaigns, which does mean that by the time elections come, a significant % of the population has been indoctrinated and brainwashed. And so on.. But still, it's not a dictatorship. It's just that people are stupid, just as in every country, and unfortunately in 2010 Orban received a 2/3 majority which he used to accomplish the initial "tilt", and he's masterfully kept it up ever since.
Why is Hungary not a dictatorship? Your personal freedoms are not in danger, nobody has ever been killed or even hurt for political reasons in Hungary (unlike Russia). We have freedom of speech, you can go in front of the parliament building and say the nastiest things about Orban, and you'll be fine (unlike in Russia). We have opposition parties, who according to their seats in parliament receive state funding. We have fairly conducted and counted elections (unlike in Russia). We have tons of opposition media and they are free to operate, eg. the biggest Hungarian language political Youtube channels are opposition.
However, Hungary is definitely not a healthy democracy. We have widespread corruption wrt state funds. We have a significant imbalance in media reach in favor Orban. Orban is more than willing to run toxis misinformation campaigns and seed division and hatred that will take many years, possibly generations, to weed out. And, for still unknown reasons, Orban is in bed with Putin and runs Russian misinformation campaigns in Hungary. And so on..
Related to the OP, I can tell you that Orban and his cronies run a variety of misinformation campaigns [in Hungary], but nothing related to cryptography.
I will defer to you as you are Hungarian and obviously a lot more informed than I am, but I will say a lot of the things you bring up seem to be a matter of degree.
From what I can see out there on the internet, it's more than just the media - Orban's cronies seem to have captured the judiciary as well, which helps shield them from investigation. He also seems to be trying various tactics to suppress political opposition - https://www.theguardian.com/world/2023/nov/23/orban-accused-...
I think I'm going to stick by my evaluation of 'nascent dictatorship', though perhaps 'nascent autocracy' is more accurate if it's not all about the one man. And it does seem to be widely acknowledged that democracy has been undermined there, to the point it doesn't function.
> I can tell you that Orban and his cronies run a variety of misinformation campaigns [in Hungary], but nothing related to cryptography.
Yeah fair enough, it seems that a lot of other governments are all in on this sort of thing, and the headline is particularly misleading.
> From what I can see out there on the internet, it's more than just the media - Orban's cronies seem to have captured the judiciary as well, which helps shield them from investigation. He also seems to be trying various tactics to suppress political opposition.
Yes, this is true unfortunately. On the other hand, most of our political opposition [1] was so lame that Orban's baseline tactic was pretty much to just let them do their thing, and that repeatedly led to these parties to self-destruct.
To be clear, the situation in Hungary is shit, but it's not a dictatorship..
[1] between 2010 to 2023, before the new 2024 wave with Peter Magyar and his new Tisza party
Hungary's is one of Putin's puppet regimes, so it's really about Russian-style repression of the opposition.
You obviously have not read about this piece of legislation otherwise you would not have posted this comment.
The law in question also dubbed "chat control" has been on the table for the last 3 years now. It's been rejected each time so far but it comes back every 6 months without fail.
The reason Hungary is associated with "Chat control" this time is because Hungary holds the current presidency of the EU. This presidency changes every 6 months. Before Hungary, it was Belgium which was in charge and they too tried to get this law passed.
This is what a country with the EU presidency does, they set their goals and then try to reach a consensus with the other countries. "Chat control" is one of these goals just like it was one of the goals of the Belgium presidency.
So to come out and say the Hungary is pushing for this because they are Putin's puppet is not accurate at all. The EU commission, which I am pretty sure no one can accuse of being a puppet of Putin is the one who keep bringing this law not Hungary or a specific country in particular.
Now, I am not saying that Hungary is not happy about this, in fact they may well be very glad that this law is being discussed (as it would allow them to enable a state of total surveillance on their citizens) but please let's remember that even Sweden and Spain are amongst the many countries in the EU that are actually supporting this law.
To me that is the bigger problem, how can the EU be so supportive of personal privacy then come out with shit like this?
Sure, but you're drawing a distinction without a functional difference. The following can both be true:
- Hungary's Putin-puppet regime is in favor of banning encryption so as to repress the opposition and stay in power indefinitely.
- Other EU political actors are in favor of banning encryption for their own reasons.
My comment did not imply that all non-puppet political actors in the EU were against banning encryption.
> Hungary's is one of Putin's puppet regimes, so it's really about Russian-style repression of the opposition
Your first comment was vague and that is why I thought it was worth responding to it. I am glad we agree that Hungary is not the only one who is pushing for this law but you singled out Hungary in your comment so what was the intent there then?
To be honest, I am just a bit fed up with people talking about Hungary as the bad guy in this particular instance due to it's ties with Putin all the while forgetting that even the "nice" and "progressive" countries such as Sweden and France and many others which are usually clamoring for privacy and sovereignty from big tech are also pushing for it.
To me in this specific case Hungary is not the problem. The problem is the law itself and the fact that this law keeps coming back again and again in the so called bastion of democracy that is Europe (supposedly).
- Hungary's Putin-puppet regime is in favor of banning encryption to repress the opposition = bad
- Other EU political actors are in favor of banning encryption to repress the opposition = good
Hungary's Putin-puppet regime
This may feel nifty to say and/or believe in, but has no connection to reality.
Source: any Magyar you will talk to.
Edit: For example [0], posted 5 minutes after I posted this.
Oh sure, friend. Not a puppet, not a puppet. He's stubborn for Russian fossil fuels, held up Sweden's entry into NATO, and curried a thousand other favors, but they were all just meetings of the minds. /s
Same goes for Lukashenko, Maduro, and Vučić, or for Farage, Weidel, and all the other nice folk who used to poll sub-5% before Russia's troll army started peddling their sewage. The only thing less likely than you convincing me that he isn't would be me convincing you that he is, considering that you hopped onto this thread for this argument.
You can believe in whatever caricatures you want. I see no need to convince you of anything.
> Hungary's is one of Putin's puppet regimes
I'm Hungarian, I hate Orban [1], but your comment is not accurate. We have a lot of problems in Hungary (see my other comment in the thread), but we're not Putin's puppet regime. A puppet regime would imply that Orban was put in place by Putin and/or is kept in place by Putin, and is purely doing Putin's bidding. I've never heard anybody serious say this, nor have I ever seen any evidence of this. Although rhetorically Orban is definitely pro-Russia, in the end (after wasting everybody's time for a while) he always goes along with EU resolutions against Russia.
Orban doesn't need Putin to stay in power, he has access to all of Hungary's tax income, and effectively also beyond that, due to the 2/3 majority which allows him to rewrite the constitution at will.
Likely reasons Orban is friendly with Putin: (i) access to Russian oil (ii) Hungary's one and only power plant is Russian tech run by Russian techs (iii) Orban's regime is like a soft version of Putin's, so criticizing Putin would in some sense mean critizing himself, it'd be counter-productive for him.
Maybe, but this was started by the Biden's puppet regimes.