End-to-end encrypted messaging has been a thorn in the side of lawmakers for a while now, and although many companies like Apple already offer backdoors and pre-screening of messages for illegal content as demanded by the US government, this is new for the EU. The eIDAS regulation aims to force software companies to create backdoors into such messaging services. What precedent does this set for say, hardware wallets? What are the options if this passes?
https://www.eff.org/deeplinks/2023/11/article-45-will-roll-back-web-security-12-years
https://last-chance-for-eidas.org/
Article 45 forbids browsers from enforcing modern security requirements on certain CAs without the approval of an EU member government. Which CAs? Specifically the CAs that were appointed by the government, which in some cases will be owned or operated by that selfsame government. That means cryptographic keys under one government’s control could be used to intercept HTTPS communication throughout the EU and beyond.
https://old.reddit.com/r/privacy/comments/17gt55m/european_parliament_adopts_final_position_on_eu/
There will be no mass surveillance
😂
Of course not.
This is a misleading title.
First off - You physically cannot ban E2EE anymore than you can ban math, because that's what cryptography is - a math equation.
There's HTTPS, and there's E2EE. HTTPS is a protocol which does encrypt traffic, and it relies on a trusted third party, called a certificate authority (CA) to ensure the integrity of the encryption as well as the identity of the party you're intending to exchange data with.
If I'm understanding this correctly, Article 45 is an attempt for the government to force browsers to unconditionally accept CAs that have been approved by the government's arbitrary standards. This means HTTPS security could be weakened, and the worst case is they could implement back doors.
That's an incredibly ridiculous and horrible idea, but it doesn't have anything to do with E2EE.
With E2EE, the data you're transmitting is encrypted BEFORE it gets sent via HTTPS, or any other protocol, and it isn't decrypted until it reaches the other end. In other words, you can typically use E2EE w/ a completely insecure channel. E2EE makes eavesdropping impossible.
At the end of the day, even if the government forced you to trust it's certificates for protocols like HTTPS, and they had some kind of backdoor to monitor the data you're transmitting, you can still use an app (like signal) that encrypts your before it goes through channels controlled by third parties and be just fine.
TL;DR - this is a bad thing they're trying to do, but it doesn't even come close to being an E2EE ban.
...and marijuana, opium, and cocaine are just plants.
Of course you can ban E2EE! Government simply declares it illegal, and throws people caught using it in jail. That doesn't mean every single usage of E2EE will be stopped. But a hell of a lot of it will.
Especially these days now that most phones are already so locked down that average users can't install their own apps. With an E2EE ban, you can guarantee that Google will be told to lock down Android too.
The phrase "it's just math" is particularly ridiculous, because E2EE is math that you can't reasonably do without the use of a computer... and governments absolutely can control computing. Fact is IC manufacturing is inherently centralized because of the truly enormous amount of infrastructure necessary to do it.
The solution is to fight these battles politically. Don't get complacent and assume "the market will fix this" or "bitcoin will fix this". Fight. Now.
This is a nice example of the "disengage from the system" strategy being really flawed. Interacting in the political arena is the opposite of fun or sexy; but for stuff like this, especially, it's consequential. Perhaps on generational timescales the technological force latent in the world will be too strong to resist, and politics will give way, as with the printing press.
But on the timescale of a human life, plain vanilla political pressure gives high leverage. Ceding control of the political arena means it takes an extra decade or two to unwind stupidity that affects hundreds of millions of people. Bad ROI.
Again, this isn’t even relevant in the first place because it’s not happening.
I’m sorry, but this is just kind of an ignorant argument. It’s ridiculous to say “you’re not allowed to perform a math equation in your code”. All of cyber security relies on that - you wouldn’t just be giving a data to the government, you’d be giving it to everyone.
If you're talking forcing all electronic data transmission to flow through government controlled channels, surely you can see why that’s as infeasible as hacking bitcoin.
Bitcoin works because it’s internet money, and the internet is irreversible decentralized information. There’s no going back on that.
I'm starting to agree. This might have the be settled in the streets
exactly!
Fight or silently let friends and family move off controlled messaging app and convince them to use SimpleX chat. Once people understand the power in it, they too will help spread the message. A bit like Bitcoin.
FOSS will continue to exists the same way government try to stop Bitcoin.
But we need to let people know about it in an peaceful, kind and self-sovereign way, letting the government and lobby talk about banning FOSS in an empty void.
So... I'm inside EU, and I see what people from the '68 generation - did to the quite beautiful initial EU concept.
I'm not young enough to wait and see when (and if) all these dumb socialists/marxists finally lose the power in EU (or die).
See you some day in Salvador, then
(or Argentina?)
https://www.youtube.com/watch?v=R2asE78rs38
They officially want to keep track of everything we're doing... This is not looking good, I believe lightning will also play a big role in sending messages in the future where I can send 1sats and include my message as they note... Good luck tracking that.
Those notes are sent as URL query params. Not e2e encrypted. Be careful
I've never sent LN notes. Are they sent over http or https? If it's the latter, the URL is encrypted and only the domain is visible.
True, good point. HTTPS. Thank you for the call out
Was about to comment on this. This is the most nerdy community in the world. I love it.
Why would you do that? Wouldn't be hard to trace whatsoever.
How will they be able to trace the message to my identity?
El Salvador properties look better and better every day...lol. Bye Felicia
I don't give a shit about these meaningless so called laws.
They get annoying every time.
Bring back the guillotine!
I could see the French doing that
Sadly not contemporary French people
Generally speaking, the EU gives you only one guarantee: to always choose the worst thing.
Incompetent people vote for disastrous things without ever taking into account the warnings raised by the experts in the different fields involved.
Use a FOSS browser, edit the government CAs out manually.
https://i.imgur.com/52VtVUT.jpg
Lol
Very damaging to EU-based technology businesses and their prospective customers in those countries, and it will just accelerate the flight to open source applications.
These EU bureaucrats are delusional. Who advises them!?
The EU is all about confiscating property for the few, the proud, the slaves.
Let's face it. Controlling encryption is the very definition of totalitarianism.
Law is protecting the elit and limiting the middle and poor class
fuck article 45
Fuck these fuckers. E2ee is impossible to stop.
Leave.
Good luck enforcing it. It’s like China banning bitcoin. That was a epic fail!
The future of decentralized chat apps like Nostr's 0xchat.com looks brighter all the time!
This is another proof that you can not vote yourself out of tyranny. Once again there is no one organization that harms it's own citizens like government. Meanwhile the actual criminals who work for the government will make their own CA as we all can and they will tell their people what the hash signature is.
Fiat currency is paying for this and it's time for people to stop buying crap that makes FIAT organizations valuable.
Non-ironically, that mean its working.
I really hope that that it doesn't pass.
It would be the death knell for civilization in Europe.
crazy if this passes
Couldn't a blockchain replace a centralized certificate authority?
What is the point of this?
deleted by author
Tor is open source too.
https://github.com/torproject/torbrowser-launcher