The EU proposal to scan all your WhatsApp chats is back on the agenda
cross-posted from: https://lemmy.world/post/22814154
https://www.techradar.com/computing/cyber-security/the-eu-proposal-to-scan-all-your-whatsapp-chats-is-back-on-the-agendaOpen linkView original on lemm.ee303
Comments52
I add my voice to this request. Cough up the names.
To clarify: eMail, web chats, gaming chats, Signal, Threema and so on are affected as well
Self-hosted Matrix is obviously unaffected.
You say this but Matrix is largely centralized so it would be easy to get the biggest node to comply. Servers are quite costly to run too which is a big problem.
Federated protocols are not centralized in principle. It might not scale to one user-one server (which probably even Lemmy can't handle) but if you're signing up for a central server, you're doing it wrong(tm). Don't do that. The nice thing about Matrix client is that it allows end to end encryption, including groups. So that greatly limits what Mallory can do in principle. As to servers being costly to run, given what documented Synapse requirements are, you're looking at less than 5 EUR/month for a single server. Which can be shared among several users, obviously. This is in the same range as costs for a monthly VPN.
The default links many folks/projects share specifically log you into Element & on Matrix.org as well which advertizes more folks to be on that centralized node. Furthermore, Matrix provides hosting for some of the other big servers as well even if they are not using matrix.org in the address.
Well, yes, but privacy in the current world is not free, even if it involves some own thought and planning. Being wary of defaults and being aware of implications one's choices bring is of course too inconvenient for many. But these do not get to complain.
Synapse boasts about 50,000 concurrent users on a node. Ejabberd has been tuned to 2,000,000 concurrent users which shows how efficient & scalable the setup can be. €5/mo is a lot for many folks.
Poor people (who still can afford the end devices and an Internet plan) can of course share the costs in a community, or use one of the many free servers, as long as they are aware of the tradeoffs. Beigers not being choosers, and all that.
You can also choose to use technologies that aren’t such resource hogs. The eventual consistency model of Matrix alone & storage costs causud many medium-sized operations to shut their doors. Distroot.org for instance had to move to XMPP to deal with costs—& I have personally seen others.
Does XMPP have feature parity with Matrix? I presume that bridges exist?
Self-hosted XMPP using OMEMO included? OMEMO are based on Signal, hence my question.
First I'd ever heard of OMEMO, thanks dude
I don't think Startmail will be affected. Ofcourse using Gmail is free pass to your data. But look at this https://www.startmail.com/ . I think if you also use Proton or other mailing services you're 99,9% safe. I sometimes play video games, some of my friends are kids who are cursing in gamechats. How will gaming chats be affected? Does the government have access already?
Via a subpoena, yes. Or directly via the NSA's PRISM program.
The americans seem to have figured out how to get change in relation to health insurance. Perhaps people might consider taking a page from the french history books to get some change on this issue.
The same French of whom more than a third want an authoritarian strongman in power? Personally I would prefer to copy the handful of boring countries where people actually trust their leaders and so don't feel they need to resort to bloody revolution at the drop of a hat.
Alright I want all farmers on a 30km range to join our next "peaceful" protest
Why are they still thinking they can justify this? People which do illegal stuff are just going to use old apps self-host or bypass it with another way.
A switch to what? To nothing?
Self hosting Matrix comes to mind. With deployment automation it's reasonably painless.
You are severally over-estimating the computer skills of the general population. Here is some data on that.
Thanks. It's slightly worse than I thought. I'm kinda limited to communication with my small peer group, so I don't notice that other user classes exist.
Snail mail
However they want to do it, it will undermine a key principle of democracy and a human right: the right to privacy and private communication.
Those damn Chinese and their censorship... oh wait
Just watched a video of Low level: https://www.youtube.com/watch?v=tRATnT577Aw
Although this is about the US this is EXACTLY the shit that will happen to this whole chat scanning BS
Some suggestions: Scan, Privacy, Control
just don't use whatsapp? problem solved!
#returntoemail
Right attitude, wrong solution.
Email is very much not private
Protonmail is definitely more private than google or Microsoft, but you shouldn't hold 100% trust in any provider. Ultimately your data is still on their hardware and they have control of it. Also, as others have pointed out, both sides need to be secure otherwise all that data is accessible on the other side.
You can mitigate it yourself a bit by hosting your own email server, but I highly recommend against that as its a massive headache to secure and basically every provider will reject your messages anyway.
protonmail is CIA https://encryp.ch/blog/disturbing-facts-about-protonmail/
besides the above, their open support for regime change in China is NOT something a Taiwanese company would do. I live in Taiwan and have worked here for over a decade. Executives here try to keep their head down and just make money. They do not champion any causes.
I have read that blog entry and some of its references. The evidence provided for this strong claim seems to be very weak. I would not judge anything based on the listed talking points. Now, knowthing is impossible and such services are sure in the interest of governments around the world. I also want to remind people on the Swiss Crypto AG which sold compromised analog encryption machines for decades.
That user also claims Signal and Matrix are CIA and refuses to provide sources for those claims
Even if you have 100% confidence in your own provider, you also need 100% confidence in every other recipients provider, which is basically impossible.
The body of the messages arguably are, but the metadata is not, and that includes the subject line and the sender & recipient addresses.
Then go tell that to all of your WhatsApp contacts, people won't change apps.
I have zero such contacts. For the moment, I tolerate Signal. When it falls I'll switch to self-hosted Matrix.
but that's the beaury of email! people don't need to be on the same app to communicate with each other!
that arbitrary walled-off garden of whatsapp doesn't hamper anyone here!
Of course there are alternatives, that's not the main problem, it's the adoption by people not familiar or interested in tech.
https://activitypub.rocks/
I’m not touching an app owned by Meta. If people want to message me, they can use Signal.
Turns out, this policy has weeded out lots of useless conversations from my life. So, I see it as a win.
eMail is affected as well. There is no alternative. And mails are not private if not all participants use end to end encryption
Of course there are alternatives. That's the cherry on top of this crap pile: only regular non tech folks are affected. Nerds and actual criminals will just run an xmpp or simplex server and not care about the legislation.
Stop fear mongering, of course there is alternatives
Email is unencrypted.
Not if you use pgp
Or Proton/Tuta.
It will not E2EE for you.