"What do you mean you and your friend chat over Signal when there are dozens of other chat apps? Sounds like you two have something to hide, if you ask me." [0]
Whenever I hear someone telling me they have nothing to hide, I ask them to unlock their phone and hand it to me. The joke still goes over people heads sometimes.
> Whenever I hear someone telling me they have nothing to hide, I ask them to unlock their phone and hand it to me.
But I "trust" the gouvernement in a different way that I trust you.
- With that access you can also "do" things, like sending messages or delete stuff.
- I'm worried that you could judge me in a different way than the government would judge me. Because if you are a friend I care how you see me. But I don't care what the authorities think of me as long as I don't do anything illegal, they won't care.
(Just playing devil's advocate here)
roenxi · 3h ago
Are you a lawyer? How confident are you that you aren't doing something illegal? At 30 seconds of thinking of an interesting example, there are still blasphemy laws on the books [0] in some parts of Europe and it isn't clear how compliant what people say at home is with hate speech laws. And there are a lot of laws out there that most people don't know about.
There isn't any reason to think people are obeying the laws in the privacy of their own spaces. Historically there are actually good reasons to think people are disobeying the law, but the laws are stupid and it is better not to check unless there is a political opponent to take out (eg, anti-homosexuality regulations).
Some countries have defacto blasphemy laws as part of hate speech (in Europe) or social harmony (in Asia) laws. This is covered in the wikipedia article
There are definitely more countries that have blasphemy laws than are on the list on that page (e.g. Sri Lanka).
firefoxd · 3h ago
To continue with your logic. Now, if anyone hacks the "gouvernement", they now have a master key to all our devices.
CheeseFromLidl · 2h ago
Pff amateur hour. Hack a dating site and start your own human breeding program.
No comments yet
silverliver · 39m ago
Then to use Rossmann's counter-argument (TFV): Let's walk in a police station and have the nice policemen take a look instead.
Almondsetat · 3h ago
That's a really bad devil's advocate, since the authorities care a lot about any behavior, even non (yet) illegal ones
Jolter · 2h ago
In some countries they definitely do. In other countries, who knows what they might care about one election from now?
Almondsetat · 47m ago
That is further reason to protect your privacy. Maybe today you're perfectly fine, but what about the next election cycle?
eastbound · 2h ago
FBI employees have been stalking their ex-girlfriend using FBI database. That’s what we mean with “You may be doing things the government doesn’t like” — Abusive boyfriends can be part of a local government.
whyever · 3h ago
> With that access you can also "do" things, like sending messages or delete stuff.
If you break E2E encryption, you can likely also impersonate and "do" things.
qwertox · 3h ago
Again, again and again:
These things should first be tested for 5 years on every politician and every civil servant, including their families, including their children.
Security researches should be given the freedom to hack that system as much as they can, in order to find security problems, no prosecution guaranteed.
Every access to data should be logged on a public blockchain with pseudonymization of who accessed whose data.
After those 5 years, reports and statistical analysis about the usefulness should be published: how many crimes were prevented, who went to jail for what, who had to go to court for what, with references to the logged data in the blockchain.
Then the public gets to vote on if they want this or not.
Gud · 2h ago
I don’t think this is a fair treatment of anyone.
Total surveillance, which we are talking about here, is extremely damaging to the subject, eventually all their dirty secrets will be out, legal and illegal.
I also argue that allowing the state to monitor its citizens fundamentally changes it closer a state I don’t want to exist. Nothing good can come out a surveillance state, no matter how small.
qwertox · 1h ago
The point is that this way the public doesn't have to protest against it.
The politicians and civil servants will do that for us, which is what we are paying them for anyway: to work for us.
This way they'll think twice if they really want this to get started.
Gud · 41m ago
Yes, I understood the point. I don’t think it’s a good idea.
cookiengineer · 2h ago
The issue I have with this proposal is that politicians won't change their behavior. The optimum politician is an absolute pragmatist without any moral values. That is what you need to be to succeed in a federalistic democracy.
Regarding Chat Control: Do we know who is lobbying for it so much? Maybe journalists should focus on finding dirt on the lobbying organizations, so that everyone knows about them.
input_sh · 32m ago
Oh we know who's behind it: a Hollywood celebrity-run charity that shadily hired multiple high-ranking Europol politicians.
Their whole deal is to convince legislators that scanning every image on your device for CSAM is absolutely necessary (https://www.thorn.org/) and then selling a tool to do that to companies (https://safer.io/).
If it's legally required, what else are you gonna do but go to them for a "solution"?
amarcheschi · 2h ago
To be honest, the journalists already focused on finding dirt
Good idea, maybe this way we would have Ursula von der Leyen's sms with Pfizer!
wim · 5h ago
Drop the “chat” and just call it “control”. The current proposal is so vague it would cover anything with online sharing/syncing people can sign up for. Any SaaS, any app, any service. Chat, email, file syncing, todo lists, doesn’t matter.
sunshine-o · 2h ago
I am pretty sure now that this ChatControl thing is the result of the EU being unable to setup an US type NSA/echelon type stealth mass surveillance system.
They might have gone so far to have paid for an implementation but it didn't work (like the EU search engine, cloud or whatever) because they are really incompetent.
So now the solution is to do it in the open, just write a dystopian law and force it through the fake parliament. Our only hope now is the practical implementation of ChatControl will also be in practice ineffective.
We are not really living in 1984 or Brave New World, in the EU we are in the 1985 movie Brazil.
dmantis · 4h ago
I tried I2P not so long ago and was quite impressed by the design decisions and the quality of the technology. It's truly an amazing piece of software that covers basically everything you need for a distributed network.
The only thing missing is actually the community and usage, because the technology has a network effect, and more users with stable routers provide faster and a more reliable network. So it's indeed slow at the moment. I highly recommend giving it a chance and playing a bit with it. Even for non-anonymity and security cases, it's fun to play with hole punching, global addressing by public keys, and stuff like that, which you can see in things like Iroh and libp2p.
It provides a simple universal SAM interface and libraries to work with it to plug other apps.
sunshine-o · 2h ago
I have been hearing good things about I2P for 2 decades but what are the risks when using that thing?
Is this like running a Tor node where you could potentially get a knock on the door because somebody else went on some pedo website?
dmantis · 1h ago
I2P doesn't have exit nodes like Tor, so it's essentially the same thing as running a Tor relay from an outside perspective, with a few positive differences.
I2P is mainly an overlay network that routes traffic only inside the network. The upside is that providers won't ban your IP for participation if you run a node. I know that with Tor, many datacenters/CDNs don't care whether it's a relay or exit node and will blanket ban all known IPs of the network. You also won't attack someone on the clearnet or somehow participate as a scapegoat in clearnet crimes.
I've never heard about any consequences for running non-exit relays in Tor, though if you're in a country that strictly punishes usage of any anonymous technology, that might be risky anyway.
I2P has several commercial "outproxies" that proxy traffic to the usual internet, but that's not the intended usage and it's not enabled on typical users' routers.
UPD: Anyway, if you feel uncomfortable sharing others' traffic and want to only use it as a client, you can disable transit traffic completely in both Java and C++ implementations.
And if you don't want to install Java, there's also a C++ implementation: https://i2pd.website/
kachapopopow · 2h ago
You got me into i2p. My rpi router and dozens of servers are now i2p floodfill nodes!
re-lre-l · 3h ago
And what people in western, democratic world think about it? That this is just fine? I live in autocratic, almost dictatorship regime country and for the past 100 years we've just gotten used to the idea that we don't have any rules here. But I thought in EU and US things are different. All these news stories about Control, UK surveillance, age verification, all this stuff with no significant reaction baffle me.
I live in the United States and it baffles me just as much, trust me. Fine, maybe I didn't have the biggest expectations for the general public, but I really expected the Internet to react much more viscerally to what is happening. In the past, the Internet was much more defensive about Internet policing that was significantly less dystopian. Now, it feels like no matter how rapidly things decline, it's just another Tuesday; most people are unwilling to make any sort of sacrifice or risk for any cause, and nobody (including me, I guess) is really sure what to do anyways.
It really wasn't that long ago that we were all talking about SOPA.
Additionally, keep in mind that controversial laws or proposals, at least in France, are often announced or passed during summer vacation when people are away, limiting scrutiny and attention.
Expect to hear more outrage come September
AnthonyMouse · 2h ago
This is, ironically, one of the reasons we need a more decentralized public square.
Large gatekeepers get flack from politicians if they allow "the wrong people" to organize. First they claim there is a huge problem with terrorists/nazis/pedos/etc., maybe even find a couple of real instances of those things, and use that to demand that the gatekeepers Do Something, i.e. set up a censorship apparatus.
But the modern ones are subtle. You don't try to read something and get refused, it just goes to the bottom of the feed where you won't see it. Take advantage of the human failing that busybodies will take petty satisfaction in causing harm to strangers they've been told are their enemies. Let them issue false reports against anyone pointing out the emperor has no clothes. Have the algorithm take those reports seriously, with useless or non-existent customer service that can do nothing about adversarial report brigading. Make it known that this is what happens to people who don't toe the party line so people self-censor and people who don't get shadow banned.
It's an assault on the ability of the public to defend itself from bad ideas.
Large gatekeepers delenda est.
Hilift · 2h ago
> But I thought in EU and US things are different.
Different indeed.
Privacy is enforced through compliance and civil court actions. In 2018, one of the largest actual data breaches at the time (~300 million customer records) netted about $0.25 per record in penalties, after several years of lawyering. ($52 million (US)/$23 million (UK)).
The EU makes more money fining companies for policy violations:
A €1.2 billion ($1.3 billion) fine was imposed by the Irish Data Protection Commission (DPC) for transferring Facebook users' personal data from the EU to the US in violation of GDPR.
In my country that has managed to free itself from communism just 35 years ago everyone I know opposes it.
Politicians from countries like Germany have tried to make EU decide things like this on the "majority principle" for ages (because they know they can bully smaller countries into submission), but we still have the consensus principle.
Every country has to agree. So it takes only one country to put a stop to it.
AnthonyMouse · 2h ago
> but we still have the consensus principle.
Beware attacks on checks and balances like this. If they actually work, someone will try to get rid of them.
graemep · 1h ago
> In my country that has managed to free itself from communism just 35 years ago everyone I know opposes it.
That tends to confirm my feeling that people in countries that have not suffered from tyrannical government for a long time have forgotten the value of privacy and freedom of speech because they have not seen the consequences in living memory. This is coming when the last of the people who remember the pre WW2 era are dying. Dictatorship is no longer part of living memory.
There has definitely need a cultural change in the UK in the last few decades. People have far more trust in the system (government and big business) or have learned helplessness (in a recent discussion about privacy people told me I was naive to think I could stop my private data being collected anyway so should not bother trying). This was in the context about what people say about their kids (specifically education, mental health, family problems) on Facebook.
> Every country has to agree. So it takes only one country to put a stop to it.
A lot of pressure can be brought on bear on any one country by the rest though.
The government of a country may not have the same view as the people. When the UK was in the EU the government pushed EU surveillance regulation, IMO so they could then then say it was not their fault it was introduced, they had to follow the EU directive (many years ago when there was strong public opposition to more surveillance).
danieldk · 35m ago
That tends to confirm my feeling that people in countries that have not suffered from tyrannical government for a long time have forgotten the value of privacy and freedom of speech
I think it is more complex than that, see Hungary and Poland (though Poland is a bit on the rebound).
graemep · 5m ago
Yes, undoubtedly more complex than that, but I think it is an important factor - people do not value what they have taken for granted.
Roark66 · 3h ago
No chance in hell my country agrees to it (despite the darling of EU being the current prime minister). It is still a minority government and both the president and the people oppose it.
It will die this time and they will try to bring it back in 2 years time.
One thing I do not understand is why people in Denmark allow this to happen. Where are the large scale protests against the party that brought this zombie back to life?
VladVladikoff · 7h ago
Is it possible to make an encrypted messenger app without a central authority? Like BitTorrent magnet links. We all share the messages to support the network bandwidth, but can only see the messages which pertain to us? From my really novice understanding of cryptography, this should be possible. And it seems like the only privacy focused solution for the future.
Edit: looks like it exists, and is called Briar.
jinnko · 4h ago
Once upon a time, prior to Microsoft or eBay purchasing it, this is what Skype was. It required a set of central instances to be supernodes to facilitate discovery, then each client communicated with others directly. And IIRC any client up long enough and with sufficient compute and bandwidth, could become a supernode.
bboygravity · 4h ago
It also had the side effect of having far better latency than any modern day popular video calling app can offer.
LunaSea · 3h ago
It also had the side effect of making it possibly for any of your contacts to DDoA you because they had accès to your IPv4 address through Skype.
Telemakhos · 2h ago
Skype and iChat both did direct client-to-client communication. Skype was bought by MS, and Apple got sued by a CIA front company over iChat. The result was the same both ways: all comms started getting routed through a central server that could log metadata.
https://chatiwi.com/ seems to be the only real e2e encrypted chat without installling an app (can check the network and source code as it’s just JavaScript)
Yes,it is possible to create a p2p encrypted messenger without any central node. It is even possible to have a relatively good UX in it.
What's nearly impossible is to make it easy and popular among "normal users". Onboarding would be pretty involved. Adding your friends to the contact list would require jumping through a number of hoops. Having several sessions open (phone and laptop, typically) would not be trivially easy, and synchronizing between them would not be very easy, or automatic. Also, forget about push notifications.
It might be far easier to run an instance of Matrix, or whatever Jabber server, etc, on a private host, with full disk encryption, and only accessible via Wireaguard. It's not hard to set up fully automatically from an app; see how Amnezia Proxy does that.
It, of course, will have a special node (the server), but it's definitely not a public service, and it cannot be encountered by accident. It of course would be limited only to people you would invite. Should be enough for family, friends, a small project community, and other such limited circles. It would not require much tech savvy to set up.
But a grand social media kind of network, like FB or Twitter, can't be run this way, because the UX friction would inevitably be too high for a lay person to care.
atmosx · 4h ago
Will be in illegal. Why risk jail?
nine_k · 3h ago
Why would it be illegal, if I'm not offering it publicly? Is running a VPN between my family computers illegal? Is ssh-ing onto a host and using the talk command illegal?
I suppose only public services, advertised for new users, are the target of the "chat control" directive. You can't join pseudonymously. But joining my VPN-based chat server would require being my acquaintance; should I ask an ID from a person I met at a pub? If so, should I ask their ID before I engage in a small talk with them in the pub?
AnthonyMouse · 2h ago
The world has more than one country in it. People in free countries have the right and duty to create technologies to the benefit of people in authoritarian countries.
BrenBarn · 7h ago
There are different solutions with different levels of decentralization. Briar is peer-to-peer. Matrix has servers but in a federated model, so there is no central authority but in some sense each server is an "authority" for users on that server.
wolvesechoes · 4h ago
If you try combat political issues mainly through technological solutions, you have already lost.
4bpp · 4h ago
Well, conversely, if you figure you have already lost anyway, why not try the technical solutions?
We've tried the political solutions for so long, but this thing just keeps coming back. We have to put our lives and day jobs on hold to push back against this, while the authoritarian camp's agenda is carried by people for whom advancing it is their day job. Therefore it costs them nothing to try over and over again, and they only need to succeed once.
wolvesechoes · 3h ago
> We've tried the political solutions for so long
I mean, we enjoy workers rights only after decades of violent protests and many deaths, and yet they are still constantly threatened, because its is a nature of power and politics.
But pro-privacy people consider writing a petition a peak of political struggle, and when it fails it is over for them.
AnthonyMouse · 1h ago
> If you try combat political issues mainly through technological solutions, you have already lost.
This is what people say when they're afraid that technological solutions would actually work.
Technologies have a network effect. If the rest of the world is using a technology which is resistant to censorship or surveillance, any given country will have a harder time banning it, and those technologies defend against governments that violate privacy rights in secret even when the law prohibits them from doing it.
Build privacy into every internet standard and protocol. Make it seven layers deep with no single point of compromise. Make attempts to break it an exercise in futility because it's built so thick into so many things that stripping even a piece of it back out would break the whole world and still not compromise the security of the system.
atmosx · 4h ago
Exactly. Part of the tech crowd is so naive when it comes to this sort of discussions…
4bpp · 4h ago
Is it really? I can think of approximately one political battle the tech crowd won (the Crypto Wars), to dozens of lost ones. Meanwhile, the battles where a strong technical solution was fielded are looking fairly good even when the political side was surrendered with nary a fight - I can still easily torrent most books and software, download scientific papers, emulate modern consoles and securely exchange data with people in any country less locked down than North Korea.
The cliché about how you should not approach political problems with technical solutions is recited all the time in these threads, but nobody ever presents evidence for this claim. It seems like a meme that is disproportionately useful for those who are confident in their abilities to win any political contest.
swiftcoder · 3h ago
> I can still easily torrent most books and software, download scientific papers, emulate modern consoles and securely exchange data with people in any country less locked down than North Korea
You can also go to jail for any of the above, should your particular government authority decide to throw the book at you.
Technical capability is necessary, but rarely sufficient.
logicchains · 3h ago
Although the chance of getting a large fraction of the population to use a decentralised censorship resistant messenger is low, it's still higher than the chance of somehow stopping the Eureaucracy from continuously pushing authoritarian policies.
wolvesechoes · 3h ago
> Eureaucracy from continuously pushing authoritarian policies.
There is no "Eureaucracy", Council decides, countries may or may not implement.
JPLeRouzic · 3h ago
Countries could face penalties if they don't implement or follow EU regulations.
Are not governments of member states in control of Council?
ezst · 4h ago
You have a spectrum of options going from centralised (Signal, WhatsApp, …) to federated (XMPP, Matrix) to P2P.
In my opinion, federated is the sweet spot: you do have to trust the server with your account management, but that server can easily be yours, or one you ethically align with, and through it, you will be able to talk with anyone on the network.
P2P sounds great on the surface but in a mobile-first messenging world, that comes with practical tradeoffs in bandwidth and battery consumption, unless you offload discovery and push to trusted servers, at which point you are back to federation with more steps.
thbb123 · 4h ago
The problem I see with decentralized protocols is that node owners can easily be spotted, and then crushed under legal constraints that will make them more insecure than a strong multinational who's there just for profit and can balance legal fight for a relative privacy with it's own interest in protecting its customers.
ezst · 45m ago
> a strong multinational
Don't you think that it makes them obvious high-value targets? I mean, that's not even like this profusely pragmatic take has no precedent in the real world: the Snowden revelations showed that all major tech companies were in bed with the NSA to spy extrajudicially on everyone. It's a leap of optimism to think they would "fight legally for its own interest in protecting its customers".
Then, compare that to the low-scale/low-value/hobbyist/residential service providers. How high do you think the chances are for a malicious state-actor to "corrupt" many service operators without it widely being known and publicly dealt with? There's also a deniability dimension to this: XMPP uses OMEMO as a zero-knowledge encryption scheme: whatever the users are doing is none of the operator's business, and the choice of encryption scheme and implementation is purely a client-side affair, so now you are no longer dealing with "reluctant" operators, but potentially millions of end-users using strong encryption. And that is assuming the server is operating in the open, but nothing prevents service operators from offering it over tor (with very little impact on the end-user-side), further raising the bar for the malicious state actor.
raphinou · 5h ago
Maybe https://delta.chat/en/ : completely decentralized as based on email infrastructure, e2e encryption, easy registration without providing personal data.
thaumasiotes · 7h ago
You can send encrypted email. That's how email already works.
You can also send encrypted messages over any other medium. You don't need the messenger app to encrypt your messages for you.
One of the common arguments that PGP is bad is that it's "inevitable" that someone will send a message in cleartext, defeating the whole purpose of encrypting your messages. I don't understand this. The fact that this is possible to do is obviously an artifact of the idea that the user should be unable to tell whether the messages they send and receive are encrypted or not. Do the encryption and decryption yourself, and this is not a mistake it's possible to make. Don't confuse the encryption, which is something you do, with the delivery, which is something the channel does. The point of encryption is that the channel can't be trusted!
b8 · 6h ago
You can encrypt the email content with PGP or Age, sure. However, metadata such as the Subject line, sender and receiver are in plaintext. Lavabit fixed this, but requires money. You can use i2p tools to fix this too.
thaumasiotes · 4h ago
The subject line is content set by the user. What are you thinking of?
frollogaston · 7h ago
Regular encrypted email relies on a certificate authority
oefrha · 6h ago
S/MIME does. PGP doesn’t (but only serves part of S/MIME’s purpose). That said, email does rely on a central authority—DNS.
Nux · 5h ago
In practice yes, but it's good to know the smtp rfc does support domain literals, ie user@IP.
thaumasiotes · 4h ago
DNS isn't a central authority. Everyone selects their own DNS server. It can say whatever it wants.
This is a rare case where it's centralized in practice and yet the option to do your own thing hasn't been removed from the relevant software.
oefrha · 3h ago
If you can agree with your communication target on a common DNS server under your or their control that doesn’t respect authoritative DNS servers, and both of you can securely connect to said server, then you already have a continued, trusted communication mechanism that you may as well use for your communication. You’re just arguing a pretty pointless technicality.
thaumasiotes · 3h ago
> If you can agree with your communication target on a common DNS server under your or their control that doesn’t respect authoritative DNS servers, and both of you can securely connect to said server, then you already have a continued, trusted communication mechanism that you may as well use for your communication.
Why? It can easily be the case that that traffic is observable by outside parties. You'd still need to encrypt your communication.
Connecting to the DNS server "securely" doesn't really get you anything except some DOS resistance.
oefrha · 26m ago
DNS already supports encryption on the protocol level. And even if you can’t use DOH/DOT, you can use PGP or age or whatever in your clear text too.
Didn't Cwtch promise this? Not sure on the current state though.
frollogaston · 7h ago
Yes but it requires exchanging public keys out of band.
kragen · 6h ago
You could use Granovetter introduction.
If I know Marisa's public key and Marisa knows Omar's public key, she can sign a message to me saying, "Omar's public key hash is c2ecc3b9b9eb94dcafe228f8d23b1e798597d526358177c95effa6bc0ded3a35". I can then use that key hash to authenticate messages from "Marisa's Omar". If she gives Omar mine too, he and I can set up a private channel without further involving Marisa.
Hopefully we aren't just talking to Marisa's MitM proxy. If other mutuals also know him as "Omar" then I can ask them for his key too, and if I get the same response, I can have more confidence that Marisa isn't playing that trick on us.
Never total confidence, though. You need some way to bootstrap a non-MitMed connection; no evidence can ever prove conclusively that you aren't a Boltzmann brain floating in the post-heat-death void, or Descartes being tricked by his evil demon that controls all his perceptions, or Neo in the Matrix.
But meeting up with one of your friends in person once to exchange either public keys or a shared secret, even before you start using the system, can go a long way to ensuring that you are all actually enjoying privacy.
VladVladikoff · 6h ago
Couldn’t we spend a small amount of crypto to write our public key into a blockchain to avoid the MITM threat?
taminka · 6h ago
actually though? storing a very small but important info (public keys, domain ownership and such) would have been a perfect use case, which also keeps the chain small...
EGreg · 6h ago
Did you just recommend actually using some kind of crypto and blockchain on HN?
TLDR: That sounds like it is some kind or grift.
In all seriousness, google the Sidetree Protocol. Daniel Bruchner promoted it at Microsoft. And now we can even do zk-rollups too.
Where was I? Oh yes, some kind of grift!
scellus · 4h ago
The new version of Bitchat (from Jack Dorsey) is interesting: it's a chat over BLE mesh, but says that it'll continue the chat on the nostr infrastructure if two (in principle anonymous) participants fave each other in the app. Haven't had able to try this out yet.
ta12653421 · 2h ago
BitChat from Jack Dorsey
cedws · 7h ago
Tox also.
upeiYaer · 3h ago
Are politicians really exempt? Must be some really high profile pedophiles, or pedophile supporters between them, like those in the Hungarian government - they support this by the way.
Who are the actors behind the ChatControl initiative?
I remember reading their names being blacked out.
dariosalvi78 · 4h ago
Danes and Swedes are in the forefront
PeterStuer · 4h ago
DSA was pushed by the very controversial Thierry Breton, former CEO of Atos, then European commissioner for the internal market, now on the advisory council of Bank of America.
Atos btw is the company that leads in receiving money to construct Europe's virtual security infrastructure.
But the proposal was ultimately supported by a substantial majority in parliament, led by the christians, socialists. liberals and greens.
They say it's the Swedes, but that's not accurate. Thorn is a NSA-run charity that has been lobbying for this since 2012.
vaylian · 2h ago
Interesting. Do you have a source for the connection between the NSA and Thorn?
tucnak · 1m ago
Its board, as well as boards of the related orgs, is crawling with ex-State guys, even some CIA assets (most recently Fernando Ruiz Perez) etc. They're in bed with WeProtect (State Dept) as well as McCain Institute guys.
"As of July 2013, Thorn is in talks with leading internet companies (Facebook, Microsoft, Google, Twitter and at least three others) to collaborate on creating a database of millions of child abuse images on the web."
So if one messed up person likes that stuff, I guess they might aim towards working there?
croes · 1h ago
Wouldn‘t be the first time something like this happens
thbb123 · 4h ago
How comes US celebrities have to create their foundation in Sweden instead of the US?
dlcarrier · 4h ago
EU logic: Want to centrally track users with personally identifiably information? Great! Want to store anonymized data with local cookies, that the user can delete, disable, or doctor at any time? That should be heavily restricted with constant intrusive warnings.
throwawayqqq11 · 4h ago
Local governments all over the EU tried to push internet surveillance for a long time. Today, apparently the political landscale is ripe for their success.
Considering the endurance and BS justifications they brought up for so long tells me, there is a is a coordinated effort behind the scenes going on for decades now.
Dissmissing it with incompetence, like "EU logic" is naive, imo.
bboygravity · 4h ago
I have the same opinion, but I can't think of who or what would be pushing for that?
Unless it's just the US and NSA again actually somehow having trouble with bypassing encryption? Like just push the EU to do some more spying that the US/NSA can then use to see more? I find this somewhat hard to believe since in my mind the NSA is on every US server and can probably just get unencrypted everything from spyware (the OS itself) on all end-points.
Maybe governments/humans simply eventually naturally pivot to power grabbing and this was going to happen all along everywhere?
It's also not an EU-only thing. It's been happening all over the west, partners of the US and even outside of the west: UK, Australia, Colombia, Mexico, the Koreas, China, Russia, etc.
Any other ideas?
debugnik · 2h ago
Our own governments are pushing for it, simple as that. I live in Spain, and both left and right parties, and to a lesser degree their voters, are increasingly leaning authoritarian and tacitly agree to extend surveillance; the police and specially the gendarmerie lobby for it as well.
So our parties are drooling at the idea of extending surveillance by EU directive so they can point fingers at the EU instead of risking losing votes.
It's no surprise to me, then, that in the document leaked to Wired in 2023[1], our country's position was the most extreme:
> In our view, it would be desirable to legislatively prevent EU-based service providers from
implementing end-to-end encryption.
There may have been external lobbying, but it wasn't necessary.
> coordinated effort behind the scenes going on for decades
It's an open conspiracy among the global ruling class, including people and organizations collaborating at places like the World Economic Forum and Bilderberg meetings. *Adjusts tin-foil hat.*
The interests of the rich and powerful are aligned to coordinate an international effort for more surveillance of the public, control of information flow and communication. It's part of the rising tide of authoritarianism and frankly fascism.
throwawayqqq11 · 1h ago
I could call the recent right-shift in the west a coordinated effort too and in many cases, this would be a decent explanation, catching private media outlets, biased and centralizes social media, spineless populistic politicians and the donor class behind them but ...
Some cases are much more benign. Like the police, only seeing their need for more privacy invasions to achive their goals, meeting a tumbling elected politician with the need to pose as tough on crime. Both sides ignore anything beyong their horizon. Here, you have good old incompetence, esp on the politicians side. Pair that again with the populus feeling the need, that something drastical has to be done and you would have an alternative explanation.
As sad as it sounds, but a fascistic government, comming out of a democracy is not a failure of democracy. Many people dont care about big topics, correlations and history repeating itself. They are willing to sacrifice rights, piece by piece, others have fought died for. Besides a lack of governmental transparency, this ignorance, small and large scale, and its todays normalization are the problems i see here.
I cant help it, but i realized first hand (as i assume, many others did too) that this ignorance is often more than just a small mistakem done by individuals. Today, i see it as a cognitive deficiency.
Take one extreme for example, flat earthers. There are many simple physical experiments or celestial observations one could do, to conclude, that the earth is a sphere, but not for them. Confronting FEs with contradictions will only lead to reactance (ad hoc rejection), no matter how polite or enduring you are or striking your arguments are. I know this first hand. If you are lucky, you might encounter and open state of mind that struggles with the cognitive dissonance, you have induced, but only for a short time. Having lasting effects on some strongly biased mind resembles something like a long term therapy: an open mind / willingness for therapy and regular confrontig sessions. If all those self proclaimed critical thinkers were able, to not only change their minds on a whim but would actively seek contradictions in their believes on their own, the world would be a much better place. Can you tell me any historical atrocity commited by societies, where some believe about a superior truth or some absolute good/evil was not at the very core of it? I cant.
The same biased reasoning about a superior truth can be found in modern politics today. In essence, its people rallying around some vague group identity or against some other group (in/out group characteristics) and irrationally attack/discard $symbol criticism as if its fight-or-flight time because the apes survival dependeds of the tribe. MAGA accolytes could realize them selfs, that 1st gen. mexican migrants have a significant lower crime rate and thus crime emerges from within the US, but they dont. It doesnt cross their mind 0, that someone willing to migrate is also willing to work for a stable future. Instead, they rally arround "mass deportation" and will post hoc rationalize any atrocity of their supreme leader.
After Nazi-germany lost the war, the tribe was shattered and it was tabu to speak about or do $symbol in public. For a brief moment in time, it looked like the populus could actually learn, that history is not a loop but even though most AFD accolytes agree on the evil atrocities of that time, they still fall for the nostalgic unity strength and role model of it, they would like to see "tribe great again" and absolute evil being dealt with and ignore anything beyong, including your well-meaning, factual arguments. So why even try?
I cant help it, but i think changing the message to a primarily emotional one might be a better strategy. I am not saying we should ignore factual arguments but since disgust towards out groups can be such a strong source of bias, why not use it against them and make xenophobia disgusting again, like its 1945.
I like Gavin Newsoms recent trolling and hope he doesnt degrade into simple insults only. He does, what is neede, wresling with a pig and i think we all should convey the same derogatory message, while the communication channels are still unfiltered. The other side does not want to have a truley open discourse, they want us to be silent.
I know, this can be seen as inflammatory and counter productive but i think the polite approach is even more futile.
Now you know about my ideas :)
hdgvhicv · 3h ago
EU logic is only government should be able to track personal information
US logic is only billion dollar companies should track personal information
Personally I prefer the former as governments will spend my tax money on getting the data from the billion dollar companies anyway, and those companies will exponentially monetise it because they are required to
croes · 4h ago
The GDPR isn’t about anonymized data stored in local cookies.
seydor · 5h ago
When left unchecked and unaccountable, regulators will grow to fill the volume of their container
tokai · 9h ago
I wonder what the chances are that the ECJ could look at employing actions for annulment against chat control, if it is passed. It is possible for private individuals to ask the court to annul an EU act that directly concerns them. So even if governmental structures across EU does not want it challenged, the issue could still be brought to the court.
ekianjo · 9h ago
has the ECJ ever done anything like that before?
tokai · 9h ago
Yes all the time. Seems like there is a handful cases a year. Poland, as an example, has won 19 annulments between 2004–2023.
bjelkeman-again · 6h ago
The big one in 2020 I think was this one where they ruled against data retention.
> When executing the detection order, providers should take all available safeguard measures to ensure that the technologies employed by them cannot be used by them or their employees for purposes other than compliance with this Regulation, nor by third parties, and thus to avoid undermining the security and confidentiality of the communications of users.
EU demands impossible.
wolvesechoes · 4h ago
HN discovers there is unsolvable tension between public, its interest and its institutions, Ep. 1234.
silverliver · 42m ago
Isn't democracy rendered impossible with laws like this?
I mean, if slavery was still legal or LGPT still illegal, would the government have been able to use this technology to smother political movements before they ever start? Wouldn't the government be able to add client-side scanning for words or phrases they don't like (not just images of child abuse)?
For democracy to work at all, people must at least be able to freely discuss there contrarian thoughts amongst themselves, even if they run contrary to the ruling party's wishes. I did not expect the cradle of democracy to be the one to kill it.
moktonar · 1h ago
Can you hear that Mr.Anderson? That is the sound of inevitability..
Did you really have to add the Israeli thing there?
News flash: every country in the world has an Epstein. Even Epstein has been replaced and a new guy is doing his work. Or does anybody really believe that child abuse among elites in the US and globally has suddenly stopped when Epstein was suicided?
t0lo · 3h ago
This isn't even epstein, it's an active member of the likud party, but since you've mentioned epstein i guess i should say that the former prime minister of israel also visited his island numerous times and bolster my point. And yeah, it's my moral obligation to include it.
No comments yet
echelon · 5h ago
I hate the "protect the children" argument so much.
Birth rates are so low that a lot of people don't even have kids. Why should we preference other people's children to a total invasion of our privacy? Shouldn't those parents mind their own offspring?
Stop putting god and other people's children in my life. That's none of the government's business.
cenamus · 4h ago
The other point is that people don't even care. Teachers with CP possession don't do any time, just one or two year suspended sentence. Most of the terrorists, be it by bus, truck, gun or knife, were well known to the police ahead of time. Did that stop the attacks? Would more "chat control" change any of that? Fuck no....
continuational · 3h ago
I don't like that argument either.
However, the continued existence of society requires other people's children, so maybe it's a pretty important investment?
t0lo · 4h ago
It's an interesting argument that with a declining birth rate childrens protection should be less in the picture. I'm more inclined to think that we owe it to the next generation to give them something viable and recognisable as a childhood, and it's communities obligation to raise them. Those who want privacy will usually find it.
wolvesechoes · 4h ago
> Stop putting god and other people's children in my life. That's none of the government's business
This is very naive worldview.
echelon · 4h ago
No it's not. People need to leave other people alone.
Stop imposing religion, lifestyle, judgment. Live and let live.
What people do with their own lives is none of anybody else's business.
wolvesechoes · 3h ago
It is naive - you mistake reality and your expectations.
lukan · 3h ago
What makes you think he is unaware of reality?
He just expresses his demands at this reality, or rather the small part of reality that human society occupies.
I am pretty sure he is aware that the default is rather intrusive - but that doesn't mean that is the right default.
wolvesechoes · 2h ago
Because of:
What people do with their own lives is none of anybody else's business.
One of the main characteristics of the society is that its members take business in what other people do with their own lives.
Saying that it shouldn't be the case is not a proposal for a different society, but for abolishing it altogether, and thus naive.
lukan · 2h ago
"One of the main characteristics of the society is that its members take business in what other people do with their own lives."
That is your definition of societey, but one I consider close to totalitarian. And yeah, sadly it is the standard, but there are societies that stick together, so each member has better chances of living their own live and not so each members lives the live that the others force them to live.
t0lo · 1h ago
That's arguably a selfish way to live- where no one cares about anyone but themselves. You would just be people living next to eachother, not a community.
lukan · 1h ago
Missundertanding (hopefully).
Saying other people may not interfer uninvited in my life is not the same as saying people may not care about me.
I care about other people and interfer in their life, because in the case of my kids, they cannot sustain on their own and they want me as their parent. So there is consent in general about it.
But I am not telling my neibghors that they must wear a warm jacket when it is cold.
(Or that they may not consume porn, to not go to hell)
There is a slight difference between offering help for example and forcing someone to do things in a different way, no matter how well intentioned.
t0lo · 3h ago
Liberty is good, but individuation and atomisation can break a community if it goes too far. If you don't feel any obligation to the state that helped you what hope do you have for national unity.
globalnode · 10h ago
Nudge the door open with child abuse "concern" and then expand to your hearts content later. The analogy of it being like a police officer standing next to you while you chat online to a friend was great. He was joking when he said "lets cancel cars" but it might happen in the distant future. Letting people control heavy projectiles doesnt seem like such a great idea.
No comments yet
SilverElfin · 9h ago
Start with protecting children. Then something about misinformation. Then about defending democracy. Then about stopping terrorism. And soon you can escalate your authoritarian policy to just about anything.
This is why having the structure of fundamental civil rights, like in the US constitution, is important. I’m surprised the EU doesn’t seem to have such protections for free speech and privacy and against warrantless surveillance.
tokai · 9h ago
Between FISC, the Patriot Act/USA Freedom Act, and such it doesn't seem like the US constitution is doing a good job at protecting anyone. There is a long wikipedia article named Mass surveillance in the United States, but not yet one for the EU.
aspenmayer · 7h ago
> There is a long wikipedia article named Mass surveillance in the United States, but not yet one for the EU.
I agree with your other points. There is this though:
I don’t disagree. But there is still far more protection for free speech in the US than in the EU, where wrongthink is not acceptable to the powers that be. It is a huge regression and for some reason, culturally Europe seems to be modeling itself more after China than the US, with whom it shares more history and values.
em-bee · 7h ago
i have lived in all three places (15 years in china) and i have to respond with an empathic no.
what we are seeing is that thanks to social media, more discourse is public. which leads to more prosecutions. that is not a regression. that stuff has always been prosecuted. and they go against hate speech, not wrong think.
moi2388 · 4h ago
Hate speech is wrong think.
Threats are something different
em-bee · 32m ago
hate speech is no clearly defined, so maybe we need to talk about that. wikipedia translates the german term "Volksverhetzung" to "incitement to hatred", but that's not actually a good translation, because it rather means "incitement to hatred against a whole people". besides that here is strong language directed against individuals that is designed to hurt them. in germany that is defined as insult to your honor or dignity and incitement to violence. the devil is in the details of course, and there are many expressions that are borderline and depend on context. but i think we can agree that such speech is generally not wanted. whether it should be punished is another question, but in my opinion "wrong think" goes way beyond what i described here. one topic that does go beyond hate speech that may be problematic is expressions that threatens the democracy. i couldn't find any good examples for that yet other than democracy being threatened by radicalization, polarization and political violence. so presumably anything that leads to that, most of which is already covered by hate speech.
ekianjo · 5h ago
hate speech is a hazy definition that depends only on the party in power, so it means no protection if you rely on that
FranzFerdiNaN · 5h ago
I dunno, right now America bans or locks up travelers for having fat Vance memes on their phone. So you tell me who is turning more towards China.
burnerthrow008 · 4h ago
Customs officers everywhere have almost unlimited discretion to deny entry.
While I think the Vance meme reflects very poorly on my country, it is always advisable to remember that you have very limited rights in every country while crossing the border and that it best not to piss off the officers. Travel StackExchange is filled with Q&A’s about how to what to do when the customs officials of various rich countries apply their discretion to deny entry, often for reasons even more petty than having a meme.
owenversteeg · 7h ago
I have long campaigned against Fourth Amendment violations in the US, but to compare the US and the EU is laughable. The difference is night and day in every aspect, from constitutional rights to privacy (virtually worthless in most EU constitutions vs quite broad in the US) to practical surveillance (far deeper and broader in the EU) to court requirements for access for typical requests (commonplace in the US, rare in the EU.)
As an example of one of those points, the US right to privacy was long considered so broad that it served as the _foundation of the right to abortion_ in the US for decades! By contrast, to pick an EU example, the Dutch right to privacy is so weak that it is quite literally written into the Dutch constitution as “except as limited by law”; in other words, nearly worthless.
To compare them by presence of a Wikipedia page is beyond ridiculous.
forgotoldacc · 6h ago
But what exactly does privacy entail in the US?
Your address and phone number are publicly available with a Google search. I've been stalked and had someone show up at my house after moving (and I have zero social media presence) because, for some reason, my personal info was all online and easily found by googling my name.
People can take a video of you, shame you for some random thing, and have your face and name known to millions by the end of the day.
The NSA can access all your online data and share it with whoever they want. Companies do it on their behalf as well. Cops can dig through your car just by saying it smells funny.
A right to privacy somehow was construed as the right to an abortion. But the right to privacy never meant you have the right to keep anything private. In some other countries, you can easily have your data taken down from public view online and sue (and win against) people who violate that right. That's an uphill battle in the US.
hdgvhicv · 3h ago
American freedom is general is based on “might makes right”, whether that’s the well armed gunslinger in the old west, the lawyered up millionaire in the courts, or the billion dollar company using their freedom of speech to obliterate yours.
Everyone has the same freedom to use their resources to maximise that freedoms to help with where the fiat meets the nose.
guitarbill · 7h ago
In the US, mugshots of people are published before they have been found guilty.
Comparing privacy laws by example is beyond ridiculous. And there are big cultural differences what "privacy" entails.
dmix · 8h ago
FISA and patriot act are very controversial, the EU doing the same thing but far worse isn’t a good argument to stand on merely because the US gets talked about more on Wikipedia and therefore the press (which is one of the primary acceptable sources for a wiki article). Not to mention places like Germany and France did much of what NSA was doing back in the 2000s, often with even more leeway.
If anything censorship and extensive government oversight of peoples lives in EU and UK is far less controversial so there isn’t much of a push back. As you can see every time this comes up on HN where people in the EU defend it.
janalsncm · 5h ago
> FISA and patriot act are very controversial
They are controversial with the public. They are not controversial within the government.
hdgvhicv · 3h ago
I suspect they aren’t controversial with the public either.
With certain subsets of the public sure.
Similar response to the “give your passport to shady company” act in the U.K - the majority of the public support it.
em-bee · 8h ago
* I’m surprised the EU doesn’t seem to have such protections for free speech and privacy and against warrantless surveillance*
individual countries, such as germany do have these protections.
closewith · 5h ago
Unless you oppose genocide, in which case your freedom of speech evaporates.
No comments yet
hdgvhicv · 3h ago
The biggest set of propaganda is that America has “free speech”
ElFitz · 4h ago
According to Wikipedia, the Russian constitution mentions the following:
1. Everyone shall have the right to the inviolability of private life, personal and family secrets, the protection of honour and good name.
2. Everyone shall have the right to privacy of correspondence, of telephone conversations, postal, telegraph and other messages. Limitations of this right shall be allowed only by court decision.
And yet, they have the SORM and SORM-2 laws.
cookiengineer · 2h ago
I want to be not snarky but I can't:
Which constitution are you talking about? The one that includes the House of Congress' right to militia to defend the constitution...or the one without that article?
Lately, the constitution of the US is as much worth as toilet paper, because the Trump administration does everything to exploit it using the "invasion excuse".
In Europe, there is the EU charta of fundamental human rights. If they are violated, laws can be fought above country level.
Covid was only 5 years ago can you imagine what people would have used this sort of power for during the lockdowns? How are people's memories so short especially with regards to such a traumatic experience that we all had?
kanbara · 6h ago
if the framing is “pandemic controls bad because my rights are more important than public health in a global pandemic” it’s not a very convincing argument.
we should stick to actual fact and issue here which is that these tools are bad for human rights NOW. not some mythic pandemic is bad bogeyman
closewith · 5h ago
Most people in Europe were happy with the pandemic response, so that's a non-issue.
eviks · 6h ago
At least we got the cookies banners, that must count for something, right?
WA · 5h ago
Please stop repeating this nonsense. The GDPR never mentioned cookie banners. This is the industry‘s shitty solution to forcing users to consent with tracking.
You can run a perfectly fine website with zero cookie banners if you simply don’t track your users and don’t expose them to third parties that do track them.
Hence, all websites implementing cookie banners are the culprits here, not the GDPR.
panstromek · 4h ago
If the law incentivises bad behaviour, it's a bad law.
makeitdouble · 4h ago
Is your base assumption that putting up a cookie banner is worse than silently stalking users without permission ?
bboygravity · 3h ago
Absolutely yes.
I can block coockies using simple addons, which is WAY lower effort than clicking through a deliberate dark-pattern that is different on EVERY website (or using complex addons with lookup tables for every website).
Asraelite · 3h ago
It's not about cookies specifically, they're just one of the many ways you can be tracked.
You can't realistically block fingerprinting without serious effort, and you can't block your IP without using a VPN (which causes a bunch of other problems with sites not serving you).
panstromek · 3h ago
That's a false dichotomy - clearly there's more options than these two. There's definitely a better way to address this issue.
On the other hand, between those two, it arguably is worse, because we now live in worst of both worlds - we still get a ton of stalking but we now have those cookie banners on top of that.
tomgp · 4h ago
the behaviour was already bad (sharing your personal information with 1000s of “trusted partners”), companies just want to keep doing it even if it inconveniences their users.
hdgvhicv · 3h ago
Having to pay for train tickets incentivises people to jump ticket barriers. Is that a bad law?
The only problem with GDPR is the lack of serious enforcement against data abusers and their political adverts (“cookie banners”)
pembrook · 1h ago
Terrible analogy.
The correct analogy would be California’s toxic substance regulations.
They’re vaguely worded and enforcement is applied randomly based on whatever company is getting bad press at the time. So virtually everything sold in California carries a sticker saying essentially that “this product may cause birth defects.”
Even companies selling products that don’t contain any of these chemicals do so, out of fear of the asymmetric power wielded by the state.
Do a majority of train passengers jump the ticket barriers because they are afraid they might get fined billions of euros if they don’t?
hdgvhicv · 29m ago
The majority of companies have cookie banners because they want to track and monetise their customers and hope they can trick them into agreeing
jillesvangurp · 3h ago
The laws necessitating cookie banners came into effect long before GDPR. That would be the 2002 EU ePrivacy Directive. The GDPR (2018) concerns the handling and storing of personal information, the mandatory disclosure of how this is done, and the mandatory right users to ask what data is being stored and deleting that data. There aren't any cookie banners in native apps. But they still need to comply with GDPR. And you can get into trouble for mishandling privacy sensitive information.
That law has been pretty successful to the point where there have been debates in the US about adopting similar laws.
The common US media company interpretation to declare their websites an abusive UX disaster zone and put their contempt and complete disregard for their main product (users) on full display is entirely on them and their sleazy lawyers trying to find ways where they can still do their sleazy business. This is made worse by incompetent web designers deciding that this is apparently "the way things should be done" without questioning that. Most cookie banners are just the result of their (mis)interpretation of the law, lazy copying of some shitty website they once saw, and the perceived need to provide lots of legal ass coverage for what under GDPR is flat out just not allowed at all.
Worse, the jury is actually still out on whether the highly misleading language, dark patterns, etc. are actually not illegal in themselves. They might very well be. Lots of companies got some really bad advice regarding GDPR. And some EU companies have actually been fined for doing it wrong.
exe34 · 4h ago
does the law incentivise bad behaviour here or greed?
raffraffraff · 1h ago
> You can run a perfectly fine website with zero cookie banners if you simply don’t track your users and don’t expose them to third parties that do track them.
I run an extremely simple static website with some JavaScript that lets the user keep track of their state between visits. I have no way to access their cookie, and nothing on the website sends data to me (in fact, can't, since it's a static site running on Cloudflare pages). I never really thought about whether or not I need to add a cookie banner, I just... Didn't.
Legally though... Do I need to?
pembrook · 4h ago
Please stop repeating this nonsense defense of poorly designed policy.
When everybody is using it wrong, the problem isn’t “everybody.” The problem is your design.
Cookie consent should be a centralized browser based setting and nothing more. And the default should be some middle ground compromise that both the most privacy obsessed people AND businesses are not happy with.
burnerthrow008 · 5h ago
So why do so many European government websites have cookie banners?
Because you could sit down and read the GDPR in an afternoon, and actually understand it yourself. After all, you've had 9 years to do that.
eviks · 4h ago
I challenge you to demonstrate the supposed understanding you have that would explain why that website is following "industry‘s shitty solution to forcing users to consent with tracking." (and not even each industry website does such stupid full page banners) instead of using non-shitty solutions.
troupo · 57m ago
It's a good question, which has a very obvious answer: even government websites are built by clueless people and/or marketers and/or using shitty tech.
Which you can see when you click on "personalise" in the cookie banner.
You've failed the challenge because your answer doesn't depend on wasting your afternoon to read and understand GDPR
wolvesechoes · 4h ago
You expect too much.
pembrook · 1h ago
Obviously you haven’t either, because GDPR says nothing about cookie banners.
Cookie banners are the result of a different piece of legislation, the ePrivacy directive. Have you read that one too?
What about all the latest judicial actions regarding data transfers to 3rd parties that have gone back and forth due to ongoing legal cases? Legislation is totally irrelevant without the context of the latest judicial precedent.
Did you read the entirely of the schrems decisions and the analysis of what that means for using or offering any technology services? Having read GDPR is irrelevant when one day Google analytics is okay to use and the next day it's not due to one court case.
What about the latest data transfer agreements between the US and EU that invalidated the use of standard contractual clauses, and the above prior Schrems decisions? You've had years at this point.
Do you think it’s good to insult and assume bad faith from your fellow internet commenters about a topic you actually don't understand yourself?
troupo · 1h ago
> Cookie banners are the result of a different piece of legislation, the ePrivacy directive. Have you read that one too?
The huge obnoxious cookie banners that everyone pretends are due to GDPR are neither due to GDPR nor due to ePrivacy.
It's the industry's unashamed deliberate sabotage of GDPR
pembrook · 56m ago
Oh definitely, the decentralized private market absolutely got together in secret to devise a plan to undermine the beautifully designed EU legislation by using cookie banners.
My flower shop down the street that has a cookie banner on their Wix website is secretly trying to undermine the government.
It couldn't possibly be that the largely unaccountable central planners in the EU's technocratic maze of a government designed a dumb piece of legislation.
SpicyLemonZest · 4h ago
You can, and I have, and it clearly requires almost any modern website to have a cookie banner. Which shouldn't be too surprising, when you go to gdpr.eu and see the cookie banner at the bottom. It's possible in principle to jump through the crazy hoops required to avoid it, but the only sites I've ever seen do so are national Data Protection Authorities.
hdgvhicv · 3h ago
I see no cookie banners on this site.
eviks · 2h ago
Ok, but others do.
hdgvhicv · 2h ago
On HN?
troupo · 1h ago
> it clearly requires almost any modern website to have a cookie banner.
It doesn't
> when you go to gdpr.eu and see the cookie banner at the bottom.
Imagine if you also read why they have it
narrator · 4h ago
They publicly go to privacy church every Sunday, but meanwhile they are worshipping the surveillance state cult in the back rooms.
ekianjo · 9h ago
Louis makes it sound that its actually for protecting the children but we all know its just an excuse for surveillance, control, and ultimately jailing people for wrong opinions (a real threat in the EU since there is no protection of Freedom of Speech anywhere)
Maken · 8h ago
The European Convention of Human Rights explicitly protects freedom of expression.
October, 2018: "In Europe, Speech Is an Alienable Right: [the European Court of Human Rights] upheld an Austrian woman’s conviction for disparaging the Prophet Muhammad."
>On Thursday, the European Court of Human Rights (ECHR) upheld her 2011 conviction for “disparagement of religious precepts,” a crime in Austria. The facts of what E.S. did are not in dispute. She held “seminars” in which she presented her view that Muhammad was indeed a child molester. Dominant Islamic traditions hold that Muhammad’s third wife, Aisha, was 6 at the time of their marriage and 9 at its consummation. Muhammad was in his early 50s. The Austrian woman repeated these claims, and the Austrian court ruled that she had to pay 480 euros or spend 60 days in the slammer. The ECHR ruled that Austria had not violated her rights.
nope. part 2 of the article 10 basically nullifes the freedom of speech for any bs reason given by the government. that counts for nothing.
layer8 · 3h ago
The judiciary deciding about reasons is independent from the governments.
ekianjo · 6m ago
national security is not up to the judiciary
> The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.
em-bee · 9h ago
jailing people for wrong opinions (a real threat in the EU since there is no protection of Freedom of Speech anywhere)
how do you figure that? the freedom of opinion is explicitly enshrined in the german constitution for example. there are limitations, but these are very specific and not arbitrary.
gemany is in fact one of the countries the provides the most protection for your opinion world wide, as long as that opinion is not based on obvious falsehoods (like holocaust denial), or stirs up hatred against a group of people. you can however criticize others and at this point germany provides even more protection than the US.
wmf · 8h ago
"Hatred against a group of people" has been stretched to the breaking point in recent years.
em-bee · 8h ago
in germany? examples please.
wmf · 8h ago
After a minute of searching... https://www.nytimes.com/2022/09/23/technology/germany-intern... I admit that these cases are arguable but by the same token the police don't have to respond to every mistake with a dawn raid. Even the US Secret Service has more discretion than this.
em-bee · 8h ago
i agree with the overuse of raids, but i didn't see anything mentioned that didn't warrant at least some investigation.
bentley · 7h ago
Not even the multiple cases of an individual doing nothing but call a politician a dick on social media?
> Last year, Andy Grote, a city senator responsible for public safety and the police in Hamburg, broke the local social distancing rules — which he was in charge of enforcing — by hosting a small election party in a downtown bar.
> After Mr. Grote later made remarks admonishing others for hosting parties during the pandemic, a Twitter user wrote: “Du bist so 1 Pimmel” (“You are such a penis”).
> Three months later, six police officers raided the house of the man who had posted the insult, looking for his electronic devices. The incident caused an uproar.
...
> In response to a message by [politician] Mr. Jurca criticizing Muslims, Mr. Mai posted a link to a picture of the mural [saying “Du bist so 1 Pimmel”].
> Several weeks later, four police officers pounded on Mr. Mai’s door at 6 a.m. with a warrant to confiscate his electronics. Mr. Jurca had filed a police report claiming the link to the photo was an insult.
em-bee · 13m ago
call a politician a dick on social media
in germany that is covered under insult against the honor and dignity of an individual. i don't know about this case, but this is generally only prosecuted when the insulted asks for it, and in most cases is a civil mater. that the incident caused an uproar shows that the response this case is an example of overreach, but overreach happens everywhere, and is an issue in itself. he question here is, is the risk for overreach more dangerous than removing the law/protection. this is certainly debatable.
achierius · 8h ago
The continual harassment of socialist parties by the government, including declarations that any group following Marxist philosophy is necessarily acting towards an unconstitutional goal.
em-bee · 8h ago
because they are calling for a revolution, not reforms. revolution is an unconstitutional goal. if they believe that marxist philosophy can be achieved without a revolution they better ought to make that very clear. and to my knowledge the treatment of communists in the US was way worse.
burnerthrow008 · 4h ago
Yes, well, calling for a revolution is protected speech in the United States.
It is only if your words are likely to promptly cause someone to commit violence that you can be prosecuted for it.
em-bee · 9m ago
there is a difference between individuals calling for a revolution and organized groups that have that in their program as a goal. the latter is not a theoretical threat but one that has historical precedent.
Right now, in the suppression of protest against the genocide in Palestine.
em-bee · 1m ago
we need to be more specific here. peaceful demonstrations are certainly allowed. it becomes a problem when those demonstrations become violent. suppression would be not allowing these demonstrations in the first place. and if that is the case we need to look at how often that happens and whether the risk for a planned demonstration turning violent justifies not allowing it to take place.
bboygravity · 3h ago
What are you talking about? I see those (clearly very well funded) protests calling for literal unambiguous genocide of the Israeli people "from the river to the sea" almost weekly in every major train station and city center in the EU (and also China which means CCP gov backs the message)?!
Open jew hate in Europe hasn't been this elevated since WWII.
closewith · 19m ago
> Open jew hate in Europe hasn't been this elevated since WWII.
Opposition to genocide or to Israel is not anti-Semitism.
tonyhart7 · 6h ago
that's what I am thinking, EU made GDPR that is good move prevent any third party to extract privacy data illegally but still doing it to themselves anyway
like what's happening????
jcdentonn · 5h ago
Nobody is doing it. The law doesn't exist yet in the EU.
xyzal · 4h ago
Does anyone know where to find the text of the proposal? I wasn't able to find it.
I voted for the only candidate that was clearly against this. However, the companies are suppose to do the scanning, not the police. Corporations like Meta already does things like this for sure. The difference is that they now will have to share potential crimes with the police. For Signal it is worse since it can't be added.
throwaway290 · 2h ago
for ages I was saying "do not ignore crime that is now allowed to scale and proliferate thanks to e2e" (very much similar to crypto). If you accept this reality and work with the government you can arrive at a decent compromise that is not 100% bad. If you ignore reality and cover your ears and shout "nananana", the government will find a way and I guarantee you it will be a dumb way that undermines privacy way more. News at 11, the government did.
Let's pick our pitchforks up and pretend sexual abuse monetization or human trafficking are not taken to the next level thanks to end to end encryption. We gotta make police do their damn jobs right? It's not our fault we invent new and improved ways that prevent police from doing that.
SanjayMehta · 10h ago
European governments are all for free speech whilst imposing sanctions and invading other countries to export “democracy and human rights.”
Fascinating to watch.
(Downvoted, as expected. The hypocrisy on this site is absolutely adorable.)
FranzFerdiNaN · 5h ago
Which countries have been invaded by European countries to bring democracy? Because America started multiple wars for that in the last 70 years, not Europe.
closewith · 5h ago
Iraq, Afghanistan, Mali, Somalia. The expeditionary European powers like the UK, Spain, etc can't hide behind the US when they were willing participants.
sMarsIntruder · 7h ago
It's probably just one single guy scrolling through all the posts and downvoting covered in sweat.
[Confirmed]
ljlolel · 9h ago
Isn’t EU’s justification that they protect you from companies / private industry but they want full government/police control because that’s trusted / socialist?
closewith · 5h ago
The EU is at its heart a neoliberal institution, not at all socialist.
wmf · 8h ago
Yes, privacy has worked that way for a long time. There's no gotcha here.
tclover · 3h ago
absolutely expected, EU supports neo-nazis Kiev, now they want to end privacy, all well expected
I_am_tiberius · 10h ago
It's good to see there are still rational Americans.
reactordev · 10h ago
sniff encrypted chats, hahaha. Some law makers are completely clueless. I like Louis Rossmann. He looks like he’s been up stressed for weeks, yet his arguments are pretty level headed.
tiku · 4h ago
What if we make chats obfuscated instead of encrypted? So send a lot more data per sentence/word. It would need some sort of key on both sides to make sense of the data but it would be hard to use it without it. Or would that fall under the definition encryption?
ck512 · 4h ago
Security by obscurity is generally known to be ineffective; it's not an obstacle for even sightly dedicated thread-actors.
Whenever I hear someone telling me they have nothing to hide, I ask them to unlock their phone and hand it to me. The joke still goes over people heads sometimes.
[0]: https://idiallo.com/blog/nothing-to-hide
But I "trust" the gouvernement in a different way that I trust you.
- With that access you can also "do" things, like sending messages or delete stuff.
- I'm worried that you could judge me in a different way than the government would judge me. Because if you are a friend I care how you see me. But I don't care what the authorities think of me as long as I don't do anything illegal, they won't care.
(Just playing devil's advocate here)
There isn't any reason to think people are obeying the laws in the privacy of their own spaces. Historically there are actually good reasons to think people are disobeying the law, but the laws are stupid and it is better not to check unless there is a political opponent to take out (eg, anti-homosexuality regulations).
[0] https://en.wikipedia.org/wiki/Blasphemy_law
There are definitely more countries that have blasphemy laws than are on the list on that page (e.g. Sri Lanka).
No comments yet
If you break E2E encryption, you can likely also impersonate and "do" things.
These things should first be tested for 5 years on every politician and every civil servant, including their families, including their children.
Security researches should be given the freedom to hack that system as much as they can, in order to find security problems, no prosecution guaranteed.
Every access to data should be logged on a public blockchain with pseudonymization of who accessed whose data.
After those 5 years, reports and statistical analysis about the usefulness should be published: how many crimes were prevented, who went to jail for what, who had to go to court for what, with references to the logged data in the blockchain.
Then the public gets to vote on if they want this or not.
Total surveillance, which we are talking about here, is extremely damaging to the subject, eventually all their dirty secrets will be out, legal and illegal.
I also argue that allowing the state to monitor its citizens fundamentally changes it closer a state I don’t want to exist. Nothing good can come out a surveillance state, no matter how small.
The politicians and civil servants will do that for us, which is what we are paying them for anyway: to work for us.
This way they'll think twice if they really want this to get started.
Regarding Chat Control: Do we know who is lobbying for it so much? Maybe journalists should focus on finding dirt on the lobbying organizations, so that everyone knows about them.
Their whole deal is to convince legislators that scanning every image on your device for CSAM is absolutely necessary (https://www.thorn.org/) and then selling a tool to do that to companies (https://safer.io/).
If it's legally required, what else are you gonna do but go to them for a "solution"?
https://balkaninsight.com/2023/09/25/who-benefits-inside-the...
https://balkaninsight.com/2023/09/29/europol-sought-unlimite...
They might have gone so far to have paid for an implementation but it didn't work (like the EU search engine, cloud or whatever) because they are really incompetent.
So now the solution is to do it in the open, just write a dystopian law and force it through the fake parliament. Our only hope now is the practical implementation of ChatControl will also be in practice ineffective.
We are not really living in 1984 or Brave New World, in the EU we are in the 1985 movie Brazil.
The only thing missing is actually the community and usage, because the technology has a network effect, and more users with stable routers provide faster and a more reliable network. So it's indeed slow at the moment. I highly recommend giving it a chance and playing a bit with it. Even for non-anonymity and security cases, it's fun to play with hole punching, global addressing by public keys, and stuff like that, which you can see in things like Iroh and libp2p.
It provides a simple universal SAM interface and libraries to work with it to plug other apps.
Is this like running a Tor node where you could potentially get a knock on the door because somebody else went on some pedo website?
I2P is mainly an overlay network that routes traffic only inside the network. The upside is that providers won't ban your IP for participation if you run a node. I know that with Tor, many datacenters/CDNs don't care whether it's a relay or exit node and will blanket ban all known IPs of the network. You also won't attack someone on the clearnet or somehow participate as a scapegoat in clearnet crimes.
I've never heard about any consequences for running non-exit relays in Tor, though if you're in a country that strictly punishes usage of any anonymous technology, that might be risky anyway.
I2P has several commercial "outproxies" that proxy traffic to the usual internet, but that's not the intended usage and it's not enabled on typical users' routers.
UPD: Anyway, if you feel uncomfortable sharing others' traffic and want to only use it as a client, you can disable transit traffic completely in both Java and C++ implementations.
It really wasn't that long ago that we were all talking about SOPA.
Additionally, keep in mind that controversial laws or proposals, at least in France, are often announced or passed during summer vacation when people are away, limiting scrutiny and attention.
Expect to hear more outrage come September
Large gatekeepers get flack from politicians if they allow "the wrong people" to organize. First they claim there is a huge problem with terrorists/nazis/pedos/etc., maybe even find a couple of real instances of those things, and use that to demand that the gatekeepers Do Something, i.e. set up a censorship apparatus.
But the modern ones are subtle. You don't try to read something and get refused, it just goes to the bottom of the feed where you won't see it. Take advantage of the human failing that busybodies will take petty satisfaction in causing harm to strangers they've been told are their enemies. Let them issue false reports against anyone pointing out the emperor has no clothes. Have the algorithm take those reports seriously, with useless or non-existent customer service that can do nothing about adversarial report brigading. Make it known that this is what happens to people who don't toe the party line so people self-censor and people who don't get shadow banned.
It's an assault on the ability of the public to defend itself from bad ideas.
Large gatekeepers delenda est.
Different indeed.
Privacy is enforced through compliance and civil court actions. In 2018, one of the largest actual data breaches at the time (~300 million customer records) netted about $0.25 per record in penalties, after several years of lawyering. ($52 million (US)/$23 million (UK)).
The EU makes more money fining companies for policy violations:
A €1.2 billion ($1.3 billion) fine was imposed by the Irish Data Protection Commission (DPC) for transferring Facebook users' personal data from the EU to the US in violation of GDPR.
That is what privacy is about.
https://nationalcioreview.com/articles-insights/extra-bytes/...
Politicians from countries like Germany have tried to make EU decide things like this on the "majority principle" for ages (because they know they can bully smaller countries into submission), but we still have the consensus principle.
Every country has to agree. So it takes only one country to put a stop to it.
Beware attacks on checks and balances like this. If they actually work, someone will try to get rid of them.
That tends to confirm my feeling that people in countries that have not suffered from tyrannical government for a long time have forgotten the value of privacy and freedom of speech because they have not seen the consequences in living memory. This is coming when the last of the people who remember the pre WW2 era are dying. Dictatorship is no longer part of living memory.
There has definitely need a cultural change in the UK in the last few decades. People have far more trust in the system (government and big business) or have learned helplessness (in a recent discussion about privacy people told me I was naive to think I could stop my private data being collected anyway so should not bother trying). This was in the context about what people say about their kids (specifically education, mental health, family problems) on Facebook.
> Every country has to agree. So it takes only one country to put a stop to it.
A lot of pressure can be brought on bear on any one country by the rest though.
The government of a country may not have the same view as the people. When the UK was in the EU the government pushed EU surveillance regulation, IMO so they could then then say it was not their fault it was introduced, they had to follow the EU directive (many years ago when there was strong public opposition to more surveillance).
I think it is more complex than that, see Hungary and Poland (though Poland is a bit on the rebound).
It will die this time and they will try to bring it back in 2 years time.
One thing I do not understand is why people in Denmark allow this to happen. Where are the large scale protests against the party that brought this zombie back to life?
Edit: looks like it exists, and is called Briar.
https://chatiwi.com/ seems to be the only real e2e encrypted chat without installling an app (can check the network and source code as it’s just JavaScript)
https://briarproject.org/ and https://tox.chat/ requires to install an app and doesn’t work on iOS.
Briar seems discontinued
“Latest News
AUGUST 31, 2023
Briar Desktop 0.6.0-beta released - blogs“
What's nearly impossible is to make it easy and popular among "normal users". Onboarding would be pretty involved. Adding your friends to the contact list would require jumping through a number of hoops. Having several sessions open (phone and laptop, typically) would not be trivially easy, and synchronizing between them would not be very easy, or automatic. Also, forget about push notifications.
It might be far easier to run an instance of Matrix, or whatever Jabber server, etc, on a private host, with full disk encryption, and only accessible via Wireaguard. It's not hard to set up fully automatically from an app; see how Amnezia Proxy does that.
It, of course, will have a special node (the server), but it's definitely not a public service, and it cannot be encountered by accident. It of course would be limited only to people you would invite. Should be enough for family, friends, a small project community, and other such limited circles. It would not require much tech savvy to set up.
But a grand social media kind of network, like FB or Twitter, can't be run this way, because the UX friction would inevitably be too high for a lay person to care.
I suppose only public services, advertised for new users, are the target of the "chat control" directive. You can't join pseudonymously. But joining my VPN-based chat server would require being my acquaintance; should I ask an ID from a person I met at a pub? If so, should I ask their ID before I engage in a small talk with them in the pub?
We've tried the political solutions for so long, but this thing just keeps coming back. We have to put our lives and day jobs on hold to push back against this, while the authoritarian camp's agenda is carried by people for whom advancing it is their day job. Therefore it costs them nothing to try over and over again, and they only need to succeed once.
I mean, we enjoy workers rights only after decades of violent protests and many deaths, and yet they are still constantly threatened, because its is a nature of power and politics.
But pro-privacy people consider writing a petition a peak of political struggle, and when it fails it is over for them.
This is what people say when they're afraid that technological solutions would actually work.
Technologies have a network effect. If the rest of the world is using a technology which is resistant to censorship or surveillance, any given country will have a harder time banning it, and those technologies defend against governments that violate privacy rights in secret even when the law prohibits them from doing it.
Build privacy into every internet standard and protocol. Make it seven layers deep with no single point of compromise. Make attempts to break it an exercise in futility because it's built so thick into so many things that stripping even a piece of it back out would break the whole world and still not compromise the security of the system.
The cliché about how you should not approach political problems with technical solutions is recited all the time in these threads, but nobody ever presents evidence for this claim. It seems like a meme that is disproportionately useful for those who are confident in their abilities to win any political contest.
You can also go to jail for any of the above, should your particular government authority decide to throw the book at you.
Technical capability is necessary, but rarely sufficient.
There is no "Eureaucracy", Council decides, countries may or may not implement.
https://commission.europa.eu/law/application-eu-law/implemen...
In my opinion, federated is the sweet spot: you do have to trust the server with your account management, but that server can easily be yours, or one you ethically align with, and through it, you will be able to talk with anyone on the network.
P2P sounds great on the surface but in a mobile-first messenging world, that comes with practical tradeoffs in bandwidth and battery consumption, unless you offload discovery and push to trusted servers, at which point you are back to federation with more steps.
Don't you think that it makes them obvious high-value targets? I mean, that's not even like this profusely pragmatic take has no precedent in the real world: the Snowden revelations showed that all major tech companies were in bed with the NSA to spy extrajudicially on everyone. It's a leap of optimism to think they would "fight legally for its own interest in protecting its customers".
Then, compare that to the low-scale/low-value/hobbyist/residential service providers. How high do you think the chances are for a malicious state-actor to "corrupt" many service operators without it widely being known and publicly dealt with? There's also a deniability dimension to this: XMPP uses OMEMO as a zero-knowledge encryption scheme: whatever the users are doing is none of the operator's business, and the choice of encryption scheme and implementation is purely a client-side affair, so now you are no longer dealing with "reluctant" operators, but potentially millions of end-users using strong encryption. And that is assuming the server is operating in the open, but nothing prevents service operators from offering it over tor (with very little impact on the end-user-side), further raising the bar for the malicious state actor.
You can also send encrypted messages over any other medium. You don't need the messenger app to encrypt your messages for you.
One of the common arguments that PGP is bad is that it's "inevitable" that someone will send a message in cleartext, defeating the whole purpose of encrypting your messages. I don't understand this. The fact that this is possible to do is obviously an artifact of the idea that the user should be unable to tell whether the messages they send and receive are encrypted or not. Do the encryption and decryption yourself, and this is not a mistake it's possible to make. Don't confuse the encryption, which is something you do, with the delivery, which is something the channel does. The point of encryption is that the channel can't be trusted!
This is a rare case where it's centralized in practice and yet the option to do your own thing hasn't been removed from the relevant software.
Why? It can easily be the case that that traffic is observable by outside parties. You'd still need to encrypt your communication.
Connecting to the DNS server "securely" doesn't really get you anything except some DOS resistance.
If I know Marisa's public key and Marisa knows Omar's public key, she can sign a message to me saying, "Omar's public key hash is c2ecc3b9b9eb94dcafe228f8d23b1e798597d526358177c95effa6bc0ded3a35". I can then use that key hash to authenticate messages from "Marisa's Omar". If she gives Omar mine too, he and I can set up a private channel without further involving Marisa.
Hopefully we aren't just talking to Marisa's MitM proxy. If other mutuals also know him as "Omar" then I can ask them for his key too, and if I get the same response, I can have more confidence that Marisa isn't playing that trick on us.
Never total confidence, though. You need some way to bootstrap a non-MitMed connection; no evidence can ever prove conclusively that you aren't a Boltzmann brain floating in the post-heat-death void, or Descartes being tricked by his evil demon that controls all his perceptions, or Neo in the Matrix.
But meeting up with one of your friends in person once to exchange either public keys or a shared secret, even before you start using the system, can go a long way to ensuring that you are all actually enjoying privacy.
TLDR: That sounds like it is some kind or grift.
In all seriousness, google the Sidetree Protocol. Daniel Bruchner promoted it at Microsoft. And now we can even do zk-rollups too.
Where was I? Oh yes, some kind of grift!
Just one example from the many:
https://edition.cnn.com/2024/02/17/europe/hungary-child-abus...
I remember reading their names being blacked out.
Atos btw is the company that leads in receiving money to construct Europe's virtual security infrastructure.
But the proposal was ultimately supported by a substantial majority in parliament, led by the christians, socialists. liberals and greens.
https://howtheyvote.eu/votes/139040
It's not obvious, but see this as starting point https://balkaninsight.com/2023/09/25/who-benefits-inside-the...
https://projects.propublica.org/nonprofits/organizations/270...
So if one messed up person likes that stuff, I guess they might aim towards working there?
Considering the endurance and BS justifications they brought up for so long tells me, there is a is a coordinated effort behind the scenes going on for decades now.
Dissmissing it with incompetence, like "EU logic" is naive, imo.
Unless it's just the US and NSA again actually somehow having trouble with bypassing encryption? Like just push the EU to do some more spying that the US/NSA can then use to see more? I find this somewhat hard to believe since in my mind the NSA is on every US server and can probably just get unencrypted everything from spyware (the OS itself) on all end-points.
Maybe governments/humans simply eventually naturally pivot to power grabbing and this was going to happen all along everywhere?
It's also not an EU-only thing. It's been happening all over the west, partners of the US and even outside of the west: UK, Australia, Colombia, Mexico, the Koreas, China, Russia, etc.
Any other ideas?
So our parties are drooling at the idea of extending surveillance by EU directive so they can point fingers at the EU instead of risking losing votes.
It's no surprise to me, then, that in the document leaked to Wired in 2023[1], our country's position was the most extreme:
> In our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption.
There may have been external lobbying, but it wasn't necessary.
[1]: https://www.techdirt.com/2023/05/26/leaked-document-shows-sp...
It's an open conspiracy among the global ruling class, including people and organizations collaborating at places like the World Economic Forum and Bilderberg meetings. *Adjusts tin-foil hat.*
The interests of the rich and powerful are aligned to coordinate an international effort for more surveillance of the public, control of information flow and communication. It's part of the rising tide of authoritarianism and frankly fascism.
Some cases are much more benign. Like the police, only seeing their need for more privacy invasions to achive their goals, meeting a tumbling elected politician with the need to pose as tough on crime. Both sides ignore anything beyong their horizon. Here, you have good old incompetence, esp on the politicians side. Pair that again with the populus feeling the need, that something drastical has to be done and you would have an alternative explanation.
As sad as it sounds, but a fascistic government, comming out of a democracy is not a failure of democracy. Many people dont care about big topics, correlations and history repeating itself. They are willing to sacrifice rights, piece by piece, others have fought died for. Besides a lack of governmental transparency, this ignorance, small and large scale, and its todays normalization are the problems i see here.
I cant help it, but i realized first hand (as i assume, many others did too) that this ignorance is often more than just a small mistakem done by individuals. Today, i see it as a cognitive deficiency.
Take one extreme for example, flat earthers. There are many simple physical experiments or celestial observations one could do, to conclude, that the earth is a sphere, but not for them. Confronting FEs with contradictions will only lead to reactance (ad hoc rejection), no matter how polite or enduring you are or striking your arguments are. I know this first hand. If you are lucky, you might encounter and open state of mind that struggles with the cognitive dissonance, you have induced, but only for a short time. Having lasting effects on some strongly biased mind resembles something like a long term therapy: an open mind / willingness for therapy and regular confrontig sessions. If all those self proclaimed critical thinkers were able, to not only change their minds on a whim but would actively seek contradictions in their believes on their own, the world would be a much better place. Can you tell me any historical atrocity commited by societies, where some believe about a superior truth or some absolute good/evil was not at the very core of it? I cant.
The same biased reasoning about a superior truth can be found in modern politics today. In essence, its people rallying around some vague group identity or against some other group (in/out group characteristics) and irrationally attack/discard $symbol criticism as if its fight-or-flight time because the apes survival dependeds of the tribe. MAGA accolytes could realize them selfs, that 1st gen. mexican migrants have a significant lower crime rate and thus crime emerges from within the US, but they dont. It doesnt cross their mind 0, that someone willing to migrate is also willing to work for a stable future. Instead, they rally arround "mass deportation" and will post hoc rationalize any atrocity of their supreme leader.
After Nazi-germany lost the war, the tribe was shattered and it was tabu to speak about or do $symbol in public. For a brief moment in time, it looked like the populus could actually learn, that history is not a loop but even though most AFD accolytes agree on the evil atrocities of that time, they still fall for the nostalgic unity strength and role model of it, they would like to see "tribe great again" and absolute evil being dealt with and ignore anything beyong, including your well-meaning, factual arguments. So why even try?
I cant help it, but i think changing the message to a primarily emotional one might be a better strategy. I am not saying we should ignore factual arguments but since disgust towards out groups can be such a strong source of bias, why not use it against them and make xenophobia disgusting again, like its 1945.
I like Gavin Newsoms recent trolling and hope he doesnt degrade into simple insults only. He does, what is neede, wresling with a pig and i think we all should convey the same derogatory message, while the communication channels are still unfiltered. The other side does not want to have a truley open discourse, they want us to be silent.
I know, this can be seen as inflammatory and counter productive but i think the polite approach is even more futile.
Now you know about my ideas :)
US logic is only billion dollar companies should track personal information
Personally I prefer the former as governments will spend my tax money on getting the data from the billion dollar companies anyway, and those companies will exponentially monetise it because they are required to
https://curia.europa.eu/jcms/upload/docs/application/pdf/202...
> When executing the detection order, providers should take all available safeguard measures to ensure that the technologies employed by them cannot be used by them or their employees for purposes other than compliance with this Regulation, nor by third parties, and thus to avoid undermining the security and confidentiality of the communications of users.
EU demands impossible.
I mean, if slavery was still legal or LGPT still illegal, would the government have been able to use this technology to smother political movements before they ever start? Wouldn't the government be able to add client-side scanning for words or phrases they don't like (not just images of child abuse)?
For democracy to work at all, people must at least be able to freely discuss there contrarian thoughts amongst themselves, even if they run contrary to the ruling party's wishes. I did not expect the cradle of democracy to be the one to kill it.
News flash: every country in the world has an Epstein. Even Epstein has been replaced and a new guy is doing his work. Or does anybody really believe that child abuse among elites in the US and globally has suddenly stopped when Epstein was suicided?
No comments yet
Birth rates are so low that a lot of people don't even have kids. Why should we preference other people's children to a total invasion of our privacy? Shouldn't those parents mind their own offspring?
Stop putting god and other people's children in my life. That's none of the government's business.
However, the continued existence of society requires other people's children, so maybe it's a pretty important investment?
This is very naive worldview.
Stop imposing religion, lifestyle, judgment. Live and let live.
What people do with their own lives is none of anybody else's business.
I am pretty sure he is aware that the default is rather intrusive - but that doesn't mean that is the right default.
What people do with their own lives is none of anybody else's business.
One of the main characteristics of the society is that its members take business in what other people do with their own lives.
Saying that it shouldn't be the case is not a proposal for a different society, but for abolishing it altogether, and thus naive.
That is your definition of societey, but one I consider close to totalitarian. And yeah, sadly it is the standard, but there are societies that stick together, so each member has better chances of living their own live and not so each members lives the live that the others force them to live.
Saying other people may not interfer uninvited in my life is not the same as saying people may not care about me.
I care about other people and interfer in their life, because in the case of my kids, they cannot sustain on their own and they want me as their parent. So there is consent in general about it.
But I am not telling my neibghors that they must wear a warm jacket when it is cold.
(Or that they may not consume porn, to not go to hell)
There is a slight difference between offering help for example and forcing someone to do things in a different way, no matter how well intentioned.
No comments yet
This is why having the structure of fundamental civil rights, like in the US constitution, is important. I’m surprised the EU doesn’t seem to have such protections for free speech and privacy and against warrantless surveillance.
I agree with your other points. There is this though:
https://en.wikipedia.org/wiki/Mass_surveillance#European_Uni...
what we are seeing is that thanks to social media, more discourse is public. which leads to more prosecutions. that is not a regression. that stuff has always been prosecuted. and they go against hate speech, not wrong think.
Threats are something different
While I think the Vance meme reflects very poorly on my country, it is always advisable to remember that you have very limited rights in every country while crossing the border and that it best not to piss off the officers. Travel StackExchange is filled with Q&A’s about how to what to do when the customs officials of various rich countries apply their discretion to deny entry, often for reasons even more petty than having a meme.
As an example of one of those points, the US right to privacy was long considered so broad that it served as the _foundation of the right to abortion_ in the US for decades! By contrast, to pick an EU example, the Dutch right to privacy is so weak that it is quite literally written into the Dutch constitution as “except as limited by law”; in other words, nearly worthless.
To compare them by presence of a Wikipedia page is beyond ridiculous.
Your address and phone number are publicly available with a Google search. I've been stalked and had someone show up at my house after moving (and I have zero social media presence) because, for some reason, my personal info was all online and easily found by googling my name.
People can take a video of you, shame you for some random thing, and have your face and name known to millions by the end of the day.
The NSA can access all your online data and share it with whoever they want. Companies do it on their behalf as well. Cops can dig through your car just by saying it smells funny.
A right to privacy somehow was construed as the right to an abortion. But the right to privacy never meant you have the right to keep anything private. In some other countries, you can easily have your data taken down from public view online and sue (and win against) people who violate that right. That's an uphill battle in the US.
Everyone has the same freedom to use their resources to maximise that freedoms to help with where the fiat meets the nose.
Comparing privacy laws by example is beyond ridiculous. And there are big cultural differences what "privacy" entails.
If anything censorship and extensive government oversight of peoples lives in EU and UK is far less controversial so there isn’t much of a push back. As you can see every time this comes up on HN where people in the EU defend it.
They are controversial with the public. They are not controversial within the government.
With certain subsets of the public sure.
Similar response to the “give your passport to shady company” act in the U.K - the majority of the public support it.
individual countries, such as germany do have these protections.
No comments yet
1. Everyone shall have the right to the inviolability of private life, personal and family secrets, the protection of honour and good name.
2. Everyone shall have the right to privacy of correspondence, of telephone conversations, postal, telegraph and other messages. Limitations of this right shall be allowed only by court decision.
And yet, they have the SORM and SORM-2 laws.
Which constitution are you talking about? The one that includes the House of Congress' right to militia to defend the constitution...or the one without that article?
Lately, the constitution of the US is as much worth as toilet paper, because the Trump administration does everything to exploit it using the "invasion excuse".
In Europe, there is the EU charta of fundamental human rights. If they are violated, laws can be fought above country level.
[1] https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex:12...
How's that structure working out in upholding fundamental civil rights in the USA?
This is exactly what I think about it: https://youtu.be/J07wReeRF7Y?si=_VfrNiGRnG-_7dHX
we should stick to actual fact and issue here which is that these tools are bad for human rights NOW. not some mythic pandemic is bad bogeyman
You can run a perfectly fine website with zero cookie banners if you simply don’t track your users and don’t expose them to third parties that do track them.
Hence, all websites implementing cookie banners are the culprits here, not the GDPR.
I can block coockies using simple addons, which is WAY lower effort than clicking through a deliberate dark-pattern that is different on EVERY website (or using complex addons with lookup tables for every website).
You can't realistically block fingerprinting without serious effort, and you can't block your IP without using a VPN (which causes a bunch of other problems with sites not serving you).
On the other hand, between those two, it arguably is worse, because we now live in worst of both worlds - we still get a ton of stalking but we now have those cookie banners on top of that.
The only problem with GDPR is the lack of serious enforcement against data abusers and their political adverts (“cookie banners”)
The correct analogy would be California’s toxic substance regulations.
They’re vaguely worded and enforcement is applied randomly based on whatever company is getting bad press at the time. So virtually everything sold in California carries a sticker saying essentially that “this product may cause birth defects.”
Even companies selling products that don’t contain any of these chemicals do so, out of fear of the asymmetric power wielded by the state.
Do a majority of train passengers jump the ticket barriers because they are afraid they might get fined billions of euros if they don’t?
That law has been pretty successful to the point where there have been debates in the US about adopting similar laws.
The common US media company interpretation to declare their websites an abusive UX disaster zone and put their contempt and complete disregard for their main product (users) on full display is entirely on them and their sleazy lawyers trying to find ways where they can still do their sleazy business. This is made worse by incompetent web designers deciding that this is apparently "the way things should be done" without questioning that. Most cookie banners are just the result of their (mis)interpretation of the law, lazy copying of some shitty website they once saw, and the perceived need to provide lots of legal ass coverage for what under GDPR is flat out just not allowed at all.
Worse, the jury is actually still out on whether the highly misleading language, dark patterns, etc. are actually not illegal in themselves. They might very well be. Lots of companies got some really bad advice regarding GDPR. And some EU companies have actually been fined for doing it wrong.
I run an extremely simple static website with some JavaScript that lets the user keep track of their state between visits. I have no way to access their cookie, and nothing on the website sends data to me (in fact, can't, since it's a static site running on Cloudflare pages). I never really thought about whether or not I need to add a cookie banner, I just... Didn't.
Legally though... Do I need to?
When everybody is using it wrong, the problem isn’t “everybody.” The problem is your design.
Cookie consent should be a centralized browser based setting and nothing more. And the default should be some middle ground compromise that both the most privacy obsessed people AND businesses are not happy with.
See, for instance: https://www.info.gouv.fr
Which you can see when you click on "personalise" in the cookie banner.
That's why GitHub reneged on their "no cookies policy" for example: they got taken over by shitty people with shitty tech: https://github.blog/news-insights/company-news/no-cookie-for...
Cookie banners are the result of a different piece of legislation, the ePrivacy directive. Have you read that one too?
What about all the latest judicial actions regarding data transfers to 3rd parties that have gone back and forth due to ongoing legal cases? Legislation is totally irrelevant without the context of the latest judicial precedent.
Did you read the entirely of the schrems decisions and the analysis of what that means for using or offering any technology services? Having read GDPR is irrelevant when one day Google analytics is okay to use and the next day it's not due to one court case.
What about the latest data transfer agreements between the US and EU that invalidated the use of standard contractual clauses, and the above prior Schrems decisions? You've had years at this point.
Do you think it’s good to insult and assume bad faith from your fellow internet commenters about a topic you actually don't understand yourself?
The huge obnoxious cookie banners that everyone pretends are due to GDPR are neither due to GDPR nor due to ePrivacy.
It's the industry's unashamed deliberate sabotage of GDPR
My flower shop down the street that has a cookie banner on their Wix website is secretly trying to undermine the government.
It couldn't possibly be that the largely unaccountable central planners in the EU's technocratic maze of a government designed a dumb piece of legislation.
It doesn't
> when you go to gdpr.eu and see the cookie banner at the bottom.
Imagine if you also read why they have it
>On Thursday, the European Court of Human Rights (ECHR) upheld her 2011 conviction for “disparagement of religious precepts,” a crime in Austria. The facts of what E.S. did are not in dispute. She held “seminars” in which she presented her view that Muhammad was indeed a child molester. Dominant Islamic traditions hold that Muhammad’s third wife, Aisha, was 6 at the time of their marriage and 9 at its consummation. Muhammad was in his early 50s. The Austrian woman repeated these claims, and the Austrian court ruled that she had to pay 480 euros or spend 60 days in the slammer. The ECHR ruled that Austria had not violated her rights.
https://www.theatlantic.com/ideas/archive/2018/10/its-not-fr...
> The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.
how do you figure that? the freedom of opinion is explicitly enshrined in the german constitution for example. there are limitations, but these are very specific and not arbitrary.
gemany is in fact one of the countries the provides the most protection for your opinion world wide, as long as that opinion is not based on obvious falsehoods (like holocaust denial), or stirs up hatred against a group of people. you can however criticize others and at this point germany provides even more protection than the US.
> Last year, Andy Grote, a city senator responsible for public safety and the police in Hamburg, broke the local social distancing rules — which he was in charge of enforcing — by hosting a small election party in a downtown bar.
> After Mr. Grote later made remarks admonishing others for hosting parties during the pandemic, a Twitter user wrote: “Du bist so 1 Pimmel” (“You are such a penis”).
> Three months later, six police officers raided the house of the man who had posted the insult, looking for his electronic devices. The incident caused an uproar.
...
> In response to a message by [politician] Mr. Jurca criticizing Muslims, Mr. Mai posted a link to a picture of the mural [saying “Du bist so 1 Pimmel”].
> Several weeks later, four police officers pounded on Mr. Mai’s door at 6 a.m. with a warrant to confiscate his electronics. Mr. Jurca had filed a police report claiming the link to the photo was an insult.
in germany that is covered under insult against the honor and dignity of an individual. i don't know about this case, but this is generally only prosecuted when the insulted asks for it, and in most cases is a civil mater. that the incident caused an uproar shows that the response this case is an example of overreach, but overreach happens everywhere, and is an issue in itself. he question here is, is the risk for overreach more dangerous than removing the law/protection. this is certainly debatable.
It is only if your words are likely to promptly cause someone to commit violence that you can be prosecuted for it.
https://www.france24.com/en/live-news/20230329-french-woman-...
Open jew hate in Europe hasn't been this elevated since WWII.
Opposition to genocide or to Israel is not anti-Semitism.
like what's happening????
Let's pick our pitchforks up and pretend sexual abuse monetization or human trafficking are not taken to the next level thanks to end to end encryption. We gotta make police do their damn jobs right? It's not our fault we invent new and improved ways that prevent police from doing that.
Fascinating to watch.
(Downvoted, as expected. The hypocrisy on this site is absolutely adorable.)
[Confirmed]