Hacker News new | past | comments | ask | show | jobs | submit login
EU Draft Council Declaration Against Encryption [pdf] (statewatch.org)
1530 points by Daniel_sk on Nov 8, 2020 | hide | past | favorite | 752 comments

https://matrix.org/blog/2020/10/19/combating-abuse-in-matrix... is our attempt at Matrix to spell out what a catastrophic idea it is to backdoor end-to-end encryption (and to provide an alternative proposal in the form of using decentralised reputation to mitigate abuse. We're kicking decentralised reputation work off in earnest tomorrow, so watch this space to see how it goes).

I guess we'll be weighing in on the EU proposal as well as the 7-eyes one.

What about proposing encryption as an EU human right? Has that been attempted?

I don't know whether this has been tried before, but it is definitely the right move. The governments should be busy fighting and trying to shut down our proposals and not the other way around.

Without public pressure it is not going to happen. German politicians have been positive towards this move recently (althought without mentioning it is already in progress). Sadly politics think it is the easiest solution to counter torrorism.

While at the same time these governments fail to properly use the information they have and are able to gather through traditional intelligence work properly to avoid the type of attacks they claim putting up backdoors will prevent.

Most recently last weeks attack in Austria could have been avoided if the information the authorities received from a neighboring country of an attempt to purchase weapons by the attacker would have lead to actions. (I’ll try to find a link, apparently they had months to process and act)

So I think this makes the situation more unsafe in two ways - back doors will lead to all sorts of issues from leaking private communication to impersonation and authorities still don’t take responsibility and fix their processes so they can do their jobs.

Too late to edit my previous post, but here is the article:

"Fejzulai is also believed to have travelled to neighbouring Slovakia in July accompanied by another man, where he attempted to buy ammunition suited to the weapons he used in the attack, but the sale reportedly fell through after he failed to produce a firearms licence.

Slovakian authorities are said to have informed their Austrian counterparts at the time. The men travelled in a car registered in the name of the mother of an Islamist known to police."


In the US, most states allow you to order ammo online or via mail order without any license, and shipped to your home.

In Europe this is highly irregular, and it did raise a bunch of red flags, as it should.

Unfortunately no actions were taken, there seem to be communication issues within and across the ministries involved.

As long as this isn’t fixed, more data won’t help, quite to the contrary it might tie up resources even further.

They are either stupid or they don't care about terrorism. It's very easy to develop simple encryption scheme. It could be implemented by any half-competent developer. And I'm sure that global terrorists have enough money and people to make it happen. So terrorists won't care about this law. They'll switch from Telegram to Terrorgram and that's about it. But global spying over citizens will be achieved. I'm sure that politicians are just envy over China and want to replicate their measures. Many countries already replicate Great Firewall to some extent. Now they want to implement a global surveillance to strengthen their powers and prevent any kind of riots. That's terrorists they care about.

> I'm sure that politicians are just envy over China and want to replicate their measures.

China has the same goal as the Western powers have: to be able to keep spying on anyone they deem enemy of the state.

The difference is who they define as enemy of the state. In China, that includes pretty much anyone that criticises the Government, as well as what they see as hostile nations (probably the USA, maybe UK, which openly call China their enemies mostly without real provocation, and perhaps Japan due to its closeness to the US and its past of barbarities committed during the occupation of nearly half of the Chinese territory).

In most western democracies, the enemy would be terrorists (they claim) and, as we now know, pretty much any other Government, ally or not... and that's what we currently know, there is probably a much wider reach still that we may never know for sure... the Snowden leaks show that they will collect mass surveillance not only on foreign heads of state, but on their own populations without any restrictions, just in case they need it later. Given that, I am not even sure China actually has more surveillance in place than the USA and the UK, for example. It's a huge disappointment for anyone thinking the western world holds the moral ground, we who live here need to get our Governments understand we will not accept this!

Europe and some developing countries did not really react when it was revealed the US was mass-spying on its Government officials because they obviously are doing the same, they just didn't get caught in the same way yet. The people behind all this spying believe they are doing good as they're keeping world peace. I think they do the opposite: because other governments' counter-intelligence probably know more or less who is doing what against them, they're kept in a constant state of readiness for conflict. True world peace can only come when there's mutual trust between countries... While everyone spies on everyone else, we'll continue to live in a world on the brink of WW3. You think WW3 is impossible? Well, read about WW1 and how basically no one expected it at all. Circumstances today are even more heated than at the time WW1 broke out. Funnily enough, the only thing that's holding WW3 back is the nukes behind the big armies which make full-on conflict a very uncomfortable prospect indeed.

Public pressure rarely materialises spontaneously, out of a vacuum. For it to materialize, someone has to rally for it. A manifesto needs to be written, the goals written down and elaborated. It has to be pushed into the media.

It's not easy, but it's the only thing that will work.

Privacy is already a UHR according to UDHR article 12 [0]

The problem with applying this is that the violation of privacy is not arbitrary, from the draft:

> Law enforcement and judicial authorities must be able to access data in a lawful and targeted manner

So this is framed as an matter of lawful and targeted intercept, not blanket bulk access, like pretty much all of the mass surveillance creep.

[0] https://www.un.org/en/universal-declaration-human-rights/

>> Law enforcement and judicial authorities must be able to access data in a lawful and targeted manner

As is the case everywhere, they claim to want lawful access. In reality that's a minor point, what they really want is access to information without the knowledge of its owner. They're OK with needing approval or getting a warrant to read your email just as long as it's some 3rd party granting access so you won't know. Otherwise just get a warrant for Alice and Bob's email and compel them to decrypt it. No new laws or systems are actually required for that.

>They're OK with needing approval or getting a warrant to read your email just as long as it's some 3rd party granting access so you won't know.

Of course nobody will ever examine the warrants or the approval process to ensure that "lawful access" is only granted when even the minimal evidentiary standards they require are met. And if they do someday examine those warrants, and find out that they are riddled with falsehoods and inaccuracies that resulted in unlawful spying, it will all be swept under the rug and nobody responsible will be held to legal account - as we have seen in the US.


>> Of course nobody will ever examine the warrants or the approval process to ensure that "lawful access" is only granted when even the minimal evidentiary standards they require are met.

Yet another reason they dont want to serve warrants directly on individuals. If people know it's happening they'll question it and make public anything corrupt in the process.

As it should, but who will verify it's only used in that way? Who watches the watchmen? Snowden revealed that the watchmen (NSA) are scooping up all data they can find, and that they have easy access to big internet companies' data (and they're not allowed to mention your data was accessed, even if no charges were made).

Well that is the crux of the issue, how much do you trust your government and what are your options in supporting change. This may require a level of involvement in politics that is more time consuming than most want to expend or can.

This means if not actively supporting a candidate or current representative who shares your views that you instead convince them your view is worthwhile. If not actively finding one who does. Then even once that is accomplished you likely will need to be involved in writing to other representatives as well and coordinating with similarly minded groups across your country.

Politics is all about the networking to get enough voices to be heard and for something as arcane as encryption; and yes it is arcane for most; will not have as many groups focused on it. So your work is cut out for yourself in finding such groups or forming one.

in the US we have EFF and others; I am found of cato but many here do not understand libertarians. the truly sad part is most people really would be happy living in a police state as long as you don't call it one. they don't recognize how they could be in one because their view of what a police state is very heavily influenced by the media and even hollywood. most of what hollywood presents is truly exaggerated dystopian types that are borderline absurd but in truth it is the slow chipping away if not giving away of rights that does the same

This. It gets framed as "encryption = child abuse" and anyone who supports private encryption is obviously a pedo.

There doesn't appear to be an emotional argument the other way - I guess "so you're happy with random police officers[0] browsing your nudes, then?".

It needs to be framed as an emotional argument, because that's what cuts through to the audience these days. Only HN is interested in logical discussions ;)

[0] Actually, not even police officers - there is always an escalation of government departments able to access data that was originally captured to prevent serious crime.

> so you're happy with random police officers[0] browsing your nudes, then?

Your kids’ photos.

Many people don’t have nudes on their phones. Most people do have photos of their kids and know their kids have sensitive photos of themselves. “Think of the children” can be flipped if you can get the public suspicious of spooks.

>I guess "so you're happy with random police officers[0] browsing your nudes, then?".

I agree with your point, but I think a lot of people aren't actually too worried about the specific case of random police officers seeing their nude selfies.

It's hard to convey the idea that a real person is behind the faceless snooping, but usually people don't want a real person looking at their private info. "Do you want the cop who pulls your daughter over for forgetting to put the new sticker on her license plate to be able to look up all her beach photos during the stop?"

Cops want to be able to see everything. I don't think it comes necessarily from want to see nude in particular. Government likes power, the more they get, the more they want. That includes cops. They can't think beyond their own mind often. Most people would probably (at the beginning) use backdoors responsibly, but when it becomes mundane they will use it all the time and without compuncture. This leads to power grabs and politicization. If it's not an option at all, it helps a lot.

This. Hence the proliferation of government access to CCTV footage that was originally collected for "serious crime" only.

It'll start out with "we only need to break your e2e encryption for serious crime cases", but in 10 years your local council will be breaking into your dm's to see if you used the right recycling bin.

I appreciate libertarian ideas about privacy, freedom to own weapons, speech, religion, etc. I just don't agree with them a whole lot on economic issues, but they have personal freedom down pat. I think the point about government isn't that I'm so worried about the government --currently--, but I know government almost never gives something back that they take away. In this case it's privacy. Hopefully the EU government (or at least the members of the EU individually) will realize this is an autocratic power grab and doesn't make anyone safer. You'd think they'd have had enough with dictators and autocratic governments knowing everything you do given what happened in WW1 and WW2

I'd of thought that Article 8 of human rights would encompass this.


That's right to privacy, not right to encryption specifically. And governments cracking down on encryption will, of course, claim that it is a matter of national security, and is a proportionate action to fight terrorism, child pornography, and other crimes.

Just like phone taps and listening devices. That said, those should only be employed if there is reasonable suspicion; iirc they still need a judge to approve employing these tools.

The fear with this is that they will try and catch all messages and retroactively look for bad actors. And of course that the backdoors will be discovered and abused by bad actors.

They need a judge currently. However in the USA it's a rubber stamp and warrants are almost never not given. It's around 98-99% are granted in FISA courts and it's a total joke.

> iirc they still need a judge to approve employing these tools.

that's a weak point, not a strength, in various scenarious

a) Agency XYZ files a motion to have a member of their legal team promoted to judge at the respective courts. Motion accepted, judge signs off on all requests

b) judge simply doesn't care for privacy, if it hinders the boys at work, signs off on it, gets appealed later, slap on the wrist, no consequences, learn from mistakes, rinse and repeat, obey formal obligations this time

c) Police and Attorneys construct evidence to construe threats, judge Joe Shmoe believes it, signs off on it

Besides, the whole system has been found to hinder investigation. The need for a warrant in night time emergencies is already relaxed in some countries, far as I know.

d) More over, the judge is bound by law, so you can trust as much confidence in the judge as you want. Once precedent is established at federal court level, because of your we can trust the judges, it will be a slippery sloapy down-wards spiral for more invasive access for less serious matters -- if it isn't already. This is effectively the federal judge signing off on all warrants, subject to veto by a lower judge, what can be escalated back up the chain due to the power of attorney. Vice-versa, the state attorney is bound by executive orders from the ministry -- as was surely the case after Snowden ("no evidence") -- which has been repeatedly red flagged by EU reports (that are otherwise quite benign).

The defense is the defense attorney. The precedent is frequently established because a single lawyer fails to make a case. Subsequent cases are only accepted on special occasion, otherwise declined due to precedent. Subsequently there is only limited control over a lower court's decision. The guideline cited in all commentaries on German constitutional law is, when the decision looks plain wrong. It is of course a little bit more involved in detail, but the principle is not a judge but one single judge gets to decide. Which lays a whole lot of preassure on them. Of course you get a second chance pretty much unconditionally, but that's a concern for later only if something was found, in which case the chances for an appeal on principle grounds are obviously against you. Eitherway a due notice remains at the secretion of the court (§101b (6) StPO), which may mean the judge presiding over the chamber, or the court, I'm not sure.

An ironic corralary is that, of course they will at least take a look, which has to sound but cynic in this scenario.

Wikipedia lists several points of criticizm against the new president of the Bundesverfassungsgericht (SCoG) https://en.wikipedia.org/wiki/Stephan_Harbarth

> The fear with this is that they will try and catch all messages and retroactively look for bad actors.

Said Stephan Harbarth was in parliament and worked on a law for collective mass surveillance, which was subsequently called by the supreme court, in which he later went on to lead. Which is incomprehensible, because I was under the impression chief justices needed to climb the ladder first (ref, probably: BVerfGG).

Very similar, good ol' Mr. Biden signed responsible in 1991 on the American bill that is equivalent to the act under discussion here: https://www.congress.gov/bill/102nd-congress/senate-bill/266 (see Title II, SubSection B: Electronic communication) not saying much at all.

This is entirely dystopic. The Bad Actors I have in mind are the good guys, I don't want to see the bad guys.

I don't think that would help. Most rights are not absolute and can be restricted by other laws. For instance:

* Freedom of movement is clearly restricted for people on a jail sentence.

* We have secrecy of communication but also lawful interception.

perhaps even "lawful" interception shouldn't be lawful after all?

Sure but it could still help.

We also have unlawful state interception as evidenced by leaks from Snowden and multiple others. I think states currently should not get any concessions from secure communication platforms.

Maybe generalize that further, a right to privacy.

Perhaps, but see Article 8 which is cited in your sibling comment. It already contains a right to privacy.

But the term privacy is not very rigid. It can be taken and interpreted in various ways. It's certainly a good thing to mention it, but encryption needs to be mentioned explicitly, spelled out even.

There cannot be any room for interpretation: citizens have a right to encrypt their communication, end-to-end with their intended party.

That still leaves too much room for interpretation (namely, quibbling over the definitions of "encrypt" or "end-to-end").

People have a right to encrypt their communication, end-to-end with their intended participants, such that no one other than their intended participants can decrypt any aspect of their communication.

I agree. Your expanded definition is better. Now let's flesh it out into a full-fledged proposal, put it up on a website and disseminate it among the people. Let's get it into the parliaments as something that the parliament members have to discuss and finally either accept or reject.

Let's give them a good fight.

> Let's give them a good fight.

Possibly the wrong goal.

How about "Let's win." instead? :)

I'm all for it, but I don't think posting it on a website is going to suffice. Get the EFF behind it, get others experienced with lobbying behind it, then it might get some momentum.

You're right. You can tell this topic makes my blood boil, unfortunately.

What about this tech-agnostic version: citizens have a right to deprive the unrelated citizens from accessing their communications using any means. Note that this includes E2E encryption, whisper, face-to-face private conversation, rubberhose encryption, noise insertion and steganography all in one.

I like this "right to deprive" wording and toyed with it myself. Reminds me of the way DMCA anti-circumvention works. Perhaps we could call this the anti-snooping right.

Anti-snooping would be much more useful than anti-circumvention in fact.

Some idiot will cut off someones ears and then say to the police that, "it was to deprive him of accessing our communications by using any means. It says so in the law, Sir!"

It would still be criminal on the grounds of breaking the bodily integrity, which is an infringement of someone else's life and health, which is normally considered more protected than privacy.

I think you underestimate the amounts of rain dance magic lawyers can produce with wording like "using any means." ;)

We already have a right for privacy in the EU. That's why the EU court has declared mass logging of meta data by ISPs and mobileproviders illegal.

> What about proposing encryption as an EU human right? Has that been attempted?

Rights conflict. Every new right influences the others. It is easy to shorthand every problem to a human rights declaration. But just like the right to bear arms, that can have unintended consequences.

You did not define a conflict or the unintended consequence here

The unwanted consequence of the US second amendment is that the US has one of the highest gun death rates in the developed world.

The U.S. certainly has a problem with gun violence, but I fear gun access is the proximal problem while our cultural relationship with violence and revenge is the root of the problem. (See also death penalty support, recent violent protests in Oregon and Washington, etc.) Note that the areas with very high rates of legal gun ownership aren't the hotspots of gun violence [0]. Switzerland and several other Eurpean countries have very high rates of gun ownership, but low rates of gun violence. Certainly, fixing a sick culture is more difficult than reducing gun access, but I think long-term, we need to figure out how to be a more peaceful and forgiving society, or much of the gun violence will just shift to (granted, much less efficient) knife violence. I think improving America's culture of violence and revenge will also pay mental health dividends. Sometimes you really need a crutch or a bandaid, but it's important not to mistake it for an end-goal solution.

Do any of you have any insights into ways individuals can ensure they at least leave the culture less violent than they found it?

[0] https://www.nytimes.com/2019/07/22/us/gun-ownership-violence...

> Switzerland and several other Eurpean countries have very high rates of gun ownership, but low rates of gun violence.

They also have vastly stricter gun regulation laws, and while ownership rates are high in some, the US is an extreme outlier and no other country comes even close.

Because nobody in any European country thinks they have a "right" to own a gun, most of them could if they wanted to, but they simply don't want to deal with the hassle that owning a properly regulated firearm entails.

As it should be, owning a deadly weapon is a lot of responsibility that not everybody is up for/actually wants. The importance of that responsibility gets completely lost when firearms are treated like cool toys that everybody should have and exist in abundance.

That's why headlines like "toddler shoots mother" or "dog shoots owner" don't exist in Europe, but are a sad somewhat regular thing out of the US. These toddlers and dogs didn't do that because they watched too much violent media, they did that because the actual owners of the guns where irresponsible individuals and never should have owned one in the first place.

The fact so many people feel they need a gun for safety is the first and biggest issue IMO.

This is fueled by movies and culture - have the gun in your possession and you’ll automatically win the fight - that was easy!

I’ve read countless comments from Americans that they have a gun to shoot intruders. Statistics telling you there’s a bigger chance someone else will get hurt be damned.

These ideas are have to be fueled by big money is my guess.

Also we humans really like our toys, so I can get that aspect of it. Wanna take my toy? Forget about it.

>The fact so many people feel they need a gun for safety is the first and biggest issue IMO.

And the reason for that is simple - marketing.

Here in Switzerland I basically see no guns unless I go to the shooting club. There's none sold in the shops, there's none advertised in newspapers, tv or on the radio. And there is definitely no gun offered when opening a bank account.

Basically if you want a gun for whatever reason - usually for recreational shooting at the shooting club, then you have to go out and look for it.

In the US I have the feeling that they're marketed as a penis extension, and you're not a proper man unless you shoot things, with the view that you'd be quite happy to project a slug of lead into somebody else at high velocity to prove you're more of a man than they are.

To solve the problem in the US I think you need to ban the advertising - like cigarettes.

Caution: This weapon inflicts pain suffering and death to others. User may be incarcerated for murder if ever used. If in a situation of conflict, gun only increases likelihood of extreme violence - leave at home.

I spent over 30 years in the U.S., mostly in the upper Midwest, and the only gun advertisements I remember seeing were in sporting magazines or in sporting goods stores. I think your perceptions of U.S. gun advertising is either greatly exaggerated, or your experience is from a very different part of the country. Maybe things have changed drastically in the 8 years since I left, but I doubt it.

Maybe things have changed drastically in the 8 years since I left, but I doubt it.

I think they have. I've also seen more gun stores opening, with provocative names.

I've no problem with firearms used responsibly for hunting or recreation, but in the very few cases I've seen someone open carrying a handgun (once at a very crowded national park, and once at a residential picnic area, both just this year) it was clear they didn't have a gun to defend themselves (if that were the case you don't need to show it off), but to threaten others. And for defending yourself against wild animals, bear spray is far more effective.

Crazy. How often do you see TV ads for firearms, firearms dealers, or gun shows these days?

I figured that the US just seemed to get crazy around 2012 because I switched to primarily external news coverage of the U.S. when I moved abroad.

Actually, now that I think about it, I think I have seen TV ads for both Remington and Beneli shotguns in duck hunting and fishing shows in the U.S. But, I'm pretty sure I've never seen TV ads for pistols in the U.S., or long guns outside of hunting/fishing shows.

> but to threaten others.

No. I've open carried. We do not do it to threaten people. There are many reasons to one chooses to open or conceal carry.

One of the dudes was wearing a t-shirt with wording that strongly supports my evaluation. But even if you aren't trying to threaten, the visible presence of a deadly weapon (especially a sleek semi-auto as opposed to a revolver) creates a pretty negative "vibe". Note that I'm talking about handguns stuffed into a belt or on a leg holster, not e.g. a hunting rifle or shotgun.

Agreed, people who aren't in to firearms or firearms-related sports will basically never see an ad for a gun in the U.S. I do think the penis-extension bit gets the gist of much of the marketing that does exist right, though.

I’d say action movie content serves as massive marketing. American film is stacked with guns. It’s kind of ridiculous.

There have to be money involved.

It's the wild west mentality that the US never grew out of. Can't blame them either, given the apparent incompetence of the police.

It's an issue that won't be solved by banning weapons. Educating people (e.g. mandatory background checks, operation and safety training, and safe storage) and solving the underlying problems will work. I mean a lot cite defense from home invasions as the reason to own a gun. Why do people invade homes? If they had a reasonable income and comfortable life they wouldn't have a reason to.

> mandatory background checks,

This is only effective with a gun registry which gun owners will not accept.

> operation and safety training

Are you required to take civics to vote?

> safe storage

If you simply mean prosecution for being negligent, that's fine. If you mean it has to be in a safe unloaded, that defeats their use for self-defense in the home. It would likely be held unconstitutional.

> Statistics telling you there’s a bigger chance someone else will get hurt be damned

Nobody believes the statistics are relevant to them. Statistics are about all those dumb other people; but I'm always the smart, responsible exception.

As I mentioned elsewhere, I think those urban-legend statistics are probably wrong in aggregate. That said, people do have knowledge about their specific situation that they bring to bear in a valid way. Crazy, violent ex? Yeah, your ratio of chances of using a gun in a way that makes sense to chances of accidentally hurting someone is way better than average.

I think you're on the mark talking about them as toys for adults. I don't think most people want them because they really fear for their safety without, though the ability to defend oneself may be a bonus. My feeling is mostly it's just a fun hobby and it's also a clear signal of group membership.

I think your claim about there being a higher chance of accidental injury vs. self defense is probably wrong. The issue is a little muddy, but there are only ~800 firearms accidental deaths per year (0.00024% of pop.) and about 50,000 self-defense uses per year (https://www.bjs.gov/content/pub/pdf/fv9311.pdf)

I'm also not convinced about movies. I bet other places have very similar mixes of actual watching and the same selection given the internet.

You might be right about the injury thing.

I still believe many people see guns as a solution to a problem and on top of that vastly overrate their own abilities in a pressure situation.

If you’ve not trained many many hours in a setting resembling this pressure to a high degree you really have no idea how you’ll react.

It seems really easy in movies!

Can’t speak for the source but first hit on google:


Agree that serious training seems necessary.

People who would like to take guns away should start working on changing the Constitution. Looking at the current lineup in the Supreme court all I can say is good luck. I totally support a country's choice to de-arm their populace. However I also wish they would quit trying to push their beliefs on the USA as well. Nothing in this world is safe, from driving to work, to walking down a street you don't know, to repelling off a cliff, or parachuting for fun yet no one says "don't do that, let's make it illegal", yet with guns they freak out.

> This is fueled by movies and culture - have the gun in your possession and you’ll automatically win the fight

No. It's not automatic. But my wife has a much better chance against a 250lb 6ft man with one than without one.

That is still assuming a lot of things IMO.

I’d love to see stats on these scenarios... are they common?

Saying Switzerland has "vastly" stricter gun laws /might/ be true if mushing the U.S. into a whole, but it ignores the very important variations at the state level. Some states have very strict regimes that compare to Switzerland's, and in some you can just walk into a store and buy long guns if you're of age.

I totally agree about the responsibility thing.

Concerning the "dog shoots owner" headlines, you should ignore that sort of thing. Those sorts of incidents are super rare. They hit headlines /because/ they're rare and therefore interesting.

> Some states have very strict regimes that compare to Switzerland's, and in some you can just walk into a store and buy long guns if you're of age.

Which is exactly why the regulation in the US does not work; Anybody who disagrees with their states particular laws can just cross into another state to get their fix there.

That why any proper regulation needs to happen on a federal level so individual states won't act as a loophole.

> Concerning the "dog shoots owner" headlines, you should ignore that sort of thing. Those sorts of incidents are super rare. They hit headlines /because/ they're rare and therefore interesting.

It's something that should be non-existent, I haven't seen it anywhere else in the world. But only a couple of days ago there was yet another example out of the US [0].

These are the kind of absurd situations that simply do not happen in any other place as other places lack the "firearm saturation" that enables this in the US. So something that should be improbable, still ends up being a regular thing.

[0] https://www.nbcdfw.com/news/local/dog-accidentally-shoots-ow...

> Anybody who disagrees with their states particular laws can just cross into another state to get their fix there.

If you mean purchase something you cannot buy in your state, that's not true. Interstate handgun purchases are completely banned and long guns can only be sold if the sale complies with both state laws.

I mean bypassing state-level mandatory background checks by travelling to a state where those are not required for private sales and just buy a firearm there with zero regulation and documentation.

Personally I believe it’s about individualism vs the collective.

Here in Sweden we’ve seen a horrible development regarding gun violence - easy to chalk up to “immigration” and “soft laws” but in my mind it’s a lot deeper - interesting enough this is at the same time we have a record amount of dollar millionaires in the country.

We used to work as a collective but our economic policies are turning more and more neoliberal and thus individual. This exacerbates the issue of creating a new “class” of citizens already left partly out of the loop of riches.

If we take care of each other in a better way as a collective there’s a chance to turn things around. It’s all about increasing the chance of a good outcome per individual. This is the secret to a lot of the success in northern Europe - if you’re born here chances are great that you’ll get an education and that you live a long and healthy life.

Regarding crime and violence specifically I’ve read a lot about the “group violence intervention” program and a lot of it is about cooperation and taking care of people in a humane way.

Here’s David Kennedy speaking in Sweden where this has been worked successfully:


In short - don’t be to afraid of taxes, and vote in a manner where money can be spent more wisely. Funneling tax money to havens by way of “entrepreneurs” seems less well spent... problem is that when such a system is set it will want to be conserved - looking at the US and it’s kinda dark over here as well.

All I can do is try to mold my children into caring human beings hoping to influence culture that way.

Isn't the majority of crime in Sweden committed by migrants ? https://link.springer.com/article/10.1007/s12115-019-00436-8

It appears this study shows that the majority of suspects for crimes are immigrants, which is an important distinction. I have no knowledge about the situation in Sweden, but in Germany there are known statistical problems like immigrants both having a higher chance of becoming suspects ("Tatverdachteffekt") and crimes where an immigrant is suspected are more likely to be reported ("Anzeigeeffekt").

Stastistics about suspects are most commonly used in studies like these because the police, due to the seperation of powers, usually has no or at least less statistics of the actual results of charges.

I would bet basically anything that inferring "did commit" from "is suspect" works very well in aggregate.

"Recent figures show that only 15 percent of all crimes are solved." https://sverigesradio.se/artikel/5399870

That low resolution rate alone introduces a margin of error that is larger than the difference between immigrant and non-immigrant suspects. It is therefore possible that the much higher immigrant suspect rate is entirely a result of biases.

This doesn't work numerically if each crime averages more than one suspect.

This is a good point! I wonder how often that's the case...

Yes, exactly kind of my point.

I’m not suggesting however that because they are immigrants they commit more crime. Note most violence is committed by 2nd generation immigrants - so they’ve been born here. How’s that for a failure of society...

They are simply people on the outside living surrounded by people leading lives they cannot relate to.

We’ve made it terribly difficult to attain this norm life as well making it even more unrelatable.

One thing that's great for societal stability is not too much inequality of wealth. Another thing is cultural homogeneity. We're probably seeing both at play in Sweden.

Young men shooting at each other in the street sure is a culture clash. This culture need to be canceled!

Just to make sure I understand you correctly: You think the strong trend toward more incidents of more extreme violence in Swedish society is because we have more dollar millionaires?

Income inequality universally is a pretty good predictor for violent crime: https://www.economist.com/graphic-detail/2018/06/07/the-star...

As the (still very low) income inequality is rising in Sweden(https://nordregio.org/nordregio-magazine/issues/state-of-the...), it isn't surprising violence rises, too.

More dollar millionaires, and at the same time more people on the outside, point towards specific type of policies being enacted.

This has been 30-40 years in the making.

Yes - it is related, just as it is in the US.

I agree with you. I don't have any answers to your question, but it made me think about it. It strikes me as insightful and the right question to ask.

This is a bit of a hobby interest of mine. While it's possible that your statement is true, I think it misses the point. Gun murders in the U.S. are a very low percentage of deaths (0.39%) and preventable deaths (~1.1%, there's some disagreement about what's "preventable"). This excludes suicides. You may wish to include them if that makes sense given your interests. People love to focus on relative comparisons (e.g., Scotland vs. US), but miss the forest for the trees. Some tiny proportion being 5x some other country's tiny proportion is irrelevent.

If your goal is to prevent untimely, unwanted deaths there are oh so many other ways to apply your resources that will yield orders of magnitude more improvement per dollar / per minute.

People like to pay attention to it anyway for a few reasons. One is that we evolved to think specifically about interpersonal violence (~5-15% of prehistoric deaths, but way more than that for non-old people), which makes us good at luridly imagining interpersonal violence, and so comparatively we're bad at thinking about an early death due to diabetes and therefore bad at caring about it. Another reason is it's a hot-button red team/blue team political issue, so it's not so much about the issue per se but rather whether $OTHER_SIDE gets what it wants or not.

Every right reduces the clarity and scope of every other right. This creates grey areas for interpretation by the state.

So really it wouldn’t be encryption so much as right to have secrets. Because whether I use EDCA or a really strongly in crackable safe, my right to privacy should be a thing?

It sounds like somewhat of a stronger version than the US’s fifth amendment which says that you have a right to privacy unless it has to do with the crime currently being investigated. And come to think of it, encryption is unconstitutional as in because the government can subpoena or obtain a warrant to your information it may not be able to enforce it because of the encryption. So either the government has no right to subpoena or encryption is illegal.

This is incorrect. The fourth amendment gives people the absolute right against "unreasonable search and seizure". This means the police may be granted access to search someone's property by a judge, if they are suspected of a crime. It does not give the government the right to find anything, only to search. Furthermore, the fifth amendment grants people the absolute right to not incriminate themselves. So if you know something (information about where the bodies are buried, passwords for decryption of encryption keys, etc.), you have the absolute right to not divulge that knowledge. So the people here have more rights than the government when a crime is being investigated.

Ah you are correct. But let’s make a physical analogy. If I can make an uncrackable safe in which I put evidence of a crime along with lots of other secrets. The police come to my door with a reasonable search warrant. I tell them I have the key to the safe but will not tell them where it is. They know they have absolutely no way to get into my safe without taking about 100 years and $2 billion. What happens next?

The law isn't entirely settled on the matter, but some rulings so far suggest that the government can compel the surrender of a physical key, but not the disclosure of a combination.

So by that definition since my private key is a lot like a combo to my safe, the government cannot compel me to disclose it? That sound like good news.

Also, I guess I am storing all my keys at STL files that get 3D printed and destroyed upon first use. Hello protection from search warrants!

It's the password required to decrypt the secret key that you would not need to disclose. They'll likely end up with the encrypted secret key, but no way to access it. That's because the password is something you know, and divulging it could mean self-incrimination.

Courts have ruled, for example, that the police can compel a suspect to put their face or finger up to a phone to unlock it through biometric means, but a suspect cannot be compelled to divulge their PIN. That's why using biometrics, while convenient, is a bad idea.

This is also a great example of how you can follow what sounds like logical principles to a completely bonkers end-state. Knowledge is protected but your bodily autonomy is not? Eesh.

> encryption is unconstitutional as in because the government can subpoena or obtain a warrant to your information it may not be able to enforce it because of the encryption

No, you can't subpoena information from someone that doesn't have it. So the government can subpoena the cyphertext, but can't ask for the plaintext if the provider never had access to it.

Wouldn't you want the word 'encryption' to be in the description, so there is no evil solicitor trying to argue about what 'secrets' meant. Or 'the right to confidentiality whenever, where-ever, and with whomever the person pleases'

But I would also not want the method of storage of secrets to become obsolete. The important thing is that I’m able to keep a secret, not how the secret is stored. For example, say quantum encryption comes to be known as “q-store” and is always said to be different from encryption. Now, what does that do to my rights if I move from traditional encryption to quantum algorithms?

Well it worked for copyright, we're kinda stuck with it, regardless of how much the we ways we store things have changed.

Privacy isn't secrecy.

That's the argument.

I prefer my conversations to be secret, not just private

While adding backdoors to encryption is a bad idea my gut sys decentralized reputation is just a bad. Most here know the Black Mirror episode "Nosedive". But it's worse than that, people on different sides of the political spectrum will work to "cancel" people of the other side by working to lower their rep via crowdsourcing. 4chan type groups will do the same for "the lulz", I can even imagine the ransomware people trying to find a way to make bots and "pay us or we destroy your rep"

Totally agreed that badly designed rep systems can rapidly descend into Black Mirror territory. In Nosedive for instance the score you get is absolute, while the thing we’re proposing here is entirely relative and subjective. The idea is to empower users to maintain their own view of the world. If a voting ring of idiots conspire to try to trash someone’s reputation... you’d filter out the voting ring from your reputation feeds; it should stand out very clearly. That goes whether it’s bots or humans behaving like bots. Alternatively, you could choose to hang out with that tribe and believe their rep data if you so desired.

We’ve been wargaming through all the various ways this could go horribly wrong (and have a few fun scenarii off the back of it - look for the GPT-3 example below), but on balance it feels a lot better than the Black Mirror episode where encryption is fatally weakened...

Maybe you've answered this point already somewhere but how exactly are you planning to make censorship (for lack of a better word) stand out?

Overloading the word 'censorship' is going to get a bit confusing here ;)

"Censorship", meaning: "malicious server or ISP silently blocks or withholds traffic from you" is a risk in Matrix today, completely independently of the reputation stuff being discussed here. The mitigation is to get rid of servers (and even ISPs), as per https://matrix.org/blog/2020/06/02/introducing-p-2-p-matrix/

"Censorship", meaning: "your server admin subscribed to a blocklist of child abuse content published by someone like iwf.org.uk" would stand out to users by the server publishing the names of the blocklists that their server admin has deployed. I'd call this server-side filtering or something instead, given the filters are visible. If the server admin withholds info about their filters, then you're back in the traditional sense of censorship from the prior paragraph.

Are the blocklists public? I thought these schemes involved uploading files to a "trusted third party" like Microsoft, and for them to decide if the files are lawful?

Unfortunately, I don't think that'll work. For it to work, you would need every actor to play along, otherwise someone could just move to Tor to do the exact same thing. I don't think it's possible to eliminate what they want to eliminate, and they will only push for more and more.

Gives a new meaning to the term "character assassination".

My suspicion is that this system is a cop-out, like when Google blames their screw-ups on "the algorithm".

There probably has been a recent surge of right-wing users and, the Matrix administrators, which probably lean left-wing, have seen that surge as a problem and have created the reputation system as a way to get rid of those users or, at least, to give them the hypothetical yellow badge. And if someone says "censorship", they will blame it on the "downvotes" those users got.

Thanks for Matrix.

This proposal seems to address general abuse, spam, propaganda, filter bubbles, and so on. While these are worthy issues to tackle, the authors of the 7-eyes statement are not really interested in them.

What they say they want is for terrorism and child pornography to be detectable or meaningfully reduced. Do you think a relative reputation system will solve that problem?

Yes, we think it will help meaningfully help detect and reduce abuse - mainly because it's shamelessly mimicking the way society works in real life. Many (most?) abusive communities are at least adjacent if not overlapping with publicly visible communities. Simply put, they need a way to advertise and recruit.

So, just as in person you might stay away from a given political party / religious institute / youth club because your social graph has warned you that it might actually be a front for whatever obnoxiousness, the same approach can work online (or, conversely, could also be used to help hunt down abuse in the first place). It's then up to the authorities to investigate what's going on - which is quite possible through infiltration etc without having to go and blanket break encryption for the whole of society.

To be clear: this is still largely sci-fi, and we don't think this is a perfect solution, especially given this is a fundamental problem of the human species which nobody has yet solved. Our proposal doesn't solve lone wolf situations, for instance. So perhaps for that you need the ability to gather evidence from endpoints post hoc.

Unrelated: one particularly dark dystopian outcome we've been wargaming is: what if someone (not us!) used decentralised rep to seed a GPT-3 style bot to locate abusive communities, and then automated the process of infiltrating & investigating them... only to then end up ascending the ranks while preserving its cover and accidentally triggered some atrocity. So, um, let's not do that.)

> Unrelated: one particularly dark dystopian outcome we've been wargaming is: what if someone (not us!) used decentralised rep to seed a GPT-3 style bot to locate abusive communities, and then automated the process of infiltrating & investigating them... only to then end up ascending the ranks while preserving its cover and accidentally triggered some atrocity. So, um, let's not do that.)

I think you greatly overestimate the abilities of GPT-3. GPT-3's writable memory is short-term only – its long-term memory is read-only – so by the end of a conversation, it has permanently forgotten what the topic was at the beginning. Given its lack of writable long-term memory, it is completely incapable of succeeding at any tasks involving long-term planning, such as the infiltration and investigation of a social group.

Of course, you said "GPT 3 style bot", not GPT-3, but the AI you have in mind has significantly greater capabilities than GPT-3 has, so isn't fairly said to be "GPT 3 style" at all.

Sure - "GPT-3 style" here meant "something along the lines of GPT-3" rather than anything specific to GPT-3 actual capabilities. The context being dystopian sci-fi thought experiments :) (That said, I suspect you could train GPT-3 to automatically get vetted into some fairly nasty places if you so desired).

Matrix is awesome. Also, doesn’t the French government use Matrix? Are they trying to outlaw their own policies?

Several EU governments use Matrix - so yeah, there's a paradox here. On one hand Element (the company set up by the core Matrix team) depends on government work to keep the lights on for Matrix work, but on the other hand we feel a clear responsibility to push back on backdoors, given backdoors are intrinsically flawed and dangerous. This is why we're proposing a (hopefully) better alternative instead (and this is also why we're soliciting funding to support reputation work via the Matrix.org Foundation at funding@matrix.org, just in case any YC billionaires happen to be reading this...)

It's probably something along the lines of 'guns for me but not for thee'. But they don't even have the excuse of encryption actively hurting anyone, so it's more like 'strong walls for me but not for thee'

It does hinder police investigations, so it comes down to how much harm you think obstructing the police causes.

So does the right to a trial, habeas corpus, the need for a warrant, juries, the right to remain silent and many other protections...

> strong walls for me but not for thee

Good analogy, especially because governments themselves are living in the same walls (i.e. using the same apps) and this effort will hurt their own security.

No it simply means two leagues, just like before. Politicians have tools that are not accessible to the citizen. Nothing new in a way :)

They use allright it when it's for their own benefit.

I was under the impression that all the mobile communications standards had provisions for lawful intercept, is it such a leap to think that the baseband processor is compromised aswell? Maybe the EU is just salty that they don't have the same kind of access the NSA has.

Yep, it's not about encryption. It's about monopoly for information feed access.

You have my full support, Matthew :-) I'll be keeping an eye on it, too.

I don't like it because they advocate a social credit system as an alternative, but their criticism against back doors is on point.

I am in communities that don't use such tools and somehow there is no problem that would require any, but if that is the preference you have the option. I don't see further issues.

It's not a social credit system!! It's empowering users to track their own view of reputation, as opposed to having an authority determine it.

Do you take donations?

Yup, the "Support Matrix" section at the bottom of https://matrix.org/ has the details. (thanks!)

Interesting read, though it sounds more like decentralized censorship. It's a little unclear where you're talking about reputation of individuals vs. reputation of content.

Censorship implies that information has been invisibly removed by some absolute authority. Whereas here we're talking about empowering users to filter out the stuff on their terms - i.e. subjective/relative reputation. It's possible that a server admin might apply unilateral filters, but a) the user would be able to visualise those (assuming the server admin doesn't maliciously withhold that info), b) the user can switch to another server with different filtering rules. So, I definitely wouldn't characterise it censorship (although I can see why many have a kneejerk reaction of "ooh, this sounds a lot like censorship").

Does the idea you're proposing enable recording reputation scoring on the scope of a single post/message?

Yes. The idea is to build it to be agnostic to the objects whose trust is being tracked, but for Matrix at least the main building blocks are rooms, users, communities, servers, messages & attachments. However you could use it for other things too if you so wanted (eg client IPs, server IPs, netblocks, ASes, E.164 numbers, URLs etc)

Thank you Matthew!

While I know I'm just attracting downvotes, your points, in order:


a: It's really not that hard to think of ways to solve backdoor problems with a mix of technical and social approaches. For example, having shared keys burned onto silicon, making physical access mandatory, and split between both the law enforcement and the company, so that both parties must knowingly engage.

b: Most software already practically backdoored already, and it's really not that big a deal. Microsoft can push whatever updates they want whenever they want. They already have the keys to the kingdom! Google doesn't store everything E2E encrypted. They also already have the keys to the kingdom! Things have mostly worked out regardless.

2) That a measure will be imperfect is not an argument that it will be ineffectual. In fact it's pretty obviously false; making abuse harder on mainstream platforms will make abuse less mainstream.

3) This is like arguing governments shouldn't be allowed to regulate weapons, because it would be hypocritical, given they own weapons themselves, and it might normalize other countries taking away their citizens' weapons, which might prevent them fighting back. That seems like an obviously bad argument.

4) Yes, your platform that makes oversight impossible is not compatible with regulations requiring oversight. That's not an accident, in either direction.

The idea later in the post seems not really honestly engaging with the topic, that it's not about ‘someone who believes birthday cake is undesirable’, but about networks which are systematically and in actuality doing things like trafficking children for sexual abuse, and that there is a moral imperative for governments to deal with this beyond just letting people choose not to engage.

1a - Because that worked out so well for HDMI? It'll be what, maybe 90 days before those "law enforcement keys" are public?

1b - If it's already backdoored then there is no need for such an act, the problem is already solved.

2 - It's ineffective for it's stated goal because the stated goal is not the real goal. The goal is to enable a continued abuse of power, one which is already ongoing, and one which produces no actionable results or meaningful outcomes. Five eyes & co is upset that they're losing some of their toys.

3 - Who says governments should be able to regulate weapons? Likewise these days, who is to say they meaningfully can?

4 - Sex trafficking existed prior to encryption. The government failed to stop it then. I strongly suspect that even if the government gets it's way and breaks encryption, sex trafficking will continue exactly at the same rate. Most sex traffickers are not technology ept, nor do they need to be - the track record for capturing them is atrocious. Epstein anyone?

This is a bad faith argument. "Protecting children" and "stopping terrorists" are the siren's song of every government overreach basically since the dawn of time and yet the government remains terrible at solving either problem. I don't think encryption is really the issue preventing those things from getting resolved. I do think encryption is very inconvenient for a very snoop heavy government.

Sex trafficking is a very difficult problem to address. Even if you were to shutdown an online network, someone could fly to a third world country to personally do it, and there are always going to be takers lining up.

People in third world countries are poor, and may be desperate. A purely technical solution is not going to address this. Rather, we need ways to lift people out of poverty, and improve their standard of living. No one should ever have to live like that to survive.

I don't know if it is possible to stop child pornography (anyone anywhere in the world can create it and anyone anywhere can view it), but it should be able to reduce the amount of sex abuse in the world, if the government were to pursue prevention initiatives to stop it where ever possible.

>and yet the government remains terrible at solving either problem

You don't kill the cash cow.

> Because that worked out so well for HDMI? It'll be what, maybe 90 days before those "law enforcement keys" are public?

This is a completely different context to having one copy (or a small number) of said low-bandwidth silicon held exclusively by an agency vested in keeping it exclusive, plus another copy held by the company themselves, such that both copies would need to be broken for security to be weakened.

> If it's already backdoored then there is no need for such an act, the problem is already solved.

Seriously? Microsoft having the ability to install a keylogger on any random person's machine is not the solution to finding networks of criminal activity.

> [government bad]

I'll debate the technicals but I'm not going to argue politics here.

I'm going to start naming a few major government security breaches:

+ TSA keys

+ OPM (all of it)

+ NSA's hacking tools

Were these incredible skilled sidechannel attacks? Movie esque infiltrations?

+ TSA accidentally published the keys

+ OPM was a master password from a contractor who was bribed for about the cost of an ipad

+ NSA hacking tools was.. an email trojan? A CD walked?

Do you really trust these people with anything?

Putting a backdoor into encryption is less secure than a random Microsoft employee backdooring me. At least I know it's Microsoft who will be doing the backdoor...

This isn't politics, this is history. This is not the first time, nor the last time we've seen these moves. We know 5 eyes have had major incidents of internal abuse because we have their own documentation on it - and we have their own documentation that they decided to do nothing about it.

It requires external oversight for any organization to truly follow compliance, otherwise the incentives to cheat the system are overbearing. If they won't take us at our word, why would we take them at theirs?

> Putting a backdoor into encryption is less secure than a random Microsoft employee backdooring me. At least I know it's Microsoft who will be doing the backdoor...

My point isn't about how much you trust Microsoft, but that Microsoft has keys, which are more easily stolen and in many regards more valuable than the scheme I gave.

> TSA keys

Not remotely comparable. These were never designed to be secure in the sense we're talking here.

> OPM (all of it)

> NSA's hacking tools

Hence the scheme I gave, which isn't vulnerable in the same way.

Basically all your arguments have been proved false in a short amount of time. Agencies could not name a single case where mass surveillance helped. And don't kid yourself, if you have a master key to encryption, it is mass surveillance you try to implement and it will be used as such.

We had security agencies that had the info but didn't act in case of Vienna. Encryption wasn't the issue here, this is an incontinent case of saving face at best, a deliberate attack against civil rights at worst.

> These were never designed to be secure in the sense we're talking here

Encryption today is a protection against access for a limited amount of time. It is an intrinsic rule about every encryption algorithm. It is fundamental property and widely known.

So you admit defeat on the politics aspect of it? Because every one of your points was political, save for 1a.

This kind of comment is exactly why I'm avoiding the politics side of things. I don't want to subject myself to this sort of bad faith jabbing, as much as it comes with the topic.

It was not meant as a jab, and certainly not bad faith. I'm just telling you that your comment was of exactly the same character. Either refrain from making a political comment yourself or have it be responded to.

Making a political comment but then trying to shut down discussion of it by stating that you will not participate in political discussions is a double standard, though perhaps you were unaware that you were doing it.

I never said people couldn't respond to them. I said I wasn't going to debate it. Saying “so you admit defeat” (or the many, many variations) whenever someone exits a heated part of a debate is a textbook jab, and has no place in honest conversation.

Fair. I retract my comment.

I think what prompted me to react was mostly your `[government bad]` blurb. It felt like you got to state your political position and caricaturise the political position of the responder while avoiding further discussion. That felt wrong.

Fair in turn. I'll try to do better next time :).

> but about networks which are systematically and in actuality doing things like trafficking children for sexual abuse

The state must declare the child to be the most precious treasure of the people. As long as the government is perceived as working for the benefit of the children, the people will happily endure almost any curtailment of liberty and almost any deprivation. --Adolf Hitler

I believe this is a misquote.

It's also a morally horrific line of argument. Like saying you shouldn't care about shooting civilians because bad people in the past have used human shields as a war tactic.

These are not imagined people being hurt, spun out of whole cloth.

> I believe this is a misquote.

It is a legitimate known translation, not a misquote from the Ralph Manheim translation of Mein Kampf (ISBN 0395078016 / year 1943), page 403. Other translations have similar wording on the page, although not in such a nice succint sentence.

Manheim was known to have gone into great effort to create an exact English equivalent of Hitler's work for Mein Kampf.

> It's also a morally horrific line of argument. Like saying you shouldn't care about shooting civilians because bad people in the past have used human shields as a war tactic.

The point of the quote is to show there are no limits curtailing liberties, not an absolute we shouldn't bother. The attempt to spin the quote into something else, probably because, you wish to "protect the children" is proving the point.

> The point of the quote is to show there are no limits curtailing liberties, not an absolute we shouldn't bother. The attempt to spin the quote into something else, probably because, you wish to "protect the children" is proving the point.

This is not even remotely how you used it. My argument is one where there are obvious checks and balances, where government power is clearly and significantly limited, and little is left exclusively to government trust.

Yet because I mentioned that there are actual people being actually raped, I get Godwin's Law'd. Not because I advocated for Chinese style state control. Not because I took away liberties that most people even care about, given most people are perfectly happy using Google services. But because I dared mention that real people are suffering.

This happens every time on HN, no matter how moderate my position. Anything even remotely compromising the Bottom Line (universal perfect cryptographic security) is Hitler.

> Yet because I mentioned that there are actual people being actually raped, I get Godwin's Law'd

I looked at your posting history, not much Hitler mentions in responses relating to those topics. This is hyperbolic.

> no matter how moderate my position

If your position was moderate then "Most software already practically backdoored already" would have been sufficient.

> Anything even remotely compromising the Bottom Line (universal perfect cryptographic security) is Hitler.

You're way too focused on Hitler. Pretend it's not Hitler, the point is still valid.

This is madness. Oh, of course, it's much easier to put a wrench into some gears to show that you are actually working at "solving the terrorism problem" than shaving the yaks, but that machine is actually important for other things.

We live in a dangerous world. We cannot control everything. I don't mind a slight risk of terrorist attack on myself or my family (caveat lector: I am young), if that means greater freedom.

In my book this is the first step towards authoritarianism: ensure that the state survives at all costs. And being able to spy on the whole population to track outlaws and dissidents is part of this. There is an invisible barrier between what's legal and what's not. Crossing it isn't hard, look at extinction rebellion and other civil disobedience protestors. Yet, on the other side, your trusted options are very limited, and encryption is one of those. I'd argue that letting citizens communicate and organize privately is a vital component of democracy, even allowing citizens to seize control of the state if they deem it necessary. More so than U.S.A.'s "Second amendment", encryption is an arm citizens should legally be able to bear.

Now, it is obviously hypocritical to offer such a thing, as politicians certainly wouldn't want their texts to be snooped on, would they? Any bill that requests backdoors should request them from everyone.

And don't get me started on how governments recommend their own to use Matrix and Signal, the very apps they aim to backdoor, because they are secure. You can't both have your cake and eat it, too.

A useful thing to explain encryption backdoors is the TSA master keys: https://news.ycombinator.com/item?id=12177079

Their very existence made locks less secure (possibility of a key leak), and those are worthless against thieves now that master keys have leaked (you can 3D print them).

>We live in a dangerous world.

No we don't, but that's what the Politicians try to implement in our brains.

We do live in a dangerous world. Pretty much everybody loses their life somehow. It's amazing to me that so many of my peers survived childhood.

It is pretty stupid to try to jump a car on your bicycle without a landing ramp. Or play catch with lit M80s. And those weren't our dumbest ideas.

When I was a kid every 8-year-old pushed a lawn mower around once a week. And rode in the back of a pickup truck. Today I don't let my kids ride in the back of pickup trucks, and I'm nervous about the lawn mower. Or rather, I'm nervous about trusting my kid not to be careless with the mower.

But when I see the metal detector at the door of my kid's school I wince. Some dangers and some fears need to be met head on. For some people, those include riding in the back of pickup trucks. For some it is the school's metal detector. If only we could make those choices for ourselves and our children without forcing our fears onto our neighbors.

Edit: clarity

>Pretty much everybody loses their life somehow.

Yeah that's called life.

>Today I don't let my kids ride in the back of pickup trucks, and I'm nervous about the lawn mower.

That's because you already infected with fear. It's not your Children's fault that you don't trust them with a lawn mower..it's you and probably your society that is the problem.

>Some dangers and some fears need to be met head on.

Yes like wear a helmet on a Motorbike, but you need to dig much deeper, that a society needs a metal detector in schools.

And again the World IS much safer today...but remember the more you have the more you fear loosing it...it's the perfect setup to give up your freedom because you think you "win" some safety.

Perhaps you missed my point. Lawn mowers didn't get more dangerous. The level of danger hasn't gotten worse in that one respect. The level of trust might have changed. The acceptance of risk might have changed. I don't think that keeping my kid away from the lawn mower in order to protect them makes their life overall better or even safer.

Lawn mowers are dangerous. But that doesn't mean they should be banned. As you wrote, that's life. The solution isn't to think they aren't dangerous. The solution is to recognize the danger, then act appropriately. We just all have different ideas of what's appropriate.

Lawn mowers are safer today than they were 30 years ago. Still potentially dangerous. You point out to the kid: never let your feet go under there. Never reach your hand in here. Maybe throw an apple in to illustrate the effect. They get the message.

All that said, 8 might be a little young. I think I was around 10 when I started cutting the grass, but I don't really remember.

I really missed your point a bit.

But i watched a documentary about the US, where Children's under 12 are not allow to play outside without supervision, they get picket up by the police and the parents got big problems.

Here, they run around the hole day in the forests with Swiss or Scout-knifes and lighters and some sausages in the backpack. It's just terrible to think that your children's are safe because they sit hole day in their rooms and play games.

I don't get it how we got here. We were allowed to play outside (East Europe) near the house when we were six. Gradually increasing the comfort perimeter as we grew up. Twelve? I could have roamed the entire city if I had enough time to get back for lunch.

Maybe listen to too much Media/News etc, when you hear just bad things happening, you think it's just a matter of time until that happens to me or my family.

So you close your mind (because everyone else is bad, and every Adult that speaks with my children is a pedo) then you buy a gun (even if the chance is much higher that exactly with that gun something bad happens) and your Children's needs to be under constant observation and they need to learn that one should trust no one, you life in constant fear and because of that you vote for trumps.

>if I had enough time to get back for lunch.

Exactly that was my biggest fear, to late for lunch meant grumpy Mum and Dad..and no roaming for the next two days.

If you're nervous about your kid being reckless with the mower, you teach them not to be reckless. That's all there is to it.

How many people are killed by lawnmowers on a yearly basis?

Very few and I'd say, without checking, that it's probably much more common to lose a finger or a toe. That's a better analogy in this case too; it's unlikely that a mishap caused by the absence of encryption or the presence of a back-door will kill you. You might have to live with their consequences for a very long time though.

Arguing whether the World has suddenly become more dangerous is counter-productive in that aspect. In the end, we keep becoming wiser, technology evolves, and the World changes because of it. It doesn't matter if things actually got more dangerous or if we just got more afraid of them; it's the outcome of our actions that we need to focus on.

There is something to be said in comparing encryption to what usually amounts to spinning blades connected to some kind of engine; abusing any of those technologies can result in outcomes that are undesirable from society's point of view, and potentially from the users' point of view as well. Because, you know, fingers and toes.

The main problem is that just as if you outlawed the sale of lawn-mowers without specific features, there's nothing stopping people from using their existing lawn-mowers (or even building their own ones)anyway, the current encryption technologies won't go away. There's nothing stopping anyone from saving existing tools, or the source-code of existing tools, and keep using then. The only difference would be that such encryption, and the protection it brings with it, would now be restricted to the very criminals that the outlawing of the tools meant to stop in the first place.

Arguing whether the World has suddenly become more dangerous is counter-productive in that aspect. In the end, we keep becoming wiser, technology evolves, and the World changes because of it. It doesn't matter if things actually got more dangerous or if we just got more afraid of them; it's the outcome of our actions that we need to focus on.

Edit: As for the outcome, keeping encryption from everyone but criminals is outright ridiculous. It might get to some of the businesses selling specialized solutions catering to the people law enforcement is after, but in the end it will just result in the baddies simply moving away from those platforms and onto other platforms that are out of reach of EU law-enforcement. That leaves us with everyone else having a big target painted on them because this time we know there's a backdoor in their product.

I think what you are alluding to is the key, life has gotten so good that people get into extreme loss aversion. In my opinion the key to a decent life is to take calculated risks and if that goes wrong, then oh well that was unlucky.

There are a lot of risky things we do all day anyway, like driving any car or walking close to road. Those things are still incredibly safe.

By the numbers, this is the safest the world has ever been. The fact that you literally don't know anyone who has had smallpox attests to that.

Perception of risk is not actual risk. Yes, everyone dies, but that's more of a biological fact than a statement about how safe this world is. If you're really worried about you and your family, watch what you eat and hit the gym a bit, because statistically it's going to be a heart attack that gets you.

> Pretty much everybody loses their life somehow.

Everyone. Everyone dies. That includes you and me. The question is not if but how and what you do with the time you have.

So far only about 92% of people have died.

It's easy for people to lose sight of this with all the bad news we're seeing in 2020, but the present is the safest time in history when zoomed out to a scale of decades. The decline in violence since the 1900s to today is essentially global and scales from bar fights to wars.

Is it safer than 2015?

2020 may not be safer than 2015, but 2010-2020 is safer than 2000-2010. You might be able to find a recent 10 year period that beats the exact past 10 years by a slim margin.

On any scale between a human lifespan and the whole of human history, now is a pretty safe time to be alive.

Easy to lose sight that whatever safety we have is because we are actively trying to make it safe. We are at a point of development where if it wasn't safe, it would be the polar opposite and be the most unsafe time in history, everything happens on a global scale. What levers we need to maintain safety as technology moves forward is a tough thing to work out. Mucking with encryption doesn't seem like a good way to go though.

You are wrong. We live in such a dangerous world that the biggest reason for cause of death in many developed countries is suicide, obesity, diseases, etc.

The world is so safe that instead of dying from war, famine or untreatable infectious disease, those in developed countries are dying from diseases of wealth and comfort.

Obesity does not imply over-use of food with high nutritional value.

In other words, obesity comes from worse diets. The working classes are bombarded with corporate foods that contain way too much sugar, etc.

You still have to overeat to become obese. It does imply over-use of food, and at the same time diets may have gotten worse.

Not sure why you're gone all grey there. This is the prevailing thinking in obesity research at the moment. You're more likely to be obese if you're poor than if you're rich.

You don't get as much chance to die from obesity related diseases if you've died in a war, famine, pandemic, or from coal lung or crushed to death in a factory accident.

It afflicts the poor in relatively comfortable and safe nations.

Suicide is not a disease of comfort. Obesity is not a disease of wealth, for food (and junk food) is incredibly inexpensive in the developed world today, likely no more expensive than heavy smoking, alcohol, cocaine or opiates.

These are diseases of overpopulation, loss of freedom and control over one's life and general lack of anything to live for in the future. Mouse utopia comes to mind.

I vouched you up; I appreciate good discussion.

It's true that obesity is an affliction related to poverty; but it is related to poverty in nations of relative wealth and comfort. Access to that cheap and terrible food relies upon a logistics system that is heavily resistent to famine and blight.

Those in poverty who are dying from obesity related diseases are not dying in work place accidents, and are not dying in war or from untreatible infections. They didn't die in a pandemic.

The opportunity to die of obesity related diseases is tied to the relative safety and comfort of the nations in which the late individuals were impoverished.

We do. Even though the world has become safer and more prosperous it is still dangerous to our health and sanity. That doesn't mean we should avoid all risk.

What you are more talking about is the Politicians overstate the chance of dangers and they do it on the most evocative of topics (ex: terrorism, CP, etc).

A high danger we're in is from the potential for our governments to entrench their own powers and encourage potential future totalitarianism for small benefits here and now.

Politicians are part of the danger. Judging from the history, greater danger than the dangers we are allegedly being saved from

War is young men dying and old men talking

by Franklin D. Roosevelt

I certainly agree, and that is somewhat part of what I was saying.

exactly; the terror... stop being afraid and we avoid the collective need to sell our souls and those of our children for the protection of the state

Yeah - it is goddamn tiring can't the professional emotional manipulators that call themselves politicians play on any other emotion than fear to get elected?

The vast bulk of the fear mongering I see is coming from the mass media, in an attempt to drive clicks and sell newspapers, and get their preferred candidate elected.

For example, in the weeks leading up to the election, CNN ran a sidebar on the screen to continuously show current statistics on covid deaths, all day. The sidebar vanished on election day, and has not returned, even though covid death rates are worse than ever.

>covid deaths

You mean cases? They usually go for the biggest number they can display rather than the most informative.

They do, but they don't get elected.

> This is madness

It is by definition. Their ambitions haven't changed the last 30 years.

> You can't both have your cake and eat it, too.

Actually you can have your cake and eat it. What you can't do is eat your cake and have it :-P

My bad :)

Well, you got the point. In french, we'd say: "You can't both have butter and money for it" -- greedy butter sellers.

In Romanian, it's something like "you can't reconcile the lamb and the cabbage" (because the lamb eats the cabbage if they're together).

And in Hebrew it's "You can't eat the cake and leave it whole" or "you can't hold the rope from both edges".

I see this as follows:

1. Terrorism and trafficking of children will win the moral high ground.

2. App stores will be forced locale by locale to conform to these policies.

3. Most people will not notice or care.

4. This will be used by N-Eyes and totalitarian governments to quash dissent.

5. Meanwhile the tech crowd will create alternate app distribution mechanisms allowing those who care to communicate securely.

6. Those secure methods will be used by people with the most to lose. (e.g. the drivers of point 1)

Given this predictable series of events I see the primary question as: How do we prevent (4)? How can we make people secure by default again and make adoption easy in the face of app store capture.

> 1. Terrorism and trafficking of children will win the moral high ground.


> The term was coined by Timothy C. May in 1988. May referred to "child pornographers, terrorists, drug dealers, etc."[2]. May used the phrase to express disdain for what he perceived as "Think of the children" argumentation by government officials and others seeking to justify limiting civilian use of cryptography tools. Connotations related to such argumentation continue to be attached to the phrase, and it is more commonly used by those who wish to deride various restrictions on Internet activity than by those who support such restrictions.

* https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...

> How do we prevent (4)

• By ensuring there is always an opposing power.

• By maintaining democracy, by which I mean the tenet of electing governments from the citizenry as well as by the citizenry, and specifically rather than any of the oligarchical forms.

• By maintaining the rule of law.

The consequences being, if all encryption is backdoored, then any encryption used by politicians is by definition eavesdroppable by their opponents and enemies. Since all politicians thrive in a web of mendacity and confidences, they have a strong incentive for strong encryption, and will eventually terminate/abandon legislation that weakens it.

Any politician that threatens otherwise is therefore a) grandstanding, and/or b) using the issue to leverage/negotiate something else.


• Any government seriously implementing such a plan is operating as an oligarchy rather than a democracy, and will have plans to defend themselves from the surveillance imposed on the citizens.

• The first instinct of every would-be oligarch is to undermine the machinery of democracy and compromise the rule of law.

c.f. Utopia (Australia, 2014) Season 4 Episode 4 "Mission Creeps", and probably at least one Jim Hacker moment.

7. People in group 6 will be subject to increased abuse by authorities simply because they fall into this category regardless of whether other evidence suggests that they're a likely privacy advocate, political activist, or actual terrorist.

8. Privacy activists will leave group 6 by attrition, further reinforcing justification by authorities for 7.

Exactly the point I was trying to make, but you worded it much better!

Privacy only works well when everyone has it.

We are not at (2) yet. The EU is at least privacy-conscious - its parliament especially so. As an example, see the attention given to privacy here:


In my view there is a good chance that (2) will not be EU law for the foreseeable future, although this does require some opposition work. I guess one can see it as education of the politicians (the commissioners in this case).

The EU takes a statist approach to privacy. Encryption is always a better protection to privacy than ever changing laws. EP members are either inexperienced when it comes to technology or serve a party or a lobby agenda. The only countries opposing for the sake of opposing are Hungary and Poland and their leaders would love encyption being backdoored as long as their secret services can pry at comms.

Educate the Comissioners? The president of the Comission is an ex home secretary ie. a lady with a policing mindset just like Theresa May, only allegedly corrupt. Somehow her phones were wiped clean when required as evidence in a recent investigation. The irony of this legislation is that it could expose her own doings.


The Comissioners were told to use Signal after Bezos' phone got trojaned through WhatsApp. Encryption is only good when it's for their own benefit.

And even if it passes parliament there is still a chance that it will squashed by the ECHR.

#6 is the whole point.

As is always the case with these fights, the fundamental fact is that the war is asymmetric. We have to be right all of the time, they have to be right once. We have to break all encryption everywhere forever, they have to find one non-backdoor'd solution.

If you really hold the backdoor proponents' feet to the fire, they'll admit that yes, this is true, but at least with a backdoor you can catch some of the terrorists/child abusers/etc, some of the time (of course, you only get the dumb ones...), and we wouldn't want to let the perfect be the enemy of the good. But of course, saying you want to compromise all privacy in the developed world to catch a few dumb traffickers doesn't get votes.

Terrorists and other criminals already have more than enough tools in their possession to exchange data absolutely without fear of their messages being compromised.

So this is interesting, care to elaborate?

It is trivial to create an app using encryption to send messages between two users. On Android you can sideload so no need for app store.

You can also solve this with a webpage, this way it can be used on all devices.

The point is that creating a secure channel few users use is pretty trivial unless you outlaw crypto libraries. These laws can only take down apps/websites in mainstream use.

Sure, but you also need to recruit, and it's sort of hard to find new candidates if all you use is your super secret crypto app.

True, but when I worked on this recruiting was mostly an in person thing. For example for Muslim terrorists it was in a radical mosque. You can still radicalize with writings on the internet, they just need to make the first step in person.

Hmm - it doesn't work that way and you know it.

Could they inspect traffic at the ISP level and come knocking if they can't decipher what you're transmitting?

This comment sounds like “there is no particular technical obstacles for any nation to start and complete an Apollo Program equivalent”

Terrorists don't need an information exchange channel to be a nice looking app with great UX, stickers and animated emojis.

Even regular GPG-encrypted email using random rarely used email addresses will work quite fine.

These algorithms already exist. They are stored on criminal harddrives and aren't going to magically vanish with new laws.

Making an Apollo program requires a bit more than ctrl+v.

If you do the key exchange face-to-face, all you need is some bytes from /dev/random for the key, and the cryptographic algorithm Data XOR Key. They can't outlaw the XOR operator and they can't "backdoor" all random number sources (not even the most trivial ones), so the idea that it is even remotely possible to obtain political control of encryption is quite insane.

It's the infinite horse race. Black hats vs white hats. Neither holds the upper hand for long.

I hope that if we ever reach a steady state, it will be unbreakable privacy.

"Red Queen's Race" is the term often used for that.

Entropy always wins in the end.

Law enforcement clearly thinks it has a need for tools to combat terrorism and child trafficing. EDRi has prepared list of tools that don't need encryption to be broken: https://edri.org/files/encryption/workarounds_edriposition_2...

I don't know, but it's an ugly snowballing effect and it's part of the reason why I became a free speech absolutist.

Just to give #5 a shoutout:


It all comes down to distribution.

We need actual software like https://Matrix.org or https://qbix.com/platform to be good enough that people will install it. Like the Web Browser did killed AOL and MSN. Otherwise we will live with Facebook Google etc. and this is moot. But that is just the beginning.

Secondly, we need open source hardware. We are nowhere close to competing with Apple and Android. But as we have seen over the last 20 years - there is a war on general purpose computing and the closed systems have started to win. Just today I read that Android doesn’t let you take a screenshot of your own phone.

Third of all - the open distribution mechanisms you rely on today to not block you (eg web browsers) can be closed or ship updates with backdoors tomorrow to most users. Apple and Google together control most of the market. It isn’t hard to pressure them to do this.

Apple blocked blockchain dapps being distributed on iOS, unless they are made by an Apple developer whose app they can revoke. Amazon can yank your movies and books out of your hands.

Anything you think is secure (eg secure enclave) may not be. Trusted Computing Environments are made by two companies essentially.

In fact, I am surprised that more “stuxnet” attacks arent done in nuclear reactors across various countries. As self driving cars get hooked up to the net or delivery drones become ubiquitous we may see massive vulnerabilities that can be exploited all at once. Not just by state actors but anyone. Really scary stuff.

Sadly the same entities locking down the computing devices also start requiring uplinks to their servers and can push any updates. Regular people are at the mercy of corporations and the state.

Unless open source companies step up and build a decentralized hardware distribution infrastructure, with multiple actors (like VOIP relaced centralized telephone switchboard operators) all these arguments are moot. There is a handful of tech companies whose arms need to be twisted and that’s all.


To be honest ... I no longer think that end-to-end encryption is the right solution to human rights problems. If citizens are reduced to sneaking around and denying their activities to survive, their governmental system is way past due for fixing. This is like the “good slave owners” delaying the abolition of slavery. You’re solving the wrong problem.

I believe that crypto is needed to secure decentralized byzantine fault tolerant systems like Ethereum etc. to be TRUSTED, not to hide information. Signatures, not encryption, if you will. If anything, it is the government who doesn’t want encryption to be broken (eg of copyrighted DVD content etc.) and there is an inherent contradiction since anyone who consumes unencrypted content can reshare it.

What we really need is to decentralize the personal data in many places, and use zero-knowledge proofs for attestation, but that is different than encrypting and hiding information.

I just don't understand why people go on downvote spree. There are many things here that people can agree on or at least understand.

Many of the common tools (both hardware & software) that common people use are at the hands of few, who can abuse the users themselves or at the request of the Government.

> To be honest ... I no longer think that end-to-end encryption is the right solution to human rights problems. If citizens are reduced to sneaking around and denying their activities to survive, their governmental system is way past due for fixing. This is like the “good slave owners” delaying the abolition of slavery. You’re solving the wrong problem.

This (clap)(clap)(clap)

>Just today I read that Android doesn’t let you take a screenshot of your own phone.

Not many seemed to care to click the link in that thread. If one did one would know that it was to a bug report and a fix was even posted in the same link. Screenshots work just fine.

Not many seemed to read through the bug report either.

The bug report was for not being able to screenshot in situations when it wasn't actually disabled.

The fundamental problem that the GP is referring to and that demonstrates the loss of control over one's own devices is that it _is_ possible for apps to disable making of screenshots to begin with.

Fine. But I can name a ton of things that were in fact closed down due to “think of the starving artists” copyright laws in US or 自我约束;自律 “self-censorship” in China for political speech [1]

I have written a far more extensive post just now on HN that fleshes out the overall argument against focusing on encryption - please read it here and we can discuss:


No need as I don't disagree.

We need to establish the use of encryption as a basic human right. I'm so tired of this cropping up every couple years.

It pretty much is, section 12 of the Universal Declaration of Human Rights states:

> No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

I mean wearing my programmer goggles it doesn't state privacy AND correspondence but OR, but still. Not having your personal conversations get intercepted is not too much to ask for, is it?

I mean I get it, if they have a reasonable suspicion they CAN intercept your communications (listening devices, intercepting the phone conversations), but this is not a right they can claim on anyone, and they shouldn't be able to force companies to allow them to listen in. Not arbitrarily anyway (see: Snowden revelations, where it was proven that the NSA just hoovers up anything and retroactively checks if there's anything wrong in there)

The problem is that you can’t leave any room for interpretation, because governments generally interpret things as liberally as they can in their favor, to the brink of absurdity.

In other words, “encryption” needs to be listed there as a right, to remove any room for interpretation. Or explicitly listed as an example of a more general right, like the right to private speech (or whatever you want to call it).

The EU ministers do want us to have a right to encryption. They just want to be able to decrypt it.

Considering governments have about the same capacity to store data securely as a twelve-year-old, those decryption keys basically open up the door for everyone who is willing to put the effort into retrieving them.

And considering the retrieval would certainly be breaking at least a few laws, the people who are going to pull it off are going to be

- nation states

- APTs

- large criminal organizations

- large corporations (corporate espionage)

So you arguably defeat the entire purpose of having encrypted data streams. Sure, the barrier of going and "stealing the keys" is still there, but given the track record large governments have at not leaking data, it is safe to say there would be little barrier aside from legal ramifications if caught.

Like TSA luggage keys.... there's no way those would leak online, and no way anybody would be able to download them from https://www.thingiverse.com/thing:1687424 and 3d-print them... no way something like that'd happen!

Luckily, you can't 3D print an encryption key that would be useful in any way. Although, now I wish the guy from Lavabits had handed in his SSL cert as 3D printed letters and numbers like a puzzle.

3D printing is one of the more useful ways to securely backup up encryption key’s. Just ensure the only place they exist is inside an object and not only are they durable, but tamper resistant as someone can’t just photocopy the key.

Could you elaborate on that? I couldn't find anything from a few Google searches.

3D printers can make solid objects with internal structures.

It’s the same basic idea as an envelope, as in you need to open it to see what’s inside. However, opening it up inherently breaks the object so if you have it unbroken then it’s obvious that nobody has done so. XRay’s being an obvious risk.

That would be a 2D print.

You’re 3D printing inside the object so people can’t just copy the number. Think envelope.

> Luckily, you can't 3D print an encryption key that would be useful in any way.

That's true, you have to rely on Sony executives to tweet them out instead. https://m.slashdot.org/story/147470

You can tattoo an encrypyion algorithm. Someone did that a long time ago with RSA: http://www.geekytattoos.com/illegal-tattoos-rsa-tattoos/

There are many, many ways to print (escrowed) keys with a 3d printer... from punched cards, to "engraved" letters, to chains of 3d numbers, etc.

No you can just print a QR code of it on a 2D printer :P

That is not encrypted then.

Should we say that no building is really locked, since the fire department is alway able to force entry?

We are not talking about human habitats that are supposed to be transitable by design. We are talking about lockers within this habitat, that remain secure even if the house is burning, because you don't want thieves who arrive before the firedepartment to have access to your guns. It's a civil obligation.

"really locked" is using a wholy misused modifier. Neither are we talking about royal priviliges, nor the distinction to virtualized fantasy. The necessary capability of encryptian is effectivity. The effectivity of regular locks is indeed a matter of concern in the security industry to begin with, as lock picking sessions at Defcon make clear. But, if the fireman's axe shreds the frontdoor, at least there will be no denying that you have been literally hacked.

Scale and viability. Your fire department can't break force entry without notifying others in the area or do it to every building in the city.

Now digitally, that's not true. You can keep collecting data without anyone knowing at an unprecedented scale.

They think it is.

Well, if everything is working as planned - it is encrypted in a way, that the economy and the people are protected against criminals, but everything is still in control of the government. That is the plan. And it makes sense, from their point of view. But their point of view usually comes from law schools and not technical universities.

You might be confusing hashed with encrypted.

Not just governments. Anyone, really.

> I mean wearing my programmer goggles it doesn't state privacy AND correspondence but OR, but still.

But still what? The logic is perfectly correct; ~(a | b) = (~a & ~b)

They key word is 'arbitrary'.

The courts may not view the police, with a warrant, wanting to see your texts because they believe you're doing something illegal as a form of 'arbitrary' interference.

This new proposal sounds nutty to me, but I think that our various constitutions provide for the possibility of government access to private stuff given legitimacy, proportionality etc.

That's what I believe they're thinking too. Except with encryption that's not one of the options, unfortunately.

It continues " There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law" [to ensure everyone's safety].

E2e encryption that is "safe from courts" isn't protected.

It isn't "safe from courts" because courts can allow them to bug your house and hack your phone using the unlock code their bug recorded you entering.

They can't do that to the entire public at once because it's not economical, but that's the point.

Not sure I follow. The struggle politicians are in isn't to eavesdrop on everyone. The fact that this is possible is an unwelcome side effect. The struggle is to not lose the same ability (targeted eavesdropping after court orders) when people switch to e2e from phone calls.

If cell phones had e2e encryptoions so the normal court-order landline eavesdropping disappeared from law enforcements' toolboxes - there is zero chance they would ever have been allowed in the hands of the public.

> The struggle is to not lose the same ability (targeted eavesdropping after court orders) when people switch to e2e from phone calls.

But they haven't. They can physically install a listening device at the location in the warrant and thereby record any conversations you make from there. That gives them the same capability they historically had with landlines.

Yes. So for a static location that's feasible. But the status quo is they can also tap old school mobile voice calls and text messages.

Which they can do, too. Just break into an Android phone (easy enough to do remotely). Bug home, bug the car, bug shoes, now you have phone calls from an iPhone. (You can pick up electrical interference from phone calls on an iPhone, due to the hearing aid induction loop.)

For every phone, you can just slip an antenna under the case (or in the phone's body) and pick up the LCD switching interference – faint though it may be – and figure out what's on the screen from there. Or, you know, CCTV.

Encryption-for-the-masses merely protects from mass surveillance; anyone protecting themselves from targeted surveillance isn't going to suffer from an encryption ban.

I don't see any good middle ground between "authorities can never eavesdrop on inviduals' comms even with a warrant" and "authorities can do mass surveillance". It's a very difficult dilemma. I (as you do) prefer the former if I have to choose. I understand why it's not a very wasy pill to swallow though. Hopefully techniques for targeted eavesdropping (like those you mention) will improve as e2e gets more widespread. The easy of eavesdropping on mobile comms has probably been too comfortable for too long.

The status quo today is that various encrypted messaging apps exist without any apparent backdoors. This has been the case for several years already. The status quo from not long before that was that mobile phones and text messages didn't exist at all.

Yes. Perhaps the endgame here is that when "old school" voice/text shrinks, so does that avenue for eavesdropping, and once it's almost zero, then allowing any e2e doesn't mean a loss of ability anyway.

Also, so long as metadata is available from cell towers, you can still use the most useful piece of data: that someone's phone was at a crime scene, even if the communication itself was encrypted. That will always be the case (unfortunately also in authoritarian regimes).

“The struggle politicians are in isn't to eavesdrop on everyone.”

Counterpoint: yes it is.

that's the short story.

The long story is that encrypted files alone are no use to anyone, so the courts have no more right to it than anyone else. The decrypted text is a different matter. It's supposed to be protected. So you are saying, eventually, if I may interpret it that way, that speech which is protected from the authorities including the courts is not in fact protected from the courts.

Oh, ok, that's not even illogic, just paradox.

Problematicly, if you consider the abstract danger of a key cypher pair a threat, the same goes for the legislatator court partnership. The courts aren't a threat as long as there's no legislation that opens them up to it. So, clearly, the legislation is key to the infringement. This means that legislation has to act in accordance with legislation, which is as difficult to understand for regular joe as function pointer semantics in C++. So it appears to say, simply, that legislation has to act...

That's you and me. Actually though, the law is accordingly a huge tower of abstraction. The moment you try to dereference "the law" it blows up into your face, a group of skilled experts has to drop into debugging mode and, eventually, has to decide if they want to have their access limited even in debugging mode. Well, the system was designed for the hypervisor kernel to access all areas, this seems to be a problem of the virtual OS handling the capabilities for userspace incorrectly.

Bug closed: won't fix.

If only the Declaration was legally binding...

Well, the ECHR is (for all EU members), and has a similar clause:

> Everyone has the right to respect for his private and family life, his home and his correspondence.

unfortunately it also has exemptions for anything a government could reasonably use as justification to restrict this right:

> There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

If government can strip it at will and I think it is formulated as such, the right doesn't exist and it isn't more than nice window dressing.

> interference with [...] correspondence

Imagine that some unnamed corrupt government treats your telegram messages as correspondence, but not encryption keys. It then orders Telegram to release said keys (pinky promising not to do anything nefarious with them) because they aren't considered correspondence.

When they have a court warrant, it's not arbitrary. I think some rights were given to the people to combat government tyranny (right to bear arms for example), but combating government tyranny is just not feasible anymore, due to a set of factors, like our inability to organize behind a common cause. Anyway, the choice here is reserving our ability to overthrow an unjust system, or giving the government the rights to catch those who might want to unjustly overthrow it.

The court warrant sounds like it's a good idea, and don't most other things work that way too? Actually End-to-end encryption isn't that different.

It so happens that there's no point in taking out a warrant against the man-in-the-middle, because he has no access to begin with.

You'll have to get a warrant against one of the ends.

What these proposals would end up doing is to force people to weaken protocols and start spying as a man-in-the-middle, just so that they can be targeted by a warrant.

This is just a little bit silly, I feel; and doesn't really help anyone. I don't think that authorities realize that that is what they're asking for. Usually when it gets explained to them, sooner or later they relent. And then a few years later someone replaces them, and it happens all over again.

I don't see any proposal to "weaken protocols." Why would the government try to mandate the use of provably unsound end-to-end encryption, weakening security for everyone, when it could just order Apple and Google to spy on the user's end, which they control?

Sorry, but this is nonsense. Possessing cryptography does not imply the boogeyman will, as a consequence, gain the ability to overthrow the system. On the other hand, there's very concrete evidence governments are the boogeymen.

>giving the government the rights to catch those who might want to unjustly overthrow it.

So how decides when an attempt is just? Did the British think the American revolutionaries were just in declaring independence?

It is might makes right essentially - if treason doth prospor none dare call it treason. If there is absolutely no hope of any effort to revert it succeeding it is just.

> Article 8: Right to privacy

- Everyone has the right to respect for his private and family life, his home and his correspondence.

- There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

(I'm not feeling bright enough to comment but this seems extremely relevant)

[0] https://www.equalityhumanrights.com/en/human-rights-act/arti...

Good find, but it has enough caveats and loopholes to render it useless.

Prevention of not just crime, but also disorder? The economic well-being of the country? Protection of health or morals?

I suppose it's better to pay lip service to Right to Privacy, instead of completely ignoring it altogether. But this is not a human right.

You're going to be very disappointed by the other human rights then. They're all about proportionality. Even the right to life can give way "when a public authority (such as the police) uses necessary force to … stop a riot or uprising." https://www.equalityhumanrights.com/en/human-rights-act/arti...

“Everyone has right to privacy ... except for ... protection of economic interest, keeping of morals, preventing disorder ...”

That sounds more like declaration of “human rights” by China than by EU

shakes head

Rather toothless point considering "morals" and "economic well-being of the country" are valid grounds for interference.

First step is finding a way to educate the mainstream (including politicians) on the dangers of master keys and backdoors.

It is too easy for many politicians and security agencies to think that their master keys and backdoors won't ever fall into the wrong hands, that they're careful, etc. And if you point out the problem, they'll tell you they'll be even more careful.

Think about it from a non-techie perspective. I don't think most people even understand the concept that a message that goes from sender to recipient in WhatsApp can't be decrypted by Facebook, let alone by anyone else. I don't even know if there is a common analogue-world comparison you can draw, this is an utterly new concept for people who don't understand encryption.

E2E encryption is scary. I'm also in the "you can't ban math, why try" camp. But I can't see authorities/politicians give up the idea of getting access to decrypted communications after court orders, in a 100 years, even if everyone completely understood the topic. It's just not happening.

I mean, if you put it that way, assumption of innocence is also a scary concept; being the police and having to let someone you know is a murderer or terrorist go because you can't prove what they did is routinely touted as a genuinely terrifying prospect in plenty of TV shows.

Privacy is a human right in Europe. I don't think it's a pipe dream to give encryption some good PR, especially when it powers the internet, keeps your payments safe, protects you from bad guys, etc.

Pushing hard on the concept that Encryption == Privacy is very important. We should not call intentionally-backdoored crypto "Encryption", but something obviously bad such as "Open-Door Fake Encryption", or whatever actually speaks to people.

We expect privacy in "unencrypted" phone calls, but seem happy that law enforcement can eavesdrop on 4G when they have to. Not sure how much more privacy people expect. If you explain to people how much privacy they give up just clicking a random facebook questionnaire - they nod and then still do. Privacy and integrity is important but it will never match e.g. "terrorism" or "safety" on the list of important issues I think.

> We expect privacy in "unencrypted" phone calls, but seem happy that law enforcement can eavesdrop on 4G when they have to.

Don't assume that "we" are happy about that. You might be; others are not.

Unbreakable encryption should be available to everyone, and straightforward for everyone to use, and used by default rather than only for "sensitive" information. Unbreakable encryption should be so widely used that the thought never even occurs to anyone to associate it with wrongdoing. Communication using unbreakable encryption should simply be "communication".

> Don't assume that "we" are happy about that. You might be; others are not.

I don't want to suggest everyone is happy with the status quo, but it's at least not one of the top items on everyone's agenda for change.

> Unbreakable encryption should be available to everyone, and straightforward for everyone to use, and used by default rather than only for "sensitive" information. Unbreakable encryption should be so widely used that the thought never even occurs to anyone to associate it with wrongdoing. Communication using unbreakable encryption should simply be "communication".

I agree with you - but I also doubt it will happen. Not because of some government conspiracy but because I don't for a second believe that people would choose "government can't tap a criminal's phone call or text messages even with a court order" as an acceptable drawback for the benefit "my own conversations are always secure". I really don't. I'd be happy to be proven wrong though. So I simply don't think there is any democratic pressure for it.

One of many angles is "perhaps you trust your government (or perhaps not), but do you trust every government with a backdoor? Do you trust everyone who has gotten hold of it? Do you trust that it can't be broken or stolen or abused?"

We need to very clearly and universally make the message clear: there's unbreakable encryption, and there's broken encryption, nothing in between. Anything that purports to be in between is either broken or soon will be.

I trust my current government, I don't trust most foreign ones and I don't even trust my own next government. I think we now have the two key pillars of the dilemma: we can never have back doors (broken encryption which is as bad as no encryption), and neither the public (I'm guessing) nor authorities will allow a situation where even a court order doesn't allow eavesdropping. And between these two there is no middle ground.

Where do the existing "readily available, off-the-shelf encryption solutions" mentioned in the link fall in this dichotomy? Are they unbreakable because no network administrator can read my WhatsApp messages? Or are they broken, because Apple can push out an OS update and steal messages without the user knowing?

That's why you explain that it's about personal and organizational safety. The ability to lock doors.

Make sure the terrorists can't find and research targets.

Make sure child molesters can't get at your kids.

Make sure bank robbers can't get at banks.

Make sure organized crime can't spy on the police and thwart police actions. Etc etc.


I'm not happy with that at all.

If anyone calls me on a regular phone call, I'm always aware of this.. It's that nasty feeling of being spied on that's really the main reason I hate this so much. The government shouldn't have any reason to spy on me but spying on everyone is simply becoming the norm because they can.

> being the police and having to let someone you know is a murderer or terrorist go because you can't prove what they did

"A policeman's job is only easy in a police state." — https://en.wikiquote.org/wiki/Touch_of_Evil

> as a genuinely terrifying prospect in plenty of TV shows.

Probably for a reason:

* https://en.wikipedia.org/wiki/Copaganda

I don't know if you're trying to make this a "gotcha", but this is the point I was making.

Why is E2E encryption scary?

This is a genuine question because it's a counterintuitive notion to me since I find the lack of E2E encryption scary.

I mean scary to authorities used to be able to do targeted surrveillance of messages in transit such as law enforcement. Not to people.

It's obviously even more scary (an existential threat) to authorities that are used to be able to do mass surveillance of messages in transit (Such as the NSA).

guns are scary

knives are scary

Indeed yes. Also, sharks.

We're making good progress toward a world without sharks. We can do it!

we should just make them illegal

The mainstream doesn't care about human rights, they will always fall for the children/terrorism traps

WhatsApp is closed source, isn't it? What kind of assurance do we have that these messages still aren't regularly sent to Facebook, unencrypted ?

Ain't it fun when you post http(s) link with WhatsApp, preview fetch originates from server in US to your url. How's that E2E.

Even a closed-source app is never really closed. In the end it's all machine code which is basically source code as well. There's many tools to analyse binaries, like IDA Pro. It's just difficult and often steps are taken to obfuscate what it's doing.

Having the higher-level source code just makes it a lot easier.

But if WhatsApp did this, it would probably be noticed pretty quickly by experts. But like I said above, Whatsapp's achilles heel isn't really the E2E encryption. It's the cloud backups.

Would it? This kind of transmission of messages could be hidden alongside legitimate looking traffic like updates...

Also wven if it does not exhilarated user data now, it's one update from doing that tomorrow. Quite possible even via a targeted update on some specific people "not in favor".

If it was open source there is some chance a backdoor would be spotted (eq. by Linux distropackage msintainers), but not when a company is pushing obfuscated binary blobs preatty much directly to users.

Well, not directly, for most people that would be via Apple/Google stores.

And of course these stores could have secret functionality for shipping targeted updates.

But if it exists, this means that 1) none of the developers working on the store backend decided to leak info about it and 2) none of the targets have had an expert look at their device to find an unusual update that wasn't seen by anyone else.

Over time, the probability of either of those things happening would be going up…

I picked updates as an example, but that's likely not the only communication that WhatsApp has with its servers ?

Non-techies most certainly understand what encryption is and if you describe what 'end' in the WhatsApp notice about end to end encryption means, it's very clear to them.

No, non-techies do not "understand what encryption is". They'll understand if you explain it to them, but if you ask someone off the street what encryption is, the closest to a correct description they may give you is "it's garbled text you can decrypt".

It's hard enough to explain the easy, obvious stuff like tax brackets. You think people have a native understanding of encryption?

> You think people have a native understanding of encryption?

It’s easy. Tell people they’re speaking English to one other person who also speaks English at a dinner table. No one else in the world speaks English. You can look and sound like you’re talking about how excellent the food is, but really you’re saying how terrible it is... and no one on earth will ever know, other than the one person who understands you.

This is not a good way to explain encryption to people. Explaining the concept of a "key" is essential to explain why this doesn't work.

- In your example, the contents can be deduced from the "encrypted" data, without the key. Indeed, there is no key, but rather a complex dictionary transformation.

- A "backdoor" is merely teaching GCHQ to speak English. Sounds perfectly reasonable in your example.

I'd argue the exact problem is that politicians have the particular understanding of encryption that you just gave.

You need to communicate two things:

1) Why backdooring safe encryption irreversibly breaks it for everybody

2) Why that's a bad thing

Guys, both of you are behaving like non-tech people are idiots. They are as smart as you. They often have college degrees. Even children understand perfectly well what encryption is. Boy/girl scouts go out of their way to teach it, etc.

I wonder if we can make an encryption protocol that cryptographically securely encrypts an arbitrary English sentence into an English passage that sounds like it makes sense but is unrelated to the ciphertext.


1. Encrypt as normal.

2. Given a language model which can generate a choice of multiple possible next-symbols given what has already been written, use bytes from the cypher text to choose between the available options.

For example, using the predictive text options on my iPhone, and treating 0=left 1=right, the cypher text 011100 and the starting symbol “Hi”, I get:

“Hi I have heard from the other”

(Note: I’m fairly sure the iPhone predictive text system is personalised and therefore time-variable, but the general idea still applies if you are in full control of the system).

3. If the other party knows the model and the initial word, they can use an equivalent process to recover the cypher text and put that into the normal decryption routine.

This is the correct answer, although it's worth thinking about what the threat model is.

If the government is just going to force specific companies to add backdoors, then the process above isn't really necessary, you just need a way to install a client that isn't backdoored. If, however, the government is banning the sending of encrypted messages, then you have to hope that a jury doesn't see your long pointless messages as strong evidence of using encryption.

To improve slightly upon the language model example given above, though, I suggest something like this:


> then you have to hope that a jury doesn't see your long pointless messages as strong evidence of using encryption

Don't legal people routinely just take few word sentences and rewrite them into long paragraphs of aforementioned hereinafter notwithstanding including but not limited to senseless nonsense?

So long as it looks normal for you, I suspect you’d be fine.

If I started writing long paragraphs of aforementioned hereinafter notwithstanding including but not limited to senseless nonsense, I’d be really obvious — at least to a human, not sure if current AI would notice me yet.

Plausible deniability though – who said you can't have a hobby of intentionally making up nonsense texts, sending them to friends to laugh at?

(Of course the public existence of software that does this could definitely make that excuse less convincing.)

Hmm, I think a better strategy might be embedding the ciphertext in the fur of cat pictures. Sending lots of cat pictures seems pretty normal for anyone. Might be possible to create a GAN that outputs a synthesized cat picture with a constraint of some ciphertext that can be decoded later. Or simple modulation might just work, if I can convince JPEG to not wreck it.

That is higher bandwidth, but for normal chat apps I would expect randomly applied compression in transit breaking things. Email could work though? And if you’re generating the JPEG or PNG yourself, you can put the cypher text in at whatever level you like, including highest entropy bits of the compressed data.

You’d have to be very careful to seem “normal”, as carelessly doing that can change the entropy in a detectable way even for the least significant bits — the least significant bits saved in something like JPEG is not the sensor noise, it’s the smallest stuff that humans pay attention to.

Maybe something that's aided by an AI that generates English texts(a little similar to your iPhone auto-suggest, but more advanced) so that the sentences are valid and coherent. The recipient would need to know some sort of key/"seed" for the AI, that you'd give them in another channel. I bet something like that would be possible, but the ciphertext would be much larger than the plaintext. Still a fun idea.

lol it may be time for Base_Emoji encoding. Good luck proving that my sequence of laughing crying faces and cats is an encrypted message.

I was wondering the same thing.

Found this related question on Crypto Stackexchange: https://crypto.stackexchange.com/questions/32767/how-to-disg...

I have seen a few hacky implementations of this, many years back. Essentially you use a dumb secrecy technique (every second letter of every third word). Then put your (secyrely) encrypted message as the payload.

The question of interest is "how to generate sentences that allow the most dense insertion of data?".

The best two I saw were:

* Used a copy paste (with link) of tweets / jokes / song lyrics with trite comments around them.

* Used an html formatted email with images embedded. The images were fiddled to hold the bulk of the payload and the surrounding sentences were just to describe the image to give it authenticity.

The funniest was a dirty poem generator based on an oracled (to inject the payload) monte carlo sim. It ised historic dirty letters and all sorts of poem formats.

This was at a hackathon in Hampshire (uk) ~2014

I fully subscribe to this point. It comes up, then it either gets voted out or doesn't even come that far. What baffles me though is that such blatant power-grabs are being introduced, and that anyone thinks that anything would be better off afterwards. Surveillance is going to get more difficult, not easier unless you want to spy on middle-aged people talking about fishing or sour dough recipes.

IMO the right to encryption naturally follows form the fundamental right to speech but yes the right to practice math and science including should be additionally protected.

It seems governments would rather make mind reading a thing.

I completely agree with that.

I was born and raised in a country occupied by communist invaders, so I know very well how unbelievably horrific it was to live under continuous surveillance.

Despite the many Western fiction works, either movies or novels, which attempted to describe how life was in the Eastern Europe and Soviet Union, I have not seen any that succeeded to really convey how awful that was, because it is very difficult to imagine it when you have not experienced it.

After 1990 there was a short time when things seemed to be improving in the world, about the human rights, but that did not last for long.

After 2000, the Western countries began to resemble more and more every year with the communist countries they were formerly criticizing.

This sad evolution concerns not only the continuous attempts to restrict the basic human rights but also the continuous reduction in competition in the economy, by more and more mergers and acquisitions.

Despite what some say, the socialist economies were not really different from the capitalist economies, but they were identical to the extreme form of a capitalist economy, where, in the absence of regulation, everything is produced by monopolies. Now, with the exception of few domains where there is still vigorous competition, even the American economy is so much dominated by quasi-monopolies, that it resembles more to the old Russian economy than to the American economy of 30 years ago.

Twenty years ago, when I designed some electronics hardware, I could search the Internet for the datasheets and manuals of possible components and I had many possible choices for each of them.

Now, for many key components, I have only one possible source. Moreover, for many important components that I might use, I cannot really determine whether they could be used, because their technical documentation is provided only after signing an NDA and only if you intend to buy really large quantities.

Such changes were very gradual, so for those who did not live enough to span several decades of experience, the way things are done now may seem normal, but they are not and they are definitely worse than before. Now it is far more difficult to innovate.

Regarding surveillance and encryption, most Western people, who have not yet experienced the extreme abuses towards which the current legislation slowly evolves, are very naive and they do not understand how dangerous this really is.

The irony is that now the Western countries are trying to make lawful things that not even the communists had the courage to introduce in their laws.

Even in the communist constitution that was valid when I was a child there were constitutional rights for the secrecy both of the phone conversations and of the mail messages.

Obviously, like the NSA, the secret police did not care about what is lawful and what is not, so they intercepted any mail message or phone conversation they desired, but at least there was no doubt that their activities are illegal. Fortunately, they did not have the technical abilities to intercept all the phone & mail communications, like today. Otherwise I would be still living in a communist country.

Because of my experience, no matter what abusive laws might be introduced in the future by corrupt politicians and no matter which would be the consequences, I would never recognize that any other human being has the right to command me to not encrypt any information that belongs to me. Equivalently with being against the interdiction of encryption, I would also never accept that any human being has the right to demand that I must answer to any question, if I do not want to answer.

Of course, if that question had been in the context of a legal investigation, refusing to answer some question may be considered as evidence supporting the supposition that the questioned person might have done something wrong. Therefore that person might be punished for what he/she is supposed to have been done, if being guilty is considered certain enough.

However, punishing the person just for refusing to answer a question, without any evidence strong enough that the person has committed any other crime, as it is frequent now in the USA, this is something that I consider to be an unacceptable abuse and a breach of the most basic human right.

You and what army?

The EU doesn't see free speech as a basic human right. They are of the opinion that some ideas are dangerous in and of themselves, even without a call to violence.

It is doubtful that it will see something like encryption that allows speech and communication at a distance without government knowledge or control as a basic human right. After all, if some speech is so dangerous that it cannot be posted online, then we should make sure it is not spreading to who knows what kinds of people without government knowledge.

There is no logical connection between your first sentence and encryption. (By the way, it's incorrect, we call it the right to freedom of expression over here; sometimes also referred to as the freedom of opinion)

> The EU doesn't see free speech as a basic human right

Of course it is, it's called freedom of opinion, simply some opinions are considered crimes by the EU law system.

Removing a post that incites someone to commit suicide or to kill someone can save the poster from being prosecuted.

That's it.

Private communications are excempted though, unless they need to be used in a trial after a judge authorized it.

Try going to berlin waving a nazi flag and saying they should have killed more jews back then to see how that goes

I'm Italian, it's a crime here too, I don't have to go to Berlin to see how it goes, when my father's home was raided by Nazis and he had to run and hide in the woods where he lived for two years, till the end of the war

He was 4 years old.

If you read again what I wrote it's already there: free of opinion doesn't mean that all opinions are permitted, because some of them are crimes.

Anyway, if you know Berlin you should also know that there have been a spree of neo-nazi violence lately and the police is not doing much to stop it (I lived in Berlin for a few years)


Applications are open for YC Winter 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact