Hacker News new | past | comments | ask | show | jobs | submit login
Messaging and chat control (patrick-breyer.de)
643 points by kristjank 5 months ago | hide | past | favorite | 317 comments



The scary thing about this is that many people have images that look like child porn at home: Family photos of naked grandchildren playing at the sea or in the mud, as well as sexting between consenting teenagers. There is no way automatic classification can distinguish these from real child porn, because they look almost identical and thus many private pictures will be shared with the government. This not only infringes the privacy of those people in the most drastic way possible, but might also lead to lawsuits that can tear families apart (think your father being accused of having CP only for it to turn out months later it was an old picture of yourself). The article mentions that 40% of CP investigations in Germany are started against minors (implied: through sexting), which shows that this concern is not purely theoretical at all.

This was not an issue with the old approach of comparing checksums against public CP images, but it will increasingly be if we use more AI algorithms for this.

EDIT: Probably Apples neural hashes that are currently in the news won't be vulnerable to this since they trained specifically to only detect changes in color/cropping/rotation. But we can't know for sure since the white paper is not that detailed and "naked kid on beach" photos all look really similar usually.


"Child porn" is a smokescreen. It's what every privacy advocate saw coming: find the worst, most repugnant thing possible and use it to backdoor encryption.

It's not a dream, and it's really happening, right now.


Yeah. Children are the perfect political weapon. You can use children to justify anything and destroy the reputation of anyone who opposes you. It's reasonable to assume anyone using children as argument is acting in bad faith.

I seriously doubt governments actually care about children. They probably care a great deal more about maintaining their own power and control over their subjects. We see countries like Russia and China using the tools of surveillance and law enforcement to silence political opposition and dissent.


> I seriously doubt governments actually care about children.

Goverments don't care about children. Twenty-six first graders were massacred and the US government did nothing.


Yes, given all the burgeoning authoritarian states where phones are sold it's clearly population control.

Regardless of country, scanning for material critical of PRC, Lukashenko or Erdoğan is the exact same tech you might want to scan for copyright violations, union organizing, political party opposition, cryptocurrency, or any other dissent your local burgeoning authoritarian wants to pay for.

Both phone OS vendors have over and over proven eager to satisfy every authoritarian, no matter the human impact. We're screwed.


CSAM is still problematic, though. The consensus is that creates a market that incentivizes the abuse of children, because you cannot produce CSAM without CSA. It seems to be the one of the few classes of data that is an exception to the standard of privacy that is applied to almost all other data, to the point that Apple took action against it. Dozens of other countries besides the US also agree, and outlaw that class of data as well. Finding actual CSAM (and not just any kind of pornography involving minors, hence the shift in terminology) is supposedly directly tied to finding child abusers, thus preventing future child abuse from taking place.

There appear to be few to no studies that give statistical evidence for the market hypothesis or that the spread of CSAM causes CSA. But even if they existed, I still think the argument would ultimately become "letting one more child abuser get away because we preserved our privacy instead." How can such an argument be challenged, given that the prevention of CSA is a legitimate problem on a global scale? Even so much as mentioning an argument that takes into consideration the nature of CSA appears to be taboo - and for good reason, as it carries a risk of being labeled many kinds of terrible things oneself. That seems to be why a lot of threads here are reducing the issue to "think of the children" or lambasting the potential slippery slope of authoritarian surveillance, instead of discussing why CSAM is outlawed to begin with, and thus the reasons why Apple came to this decision in the first place.

Another thing that nobody seems to talk about is that Apple doesn't want to be held liable for CSAM stored on their servers, either. Within that context, this change is Apple's way of addressing that issue, which also happens to erode individual privacy. Apple's values appear to dictate that the tradeoff is worth it in the end. About the only people that have pushed back on this change come from technology or privacy-conscious circles. Nobody else seems to care. That is the status quo, and I'm not sure how it's going to change with general public sentiment the way it is surrounding CSA.


> Finding actual CSAM (and not just any kind of pornography involving minors, hence the shift in terminology) is supposedly directly tied to finding child abusers, thus preventing future child abuse from taking place.

NCMEC and similar groups call all pornography involving minors CSAM.[1] And this system can't detect new CSAM.

> Another thing that nobody seems to talk about is that Apple doesn't want to be held liable for CSAM stored on their servers, either.

Many people said they would prefer server side scanning. Other people argued E2E encryption would shield Apple from liability.

[1] https://www.missingkids.org/theissues/csam


Since the system can't detect new CSAM, doesn't it actually incentivize the production of new material? This mechanism could then actually increase the amount of abuse going on.


That's just one more argument to the fire: the intent here is not to protect children. The intent is to scan everybody for things "to be determined", and not subject to public scrutiny.

Europe is not immune to this. Jose Manuel Barrosso, the ex-EU-commission-president used to be a member of a communist revolutionary student group ... that has murdered people. He was present at at least three such killings, and it is not clear if "present" is where it stops, but obviously he was never convicted of murder (he was, of other things). When he came to office, there was a witch hunt for material and articles telling this story. And obviously plenty of lower ranking officials wanted to take care of some of their own dirty laundry. This is the real source of the "right to forget" privacy legislation. Makes you all warm and fuzzy inside, doesn't it.

EVEN when it comes to child abuse, the top politicians in Europe just brazenly ignore the rules. Emmanuel Macron's wife ... has publicly confessed to being a pedophile, and having sexually abused at least one child (yes, mr. Macron: she was his French teacher. She blames him, incidentally, as if that matters). Macron has publicly confirmed this (and taken "the blame", which of course doesn't matter: he was a minor). For anyone in France, it is clear: this is a despicable crime, and she would be harshly punished ... but any action against him might bring Le Pen to power, or even tip the balance in the EU parliament to anti-EU parties if we are really unlucky. I bet he has said as much to the public prosecutor.

A child defending a pedophile happens often, by the way, especially to stay out of the hands of child services, and is of course never accepted as an excuse ... except ... when it applies to even pretty low-level government officials.


I was gonna write a whole thing, but mostly I just wanted to say we'll be able to deepfake CSAM inside of 10 years, no question, so this whole thing is moot.


I think this is a massively important point that needs further consideration.

If a person can generate images on demand any system based on recognising known images is immediately bypassed.

AI image classification will be your only option but the false positive volumes have the potential to be massive, swamping any follow up investigation.


And, they referred to us as the "screeching minority".


> The article mentions that 40% of CP investigations in Germany are started against minors (implied: through sexting), which shows that this concern is not purely theoretical at all.

I've read news about this. Teenager sends nude photos to her boyfriend, calls the cops after the break up and they proceed to nearly ruin his life by threatening lifetime sex offender registration. The implication that the girl produced and distributed child pornography of herself is never even mentioned.

It's completely insane.


That's a terrifying story. Do you have a link or any other details?


I'm searching for it but I can't seem to find the source anymore.


Not only that, but child porn seems to mean a different thing in every place. The Netherlands and other European countries define the age of consent at 16, meaning some things that are perfectly legal there will be a ticket to prison in many countries. Now you don't just have an engineering problem, you will also have to spend a bunch of money to have some lawyers review your spec.


Pretty sure porn involving 16-17 year olds in the Netherlands is also very illegal though, but correct me if I'm wrong.


I believe porn involving 16 year olds is still legal in the Netherlands. Which doesn't mean it is being commercially produced anymore, for obvious reasons. Maybe a Dutch reader can provide more insight into this.


Okay enough opinions, let's look this up. Wikipedia cites the law saying it's 18 https://nl.wikipedia.org/wiki/Kinderpornografie#Wetgeving_in...

It even includes people that "appear to be under 18" even if they turn out not to be. ("[...] afbeelding – van een seksuele gedraging, waarbij iemand die kennelijk de leeftijd van achttien jaar nog niet heeft bereikt, is betrokken of schijnbaar is betrokken, [...]")

What I also found interesting is:

> Het voorontwerp Wet seksuele misdrijven stelt niet langer strafbaar degene die een visuele weergave van een seksuele gedraging of een gegevensdrager bevattende een visuele weergave van een seksuele gedraging, waarbij hijzelf of een andere persoon die de leeftijd van achttien jaren nog niet heeft bereikt is betrokken, in het kader van een gelijkwaardige situatie tussen leeftijdsgenoten uitsluitend voor privégebruik vervaardigt, in bezit heeft of met die ander deelt.

Short translation: sending or owning pictures of sexual acts involving an <18yo is not illegal if it concerns private use between persons of similar age in an 'equality situation' (I interpret this as meaning/implying 'consensual').


Same thing as in my country then. It seems to be the norm in most if not all of the EU these days.


The problem is when you analyze what this means in practice. In Belgium consensual sex is legal IF

1) both parties are < 18, and the age difference is less than 5 years OR one party is > 18 and the age difference is less than 2 years

2) both parties are both older than 14 years (used to be 16)

3) there is no "power relationship" between them (this requirement actually drops when one, not both, turns 18)

Unfortunately ... now apply these rules to a sexual relationship between a 14 and a 17 year old.

a) 1st year: legal, any images are not CSAM

b) 2nd-5th year: illegal, any images are CSAM

c) 5th year onwards: legal, images not CSAM

Law sucks. It used to be worse, this is an actual improvement over the previous situation, but ...

What is absolutely not clear to me: does (a) mean sexual images of a 14 year old are now legal in Belgium in that case? The law does not seem to require that the owner of the pictures has to be one of the participants ... but I find it hard to believe this is the actual intent.

And to make matters even more bad, this is not the only way to punish kids. You see while this will prevent criminal prosecution, you DO NOT need a criminal conviction to lock up a minor (and they're trying to extend this). Youth services can and does, without any proof (and in practice by getting 1 social worker to say something like "it is an unhealthy relationship". They can shop around until they find one, btw, and often the one they find has never seen either kid) and in the above example lock up both partners, the younger for up to 7 years and the older up to 4. In practice they will punish the younger kid, almost always the girl.

The fun thing is when a kid is locked up for criminal reasons (bad enough so that he actually goes to prison) schooling CANNOT (and is not in practice) denied to the kid. When youth services locks kids up, they can (and are in practice) denied schooling. But of course the previous point means the police will try to use child services, not criminal prosecutions, if at all possible.

So sadly, if you want a kid's situation to improve over time and they do not want to end the relationship, your course of action is clear: you should let the abuse continue and even (help) hide it. However, if you want to hurt the kid(s) (whether or not such a relationship is actually abusive), you should report them. So here too the net result of the law is: very easy to "abuse" the law to hurt children (esp. if you are a social worker), very hard to use the law to protect children against abuse (or actually help them)


What obvious reasons? If it was legal to make porn with 16 year olds, you can bet that it would be made and sold. (It's illegal of course.)


The age of consent goes low as 14 in Europe but that doesn't change the definition of CP. Probably they won't prosecute when both parties are underage and such so heavily but consent age doesn't change the fact that nudity is 18+.


Nudity is 18+ in extremist countries like the Emirates or the USA.

Sorry but in France, 30 years ago before american culture started to dictate where money come from, you would see genitals from all genders and ages in movies.

Nobody found it offensive, because we didn't have a catholic puritan morality to impose its sick twisted vision of the human body on us.

Meanwhile we sold car by showing cars, not hot girls. But this apparently is ok because money.

It's also perfectly alright to show kids image of people killing each others in mass. Because this is sane, unlike nipples.

And now this Apple crap.

Edit: ok 50 years ago. I'm getting old it seems.


> catholic puritan morality

Might want to check your terms here.


Indeed. But it strikes me that the places with the most rigorous enforcement of theological dominance also have the worst child abuse problems. Or, as an AI would decide, men in robes can't be trusted.


Well if you tell people they are sinners for being humans (having body parts), you get frustrated humans.

I have been in very rigid religous countries. The men in the internet shops were all whatching hardcore porn, and my female friends were harassed in the street.

So it's not men in robes, you can be deeply religious and have a and loving view of the world.

But puritanism, and sexually frustrated people ashamed of even existing, are bound to generate unhappiness.


> the places with the most rigorous enforcement of theological dominance also have the worst child abuse problems.

Citation needed. The data doesn't back up that claim, contrary to the media's narrative.

A report which Christian Ministry Resources (CMR) released in 2002 stated that contrary to popular opinion, there are more allegations of child sexual abuse in Protestant congregations than there are in Catholic ones, and that sexual violence is most often committed by volunteers rather than by priests.

https://en.wikipedia.org/wiki/Catholic_Church_sexual_abuse_c...

Catholic clergy aren't more likely to abuse children than other clergy or men in general. The 4 percent figure appears lower than school teachers during the same time frame, and certainly less than offenders in the general population of men.

https://www.psychologytoday.com/us/blog/do-the-right-thing/2...


You come here and quote a study by Christian Ministry Resources?

But you've leapt to your own interpretation of what I wrote, maybe go back and try again.


> Nudity is 18+ in extremist countries like the Emirates or the USA

Titanic was PG-13 and it had a titty.


Yeah, not a native speaker. Used the word nudity while thinking of pornography.


> nudity is 18+.

You mean like in movies, those "can't see boobies before you're 18" labels? Because capturing a nude 13-year-olds is perfectly legal, just not in a pornographic manner. E.g. my Dutch biology book had nude ~6 and ~11 year old girls depicted (as well as an adult) for educating different stages of development.


Not a lawyer, but my understanding is that in the States, sending naked pictures of teens is illegal, even if it's a picture of yourself. If you send naked selfies to someone, you could be charged with distribution of child pornography if you are a teenager.

I'm also fairly sure I heard that even possessing naked selfies is considered illegal, at least in some states, e.g. this article about a teenager facing 10 years in prison for having pictures of himself naked at 16 years old on his phone: https://www.rollingstone.com/culture/culture-news/teenager-p...


> A Fayetteville, North Carolina teenager has reached a plea deal to avoid being charged with multiple sexual exploitation counts after his cell phone was found to contain nude selfies of himself. Seventeen-year-old Cormega Copening, who took the photos of himself when he was 16, agreed to the deal in order to avoid possible jail time and being registered as a sex offender. As part of the plea, the teen agreed to random police searches without warrant for one year as well as other penalties, Fusion reports. The teenager was listed as both the victim and the perpetrator on the sexual exploitation charges.

This is quite possibly the most kafkaesque "justice" story I have ever heard coming out of America and that really says something.


The law and morality are often fundamentally opposed. Saudi Arabia punishes homosexuality with the death penalty, and Apple happily removed the encrypted communications from their phones so they could continue selling in that country.

Illegal or not, comparing two teens that sent naked selfies to each other is not even remotely similar to involuntary child abuse from an adult.

>this article about a teenager facing 10 years in prison for having pictures of himself naked at 16 years old on his phone

That anyone would even consider spending taxpayer money to lock up a 16 year old for his own picture shows a colossal failure of government on every level Legislative, judicial, and executive. The DA stacked 5 charges and saddled them with up to a decade so the kids would be afraid to even go to court. In any sane judicial system that case would be laughed out of the courtroom and it's telling that they were presumably advised by a lawyer to take the plea bargain.


> as well as sexting between consenting teenagers.

Good god. I can't imagine the influx of in my view innocent teens suddenly labeled sex offenders because they did what all teens do, only virtually.

This is going to be a weird time.


I mean technically that already happens in the UK - you can have sex legally at 16, but you can't take any pictures of you doing so until you are 18. So 2 consenting 17 year old teenagers cannot send indecent images of themselves to each other.

I seem to remember a case from a few years back, about a girl who got herself on the register for sending her boyfriend a picture of her naked or something.

Although it seems that the Protection of Children Act [1] I think (I'm not sure, it's hard to actually read with all the brackets ...) let's you do it if you are married (which you can also do at 16)

Any sane person would know that teenagers do what teenagers do ... having someone potentially going through those photos is such a strange and wrong approach

[1] https://www.legislation.gov.uk/ukpga/1978/37


It might also turn into a good teachable moment for teens about privacy, sharing, and technology. I don’t take a picture on a smartphone of anything that I wouldn’t want to make public, and I surely wouldn’t share or post it anywhere. If it leaves your device, it’s effectively public, regardless of whether whoever you sent it to tells you they’ll keep it “private”.


> If it leaves your device

Even this is naïve with Apple's new plan. How long do you really think they'll wait before a software update makes it apply to even things that don't leave your device?


This would be a much bigger step though, and any brand doing it, even Apple, would face very negative market effect.

It couldn't be legislated in the US because it would be unconstitutional to do so, almost impossible in the EU, possible in the UK/AU, even Canada (with the help of some creative rights busting from the Supreme Court, as they recently demonstrated).


AFAIK, ML image classification is used for checking user-generated content on social networks, forums, etc. Cloud storage, email and IM providers will continue using hashes (either exact or perceptual) to lower false positives.


Hey, at least we'll be able to "solve" the "problem" of sexts between youths by having a bunch of middle aged men rifle through them.


Jesus, yep. Big "Brother", always watching. What lives can we destroy today?

Privacy is being hit hard now, on multiple fronts - it's very sad, scary.


In Apple's defense here, there seems to be a reason they're using the longer acronym CSAM. It means not just pictures of people without clothes on, but actual images/video of children being abused. Stuff that would likely provoke you or me or other normal people into acts of extreme violence against the perpetrators if we ever got the chance.

The real danger with Apple's system is that there's zero accountability in the list of "bad" hashes. So there's no way to know whether it's really all CSAM, or if it also includes rare Pepes, Bernie memes, or pictures of politicians doing embarrassing things.


> It means not just pictures of people without clothes on, but actual images/video of children being abused.

Who said that?

They're the same legally. People have said NCMEC's database includes entirely legal images. And groups like NCMEC have tried to rename child pornography for years.


But the point is there’s an existing database. Either you have a photo in that database, or you don’t. So your kids naked photos don’t get triggered. And even if that photo is legal, not only is there human verification and minimum quantities required, it would be very strange for you to have in your iCloud photos that were part of CP collection sets regardless of content.


Their point was CSAM means especially bad CP. Your points were different.

It's a perceptual hash. Matches don't have to be exact. And people have engineered collisions for other perceptual hash algorithms. What a computer sees and what a person sees can be very different.

People have said the human verification just involves the visual derivative of the suspect image. Apple didn't explain what that is really. And human verification doesn't reassure people who object to anyone viewing their private photos without their consent for any reason.

People have said any images collected during an investigation go in the database. Do you think people who collect explicit photos of 17 year olds don't collect explicit photos of 18 year olds?


Sorry. Either the posts got updated or I got the thread confused as others were trying to say that (re: hash versus classifier).

Re hashing, Apple claims 1:1 trillion likelihood of a collision. These kinds of systems are not rolled out lightly, and even if that number is wrong, it’s feels unlikely to me that it’s too far off. If it is and it has too many false positives, this will get noticed and the system pulled until it’s fixed and at the required false positive rate.

Ultimately beyond Apple if you’re getting arrested and confront a judge, you’d expect humans at that point to look at the evidence. In fact, I’d expect the DA or whomever to similarly look at the photos at that point. You can’t be sentenced without evidence in the US legally (how all of this works in another country is another matter).

If there is legit porn that’s 18+ mixed in this database, and someone ends up being charged because of it, fights, and wins, I’d expect a number of counter lawsuits to follow. To me it seems incredibly unlikely that non-CP is not only going to be a significant part of that database (including 17 year olds versus the more likely 7 year olds), but you’ll be saving it to your iCloud photo roll. There’s so much legal porn out there, in such vast quantities, this hypothetical situation you describe I’m not sure will ever actually occur.


Apple's claim is unverifiable. It counts for nothing. And people with relevant experience have called it bullshit.[1]

Even just arresting someone means separating them from their children. Preventing them from working if their job involves children. Seizing all their electronics for months. Violating the privacy of their files and belongings. Legal costs. Possibly media reports. Putting innocent people through this because a secret algorithm said a secret database matched a secret number of times is unacceptable.

Several people have claimed false positives are in the database. Including someone who verifiably worked with it.[1]

US prosecutors have absolute immunity. Any civil suit would be dismissed swiftly.

People don't collect random subsets of all pornography ever made. Some is much more popular. People have specific tastes. Photo sets exist.

[1] https://www.hackerfactor.com/blog/index.php?/archives/929-On...


> 40% of CP investigations in Germany are started against minors

This in particular seems like such a silly outcome of over-regulation and bureaucracy. Amazing. Research suggests most child sexual abuse does not have much of a long-term effect at all:

https://emilkirkegaard.dk/en/wp-content/uploads/A-replicatio...

This (of course!) does not mean it is good or should be done, but it suggests this is not an urgent issue, certainly not one that can justify abolishing privacy, especially when these measures only catch the small fish, not the large trafficking rings who will probably switch to different means of communication once theirs gets compromised.


You're arguing that child sexual abuse is "no that bad" by citing a guy whose "research papers" include gems like

* The left-liberal skew of Western media

* What Happened to Brussels? The Big Decline and Muslim Immigration

* Mental illness and the left

* Human Biodiversity for Beginners: A Review of Charles Murray's Human Diversity

* Race Differences: A Very Brief Review

* Racial and ethnic group differences in the heritability of intelligence: A systematic review and meta-analysis

* Global Ancestry and Cognitive Ability

* Sex Distribution, Life Expectancy and Educational Attainment of Comedians

* Immigrant crime in Germany 2012-2015

* Country of origin and use of social benefits: A large, preregistered study of stereotype accuracy in Denmark

* Inequality in the United States: Ethnicity, Racial Admixtureand Environmental Causes

* Increasing inequality in general intelligence and socioeconomic status as a result of immigration in Denmark 1980-2014

* Criminality and fertility among Danish immigrant populations

He boasts 24 publications in Mankind Quarterly and 20 in OpenPsych, both of which he seems to run himself. Mankind Quarterly according to Wikipedia 'has been described as a "cornerstone of the scientific racism establishment", a "white supremacist journal", an "infamous racist journal", and "scientific racism's keepers of the flame"'.

There are excellent cases to be made why privacy and encryption should not be compromised in the name of hot button issues like "protecting children" but citing a study by a "scientific racist" and eugenicist, who is a known advocate for legalizing child pornography, to trivialize child sexual abuse is not it.

You don't need to be a "left liberal" not to cite Emil Kirkegaard. Being a decent human being or having any appreciation of actual science would suffice.


The study is not by him. I wasn't even aware who hosted it; I only found this link somewhere on the web and thought it might be relevant.


Child protective services will have a field day with this. Take away all the children!


I want to cry if is see such dangerous things. Most European parties send unknown politicians to Strasbourg and let them vote on important topics with low media coverage. Later the local politicians - which act mostly in Bruessels - claim that they have no way but follow Strasbourgs/Bruessels decisions and write even worse state laws upon it.

I think we need a new Europe state with a actual parliament in charge, which means the people there are accountable and in power. Without the Commission, Council and Presidency of Council[1]. Instead one actual parliament and one actual government. The Europeans state are integrated part of it, like elsewhere. Next the stuff can be fixed: We just need one army. And one social-security system with one economic policy. And one state department (foreign politics).

Most politicians still think of Europe as a economy council but we people expect a sovereign country/state. The former "economy council" could solve economy related issues within Europe in the 1950s. But I think we have much bigger things to do.

[1] I don't know how somebody can seriously use something like a rolling presidency. You can do that with a mediator position or referee.


Ever more centralisation of power is the EU's prime directive. If you believe power should rest with the people, you should be against the EU.


Privacy is something that people usually only care about on a theoretical level. Practically speaking, they're often happy to not care so much at all if they get something more tangible in return.

---

Company: Excuse me, would you mind us profiling you through an accurate survey of most of your everyday purchases?

Customer: Heck no!

Company: What if we let you collect "points" that will maybe someday safe you a little bit of money on one of these purchases?

Customer: Sign me up!

---

Company: Excuse me, would you mind us recording everywhere you go all day every day and store that information for at least six months?

Customer: Heck no!

Company: What if you get a pocket computer with fast mobile internet connection in return, the corner stone of modern life?

Customer: Sign me up!


That's fine. My privacy has a price and I'm happy to sell it when I think it's convenient for me.

What's happening here is that a state actor is forcing providers to let the state spy on me.

That's an authoritarian policy which I strongly oppose.


How much of a rebate on your taxes would you be happy selling it for?

What about a discount on your purchases, which was funded by the government, who would then buy the data?


The important question is: do you have a choice? Is your consent requested or respected?


That depends on what are we trading.

I would definitely trade my privacy with the government for any tax discount (and I think I'll have the longer stick, I'm no Indiana Jones) but whether I have an alternative or not is important.

A better question would be: would I move to a country where encryption is illegal if it had 0% tax? No, I would shop for another country. For a similar reason, I don't live in Dubai (0% tax but policies I don't approve of).


> Privacy is something that people usually only care about on a theoretical level. Practically speaking, they're often happy to not care so much at all if they get something more tangible in return.

Because not everyone is a Programmer. Most people I know have never even heard about Snowden.


I know lots of people who are tech savvy, care about privacy, but use a gmail address nevertheless.

I have my own contradictions. I think the disappearance of payments in cash is a problem, it is not good to give the state too much control on a society. But I hardly use any cash myself.

Convenience is unfortunately a big factor.


True. Although nothing-to-hiders will chime in quickly, stating that their shopping history isn't really that important to their sense of privacy.


They wouldn't like their neighbors knowing their shopping history, the principle should be the same.


But their neighors do not know it, and if amazon or the government knows it(pr their browser histpry, emails, ...) it has the same effect to them, that god knows it all. Can't do anything about it. Too distant to care. Thats my conclusion of privacy discussions with "normal" people.


There's a difference between me _opt-in_ to give private data in exchange for points, and that being unilaterally imposed.

It's also kind of harder to abuse information on my shopping list, whereas there's plenty of ways to abuse having total and complete access to all communication between private parties.


Think of it this way: what is more important to you, the convenience of exchanging text messages with your friends, or keeping these conversations private?


This wasn't always a choice. Before electronic communication people exchanged letters sometimes very frequently (mail service in London peaked at 12x/day). The privacy of these letters was however protected by law, with a warrant being required for police to open and read them.

I don't quite see why our packets and devices shouldn't have the same protections.


Are you saying that these things must be mutually exclusive? It is entirely possible to have completely private and convenient conversations between two parties.


No, I'm not. It is a thought experiment to determine for yourself the value of privacy in a more tangible way. Like, if you were made to choose between one or the other, which one would you take?

That's different from arguing that they are mutually exclusive which I am not.


What is your point, given that many will reply "what is more important is dignity, so the choice is for privacy"?


The point is to give an example for my original tenet, that privacy often is valued as a theoretical concept but that people are apparently willing to give it up rather quickly for something else in return. Or, from a different point of view, how much convenience are you willing to give up for your privacy?

For example, I used to be on the extreme "pro privacy" end of the spectrum. But it is clear that philosophically speaking, privacy for everyone is not a completely positive ideal in all contexts. And that naturally raises the question about what other values privacy competes with, and how they should be balanced.

Intuitively, "convenience" should perhaps be considered less important than "privacy", but interestingly that's not what we observe actually happening in the real world.


I think it's counterproductive to frame the discussion in terms of privacy. The real term is spying, how much spying do you want your <company|state> to do


Yes, users are price sensitive when it comes to selling their privacy. They also have a different sensitivity upon consideration of who the other party is and their perceived/intended use of the data.

To me, this isn't so surprising and is fully consistent with a greater willingness to give personal info to e.g. Amazon than e.g. the government.


They also have a different sensitivity upon consideration of who the other party is and their perceived/intended use of the data.

Except once their data is out, they have no control over where it will end up. Profiling data is regularly sold to third parties.


Regardless, robbing people of the ability to consent, even if 90% of them would anyways, should be intolerable.


The choice and position of Average Joe and Median Jack should not impact (compromise) the rest.


I think this isn't getting nearly enough traction, especially considering how undemocratic EU's legislative procedures can get. Considering the lack of direct democracy in the European Union, exposure and public protest is the only viable way to oppose this legislature. There's also an ongoing petition against the legislature: https://www.openpetition.eu/petition/online/preserve-eprivac...


Hold your horses, put down the pitchforks. You realise the author is a _member of the European Parliament_??

And at least in my corner of EU we vote on who to send to EU parliament. You can vote on whoever you want in the national elections and then vote for the pirate party for the EU seat.

Edit: from your comment history I guess you vote far right, which is usually the part of EU pushing hardest for these measures??


Please keep name-calling and personal attacks out of your comments here.

https://news.ycombinator.com/newsguidelines.html


Exactly where is this name calling? Please unflag this so we can continue the discussion.


"Hold your horses" and "put down the pitchforks" count as name-calling in the sense that the HN guidelines use that term, because they are swipes that don't reply to the actual argument. Ultimately they're just putdowns. Please omit those from your posts to HN.

https://news.ycombinator.com/newsguidelines.html


> we vote on who to send to EU parliament.

You are describing a representative democracy, the parent pointed out the lack of direct democracy in the process. And I would tend to agree that there needs to be more direct democracy involved at some point in the policy making process to accommodate just such a scenario where it's clear the vast majority are not happy with the result.

Representative democracy has it's place, but the reality is that you cannot pick and choose - most people want privacy, but most people are also aware of the wider issues and concerned if the fringe parties are competent enough in making decisions in other areas. Perhaps a good compromise is to be able to shoot down their propositions, so that even though they may not further the ideals the majority want in all areas, they will at least be prevented from eroding them. But as the parent pointed out, there is no mechanism in place to do this currently, so people are limited to protests and petitions.


Even a representative democracy is a far fetched idea with the EU.

Nobody really understand how the EU works, except for a few bureaucrats.

There are too many proxies. You vote for a local party, then you find out they go into a coalition because the parliament is huge: over 700 seats. And those parties in one coalition have very different agenda's.

Then you look deeper, and the parliament's power is very limited, and most of the power lies with the council and commission.

Both are not chosen in an election but in negotiations by the governments, which tends to mean certain countries like Germany and France have a very big say. Of course in a very indirect way these are somewhat chosen by certain part you of the people in the EU.


This got really apparent in the discussions around Brexit. Lots of people saying "I vote in EU elections", assuming that the EU elections work the same as all the other elections they vote in. It really doesn't. The EU is very much an oligarchy controlled by a small number of unelected bureaucrats.

They've been very careful to not let the curtain slip too far, and preserve the appearance that popular opinion can change policy. But there's no legislative connection.

This kind of legislation is an interesting case in point. Who wants this? Who benefits from this? Is it actually going to make a dent in child abuse? Generally the EU is keen on privacy, so what changed that for this? Are there any states really pushing for this so they can read their citizens' mail (Poland, maybe, I guess, but they're not having a great time in the EU at the moment so probably not)? As TFA says, this is not a popular move, and there's no popular wave of anti-pedo sentiment at the moment, so why now?

The suspicion of palm-greasing (sorry, "lobbying") remains. Reading our messages means more data for the AI, means better ad targeting.


Poland is having an awesome time in the EU. Get all the subsidies and trade, and ignore the rules they don't like: not taking any immgrants, going against EU court of Justic, etc.

"The most up-to-date statistics (as of July 2016) show that in 2014 Poland received €17.436 billion from the EU whilst only contributing €3.526 billion. Poland also received nearly €2 billion more in EU funding than any other member state in 2013 (France being second highest). " https://en.wikipedia.org/wiki/Poland_in_the_European_Union


The CJEU doesn't have that much credibility after they ignored written law about ECB rules in a purely political ruling. I think it made a joke of itself and its independence should be thoroughly questioned. It also should restrict its rulings to matters were the EU has a mandate, which is luckily fairly restricted. So Poland has quite a case if they listen to their national constitutional court.


"direct democracy" is a no-true-scotsman type fallacy, as you can use it to keep moving the goalposts indefinitely. Even Switzerland, the much-touted example of "direct democracy" has a parliament of elected representatives.


You will note I did not suggest a "true democracy" replace the entire process, that would be completely impractical, rarely does it work at scale.


Yup. Have done and will continue to do exactly this. While I don't find the Pirate party's policies comprehensive enough for my national government, I do find the EU parliament the perfect level of government for the issue they address to be handled at.


You realize a single or even multiple MPs cant block the passing of laws in parlaiment, since laws are passed by majorities, not consensus/unanimiusly. So please do get out those pitch, especially since this is the next level of surveillance.


What you are in effect saying is, since your (our) positions have not the majority in parliament, we need to resort to violence?

Can we try other established democratic ways, like voting, petitioning, demonstrating, etc. before that?


It's not my fault that I was too young to vote at the last EU elections. That's changed since and you bet your ass that I'll vote for the right people when I'm able to. Also raising awareness and promoting a petition about an issue isn't the same as raising pitchforks. I'm thinking there's a subtext here...


I chuckled when you said "the right people". Like, there's the right people, and then what's left. Get it? Right and left. Puns.


The whole polarization of political issues into right and left is and always will distract from the issues being debated and more so, ends up derailing any debate and discourse about the issues as they get drowned out by the labels.

Very easy to label something right wing or left wing to distract from the issue at debate and it has become very much a political tool in much the same way the "think of the children" card is played.


You get no argument from me. I just really enjoyed the pun.


You could turn it around: right assholes and what's left.


I'll show myself out...


The EU parliament has far too little power to come anywhere close to the EU being a democracy. The problem being that in second reading there has to be a 2/3 majority to approve amendments.


It's still no and far from a direct democracy.


> far from a direct democracy.

And?

Direct democracies are far worth than representative democracies in practically everyway. The Covid crisis should have made clear to all that people are not policies experts.

Given than no country in the UE significantly uses direct democracy (referendums are pretty much never used and always devolve into a ridiculous race to who can say the most outrageous thing in front of the media), I don't see how that can be leveraged against the institution.


You realize that Switzerland hasen't voted to wear masks and get restrictions? Having a direct democracy does not mean the gov can't make their own decisions at times.


Yes, I do realize Switzerland doesn't actually use direct democracy for things that matter and when they do they often end up with xenophobic laws. I don't even want to talk about town assemblies voting on naturalisation decisions.


So if they want to be xenophobic, what's the problem? It's their country and they can do whatever they want with it.


I'm not sure if this comment was troll bait; i'm going to reply as if it weren't.

> if they want to be xenophobic, what's the problem?

One of the problems is that even if the majority of people within a country are xenophobic and they get to decide the lays on a majority basis, there will still be people form other countries living there, or people who in general will be disadvantaged by xenophobic laws.

It's nice for laws to not be dictated only by a majority, but by a plurality. Instead of thinking "what benefits >50% of people is the right thing" we can think "what benefits the most people, including minorities", or "what avoids hurting the most people" to be the right things :)


"So if they want to kill all the Jews, what's the problem? It's their country and they can do whatever they want with it."

Creating laws based on popularity makes populism rule. Hence why democracy usually has an explicit legislative branch abstracting over individual sentiments. That helps prevent policy from being devised through an overly greedy algorithm.

That is not to say it prevents all these problems. But it evidently helps.


Well, the difference is that you're within your rights when you vote on whom to admit to your house/town/country. You're not within your rights to round up people already there and gas them. Let's not compare the two.


The parent comments are talking about direct democracy and its tendencies in Switzerland. Not specific policies (for you see, such extremes haven't come up for voting there lately). Perfectly comparable.


Direct democracy is not a panacea. In fact, it can be quite the opposite. Fair and effective governance is a very difficult thing to achieve, tending either to be subvertible, or totalitarian.


Not saying that is not true. Yet living in one of the few direct democracies it is the very best we have in terms of democracy. On a bigger scale liquid democracy may is more interesting.

Edit:// the EU or even the US has shown multiple times that it will act against the majority of they can.


Democracy cannot work without free acces to information. However, most people wont care about it. Especially nowadays when public opinions are shaped by social networks with censorship and sensations. We can implement all kind of ideologies on masses very fast. So direct democracy could be more dangerous than you can imagine.


I think representative democracy specifically does not work to stave off totalitarianism. When the issue under consideration is about increasing the power of politicians over the citizenry, many politicians will switch from voting as representatives of citizens, to voting as politicians. A binding referendum that can only retract proposed laws, like we have/had/will have (sorry, I don't know exactly) in NL, seems like it could largely solve this issue, provided it gets sufficient traction.


Direct democracy is best when the amount of people voting stays small. Think local government.


Can you please be sensible? Direct demoracy is not working with 445 million people.


In my opinion it's impossible for a small group of people/ politicians to determine what's good for 445 million people.


Mathematically it's not more difficult to determine the majority vote among 400 million people, than among 10 million. What would prevent it from working for you?


> it's not more difficult to determine the majority vote among 400 million people

Democracy is not majority voting.


"a system of government by the whole population or all the eligible members of a state, typically through elected representatives."

Basically it is. You don't need representatives to be democratic.


It could work, just do referendum in every country and then implement the result. It would require that people in power in all countries wanted to give power to their people, and implemented it securely. Which is why it won't happen.


Yes? Any data for that?


No direct democracy existed in known history with 445 million people.


I wish people understood the origins and structure of the EU. It grew out of a trade association (ECSC) and has very little to do with direct or even representative democracy in the standard sense of the word, i.e. representative of the populace. It is an external political class with only tangential connections to individual citizens.

This is an issue, because it gives opponents of European integration a fairly legitimate position to be critical.


You sure are throwing words around. Undemocratic, lack of direct democracy. Are you confusing the two, or are these different complaints? Sounds like you're trying to say that any representative democracy isn't really a democracy.


The lack of direct democracy in the EU is the only thing that keeps it from becoming the UK.


Most major democratic governments don't have direct democracy.


I wonder how much people there actually are who don't yet know child porn is a classic bullshit excuse governments use every time they want more control over the Internet. It's so classic, so blatant it feels cringy already. Not even for a second I would believe they do this to actually protect children.


Whenever a politician invokes "think of the children", ask them about their funding of Child Protection Services.

Any political action that's said to be under the umbrella of "think of the children" that doesn't provide additional funding to existing Child Protection Services is for reasons other than child protection. Additionally, it's actively working against helping children because the funds for "this new thing", if the goal really was for actually protecting vulnerable children, would be better spent on improving the coverage that existing Child Protection Services provide.

A close friend of mine is in a position that requires "mandatory reporting" training, and they say it's relatively pointless because Child Services only has the resources to investigate cases in which the child's life is in immediate danger. This may be somewhere along the scale of hyperbole, but I doubt it's too far from reality.

Of course, removing children from danger is often removing them from their parents / legal guardians, which comes with its own set of risks.

Either way, funding boots-on-the-ground work with leads from local social workers, early childhood educators, teachers has to be the best way to actually protect at-risk children.


> Of course, removing children from danger is often removing them from their parents / legal guardians, which comes with its own set of risks.

What number of false positives would you tolerate?


I genuinely do not know the answer. But also, what would you define as false positive?

It's blurry definitions all the way down, and that's part of the reason politics doesn't like this problem and would rather argue technology and punishment after-the-fact than actual protection / prevention.

Nuance is expensive and doesn't play well to the crowd.


If I take a picture of my adorable toddler playing naked in a sprinkler in the backyard and CPS calls that child porn and takes him away from me, that's a false positive.

I don't know much about abusers, but my hunch is that they know they are abusers and will more-or-less accept being caught. But what I know about non-abusive parents is if you take their kids away, it's war.


Two things:

1. I thought you were referring to false positives as a result of my favoring funding of existing Child Services working from mandatory reporting from local relevant professions.

2. My commentary about taking children from parents having its own set of risks was more along the lines of trauma to the child, in that even in if the parent/ child relationship is abusive and harmful, it's such a strong bond that severing it, or restricting it can cause psychological issues.

Totally agree with your commentary above regarding any attempt to remove kids from non-abusive parents. Absolutely scorched earth nuclear war. Also, it would actively be a form of child abuse by introducing unnecessary trauma to the child(ren) and possibly instilling a lifelong suspicion (at best) of authority.

As a result of that train of thought, my answer is: no false positives would be acceptable.

Fundamentally, I'm against personal photos being scanned at all; false positives being one reason, and the broad misapplication of bans by 'big tech' in their implementations of automated systems detecting breaches of policy, and the overall "computer says no" brick wall offered as recourse, being another.


True, it even has a name "Four Horsemen of the Infocalypse". If it was about protecting the children there would be more prevention toward the children to make them aware and report any inappropriate act to a teacher, parent, relative that they can trust.

[1] https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...


For a complex issue this document does a really good job of listing the various problems with this 'scan everything for CSAM' approach. These two points bear repeating:

“You can falsely be reported and investigated for allegedly disseminating child sexual exploitation material. Messaging and chat control algorithms are known to flag completely legal vacation photos of children on a beach, for example. According to Swiss federal police authorities, 86% of all machine-generated reports turn out to be without merit. 40% of all criminal investigation procedures initiated in Germany for “child pornography” target minors.

On your next trip overseas, you can expect big problems. Machine-generated reports on your communications may have been passed on to other countries, such as the USA, where there is no data privacy – with incalculable results.”


The news are pretty depressing these last couple of days. We're marching towards very dystopian future.


It is astonishing that most liberal democracies are looking at the Chinese system of control on society with envy. In a way, mandatory covid passes to do anything are already a form of social credit system. And with so many people obsessed with virtu signalling, an actual social credit system would likely get some traction.


Take solace that we have failed to address climate change as a civilisation.


We have had unprecedented growth and development in the world, it's just that bad news sells more papers. Don't let it bring you down!


So as long as some KPIs are positive, let's ignore the loss of fundamental freedoms?


"Some KPIs are positive"? I had no idea HN was this backwards. More people have moved out of poverty than ever before. Quality of life is improving in so many places, just not around /you/. Amazingly cynical point of view.


> More people have moved out of poverty than ever before.

Erm, you are answering with this argument to the wrong person. I am the first person to point out this kind of things.

This does not mean you can ignore the erosion of civil liberties.


There is not much to rejoice if all that growth will go in the hands of the few friends of the government, leaving a richer 0.01%, a broken middle class and unstable societies.


> unprecedented growth

.. at unprecedented cost


I guess this is sarcastic?


Should we celebrate setting our house on fire to stay warm when the furnace went out?

Yes, the house fire is very very hot. Good job.


Assuming this is correct (I only followed a couple of links, but it would be the EU planning to mandate content scan for CSAM on all e-mail and messaging platforms, after making it legal/optional already to do so earlier this year), I guess this answer the question of why Apple released their tech.

While it made little sense on iCloud Photos, they can add the exact same client-side scanning to iMessage and keep it (mostly) e2ee.

Certainly not judging the merits of this, such mandates would be the end of e2ee via third party companies (there seems to have been a concerted worldwide effort around that), but at the very least, I can see the impetus from Apple's point of view to release this right now.


iMessage has an e2e backdoor on by default in the form of plaintext escrow via iCloud Backup (not e2e).

iMessage is, in practice today, no longer e2e.

Apple knows this and intentionally preserves this backdoor for the FBI:

https://mobile.reuters.com/article/amp/idUSKBN1ZK1CT


Just like WhatsApp 'conveniently' integrated Google Drive backups by default. That is why it's funny to see the fake outrage of WhatsApp's team over this.


Meh. Compared to 10 years ago we still live in a bright future where e2ee is available to everyone who needs it. Yeah, you might need to enable some options (like in Telegram) or disable some other options (like iCloud in iMessage), but it's still there.

Even with this on-device CSAM thingy, Apple knows less about you than they did 10 years ago and random staffers at FAANG can't just go and spy on their spouses (the way they could not that long ago).


Disabling iCloud doesn't enable e2e as the other end of your conversation still has iCloud on by default and is escrowing your chat plaintext to Apple.

Apple has access to all of the plaintext iMessages for almost all devices/conversations and can turn them over to the USG at will.


For a little more context, see https://www.howtogeek.com/710509/apples-imessage-is-secure.....

For those unfamiliar, as I was, it appears iCloud backup is enabled by default. I think the above statement about iMessage not being e2e in practice is very fair.


Note that even if you disable iCloud/iCloud Backup, all of your iMessages will still be leaked unencrypted to Apple via the phone on the other end of the conversation that still has iCloud Backup enabled.


This option is transparent to the user and easy to change. Also, anyone who has done IT support will appreciate that yeah regular users actually want / need backups enabled by default, it's often a life saver for them.


Apple doesn't need the keys to enable backups.

And the mere fact it's a default makes it a significant problem when discussing it as a popular and widespread E2E messenger. It would be more borderline if it was a required configuration choice with no default that clearly disclaimed the ramifications.

Even then, you have the issue that you are not the only person with a copy of the conversation. Your partner - or partners - has it too. Does Apple require some kind of pre-conversation negotiation to determine how the conversation will be stored in the backups? Or at least provide some kind of warning if a person with backups disabled gets in contact with somebody with backups enabled?

I don't disagree with you about backups, but how useful they are is completely irrelevant in this context for several separate reasons.


Users need backups to protect from a device loss scenario. Apple needs to have keys for that to work. They also can’t rely on key derivation because users forget their Apple ID passwords all the time.

It is relevant because this requirement necessarily conflicts with strong e2ee. And since Apple is designing devices for end users that don’t necessarily even know or care what e2ee is, it seems completely reasonable to have defaults that will optimize for the problems that are relevant for the majority of users (losing decide and forgetting your password) while making strong e2ee a few clicks away to those who need it (and understand associated tradeoffs).


This is why I wrote mostly. Both iCloud backups and Messages on iCloud either keep plain backups or a decryption key.

But if you don't use iCloud backups your end is still, as far as we know, encrypted.

What happens on the other end is out of your control in all cases.


If it becomes mandatory for email providers to screen emails, will services such as Protonmail become illegal in the EU? Since they don't have access to their users' email content because of encryption.


> Since they don't have access to their users' email content because of encryption.

Regular emails (i.e. without home-brewn encryption that Protonmail provided - and I'm yet to receive such email from any of my contacts who use Protonmail), or any inbound email received from third-party servers are of course not encrypted and Protonmail has pretty easy access to their contents.


Protonmail uses PGP and not "home-brewn encryption" and encryption is on by default between Protonmail users.


False.

Even when it does use PGP, it is meaningless, explanation:

I just created a spare protonmail account. It asked me to pick a username and password, and my account is created.

Next, I send there a message from my other account. Yes, on the receiving end it does write "End-to-end encrypted and signed message", but encrypted and signed by what exactly? I have never created a PGP keys and loaded the public key to Protonmail on either account (and never used my private key to decrypt anything. This can mean only one thing: even if there is some kind of encryption happening, Protonmail themselves generate keys, and uses it for encryption-decryption, never asking you for anything but your password. And if they can uses these keys to decrypt the messages for you, they can decrypt it for anybody.

Protonmail also gives a user an option to export his private keys. Yeah, right. Your private keys.


That experiment shows that whatever is stored on ProtonMail's servers plus your password is sufficient to decrypt your emails. This could be explained by the private key being derived from or encrypted with your password. ProtonMail's documentation says it's the latter (https://protonmail.com/support/knowledge-base/how-is-the-pri...):

> Your ProtonMail private key is generated in your browser. Before sending the private key to the server for storage, we encrypt it with your password (or mailbox password if you use two-password mode). This ensures that you and only you can use your private key.

So the only remaining question is whether ProtonMail has access to your password. If they do, they can decrypt your private key and then decrypt your emails. Often, passwords are sent in plaintext to a server for authentication. But ProtonMail uses the Secure Remote Password (SRP) protocol so they never see your password: https://en.wikipedia.org/wiki/Secure_Remote_Password_protoco.... (source: https://protonmail.com/blog/encrypted_email_authentication/)

Of course, there are other threats to worry about, such as ProtonMail changing their client-side JavaScript to exfiltrate your password. But the system as they've documented it does not appear to have any way to decrypt your email server-side short of guessing your password.


The most likely attacker against proton mail are various law enforcement or intelligence agencies.

Such agency can force PM to modify login process to derive password from submitted form, or to just switch private keys for non-encrypred ones, because the user won't even notice it.

Truly secure entity just wouldn't have private keys on a server at all. Users would have to go through an an uncomfortable process of generating and uploading keys to clients, but they would be truly safe.

To sum it up, you can't really have security and convenience at once. besides skipping a proper key management process, PM also mail skips such important steps as verification of email partner identify and key verification, so you have to trust PM that you are really talking to a person you think you are talking.


> Truly secure entity just wouldn't have private keys on a server at all.

They don't. They have your encrypted private key, but there's no need to keep that secret. (The decryption key is derived from your password, so the password needs to be strong and secret.)

> Such agency can force PM to modify login process to derive password from submitted form, or to just switch private keys for non-encrypred ones, because the user won't even notice it.

Yes, definitely. It's hard to trust self-updating software (like JavaScript in the browser), particularly if you're concerned about targeted attacks. But creating your own private keys and then entering them in the browser wouldn't help you at all against that sort of attack. You would instead need a different type of client that could be trusted somehow not to leak your private key.

It's not uncommon for services like this to offer a downloadable version of the web client so you can pin a version and audit the code as needed. I think maybe https://github.com/ProtonMail/WebClient is that for ProtonMail? If so, you should be able to verify that code and then use that. The fact that an encrypted copy of your private key will live on ProtonMail's servers shouldn't bother you.


You make a poor argument overall. Just because convenience will tend to win out doesn’t mean people shouldn’t choose more secure over less secure.

Your argument boils down to “govt can force them to change how they do that”, as opposed to a flaw in their approach.


YOU make a poor argument. All email correspondence with external servers (I believe it to be 90+ percent of all correspondence) is not encrypted at all, and the rest is bypassable if Protonmail wants or forced to decrypt it. This is just a security theater.

True security is when the provider can't decrypt anything under all circumstances, even under coercion.


Someone once explained to me that any webmail service is inherently able to read your mail: otherwise it could not display your mail to you. True end-to-end encryption means keeping your private keys client-side and the client on a computer over which you have full physical control.


You are absolutely correct, with some caveats. Browser client can generate keys on clientside and allow to offload them as a file to be used on other devices. Our own web XMPP client does that. But Protonmail does not work like this.

Verification is very simple: if you log in on a new device and see all your content while using only login and password to authenticate yourself, then the content stored on a server is NOT encrypted and is readable by server owner.


> if you log in on a new device and see all your content while using only login and password to authenticate yourself

What about if the encryption key is derived from your password? This is common enough for "encrypt file with a password" services, I've personally implemented it in-browser as part of a small project.

Now, having your account password be the same as the email decryption password is also probably a bad idea, but we're far from the server owner being able to read your emails.


AFIAK, Protonmail private keys are kept client-side. They are decrypted by the password inside the browser UI.


No. I just logged in to that very same account using different browser on a different computer. The email was displayed just fine.

Protonmail keeps generated public and private keys on their servers.


It keeps copies that your browser locally encrypted with a symmetric key derived from your password. When you log on your browser downloads them, and decrypts them with your password.

Protonmail do not see your password and without it cannot decrypt the pub/private key pair.


afaik isn't it encrypted using your password or something when before it goes out of the browser


They could conceivably add screening to the javascript client downloaded to the user that does the end to end encryption. Don't know how practical that might be.

I think the more interesting question involves something like Mailvelope. It is a stand alone OpenPGP based encryption system based on the ProtonMail code that provides encryption for webmail. It can be hosted somewhere physically and politically far away from the EU and is an open source project. How will the EU approach the ancient PGP dilemma this time around?


> If it becomes mandatory for email providers to screen emails, will services such as Protonmail become illegal in the EU?

Protonmail should already be illegal in the EU because they operate under swiss mass-surveilance laws and cooperate with US-American law enforcement. Both of which violates the GDPR if they do business in an EU state.

> Since they don't have access to their users' email content because of encryption.

They still have access to all the unencrypted mail their users send and receive and to all the metadata of the enrypted communications.


> Protonmail should already be illegal in the EU because they operate under swiss mass-surveilance laws and cooperate with US-American law enforcement.

:O Seriously? Wow, off to research this I go... That's really disappointing as a paying user. I can't believe I wasn't across this.


You can choose which narration you would believe. It is neverending story.


I'm wondering the same. I suppose they will have to implement some way to scan the emails, or else they will be forced out of business.

That said, I wouldn't bet on it.


Does the EU have some kind of firewall with ISPs to block domains and IP addresses?


No. There are some per-country implementations, but nothing EU-wide.


That is the probable reason why this is being pushed through.


This report [0] is all I could find. I would have expected this to be more widely reported, and I'm surprised to see it isn't.

[0]: https://www.europarl.europa.eu/doceo/document/TA-9-2021-0319...


That link shows the existing legislation, approved in July. Today it doesn't mandate anybody to scan anything but effectively _allows_ service providers to scan for CSAM, if they wish, by defining "combating online child sexual abuse" as a legitimate reason to process personal data within the limitations of the EU's various privacy & data protection directives (GDPR being the obvious one, but there's others too).

It's worth noting that this was legal everywhere else in the world already (Google are free to scan a US user's Gmail for CSAM with no problem, if they want to).

The motivating concern was that service providers who do already scan for this kind of abuse material (everywhere in the world) were at risk of having to disable such scanning entirely for EU citizens due to privacy laws. This is 'temporary', in that it's a quick fix to avoid service providers immediately disabling all those systems, until more concrete rules on how/when/if service providers should scan content for CSAM are put in place.

That part is not a big problem (imo). The risk is that future legislation goes much further.

The article here seems to be largely lobbying and pushing general awareness of the issue, rather than reporting on any real news (not that that's necessarily bad). So far, there's no concrete proposal AFAICT, let alone a planned vote on such legislation. The EU Commission (who propose legislation, which is then voted on by the parliament etc) have previously said they're looking into mandatory scanning, but given the pushback it's unclear whether that's still the plan.

In the end, it's probably not widely reported because the mandatory part doesn't appear to have a concrete proposal in motion yet. Articles like this are appearing anyway because it _might_ be proposed legislation soon (there's mentions of Autumn 2021) and it's important to mobilize to inform the public and make their opinions visible as early as possible, rather than waiting until the last minute.


>> The motivating concern was that service providers who do already scan for this kind of abuse material (everywhere in the world) were at risk of having to disable such scanning entirely for EU citizens due to privacy laws.

I'm curious if this was a situation where they might have decided that scanning was more important given the implications of processing CSAM? It seems like this is a way for authorities to influence any data processor.

The Apple news last week seemed to come out of the blue and it felt a bit like a trade-off to get out from under the authorities to some degree. This is just conjecture though.


Thank you for the great summary.


Politicians really like to use "child pornography" as a wedge issue for surveillance as it's a topic that people overwhelmingly see as "a bad thing". This screams slippery slope.


Oh I think you will find that the "think of the children" model has been abused more than most emotional heart-string pulling for agenda.


Exactly. Just like “terrorism” is used as an excuse to take control of oil fields.


Just like the drug war is used as an excuse to empower fascists in government, strip citizens of their constitutional rights, and disrupt leftist and minority communities.


It's agendas like these when you realize submitting your country laws to legislation from Brusel was a fatal error.


Right on. Looking into ways of stopping this from happening has given me a very real feeling of desperation. There's no real way for an EU citizen to stop laws like these from getting accepted. No option for a referendum, no option for a veto, the best bet is getting the EU court to annul it, but that takes decades.


EU citizens CAN block this! Make your representative in the Council of the EU accountable. If 4 members veto this the legislation will not pass.

If you can't move your country representative to veto the bill, then the issue is not the EU: it's your government.

As Europeans we have to stop this very sneaky campaign of "citizens can't do anything" - it's a self fulfilling prophecy and the sharpest tool the lobbies have in the EU.

Your country's government has a say on it, and you have a say on your country's government. Make them accountable.


> Make your representative in the Council of the EU accountable.

How would I do that? He is already in that position, I have zero influence on his decisions.


I think that the fatal error is not going and vote for the European Parliament elections [0]. You don't get to complain when you decide not to participate in the democratic process.

Even if this was passed by the Council of the EU [1] it would be passed by ministers representing over 55% of the states - and over 65% of the EU population - and could be blocked by 4 countries. Now - we can discuss if a government is a democratic institution, but I guess it's a bit of a stretch to argue otherwise.

In other words: democracy requires information and education, either at the EU or at state level. That's not the issue here.

Your country is not a passive agent in this: your country has a say and you need only four countries to stop this. If you believe that somehow you can influence your government when it's emanating laws locally, but not when - the same government - is voting in the Council, you are just doing some magical thinking.

The EU has one main problem: it's local politicians stoking the fire of "It's the EU doing this, not us" - while at the same time passing legislation in the EU.

<Tyranny of the majority arguments go here>

[0] https://europarl.europa.eu/election-results-2019/en/turnout/ [1] https://en.wikipedia.org/wiki/Council_of_the_European_Union


> You don't get to complain when you decide not to participate in the democratic process.

You can complain either way. Not participating means you are not participating, and is a kind of a vote too. If <50% people vote, then the vote is arguably illegitimate.


"If <50% people vote, then the vote is arguably illegitimate"

That's not how a democracy works. Unless you're forcibly prevented from voting - or are denied the right to - that's not the case. It is not an illegitimate vote if you decide not to vote.

In the EU Parliament elections it's just people deciding not to vote. As you yourself said: "is a kind of a vote too".

Let me make a practical example: we are having a pizza party and we have a vote for what pizza to order, you say: "I don't care - you guys decide!". When the pizzas show up you may say: "Dang, you got the anchovies pizza - I don't like anchovies!", but not "Why did you guys get anchovies? I don't like anchovies, you shouldn't have ordered that pizza!". They seem closely related, but they are not.


No that is a wrong analogy. The correct analogy to not participating in the vote would be: I would say "there shouldn't be any pizza party vote, because the options all suck, and I do not want any pizza, everybody go home".

If more than 50% of people in the room say that, the pizza party vote is illegitimate.


Nope - that's not correct: saying "there shouldn't be any pizza party" is a vote! If more than 50% of the people invited at the party say: "We should actually get salad!" - then, guess what? You would get salad.

Being silent - not voting - is NOT the same as voting against something. Not even close.

If the real reason for why over 50% of the people don't vote was because they don't like any of the parties then they could join up and create an alternative. But this is not what happens.

In the real world when you don't vote you're doing two things:

1 - you're saying you don't care because you find all the options not to your liking;

2 - you're also saying you can't be bothered with creating one.

As long as none is preventing you with addressing the second part: you are making a deliberate choice to not engage in the democratic process. You understand the consequences of that (in)action and you accept them. In no way that invalidates the choices made by the people who engage in it.

Saying that you CHOOSING not participate in the process makes it invalid is an offence to the people who fought to give you that choice and to the people that - to this date - are not given that option.

I'll say this one last time: this defeatist attitude towards the democratic process is exactly what the political establishment and the lobbies who enrich them are counting on, and this is why I considered it one of the main issues with democracy today.

The Official Monster Raving Loony Party [0] is doing more for the cause of democracy than people who decide that nothing is going to change, we are going to get anchovy pizza, so why bother with voting.

[0] https://en.wikipedia.org/wiki/Official_Monster_Raving_Loony_...

Edit: Fixed typo - twice


Wow those are some assumptions.

> Being silent - not voting - is NOT the same as voting against something.

I never said it always is. However not voting does not mean being silent. I explained this in my analogy where most of the people said not interested in the pizza.

Similarly people who are vocal about politics in their life, online, participate in political fights in workplace, whether individually or through unions, other creative activities and so on are already participating in democratic processes. They are already not silent. The fact that some of them do not participate in a given vote they don't like does not diminish that.

> then they could join up and create an alternative. But this is not what happens.

Of course it happens, in general. Maybe you mean that in your country it does not happen, or it does happen but not everybody who does not vote is involved in that. So what? There are other ways to participate in democratic processes which I mentioned above.


I agree.

Individual countries are equally corrupted by big businesses and authoritarian leaning, but you can generally count on inefficient flip flopping right-left parties to not do too much damage in any direction.

The EU seems to be way more efficient in getting us straight to 1984 or Soviet Russia V2.


I am replying to all the posts pushing this defeatist agenda. Not only it's wrong, but it's also dangerous.

It is representatives of the countries in the Council of the EU voting these legislations through: hold them accountable as you would hold them accountable locally.

Don't fall for the narration of the EU as a third party where your local representatives have no say. If four countries veto the bill, the bill is dead. 4 out if 27 - all done by influencing your government representative in the Council.


Every layer you add between who's making laws and who's voting diminishes the power of the voter. What ends up happening is that laws are not what votes want but what people who are skilled at the politic game want - or more likely, what the people who sponsor them want.

I don't think a central government for a single country is a good solution and I think an entity who can force countries to legiferate is even worse. Countries got pulled in into Europe because of the trading opportunities, not because they wanted a quasi-Federal Government.

We're witnessing a slow decline into dystopia and making the 0.1% richer and richer every day. VATMOSS and European regulations killed small business favouring Amazon. Covid lockdowns killed small business favouring Amazon.

I'm not sure whether the representatives are complete idiots who believe to the propaganda or who assume their voters are complete idiots (eg: I can't vote against protecting children, no matter what or people will think I'm a monster; I can't vote against massively complicating VAT laws or people will think I'm favouring Amazon) or malicious entities who just want more power in the hands of the government, but the net results has been always negative (not only in Europe).

I don't care how representation works in Europe or anywhere else, the facts speak for themselves: most governments end up behaving in ways that benefit big businesses.


How am I supposed to keep the party that I did not vote for (25% did) accountable? Nobody is gonna disrupt the government because of "such small issues".


So - first of all you're admitting that the issue is not the Council of the EU, it's that your own country's representative can't be held accountable for his vote in the Council by you.

Political activism is about making these "small issues" big and visible. It's not easy, it's not cheap and it doesn't always work. Yet it's something that can and should be done at the local level. And I really mean: local.

Your country's representative is of a political party that - I am guessing here - also runs in local elections. Your town, your province, your region - and that's how you start. You possibly can't talk to your ministers, but you can talk to your local politicians. Make sure they understand that their local power will see the consequences of national and EU politics, let them bubble up the issue.

Will it work for sure? Probably not, maybe yes. Is it better than taking ourselves out of the equation? Absolutely yes! Making sure that the local politicians understand that their national counterparts will affect their local success is a way of making them accountable.


First, I did not admit anything, I asked a question.

Second, the issue is the presence of EU influence in my country: Whereas before joining the EU the local parliament would have a nuanced discussion and vote, often with results very different from partisan membership, now the party that won 4 years ago (that does NOT mean >50%) decides all by itself how it's going to vote in the council, and only the biggest issues of all can be helped, but breaking the government for every smaller thing is not feasible.


However, the problem is usually the European Council and not the Commission or the Parliament. Meaning, it's still the countries…


Any examples? At least the Council has people with mandate from the countries...


> At least the Council has people with mandate from the countries

Not in every country. More often, the head of the government is voted for by the national parliament, meaning, only the people having installed them have a form of mandate. (Which is also true for the Commission, BTW.) The people with the actual mandate are in the European Parliament.


I'm sorry, what country were you from again, that has a human rights record so much cleaner than the EU? It sounds like a lovely place.


There is the European Convention on Human Rights upheld by the European Court of Human Rights, but from my understanding these both predate the European Union, and they're not really directly associated.

Could someone more knowledgeable weigh in on what the EU has to show as far as a "human rights record" ?


This is not substantive. Please read the HN guidelines.


Alright, let me spell it out. You contend that "submitting your country[sic] laws to legislation from Brusel[sic] was a fatal error", on the grounds of a single piece of legislation. The same argument can be used to argue against any sort of government, since it's a rare government that makes no mistakes at all. The EU is top-tier in a wide range of areas spanning from human rights to food safety. So I ask again - where do you think is better?


This argument is crap and you should be ashamed to use it as a personal attack.


I wish I could report passive aggressive comments like this... as they don't really belong to HackerNews.


> on the grounds of a single piece of legislation.

No, I said "when you realize", not that it is the "single piece of legislation".

There are many other reasons for that stance, such as the fact that nation's people can influence and check their government's laws with more success than it can do that to a supernational undemocratic bureaucratic organization.

> The EU is top-tier in a wide range of areas spanning from human rights

They have full mouth of it, yes. They issued some great declarations and legally binding resolutions, I agree. In case of vaccines, almost all EU governments act in direct violation and EU has no real power/wish to stop them.


>almost all EU governments act in direct violation and EU has no real power/wish to stop them.

This would seem to contradict your original post, no?


No, where is the contradiction?


The EU is either

- an unstoppable authoritarian juggernaut to which countries have foolishly ceded their sovereignty and are now paying the price in the form of draconian regulation

- a weak and ineffectual symbolic union which issues empty proclamations that countries are free to ignore without consequence

Which is it?


False dichotomy. It can be both, depending on the issue. This is similar to U.S., although U.S. is much stronger on the federal level than EU is.


Do you regard the ceding of state sovereignty to the U.S. federal government to also have been a fatal error?


I wouldn't be surprised if the UK government announced it would be re-applying to be in the EU just for this new law (I'm joking.. I hope).



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: