Hacker News new | past | comments | ask | show | jobs | submit login

I think it's also important to quote their demand that providers should "not implement end-to-end encryption until they have the technology in place to ensure children will not be put at greater risk as a result", which sounds very much like "not implement e2ee" because it's always possible to argue for some extra risk.

User-initiated reporting features where the server can only read messages that the user reported would be the obvious solution (and should be uncontroversial), but they're not asking for that.

(To avoid concerns with false reports, the sender could include a random value in the message to prevent brute-force attacks on short messages, and send an unencrypted hash of the message including metadata together with that random value. The official client would only show messages where this hash matches, so a sender cannot just omit it. When a message is reported, the full message including the random value is sent to the server, the server can then verify that this message hash was actually sent through this service by that sender, and report the sender to the police if the content is report-worthy.)




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: