Signal to leave Sweden if backdoor law passes(swedenherald.com) |
Signal to leave Sweden if backdoor law passes(swedenherald.com) |
First time I am seeing an organization against this. Kudos to them for standing up.
> Men Försvarsmakten är negativa och nyligen uppmanade försvaret sin personal att börja använda Signal för att minska risken för avlyssning.
> I ett brev till regeringen skriver Försvarsmakten att lagförslaget inte kommer kunna förverkligas ”utan att införa sårbarheter och bakdörrar som kan komma att nyttjas av tredje part”.
> In a letter to the government, the Swedish Armed Forces writes that the legislative proposal will not be able to be implemented "without introducing vulnerabilities and backdoors that may be utilized by third parties."
They are militaries, not police or intelligence forces. The job is to be ready to do war, not nanny and snoop on civilians (Some of that might be a necessary side effect but it isn’t their reason for being).
arguably, one of the reasons it was released to the public was to get large amounts of traffic using onion routing. because if it's just 50 data steams that are entirely ONI or NSA then it's easy to hit them with timing attacks.
but 2+ million streams from all over makes it a lot easier to hide.
As good as Signal is I mean, you will want something under your control.
> This week, Brigadier General Mattias Hanson, the Swedish Armed Forces' CIO (Chief Information Officer), decided that calls and text messages that do not concern classified information should, as far as possible, be made using the Signal app. The decision aims to make it more difficult to intercept calls and messages sent via the telephone network.
https://www.forsvarsmakten.se/sv/aktuellt/2025/02/forsvarsma...
Seems people were using SMS for those messages they are now advocating to use Signal for.
Also, seems they've done a review (obviously) but unclear if they had access to something internal from Signal to do the review, feels like they had to:
> The Signal application has been deemed by the Swedish Armed Forces to have sufficient security to make it difficult to intercept calls and messages.
I was a communications specialist for the Swedish Armed forces 10+ years ago, including a tour in Afghanistan and a tour in Kosovo.
We used radio links for internet that I can tell you, were more adversarial than friendly.
The Swedish military is highly capable when it comes to network communications. A small nation will have to think differently.
You could potentially use an instant messaging system in control by someone else, if you are willing and capable of sharing encryption keys with whomever you are going to communicate with beforehand.
> EU Commissioner Ylva Johansson has also been heavily criticised regarding the process in which the proposal was drafted and promoted. A transnational investigation by European media outlets revealed the close involvement of foreign technology and law enforcement lobbyists in the preparation of the proposal. This was also highlighted by digital rights organisations, which Johansson rejected to meet on three occasions. Commissioner Johansson was also criticised for the use of micro-targeting techniques to promote its controversial draft proposal, which violated the EU's data protection and privacy rules.
There is utterly nothing the Swedish government can do to stop Signal except for pressuring app stores and/or ISP-level censorship. Preemptive surrender is extremely disappointing, especially for a non-profit - there isn’t even any revenue that can be ‘fined’ by the EU!
Why are European countries trying to pull one off from the China playbook, while simultaneously being shocked that companies react to authoritarian moves in the exact same way as they have done in the past, is beyond me. Is the hubris so large that they honestly can't conceive their "requirements" as being "literally the same as China?"
The goal is no privacy. Because terrorism. Or the children. Or espionage. Just pick one and speak against them directly and you'll find many arguments why the government needs access for any of those reasons. People love going to bat for giving up rights.
I forget who said it but you cannot have a civilization without secrets.
> At Tuta, we are deeply concerned about the proposed amendment to the so-called "Narcotrafic" law, which would force encrypted communication providers to implement backdoors for law enforcement. This would threaten everybody’s security and privacy and could be in conflict with European data protection legislation and Germany's IT Security Act. We urge the French National Assembly to reject this dangerous amendment. A backdoor for the good guys only is not possible.
> France is about to amend a bill against drug trafficking, the “Narcotrafic” law, which will force encrypted messaging apps like Signal and WhatsApp to backdoor the encryption for being able to hand over decrypted chat messages of suspected criminals within 72 hours of the request. In order to enforce it, the text provides for a “fine of EUR 1.5 million for natural persons and a fine of up to 2% of the annual world turnover for legal persons”. The amendment has already been passed by the Senate and is now moving fast to the National Assembly.
Tox is peer to peer and encrypted, but its UX will probably drive away anyone who wants the ease of use of Signal or WhatsApp.
I think Matrix experimented with the concept of running a server on-device, and that's one of the few alternative chat systems with decent UIs available, but AFAIK that never made it beyond the proof of concept stage.
Veilid Chat, developed by the Cult of the Dead Cow, promises to be an interesting option, but it's currently in beta and has been for a while.
What is the meaning of this paragraph? Did someone from Sweden's own armed forces write to the government to dissuade them from the initiative?
Maybe all IMs should then drop encryption altogether, bringing us back to the stone age of clear text messaging (email sent unencrypted between MTAs).
Because this "please let them use encryption, but let us peek around it" just doesn't feel right.
Most of gov regulation works like that. You can have guns but only registered ones. Machines guns illegal unless it’s military etc
This is no pie-in-the-sky statement, I've been running such a server for years and have installed several for others. System requirements and maintenance are minimal - you can run Prosody on a Raspberry Pi 1B if needed. Availability and reliability are high, it basically works as long as network connectivity and storage are available. The user experience largely depends on the client applications where Conversations on Android is probably the gold standard and in many ways comparable to Whatsapp.
When using OMEMO the server admin does not have access to cleartext communications so assuming clients are configured correctly there is not much to be gained from raiding the server. If some government entity wants to snoop on communications they'd have to gain access to at least one of the client devices since encryption is handled locally. Instead of backdooring centralised services run by Whatsapp or Signal or Telegram they'd have to get to a multitude of servers-under-stairs and client devices which makes it infeasible to use the 'dragnet approach' which is most likely the intended outcome of these backdoor laws.
Some decades ago at I heard Jello Biafra repeat his statement not to criticise the media but to become the media. This has happened, the (current incarnation of) legacy media is running on its last legs and has been overtaken by 'new' media. Here's a corollary to this statement:
Don't criticise the service providers, become the service provider
Use the internet as it was meant to be, a network of networks. Lots of networks, each running their own services with 'secure' communications between those services. I put secure in quotes because there might be a chance for some TLA or other organisation to break the encryption on one of those communication links. Even if they managed to do so they'd gain access to only a small fraction of the communications going on around the 'net.
But advocating for distributed communications only aids and abets criminals, won't you think of the children?
When guns are outlawed, only outlaws have guns. Criminals already use these services (and some of them have been broken/backdoored) so this is nothing new to them.
But you can't expect grandma to run her own server
No, I don't expect her to do so, she can use yours instead.
But but but but
You're starting to sound like a chicken.
Running this stuff is not hard. If you know how to do it, do so and help others to get started. While you're at it you can help them to secure their networks against intrusion by their service providers as well by making sure the ISP connection terminates at a router managed by the device owner, not the ISP. There is no reason to give the ISP access to your LAN since that only creates an incentive for those government entities to force the ISP to give them access to customer networks. The ISP should be used as IAP - internet access provider - and only be allowed to see whatever traffic you allow out of your network, not what goes on inside of it. That, though, is something for another post, another time.
I've been running services like this for decades, this works, it is not difficult and does not take that much time. It has only gotten easier over time, hardware has gotten cheaper and smaller, power use has gone down, performance has radically improved. This is not a pipe dream, it has been first my, then our reality for more than 30 years.
Don't criticise the service providers, become the service provider
I'd really like to know why it's so hard for politicians and police forces to understand that backdoors are dangerous.
However, we shouldn't underestimate the desire for foreign intelligence agencies to bait one's own domestic agencies into "spying for them". So i imagine there's some pressure from, eg., the US sigint agencies to have the EU compromise EU citizens in ways that even those very agencies may today not wish to compromise their own.
At a complete guess, I wouldnt be supried if, eg., the NSA (, CIA, et al.) were goading EUROPOL which was demanding domestic anti-encryption laws.
As an empirical matter, encryption makes agencies like EUROPOL's jobs extremely difficult -- i imagine also because they probably struggle to get coop from domestic police forces, so cannot easily do "the physical police work necessary" to get device access.
In the end, I imagine we'll have china to thank for the end to this nonesense -- since any backdoor will immediately be a means of mass corp/gov espionage.
I hear they also make amazing sourdough and can discuss the Beatles catalog at depth.
They can go after executives and employees of foreign companies, too. The charges may not mean much unless those employees travel through Sweden, but if the political winds change in the future then they may be able to convince other countries to enforce their charges against employees as well.
It’s reasonable for a company to avoid risking their employees becoming targets of detention for international travel.
It also more effectively highlights the political issue within Sweden if people there see the consequences of the laws of their elected officials rather than having those laws silently ignored by a company that takes the legal risk upon themselves.
https://www.google.com/search?q=apple%20eu%20alternative%20a...
The end result of which, if done at large scale, means that an EU government couldn't ban signal, short of forcing all its domestic ISPs to be downstream of a China type great firewall, or simply null route all the IP space where signal's servers are located.
Yes, Signal may be headquartered in the US, but that doesn't mean they can just ignore the laws of other countries, which is exactly what may happen here, depending on the outcome.
Sweden may propose a backdoor (a utterly shitty idea, I agree) which Signal may decline (which this submission is about). Then the next step is either Sweden giving up on the request, or placing fines on Signal until they comply or outright ban it, or Signal deciding it isn't worth it (prevent Swedish users from using Signal).
All within their capacities and rights, even though I again think it would very stupid approach.
Sweden can fine Signal all they want but if they can't enforce the collection, they weaken their power and foster disrespect.
I would be surprised if Swedish law allowed for prosecuting a foreign company with not one bit of operations in the country.
My friend's medium size regional ISP is headquartered in the US and as a hosting company certainly has customers who violate any number of censorship, blasphemy, etc laws in Iran, Russia, Myanmar, Pakistan, Bangladesh, just to name a few.
Signal doesn't "operate" in Sweden any more or any less than any other internet based service which has zero servers, offices, bank accounts or other physical presence in the country.
How are they operating? It might as well be viewed as citizens of Sweden interacting with a foreign service out of their own volition.
In general, laws are backed up by the threat of violence. To the extent that Sweden's police can't confiscate Signal's assets in the US, they do not have to comply with anything. The only leverage Sweden's government may have is ISP level censorship, which is likely to cause unintended disruptions. Signal is in turn free to attempt to circumvent the censorship.
The military of Sweden seems to get it at least, they "write in a letter to the government that the proposal cannot be realized "without introducing vulnerabilities and backdoors that can be exploited by third parties"". The military also recently advocated for more use of Signal, so clearly they've reviewed it and find the current security good enough.
Most of this is being done to address the increasing terrorism threat we now face on a daily basis. Freedoms really only work in societies where people broadly share the same values and cooperate, but European societies are fragmenting and increasingly becoming less safe and less tolerant. If we want to do something about this then restricting freedoms is probably going to be required to some extent.
Another theory I have is that this could just be a symptom of an older and more female voter base. As women become more politically active and as older generations make up a larger share of total voters if we assume these demographics are more safety orientated on average then perhaps we should assume that safety concerns will begin to trump the desire for freedom. It's just a theory though.
Or you could undo the changes that have caused that decline in social cohesion. People don't share the same values because our governments have been non-stop importing people with radically different values. Values which see it as a positive to end the lives of those who don't agree.
> Another theory I have is that this could just be a symptom of an older and more female voter base.
That voter base does vote more for the established parties and their policies that have gotten us into this compared to the population at large, yes.
> Since the revelation of ‘Chatcontrol-Gate,’ we know that the EU’s chat control proposal is ultimately a product of lobbying by an international surveillance-industrial complex. To ensure this never happens again, the surveillance lobbying swamp must be drained.”
Step 2: Sweden becomes the gun crime capital of Europe.
Step 3: Change your society to a low trust society, dismantling all the wonderful things social services and liberal institutions.
I'd agree with you if you just put "bureaucrats" instead of European bureaucrats, what country isn't currently led by a bunch of bureaucrats who don't seem to understand even the basics of the technology they legislate about?
I've yet to seen a country to lead the way, no wonder the rest of the countries don't seem to know what to do and just throwing stuff at the wall.
Those themes keep recurring both on EU as well as national levels. Including nations that ain't EU members.
As a citizen of EU member, I’d love to change this discourse. But there seems to be very few options to vote for. And then such BS happens at levels that are practically out of reach of democratical process.
Under a benign government (as arguably we have in most of Europe), we can have a reasonable assumption that the state will act in the interests of the population. The public sector workers who have chosen that line of work probably believe in what they're doing and want to do it well.
The government has always had the ability to steam letters open, and they will always need to, in order to fulfill their duties to the population.
Of course, requests such as adding a back door to end-to-end encryption are unnecessary when they could take control of one of the devices in some fashion...
I'm sure some of the politicians advocating for this have ulterior motives, but I hope we won't get in a position where we find out what those motives are.
In some European countries public money has turned into a pretty transparent way of buying votes. These votes are used to make sure nothing ever changes.
You are hinting at something important here. Let me strengthen your point: to own an object means to subject it fully to your own will. If the object can act in a way that favors someone else's interests over yours, you do not own it. This is true of pretty much any device running proprietary software.
A litmus test: can you make your device lie to the manufacturer's servers? Regardless of the legality or morality of doing so.
However this article is really about something else: the vulnerability of centralized services in the face of government oppression. Signal only has the ability to log messages because it is a centralized service that controls both the client and the server. The benefits of E2EE is greatly reduced if the client and the server is controlled by the same entity (tomorrow Signal can push out an update that would send a plaintext backup to their servers, and you wouldn't know it until later). Moreover, the non-free distribution mechanisms on mobile phones (stores) limits a company's ability to resist.
(Reproducible builds is a cool technique.)
Not by a long shot. Just a few counterexamples from the top of my head: Destroying currency, altering passports, reproducing copyrighted images.
I'm not saying I'm a fan of even more exceptions of that kind, but I don't think there are any particular inherent rights arising from property ownership beyond from what society agrees on there are (e.g. the first sale doctrine for physical media). That's what makes it even more important to codify these rights.
Let’s explore that.
If the law says I can’t ride my motorcycle the wrong way down the street, does that mean I don’t own it?
What about if we add traffic cameras that absolutely guarantee I will be prosecuted?
What about it if we add a black box that reports transgressions automatically to the authorities?
What about if the black box automatically cuts power to the engine?
I don’t think ownership is a binary using your criterion, or perhaps it’s simply that different people will put the dividing line in different places.
Which police with a warrant can very much do.
Even if there was warrant protection, I’d still be against it. People have traditionally had the right to speak to each other without giving a transcript to the police. I think it’s unreasonable to make that illegal.
Scalable surveillance is different, just as scalable weapons are different.
The issue with Apple caving to UK demands regarding encryption, and now Signal being in a similar situation, shows that you can't just focus on technology and ignore policy and politics.
And you'll find out that a ton of people here on HN will care, but most of the public won't.
People should take XKCD 538 really to heart (The 5$ wrench one). It's not the same point, but very similar. https://xkcd.com/538/
Apple "caving" would've looked different; in fact, we probably never would have known, given the insidious nature of the underlying statute in the UK.
Apple is making noise about the fact that they pulled the product, and the tech press is making it clear WHY even though Apple itself is legally prohibited from giving any additional context.
I feel like that was probably the best move available to them given the cards dealt. Fighting in secret courts is unlikely to be fruitful.
It very much can. In a battle between human force and physics, physics win every time. If I send an encrypted email to you, you have the choice to not give up the key, even if you'll be in jail. With physical letters, you don't have this option. Technology gives you the ironclad ability to keep a secret, only limited by the fortitude of your character.
It often only can't in a world of mandatory centralized app stores. That's not the only possible world.
There's definitely a strain of thought which perceives almost everything in society as being outcroppings of the progress of technology (however you define that), and especially in the 1990s imagined/expected everything to fall over under the mantle of "information wants to be free" etc.
I think you're right that this is an intellectual dead-end. Many of us lived through the 90s hype wave and into now, and have watched things take a complete circle. The Internet didn't transform society into utopia, the real-world dystopia transformed the Internet into a high definition image of itself.
We're talking about companies though, not technology. Something like Bitcoin or BitTorrent can be regulated, but not stopped.
Steganography isn't some magic shield to avoid surveillance though. If authorities are already monitoring you for some other reason, then they can burn a zero-day exploit and see anything you do on your device. And if your entire city is covered in cameras with facial recognition, well... you can have your secret messages but I don't know what kind of resistance you're going to be putting up. So to some degree you're right that you can't fully ignore policy and politics.
Not sure how to get most of the public to care though. I get most people have more immediate concerns in there lives, and crime is a legitimate issue, but even a cursory knowledge of history will show the hell life can be under authoritarian governments. I think far too many people think "it can't happen here", which seems insane considering how often it has occurred even in liberal democracies (Spain, Portugal, Germany, Italy, Argentina, Chile, and many more.) In less liberal and less stable democracies, it has happened even more times. I'm not sure why people have some unfounded faith that their government could never become authoritarian and oppressive.
I'm not saying take down every CC camera and get rid of intelligence agencies -- they are important tools for fighting crime. But there's a difference between a few traffic cameras and CC cameras in places people would presumably commit a crime, and burning targeted exploits for surveillance of truly notorious criminals, and just mass surveillance through banning end-to-end encryption. With zero-day exploits, the government is inherently limited in the surveillance they can do, so it's a limiting factor on their potential for abuse, as the more they use it, the more likely they are to be discovered and patched. But with no end-to-end encryption, the potential for abuse is limitless.
Back when Moxie Marlinspike made a thoughtful critique of Web3 (the most thoughtful one I had read, actually), I put together a reply. It’s worth a read for anyone on HN who cares about user freedom and how society is structured:
https://community.intercoin.app/t/web3-moxie-signal-telegram...
A note to the younger HN crowd who may have grown up with locked-down devices: the “hacker ethos” used to mean the freedom to tinker and buuld your own. It wasn’t always the case. The Personal Computer and Apple came about through the Homebrew app. And before that, Steve Jobs and Wozniak were even building blue boxes for “phreakers”:
https://www.youtube.com/watch?v=HFURM8O-oYI
Before he became a corporate golden boy, Mark Zuckerberg built Synapse for regular users and open sourced it instead of selling it to Microsoft and wanted to build Wirehog, but Sean Parker proudly said he and Peter Thiel “put a bullet in that thing”
https://techcrunch.com/2010/05/26/wirehog/
I don’t want to just be the “wake up sheeple” guy or some unkempt Stallman clone. But there is a real culture clash between the hackers and the corporations, and I feel like the HN denizens who knee-jerk downvote of anything decentralized today don’t get the point of open source decentralized hacker ethos and how the people who practice it produce the next big thing. Working for FAAMGA and “the cloud” ain’t it folks. Here’s why “the cloud sucks” by Steve Wozniak: https://gizmodo.com/why-the-cloud-sucks-5932161
In short — read my rejoinder to Moxie Marlinspike, in my first link. It is ironic because all these years later, I end up being right: it is exactly his company that’s getting hit with this, exactly because it is centralized.
And if you are Moxie or Durov and think your centralized company has somewhere to run… here is the bigger picture around the world — governments are coming for you and the war on user freedom is coming through you: https://community.qbix.com/t/the-global-war-on-end-to-end-en...
If there is a free software license, it’s of no direct use to them. Only software developers care about such things. (There is an indirect effect on what software is available.)
> If there is a free software license, it’s of no direct use to them.
It's of indirect use; they could use a modified version of the software that does what they want, created by someone else. This is why you generally don't see user-hostile features in Free Software; someone would just fork the project and edit them out.
Having the source code to a printer driver available is a completely different thing than being dependent on a platform, because all your friends and relations are using it.
Personally, I'd only trust a governmental agency to provide such services, which makes the article we're discussing ironic at the least, or complicated.
I can't see why you'd say that.
Governments (and private corporations) are not operated to faithfully serve the public, certainly not the public as a set of individuals and small groups of people. It's not that "government services are bad", but rather, than governments, even democratically-elected ones, are practically certain to wiggle out of the straightjacket of strict protection of individual needs and interests for legitimate or illegitimate "greater good"; specifically, they will not resist the desire and the interest to spy on you. And the potential for government abuse of private information is quite high.
I suppose if I needed to make sure there was a public immutable record of something it would be useful. Like "I made this thing no later than this post"
But who would use it?
Not wanting to be reliant on American companies because they don’t allow you to spy on your own citizens as much as you want through…
Similarly, the benefits of Sweden banning Signal would most likely accrue to WhatsApp, not any indigenous software company.
[1] https://restofworld.org/2022/tiktok-sized-hole-in-india/
You can do what you want with the bike, but your analogy falls flat because it implies that despite you owning the bike you get to drive through your neighbours living room: because your right to own a bike somehow trumps their right to own land and a home.
"There is only one essential difference between a monarchy and even the most democratic republic—in the former, bureaucrats oppress and plunder the people in the name of the monarch; in the latter, they do it in the name of the people's will." - Statism and Anarchy
The core problem isn’t the form of government, but the concentration of power itself.
The exact purpose of Five Eyes?
I'm shocked, shocked! there's gambling going in here!
But at the same time countries realise they are under attack economically and political from hostile cyber warefare... and so there's something self-defeating about this tactic now whereas perhaps 10-20 years ago there wasnt.
It's hard to imagine a US-China war (say by proxy in TW) or a EU-Russia war (eg., esp., by proxy in UA) "going well" under conditions of broken domestic encryption.
Eg., back when the UK mass surveillance law was passed in 2016, I imagine sigint agencies were more on-board... today I wonder if that law would now be "quietly opposed" on grounds of national defence
And in time, they will also remove the e2e encryption on existing accounts using the e2e feature to comply with UK demands.
They may have sounded the alarm, which I appreciate, but they still have to 'cave' and do as the UK government tells them or they have to cease operations in the UK.
Capitulating would've meant giving the UK government the back door they wanted. They didn't do that. They complied in a loud and public way, which unmistakably shined a light on the insane request.
The only other options for them were withdrawal from the UK market entirely, or a secret court fight they'd probably lose.
To me, their actual response reads more like malicious compliance than "caving," which usually implies giving up completely.
If they were Free, users wouldn't necessarily even need to hire a developer to change their app or OS; those changes would most likely already exist in some form somewhere and the user could simply purchase the modified version.
Most 'regular/normal' people won't and most importantly - don't want to - jump through the technical hoops to keep using Signal.
Although the downside of the official app stores is clear, the alternative might result in a swift return to the '90s and '00s where malware and viruses were rampant. Pick your poison.
The answer you're looking for is probably to build more decentralized, FOSS software with better UX. Much easier said than done of course.
I assume it’s just one of those things that Swedish society is having to grapple with abruptly and that they will adapt the appropriate institutions. I have more faith in Sweden than my own country lately.
So does Sweden, and have had strong privacy advocates for a long time. Remember that The Pirate Bay came from Sweden? It spawned a political and ideological movement (Piratbyrån & Copyleft/Kopimi) that still has some presence in Sweden and EU although doesn't seem as strong as it used to be, except for Iceland I think.
> I have more faith in Sweden than my own country lately.
Not sure what your own country is, but assuming it's US, they're pretty much equal in many ways (but not all obviously) and Sweden basically copy-pastes US political policy for the last decades, for better or worse.
That's not how Sweden remained "neutral" though, although I'm not sure I'd agree Sweden been neutral since 1814, wasn't exactly neutral before/during the second world war. https://en.wikipedia.org/wiki/Sweden_during_World_War_II
>Georg Homin, a captain on the General Staff, stated:
> Without a defensive force we cannot follow any policy of our own, our declarations become merely empty words and we leave the country's fate to chance, or to the decisions of others. With a defense as strong as Swedish conditions allow, we secure for ourselves the basis of a continued independent Swedish policy.
obviously strong enough that not worth fucking with is a relative thing, based on a calculation of what do you get for attacking, how much will you have to spend to get that?
(At least ChatGPT lists Sweden as one of 10 countries with indigenous fighter jet programs.)
GGGP:
> They haven’t been in a war since 1814
Geography plays a role too I'd think. In a way, located in an icy corner of the world (rather than f.ex. in central Europe)
[1] https://www.securityweek.com/malware-delivered-via-malicious...
More realistically, you generally don't have to switch to a fork in the first place because the mere threat of a fork is enough to prevent the deployment of user-hostile features. And when a project does get forked it's often a highly publicized affair with a lot of community drama which produces no shortage of information about who's trustworthy and who's not.
There is a long tail of malware in app stores, despite the efforts of app vendors to police such things. Nobody would be bothering to fork them because most technical users don't care about them, but they still attract lots of victims.
Example: malicious Chrome extensions. Authors of Chrome extensions receive enticing offers to sell and sometimes they do.
And if Apple and Google were forced to remove all wallets from their app stores, it would largely be game over.
Very few people actually care about the principles of Bitcoin and the like. Maybe the core devs and some very early adopters?
This bill is akin to making it illegal to destroy your own correspondence.
And I hope you understand that 5$ wrench is a euphemism for what would 'really' happen.
All this to say that no, technology does not triumph over politics and policy.
If the second person is somewhere else in a different jurisdiction, how are you going to communicate with each other to get the two halves of the secret together to encrypt/decrypt messages? It's an unworkable situation.
As I see it, you create a fantasy situation that would not work if you just want to communicate with people in a secure way. No amount of technology or encryption is going to work, especially in the real practical world.
Comparing to analog is I think flawed because even if it mapped 1-to-1 it does allow for a level of search that is problematic given the low cost of digital surveillance.
>Because everything in Signal is end-to-end encrypted, we can rent server infrastructure from a variety of providers like Amazon AWS, Google Compute Engine, Microsoft Azure, and others while ensuring that your messages and calls remain private and secure.
Side-loading is harder to enforce any rules over, of course.
Blocking domains is well-established at this point, thanks to the copyright industry doing a 21.5-year whack-a-mole-waltz with The Pirate Bay. Of course, this also demonstrates the limited effectiveness of domain blocking.
Extremely limited effectiveness, when VPN operators like Mullvad are corporations based in Sweden and offer 5 euro a month service to bypass whatever local "mess with internet traffic" activity, whether government-caused or not, that someone's last mile ISP is up to...
There's also the game of whack a mole with taking ownership of domains at the registrar/ICANN level through court orders, such as with the various .com or similar things that get jacked and plastered with a "DOMAIN HAS BEEN SEIZED" notice by the US feds.
Doing that would eliminate so many Swedes from Signal...
I haven't found a VPN solution for iPhone users in a couple of US states. It's like iphones are actively hostile to the very idea of a VPN. Or at least "self-hosted VPN", maybe the $20/month VPN work but that's... Sketchy.
Gangs would find another communication channel before the law is put into effect. Yet backdoor would be there forever.
(Possibly) SAF is negative because they use Signal, and don't want a law that would introduce vulnerabilities into Signal that could be utilized by third parties.
These aren't counterexamples, they prove the rule. A US passport literally has the text "this passport is the property of the United States" printed inside of it, and I imagine the same is true in most countries: you are the recipient of a passport, not the owner of one.
The same applies to copyrighted images— when you purchase a book you own the physical copy and can fully subject it to your own will, but you don't own the right to make additional copies of it. You own the copy, not the intellectual property.
As for currency, it may not legally be the property of the US government like a passport, but I would argue that the fact that you can't modify it does in fact mean that you don't own the bill, the bill is a representation of an abstraction of "money" that you do own.
You can't make your phone lie to an app developer about its location, rooted status, etc. You can't make your HP printer print with unsanctioned ink. Therefore, you do not own them.
Now you could of course say that the difference is somebody having intentionally designed an object in a way that makes it capable of withholding some functionality from me but not others, and I'd agree.
But all in all, I just don't think "property rights" is the right lens to think about computing devices.
You're joining two things here which I think are important to keep separate--the demand and the enforcement.
The Province of Bumbinga can absolutely claim worldwide jurisdiction and fine Apple $1T. And they can fine them a further $1T for every day they're not paid and their waterslide is not built.
Hell, _I_ could send Apple a letter claiming they owe me a trillion dollars so I can build a waterslide.
But when Apple doesn't pay a trillion dollars... then what? Send them angry letters? Still doesn't get the waterslide built.
A legal system's power isn't the orders it's the enforcement mechanism behind it. With a local presence they have the option to seize local assets and bank accounts, forcefully close operations, arrest employees, etc.
When the company has no local presence, your only enforcement mechanism is gaining the cooperation of a foreign country, in which case the country they're headquartered in is very relevant. And they're only going to cooperate if your request aligns with their ideals and generally benefits them.
Except in the most extreme cases, it's generally not worth it to try and impose your rule outside your borders because you have no mechanism to make anyone comply. It's an empty threat. Jurisdiction in the international sense is descriptive not prescriptive. It's recognition of the limits of your authority. The outcome is the same with or without it.
Signal may have users in Sweden which Sweden sees as giving it jurisdiction. Sweden may see it being accessible at all as giving them jurisdiction. Sweden may say "screw it, we have jurisdiction over the whole world!". But their ability to enforce that more or less ends at requiring ISPs to block their traffic or asking the US government to enforce their orders within US borders, so it's kind of a moot point.
Borrowing from how tax & law is usually applied for companies trading outside of their incorporated country, at least in many places including the EU: If you have users/customers in a certain country, even if your product is purely software, you can be considered to have operations in that country.
Couldn't users in pretty much every internet-connected country use VPNs and other methods of cross-borders indirection to access even those US services which explicitly block non-US IP ranges?
If this is the case, then is it not the case under the quoted reasoning above that any internet company should be expected to have operations in every other internet-connected country?
It's the same reason Australia and now South Africa demand payment from Meta and Google for revenues related to links going to local news sites and the like.
If no money is changing hands, good luck with that. (Or, rather, bad luck with that.)
(If money is changing hands, you might find your payments blocked by local payment providers, though even then that would take a while and might or might not happen.)
There are plenty of immature ideas about running human affairs going around. History has shown that a social contract obtained by popular assent is the only viable choice, unless you relish war, insurrection, terrorism, and social collapse [0].
Government is good almost by definition because we grant its existence on that basis of benevolence. Indeed one should be ready to defend good government and lay down ones life to make it good, including overthrowing existing bad government.
This was well established 80 years ago and we seem to have forgotten.
I know there are some around here agitating for tyranny and dictatorship. That in my opinion is the "childish view", a result of too much screen-time and a lack of life experience.
Would you be willing to fight for good government? [1]
You're merely playing word games here. A person keeping another human being against their will is called slavery or abduction instead of prison. Similarly, it's only called war when it's a government doing it, otherwise it's called activism, terrorism, or gang warfare (note the overload of the term).
The main difference between a corporation and a real democratic government is that a government is accountable to all its citizens, instead of its shareholders. I understand that this is a difficult concept to grasp for US citizens, but the rest of us living in actual European democracies don't deserve your childish derision. No system is perfect, but don't make the mistake of thinking that the US government is the best (or even a good) example of democracy out there.
This is not a knock against private industry in general. Capitalism's greatest strength is precisely that it harnesses corruption toward productive ends through private industry.
Nonetheless, it's unsurprising that people would take a chance at less-corrupt versions of key infrastructure. My preference would be to do this through charity, which worked pretty well for e.g. Mozilla for a while - but I wouldn't call other directions naive.
I did worry this example would be too political, hence including the BitTorrent example as well.
The actual software and code? Good luck getting that genie back in the bottle now. But, you can certainly hamstring it in other ways, and frankly, that should be good enough. I say this as someone who is absolutely not a fan of the project and find the perverse incentives in PoW especially to be pure garbage, but I am also a realist.
When you have folks like Peter Zeihan declaring that Bitcoin *will* go to zero - that is, I think, the epitome of hubris. We don't know what will happen next, and with our current administration, I'm only seeing Bitcoin become more influential in the interim, much to my chagrin.
> The actual software and code? Good luck getting that genie back in the bottle now. But, you can certainly hamstring it in other ways, and frankly, that should be good enough.
This is my point - the technology is out of the bottle. You can't stop it. You can disincentivize its use in all sorts of social and legal manners, but to go all the way back to my original comment: you can stop Apple (Coinbase) from operating, you can penalize individuals for using encryption (or cryptocurrency in this case), but encryption (and blockchain) still exists and can be self-hosted, and individuals can continue to utilize those tools.
Again, look at torrents. Its primary use case is illegal. What.CD, Oink, even TPB (at various points) have all been taken down. Yet torrenting still enjoys widespread use across the globe.
I'm not a fan of cryptocurrency either, but I do want to note that "hamstringing" it at this point will likely have many negative downstream effects on the overall economy.
When I say user-hostile features I'm not talking about malware. Yes, I suppose theoretically you could fork a Free Software malware app and make it not-malware, but that's not what I'm talking about here. I'm talking about things like Samsung putting ads on your TV home screen[1], or BMW charging a monthly subscription to access your car's seat heaters[2], or Sweden trying to install a backdoor in Signal. With Free Software, users get the final say on whether those features are installed on their devices or not.
[1]: https://www.reddit.com/r/samsung/comments/184a1j6/why_do_i_h...
Users don’t get final say in what their devices do unless a software developer is willing and able to help them. Most are actually pretty helpless on their own.
There are lots of ways to figure out what version to install; which is a lot better than having literally no choice because there's only one option available: the one with homescreen ads/government backdoors/seat heater subscriptions.
Will some users make the wrong choice? Yes. Is that a valid justification for treating everyone like children unable to make decisions for themsleves? Absolutely not. Just as there are other ways to prevent real-world crime than by locking everyone in concentration camps, there are other ways to prevent cybercrime than by locking everyone in an inescapable walled garden.
This part does terrify me. Too many hedge funds and more common investment vehicles have gotten exposure to this. If there ever is a huge rugpull, regular folks will get nailed. Sad times.
F-Droid and Debian/etc show how this is done.
With reproducible builds, you don't have to trust the packager or the developer as long as you trust at least one person who reviewed the source code.
It's all based in trust in the packager and only the packager—there are no checks and balances. The only reason why splitting up the responsibilities might help is if you find the F-Droid maintainers to be inherently more trustworthy than the Signal developers, not due to simply separating the concerns.
But to be specific: "open source" claims go out the window when they're;
1. Not reproducible (before anyone links me to the "reproducible steps" please actually read them because they tell you directly that they will not create a reproducible output).
2. Able to hide development of mobilecoin (somehow) from us for nearly a year. To be clear: There were updates to the Signal app on iOS and Play, otherwise there would have been security bugs, but those patches did not make their way into the repositories.
Signal operates on a "trust us bro" mentality, and no matter how trustable they seem to be- something about that doesn't sit right with me and never has.
EDIT: I don't really care if bots or shills downvote me, can you really, with a straight face, say it's NOT "trust us bro" ideology that makes people use Signal?
https://github.com/signalapp/Signal-Android/blob/main/reprod...
Why can't I sha256sum the two apk?
A significant improvement.
/s
As someone who got their whole network to switch to Signal before that happened, it was absolutely disgusting watching that all play out.
The MobileCoin work and the source code not being published on the public repository for nearly a year was an extremely ill thought move. It soured my view of Signal as well.
If you don't like this, you use the non-Play Store build instead (which supposedly doesn't include any binary blobs, but I haven't checked).
In fact I find the difference in how they handle the two very telling.
(Even if the result was Musk being humiliated).
To be clear, if they did this and the UK gov called their bluff, it'd affect me personally, but I'd rather that than swinging open the backdoors
I don't know... what else could Apple have done? Hard to determine what else they could have done besides turn off the feature in a thread on another company not just turning off a feature, but leaving a country entirely.
i should have done that.
Now that I asked ChatGPT, it didn't include this reason - perhaps it's too obvious and no-one has written it down before.
Being unwilling to do that simply has no impact on the real world. You scream into the void.
Would they? Of course not, but the question was what else could they do, and this is something they could (and if their fundamental motive wasn't purely profit above all else, perhaps should) do.
I'm trying to help people understand that there is no actor that can make these decisions they want them to.