EU agreed to "ban" encryption

veleno · November 12, 2020, 12:55pm

https://techcrunch.com/2020/11/09/whats-all-this-about-europe-wanting-crypto-backdoors

LinuxNew · November 12, 2020, 1:11pm

Use non EU countries then like Switzerland

reC · November 13, 2020, 5:08am

also, do we really know that the intel-ME-black-box-CPU in the Purism products is really harmless and can’t backdoor this process already ?

kieran · November 13, 2020, 5:14am

Governments intend to backdoor everything eventually.

lemin · November 13, 2020, 1:09pm

Before it’s too late, sign the change.org petition to let the EU know where they can shove their backdoor.

Dwaff · November 13, 2020, 1:48pm

change.org ignores my language setting in the browser and uses geolocation instead. Crappy site.

lemin · November 14, 2020, 2:18am

There is a simple solution to this backdoor, if it ever comes to fruition. Use a VPN or Orbot to select an exit node outside of the EU. Tell your European chat mates to do the same. Then, first of all, you’ll get the unbackdoored version of the app (because presumably “serious” privacy apps will have an EU version and an uncompromised version in different app stores). Secondly, your message traffic won’t be subject to this BS. While it’s true that your VPN connection itself will be backdoored, that’s fine because it will only be used to acquire the unbackdoored chat app and forward your unbackdoored chat traffic.

The EU could, in theory, block VPNs and Orbot, just as the Chinese have. In that case, use Telegram to acquire the unbackdoored app. (This would require manual app installation, emulation, or sandboxing. Also, if the app gets blocked by the ESP server in the diagram above, then you might need to find an awkward way to use the backdoored version of Telegram to forward your unbackdoored messages.) Telegram has a checkered history of security flaws, but blocking it proved so difficult that even the Russians gave up. (Although it’s possible that they found a security flaw that they can exploit in order to break it, so they now regard it as a honeypot ready to be mined, which is why I only list it as a last resort.)

This policy has been conceived by cryptoblivious morons. It will never work, except to increase latency and put the private communication of innocent citizens at risk of mass exploitation by, or by fault of, the same cabal of ignoramuses. Criminals smart enough to be a real threat will learn how to evade it faster than it took me to type this. They would do better to fight crime with public cameras in public places monitored by the public.

Let’s hope this doesn’t become a standard, soon after which, every African dictator and their ilk would be be clamoring for a copy.

The only reassuring conclusion from this farce is the implication that competently designed E2EE really hasn’t been broken by everyone (any maybe not even anyone) in member states’ security apparatus. It would seem that, presently, they’re all counting on doing it the Isreali way: break the phone’s encryption by cracking the absurdly weak passcode or fingerprint ID, which requires little more than defeating the phone’s ability to count unlocking attempts. It’s not fun to enter 40 characters every time you want to unlock your phone, but if you don’t want to do that, then better to have one obvious hole, than countless subtle ones.

There are other ways to evade this shit, but I would urge those of you in the know to spare your arrows until and unless they’re really needed. While I think most Purism hackers are basically responsible people pushing freedom and individual responsibility, who knows what monsters lurk among us.

@Dwaff you can also use Tor. Ctrl+Shift+L a dozen times or so, until you find an exit node that bypasses the typical Cloudflare “ray ID” error. Expect that some of the scripts might not run, leading you to think that no one has yet signed the petition. That’s just Tor’s way of keeping you safe.

Jan2 · November 14, 2020, 4:45am

The problem with “law enforcement” is “too many laws”. Parliamentarians are correctly called “lawmakers”. What we really need is “law removers” to weed out all unnecessary, needless and outdated laws. Concentrate on enforceable and logical laws, not on complicated, multi-interpretative laws. This saves a lot on enforcement costs and lawyers.

“special keys” to break encryption of “evil messages” is a profound example of bad law:

not enforceable
multi-interpretative
complicated
needless

And above all contra-productive, it’s bad for the economy and stimulates digital crime.

reC · November 14, 2020, 6:08am

i only like extremely funny w-sites or extremely depressing ones

tracy · November 14, 2020, 3:14pm

Dead drops, one time pads, and code phrases!

@reC
“The woods are lovely dark and deep,
but I have promises to keep.
And miles to go before I sleep.”

Remember that reC, … miles to go…

Sharon · November 14, 2020, 9:12pm

I strongly believe nothing being can be made “secure”. Nothing - nadda. Five years ago, two men demonstrated how easy it is to hack into a Jeep Cherokee through it’s entertainment system. Sure, maybe it wasn’t encrypted. But 20 years ago, who would have thought we’d have phones pretending to be “Smart”. They aren’t even Clever. But they are a damned good leash, so I don’t ever see any company, save for Purism perhaps, that will offer leash-free communication.

The EU is always 10 - 15 years ahead of North America and Canada when it comes to medicine, freedoms, and pacifying anyone auditing that grey area between security and rights to privacy.

It appears the EU is just trying to pacify both the common end user and the security of the EU nations. To say the ‘backdoor’ would only be accessible by government and perhaps their 3rd parties for whom they are not responsible, is as secure as a Jeep Cherokee.

It is something that history has taught us, that if government can go back on their word, they will. And a backdoor is no different than a room with a key.

I predict a sorry approach by many to take phones ‘underground’. Terrorists would be foolish to use a phone. A pen and paper works better and the stamp pretty well ensures that no one is going to start opening every letter to scan it. That job is left up to Gmail.

Leonard Cohen had it so right with …“the rich have got their channels in the bedrooms of the poor”. He released that in 1988 - and here we are - 32 years alter and living it. All we can do really is complain, and that too is added to our profiles everywhere.

So much for my rant on it…

~s~
p.s. The Word Wide Web is no more. It is becoming more and more, the Country Wide Web.

reC · November 15, 2020, 12:41am

that’s nice > Robert Frost < was it ?

tracy · November 15, 2020, 12:58am

Yes but to be specific, the movie Telefon, where Charles Bronson meets the Forger from The Great Escape.

Sharon · November 15, 2020, 1:21am

I almost clicked to submit my signing the petition, but read their Privacy policy. Too bad, but I was only one vote anyway.

kieran · November 16, 2020, 12:30am

“When you are holding a hammer, everything is a nail.”

In this particular case it would be better if this never became a law - then it wouldn’t need to be removed.

Not really.

You are only really looking at “data in transit” and you are assuming that there is a version of the app that does not have broken E2EE.

You are only really looking at instant messaging apps. Simple question: How are they going to backdoor encrypted email?

There seems to be some debate as to exactly what the EU is trying to do. I would judge them on what they actually do, while assuming the worst.

reC · November 16, 2020, 6:09am

FredWalker · November 16, 2020, 2:16pm

What would Government say if their Citizens or Subjects asked for a backdoor to encrypted Government communications?
No!
This is the correct response to Governments seeking backdoors to Citizens & Subjects communications also; No! Governments always have and always will abuse & misuse Powers designed to provide privacy & protection for Citizens or Subjects.

ajlok · November 16, 2020, 4:28pm

I really, really, really bloody like that thought! Mate, you made my day! That’s it!

Let’s write some letters and ask them exactly that… If they should agree that i’m able to transparently read all of their communications, i’m absolutely happy to share mine…

And… dear governments, i’ve got a lot of dirty but funny clothes to wash… nothing bad, but - i promise - drinking your coffee will be much more interesting. If i’d be you, i’d accept straight away…

FredWalker · November 16, 2020, 8:44pm

I know the answer is, NO! When this is proposed to a Representative or Senator they will look at you like your request is absurd. They seem to think the Citizenry is supposed to trust them. Now that is an absurd position. Stay well & have s Blessed Day.

ajlok · November 16, 2020, 9:15pm

One could almost come to the conclusion that it could make sense to become a politician to go for such problems. Unfortunately as much as different known political systems within different countries one might know work, there’s one thing they all share: If you’re not running with the masses - the masses of right now controlling the boat-masses, your chances to get into positions that could make a difference are that tiny, that they’re almost non-existing. And come to privacy, come to sustainability, come to some other criterias that might make sense for the wider masses, but not necessarily with economics, with the money, with the ones earning the big money, the thought somewhat fades away…

So, let’s write letters suggesting to completely transparently open governmental communications…