🇬🇧 EU-Deal on #Chatcontrol: Indiscriminate analysis of all private communications contents becomes law: https://www.patrick-breyer.de/en/chatcontrol-trilogue-agreement-on-indiscriminate-analysis-of-all-private-communications-contents/
@echo_pbreyer Why is there a union jack in the post?
I didn't see anything about this law effecting the UK.
What an awful state of affairs...
Also fairly pointless for child protection. As message can be hidden in plain sight. Ala http://www.zephoria.org/thoughts/archives/2010/08/23/social-steganography-learning-to-hide-in-plain-sight.html
@echo_pbreyer often posts both in German and English (and occasionally in French) and he uses, respectively, emojis of the flag of the federal republic of Germany, the union jack, and the French flag as a proxy for the different languages.
Yes, I know what the usability crowd say about associating state flags with languages and I also know that dozens of languages are spoken in each of those territories, but from a practical point of view it often works.
It's clear they won't stop here, next they'll also scan messages for "terrorist content".
@jcbrand How so? A simple "legal" solution to this approach seems to simply consider everyone who does this kind of hosting a "telecommunication provider" bound by the usual laws, like it happens with other similar laws too. How much demand of paperwork will it take for people to give up on that kind of self-hosting at all...?
@jcbrand Agreed, this works for an XMPP server for a closed user group that doesn't federate with any other system. As soon as you actually want to communicate with other users, your system will become more or less publicly visible. And I think in general, something like the "war on encryption" can, these days, easily be "won" (at least for a majority) by making these tools illegal and persecuting their uses with draconian means - similar to how the music industry dealt with ...
Those tactics were largely ineffectual and didn't stop piracy.
I know because I was there, pirated myself and had lots of friends who pirated.
BTW, you can still use Usenet to pirate to your heart's content with basically no way of getting caught.
Cheap enough streaming services have played a much bigger role in reducing piracy.
@jcbrand Yes, but few people use usenet. These tactics are efficient because they keep out a large majority of people from using these things - people that aren't skilled enough from a technical point of view, people who don't want to risk things by trying it (after all it's still illegal), or people who simply don't know. It will drive these tools out of the mainstream while (in terms of surveillance) leave the vast majority of people without better options.
@jcbrand Yes, that's my very problem, and I see a lot of approaches especially from a legal point of view happening at the moment that are enforcing this digital divide while on the other side at least the tech crowd doesn't do much to compensate for that. Example: Threema and (to some degree) Signal by now seem much better a tool to fight this kind of "surveillance" than XMPP or Matrix because having little or no communication stored on the server reduces the amount of ...
Threema and Signal being centralized means that they can be corrupted and subverted to start collecting data and you won't even know it.
I use Signal, but don't be fooled into thinking that a centralized black box can actually guarantee your privacy and safety.
Oh, and the fact that their code is open source doesn't help because you have no guarantee that the server itself is actually using that code unmodified.
@jcbrand ... data subject to being monitored or handed over. There still is a problem of having a legal entity (company or organisation operating this service) that could be considered a "provider" though. Maybe a real P2P, server-less solution would be the only way to circumvent this at some point for a large crowd of people. But for that we need to not just agree on trying to pursue opennes but also on trying to reduce this digital divide (by embracing the fact that a ...
@jcbrand ... majority of users has no access to technical skills and even if they had, something federated, yet server-bound like Matrix, XMPP or encrypted e-mail always will come with a high hurdle). Then, you would only need something like plausible deniability to keep people out of legal focus.
@jcbrand That's why I am at the moment trying to throw money at solutions like tox or briar while primarily using Threema (yes, I think for operating such infrastructure it needs a company that least doesn't _depend_ upon collecting money by selling user data). I have no real hope for XMPP (again, server-bound, plaintext metadata) or the non-P2P variant of Matrix (servers) here. 😐
If P2P messengers take off, then I'm happy. The more solutions the better.
If you self-host XMPP then you don't have to worry about metadata or that it's "server-bound".
Also, the metadata is about which JIDs communicate with which other JIDs. No personally identifying information is required for XMPP to work.
Not ideal perhaps, but not a huge problem either IMO.
Self-hosting can be as simple as starting a docker instance and setting DNS records.
@jcbrand @z428 @echo_pbreyer
Technically you don't even need e2ee for self-hosted xmpp as long as you don't care about messaging with external accounts (eg family only). Since you own server and hence encryption keys of both legs of communication. You only need to protect then data at rest (eg host it at home).
chaos.social – a Fediverse instance for & by the Chaos community