[codedokode]

It is surprising. Even here, in Russia, we don't have such laws working yet. And I wonder, what Austrian authorities are going to do with foreign platforms like Telegram, which are unlikely to comply? Russian government has been trying to block Telegram using DPI for a year and didn't succeed.

What about Twitter? Reddit?

> In addition, web platforms would be required to appoint a liaison in Austria who would be responsible for making information about platform users available if it becomes necessary. If this person does not ensure that the regulation is followed, he or she could be punished with a fine of up to 100,000 euros.

This will just put foreign platforms, who will ignore the law, into an advantageous position compared to local platforms. Users might switch to foreign platforms that don't require identification.

[coldtea]

>This will just put foreign platforms, who will ignore the law, into an advantageous position compared to local platforms. Users might switch to foreign platforms that don't require identification.

Doesn't really matter, as those things move the Overton window.

Tomorrow, when the US, China, and EU adopt similar laws, there wont be any "foreign services" to use.

[ameister14]

Yeah, the US will never adopt a law like that. Anonymity is extremely protected by the Supreme Court, because the founders wrote and distributed pamphlets anonymously in support of the Revolution.

[coldtea]

>Anonymity is extremely protected by the Supreme Court

And yet the US has all kinds of surveillance apparatus to de-anonymize internet users...

[dsfyu404ed]

And if that apparatus was used to prosecute US citizens for non-major crimes with any frequency it would come under scrutiny very quickly and you'd have politicians jockeying to legislate it out of existence and take credit.

Even if you take the parallel construction angle, no politician except maybe a dinosaur that is super-secure in their position (on the federal level that would be people like Pelosi, Fienstien, etc.) is going to tolerate that because if the other side can prove you knew then you're not going to have a job after the next election.

Obviously we need to remain vigilant but there are existing feedback mechanisms that generally prevent wide spread abuse.

[50656E6973]

Isn't the advantage of parallel construction that it's extremely difficult, often impossible to detect and thus scrutinize?

[dsfyu404ed]

To do parallel construction at scale you'd need to get the information into the hands of law enforcement in a plausibly deniable way. Doing that at scale would either have a predictable pattern (if every agency starts getting "anonymous tips" then questions are going to start getting asked) or would need to involve many people in order to plant the information in a more varied manner. Involving the recipient agencies themselves is not going to happen because two people can only keep a secret if one of them is dead so a cool million is going to be a non-starter.

[Forbo]

Too late, it's already happening: https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intel...

[mindslight]

They are two different philosophies, and thinking about how they'll play off one another is kind of interesting.

The US philosophy is to do passive surveillance and assemble the pieces after the fact, rather than mandating ahead of time requirements. Which means that US-based services will continue to be unhindered by such requirements, appearing "anonymous" to the rest of the world.

As more people globally are turned off by ID requirements, if they're able to flee to US services, then they're actually walking into a more sophisticated passive surveillance flytrap. USG will have ever more surveillance over other countries, without even having to clandestinely place taps.

Close allies will be given access through FVEY and the like, making that relationship even more lopsided. But allies' domestic law enforcement won't be, so they'll still be clamoring for more simplistic mandates requiring ID, further driving the process.

[meowface]

Except the dragnet surveillers pretty much know what they're doing is illegal, or at least in a very gray area. And odds are they generally only try to deanonymize people they consider a significant national security risk (with some abuse exceptions, like LOVEINT).

This is codifying forced attribution for everyone into law.

[api]

There's a big legal difference between the government working to unmask anonymous users and making it illegal to try to be anonymous in the first place. The latter is probably brazenly unconstitutional while the former is at least a constitutional grey area.

[ameister14]

Not American internet users, for the most part. Note that those are at least justified by being connected to foreign actors, and that some of those surveillance apparatus are illegal.

[CamperBob2]

Which at least in principle are supposed to be used only in an accountable fashion under strict judicial supervision.

[pravda]

>Anonymity is extremely protected by the Supreme Court

To clarify, anonymous speech is protected by the First Amendment.

With certain limitations. If someone anonymously offers drugs on the 'dark web', that is not protected, of course.

[kerng]

In the US you have to show your ID much more often compared to other parts of the world. Every bar you enter, or alcohol or drink you buy people ask for identification. This is not the case elsewhere.

So, it wouldn't surprise me, if the current administration would at least attempt such ideas.

[0xffff2]

This is not generally the case in most parts of the US I've lived in either.

More importantly, it's purely a private business asking for your ID in this case, and only as an age check. In the vast majority of cases they don't record or really care about anything except your date of birth. No bar I've ever been to kept any kind of record that would have enabled them to tell the government that I had visited the establishment.

[ultrarunner]

I’m not a lawyer, but Arizona’s age restriction law explicitly requires recording the details via mag stripe. Whether that applies to something not straightforward in the language I don’t know.

Either way, I routinely get comments about where I live, how my hair looks now, my birthday (coincides with a major date in the US). It’s very low level invasion of privacy, but most of the time I don’t want to small talk at the grocery store, I want to finish what I need to and go. N=1 and all that, but I get the point. At least no one under 21 ever drinks here.

[learc83]

They also stop doing it once you look old enough. I grew a full beard at 27 or so, and I haven't been carded for buying alcohol since.

[justtopostthis3]

Amusingly, I grew a full beard at 27 or so and started getting carded all the time!

[walshemj]

I seem to remember that in Europe its not unheard of for police to ask to see "papers please" and fancy that its often the darker citizens that get asked that.

Not that the UK and USA don't have some problems in that area

[returnInfinity]

The ID is for age verification, not Name or any other details.

[ultrarunner]

It doesn’t matter what it’s intended for, it matters what it’s used for.

[walshemj]

Ah yes think of the children the first resort of authoritarians.

[int_19h]

ID verification of age when buying alcohol is practiced by many countries, not just US.

[kdme]

What a scary idea. I want to say that its unlikely to happen but with the political climate right not...

Anybody got an ideas, on what we are supposed to do when that happens

[snaky]

People are very adaptable and will consider all that things new normal. XIX century Americans would consider an income tax in a peacetime grossly inappropriate, creepy and a violation of their dignity after all.

[gph]

And the more or less permanent state of war we find ourselves in could also be considered a new normal we've adapted to that XIX century Americans would find creepy and grossly inappropriate.

[ameister14]

No, the US was at war for essentially the entirety of the 19th century.

[mirimir]

Pretty much, the US has always been at war. I mean, they used to have a War Department, which got renamed Defense Department for PR.

[moate]

As would 19th century Americans

[Silhouette]

Anybody got an ideas, on what we are supposed to do when that happens

Move to the next of the four boxes, though ideally before it happens. We need to advocate for important civil liberties and reasonable limits on the power of the state, but we do also need to then act according to that advocacy ourselves, for example by voting for people who take these issues seriously or funding legal actions to challenge excesses. A lack of public awareness of these issues and the potential implications for normal people's everyday lives is a big part of the problem, and as coldtea suggested above, shifting the Overton window is going to be crucial to improving the situation. It just needs to shift the other way from where a lot of the authoritarians in power today are trying to push it...

[DyslexicAtheist]

> Anybody got an ideas, on what we are supposed to do when that happens

only few things you can do (in that order depending on how bad it escalates), 0) start to learn about prepping and live a more unplugged live 1) flee and take refuge in a place that others call "backward" 2) take up arms and defend yourself

#2 will get you labeled a terrorist (though so was Count Stauffenberg)

[coding123]

Well and more specifically in places like Colorado that would be enough to take away your guns.

[dsfyu404ed]

Who's gonna take them? Remember that couple in Houston that put the hurt on a swat team. It doesn't take many events like that to really dampen the enthusiasm for kicking down doors (especially when you're doing it to simply confiscate property). The cops are subject to the same risk calculations as any other home invaders.

[TeMPOraL]

Cops have higher ceiling of available tools of coercion. You really want every police visit to start with a flashbang through the window?

[gowld]

ATF is a federal agency. No state is protected against military action against gun holders.

[dsfyu404ed]

Due to a sad trilogy of events at the end of last century (specifically Episode 2: Texas BBQ) the ATF of this century mostly conducts stings and information based enforcement (i.e. nabbing people for buying Glock switches online). Were they to go back to kicking down doors of people who are generally considered normal patriotic Americans they would A) be more likely to get shot back at than any other agency (much easier to justify and mentally prepare yourself to shoot back at career snake steppers than your local PD) and B) have some really, really bad optics to contend with.

If you're worried about someone taking your guns be worried about the state police.

[snazz]

Start a “counterculture network” of onion-routed hidden services (not necessarily Tor, but something akin). Some element of steganography would likely be required to prevent government-controlled ISPs from simply dropping encrypted traffic, most likely.

It would be hard and would likely attract only technically-minded individuals to use.

[mirimir]

Better than that, build an anonymity network with both mixing and onion routing, and full padding with chaff. And implement it as drive-by malware, with worm capability. Like WannaCry. It'd be basically a huge botnet. And it would use a covert channel in HD video, which would provide enough bandwidth for text, at least, and maybe images.

That way, participation by servers and clients would be plausibly compulsory. Both because it would evade protection, and because sympathetic admins and users could "accidentally" let it install. And that would provide plausible deniability.

A plausibly deniable user interface would be the hardest part. It'd probably need to self install, and then securely delete itself after use.

[liotier]

> It would be hard and would likely attract only technically-minded individuals

... and police forces: a nice feature of leaving a few gaps that motivated users can use is that the police can focus its limited resources on the those interesting targets.

[coldtea]

Well, the old ideas still work: revolt or submit.

[rifung]

This is going to be an unpopular opinion but I'm hoping someone can explain why I'm wrong.

I actually would really welcome online activities no longer being anonymous.

I feel like a large part of why people on the internet are so terrible to one another is that there's really no accountability because of the anonymity.

This is true in many areas including hate speech or posting illegal/inappropriate material.

I suppose I don't know if I think it should be LAW that requires everyone be deanonymized, but I do wish people on the internet would treat each other closer to the way they do in real life.

[reitanqild]

> I feel like a large part of why people on the internet are so terrible to one another is that there's really no accountability because of the anonymity.

Sounds plausible until you consider that many of the worst comments are written by real people logged in using their real Facebook accounts -

... and some of the best forums online don't demand anything but a username and password like here.

IMO real name policies are way less effective than some people want you to think, and they'll effectively prevent certain minorities from participating in online debates.

[AdrianB1]

"I'm hoping someone can explain why I'm wrong." The answer is in your own words: " I suppose I don't know if I think it should be LAW". I suppose you are right: you don't know. Many people know for sure that they think this is a bad idea to put in place such a law.

[rolph]

"This will just put foreign platforms, who will ignore the law, into an advantageous position compared to local platforms. Users might switch to foreign platforms that don't require identification."

But in the meantime --Your ISP has informed that a foreign social media provider has connected to your account, identify yourself and provide your alias used on said social platform, or [insert consequences here]

[toufiqbarhamov]

It’s common, but disingenuous to talk about the Overton window as though it was some immutable, one-way thermodynamic process. The truth of course is that it goes both ways, that discussion and dissent do exist. History, American and otherwise, is full of examples of overreach that doesn’t lead to the desired result, but the opposite.

[GordonS]

In theory it works both ways - but once politicians and government agencies gain power, they will not lose them easily.

[aasasd]

Telegram already authenticates by the phone number, which setup was successfully used by Russian forces to hijack accounts of opposition.

Amazing how people are completely blind to this gaping misfeature despite infosec experts complaining about it the entire time.

[wyldfire]

> Telegram already authenticates by the phone number, which setup was successfully used by Russian forces to hijack accounts of opposition.

While this is bad, IIRC if it has PFS this means that the phone number rerouting cannot be used to recover messages sent before this intercept. And also IIRC this phone number could only be used to trigger re-keying, which is detectable.

[aasasd]

> IIRC this phone number could only be used to trigger re-keying, which is detectable

Dunno about currently, but afaik at the time this went down nothing was detectable, you just log into a user's account and read the history since e2e conversations aren't the default.

> The default method of authentication that Telegram uses for logins is SMS-based single-factor authentication. All that is needed in order to log into an account and gain access to that user's cloud-based messages is a one-time passcode that is sent via SMS to the user's phone number. These login SMS messages are known to have been intercepted in Iran, Russia and Germany, possibly in coordination with phone companies.

[jpollock]

Russia requires foreign owned services to host data about Russian users inside of Russia. That way the data can be retrieved by the government and used to de-anonymize users. [1]

Data localisation is an up and coming regulatory thing, and more countries are picking it up. [2] Having a handle doesn't make you anonymous.

[1] https://arstechnica.com/tech-policy/2019/01/russia-tries-to-...

[2] https://www.atlanticcouncil.org/blogs/new-atlanticist/india-...

[3] https://en.wikipedia.org/wiki/Data_localization

[codedokode]

Although this requirement has been in effect for 3 years, foreign services ingore it. For example, recently, Facebook was fined for an amount equivalent to about 50 dollars for not providing information about users' data localization and now has 9 more months to solve this problem [1]. In Facebook's case it is easier to pay the fine than transfer the data into Russia.

LinkedIn is blocked under the same law though.

Telegram is officially blocked in Russia (for not providing access to users' messages), but it works without any special setup.

> That way the data can be retrieved by the government and used to de-anonymize users.

That was probably the intention of lawmakers but there is no requirement to keep the data unencrypted.

[1] https://www.apnews.com/5db72dfa04e401ffec784c8a18ce9b7a