[tomekn]

This whole debacle reeks of stupidity. The only thing that will happen is that the criminals they are (allegedly) trying to catch will simply move their comms to different channels. What's stopping a sophisticated crime syndicate form simply creating their own app which will have a small enough footprint such that it will fly under the radar?

From the perspective of tech companies, they are being put between a rock and a hard place by simultaneously being asked for more privacy, and also less privacy.

[vidarh]

VPN + using services in a country that doesn't care is enough. This will be a sales point for VPN providers.

[dane-pgp]

How long until the bureaucrats start saying "These unregulated foreign VPNs are a danger to our private data / economy / national security / children"?

I mean, if a jurisdiction is making people's phones spy on them, then it's not much of a stretch to also make those phones not connect to unapproved VPNs, or even to prevent them installing unapproved apps (despite the recent win of the EU supporting sideloading on mobile OSes).

[vidarh]

Unless they try to aggressively regulate the sale, import and manufacture (at this point, many hobbyist level homebrew retrocomputers are powerful enough to run a VPN) of general purpose computer devices or aggressively firewall all of the EU and punish anyone using to obscure encrypted data flows through approved protocols, this will of course only stop the people who actually don't have anything to hide. It'll be trivial to work around for anyone actually up to no good

[dane-pgp]

> It'll be trivial to work around for anyone actually up to no good

I never claimed they were motivated to actually stop these crimes.

If the real ultimate goal is to prevent the spreading of "state secrets" (i.e. journalists exposing government malfeasance), or reduce copyright infringement, or limiting the spread of "disinformation", or banning memes that insult public figures, then the government needn't worry about "hobbyist level homebrew retrocomputers". Most people will continue to use mainstream platforms, and most governments mostly care about controlling most people.

Besides, the next step will be to make ISPs deny service to any machine which doesn't have Secure Boot enabled, and which isn't running an "approved" OS, which checks every executable you run. Suddenly your general purpose computing device isn't very useful any more.

[vidarh]

If the goal is to create an authoritarian dictatorship, then sure, controlling "most people" is usually enough because you can control the press by sending thugs to their offices.

But your "next step" is far beyond what even China does.

It would kill off any ability for software development. I'm all for being vigilant, but these scenarios are not realistic. As for a general purpose computing device being useful, as long as you can send or receive text or sound or images in any format that can be intercepted, you can tunnel arbitrary data. After all, we have a long history of using acoustic coupled modems. No, it's not practical for regular users, but if we get subjected to that kind of authoritarianism, it's worth doing for the sake of it.

[dane-pgp]

> But your "next step" is far beyond what even China does.

And yet online services blocking access to non-SecureBoot devices is already the norm for industries ranging from online gaming[0] to fast food![1]

Add in the fact that Hollywood wants this (for DRM and blocking torrenting apps) and governments like Australia claiming their laws trump the laws of mathematics[2], and you can almost guarantee that this is going to become mandated as soon as enough Windows 10 users update to Windows 11.

> It would kill off any ability for software development.

Software development would have to be sponsored by approved companies, or at the very least you'd need to apply to the government for a "licence to code", with your ID number baked into every app you create. As an interim step, governments may allow devices to access a "legacy" portion of the internet which doesn't require SecureBoot to be enabled, but expect that portion to get smaller and smaller each year.

> as long as you can send or receive text or sound or images in any format that can be intercepted, you can tunnel arbitrary data.

But which app are you going to use to create those sound or image files? I suppose you could create your "illegal" files on an airgapped non-approved device, and transfer them via USB to the approved device, and people could do the reverse process when they receive them, but that's a cat-and-mouse game which 99% of people can't or won't play, and governments will win by mandating cryptographic watermarks in any files created.

[0] https://arstechnica.com/gaming/2021/09/riot-games-anti-cheat...

[1] https://forums.macrumors.com/threads/mcdonalds-app-knows-im-...

[2] https://www.zdnet.com/article/the-laws-of-australia-will-tru...