[rrrix1]

Anyone who is not explicitly privy to a fully bespoke, end to end encrypted data transmission and retrieval system has no way to determine the function or purpose of that system.

It could be text, audio, video, raw signal bitstream from an IoT sensor, or a full duplex async combination of anyone of those.

It wouldn't be a "chat service" to an outside observer, it would just be seemingly random, opaque bits between two endpoints.

[DEADMINCE]

If the traffic can't be identified and it isn't a known endpoint, then that's already suspicious.

[billywhizz]

well, for example, you could roll your own secure messaging over WebRTC data channels using Web Crypto. There won't be anything unusual looking about the traffic as it will all be wrapped up inside DTLS/SRTP which is the transport for WebRTC. so, it's encrypted twice and would look perfectly normal to any outside observer. there's no way to tell what is happening in the messaging layer WebRTC "encapsulates".

At end of day, if someone wants to do this, there is no way, afaik, it can be detected. so, all these laws won't really help combating serious criminals who have some savvy.

[DEADMINCE]

The way to do it would be to outlaw any protocol that can encapsulate to a point that off the shelf DPI can't read it.