Hacker News new | ask | show | jobs
by sputr 262 days ago
> First, Chat Control refers to a proposition in the EU, which has not been accepted at this point. So no, it's not Chat Control.

The EU proposition of Chat Control is the proposition to make it mandatory. Facebook has already been performing it voluntarily (as I've discovered today).

> The problem I see is that you disagree with how Meta handles Messenger, but still use it. Chat Control or not, there is no law preventing Meta from reading your messages for moderation.

Meta isn't just some random company who's decisions don't have wide and far reaching societal effects.

Moderation of private 1v1 chats only make sense in case of harassment - i.e. when one side complains. In all other cases, except with a courts decree based on legitimate suspicion of wrongdoing, it's absurd.

> Yes, and that's a good thing.

For now.
2 comments
true_religion 262 days ago
I don't know about social media companies, but all web forums will 'moderate' 1v1 chats because of spam controls.
link
palata 262 days ago
> Meta isn't just some random company who's decisions don't have wide and far reaching societal effects.

So what? There is no law saying that messages should always be e2ee, period. If you want such a law, you need to convince politicians to think about it. But that is orthogonal to Chat Control.

link
Bender 262 days ago
It is technically impossible for a large platform to implement E2EE without having a way to target one person to bypass it. True E2EE will always have to be a program external to the chat platform that handles keys out of band like OTR.

Legally it will never truly happen. Any platform saying they have E2EE is outright lying. Lavabit was an example of what happens when a large platform makes lawful intercept impossible. People keep telling me that Proton and Signal are E2EE and I will always offer them a tropical island for sale on the dark side of the moon, heavily discounted. Moxie of all people should know better.

link
palata 262 days ago
> It is technically impossible for a large platform to implement E2EE without having a way to target one person to bypass it.

You'd have to explain what you mean here. If you mean that it's impossible to have encryption that is resistant to someone putting a gun on your face and asking for the password, then... well duh.

link
Bender 262 days ago
If someone or something else is managing keys for you, even the javascript in your client, then it can be altered by the server just for you. It's really just that simple. If you are creating and managing key trusts outside of the application then they can not tamper with them or add their own keys.
link
palata 262 days ago
I still don't understand what you are saying. You claim that Signal is not E2EE. Please explain.

Signal is an open source mobile app that I can audit and compile myself. How is it "obviously not E2EE"?

link
Bender 262 days ago
Open source chat and open source AI just mean that the code you are looking at does not have an obvious back door. That has no bearing on run-time use and monkey-patching. As for Signal not being E2EE I already explained. I don't play the contrarian game so you will have to do your own research.
link