zlacker

[parent] [thread] 16 comments
1. andrew+(OP)[view] [source] 2025-08-10 21:19:23
Can someone explain how they could read my e2e Signal chat messages to my wife about what I'm cooking for dinner?

Can someone explain how they could read my e2e Sessions chat message sent via TOR to my wife about what I'm cooking for dinner?

Genuinely curious. Can those that are in power break this encryption?

replies(7): >>ivanje+r >>daniel+v >>rkomor+K >>zbentl+O >>ymir_e+W1 >>layer8+05 >>protoc+47
â—§
2. ivanje+r[view] [source] 2025-08-10 21:21:59
>>andrew+(OP)
Making it illegal to use "non-compliant" e2ee services and prosecuting those who does. Realistically, they couldn't, but could ban such apps in EU stores, making them less popular.

They can break encryption by stealing keys from your device, or by pwning your device, or by introducing backdoor into the chat client for every user.

â—§
3. daniel+v[view] [source] 2025-08-10 21:22:32
>>andrew+(OP)
They can fine apple and google for offering signal in their app stores, until nobody has it installed.

That doesn’t break your comms today - but later, you replace your phone, can you get a current copy of the app?

replies(2): >>layer8+w5 >>andrew+hq3
â—§
4. rkomor+K[view] [source] 2025-08-10 21:24:55
>>andrew+(OP)
The idea isn't to break encryption, it's to have apps implement client-side scanning "pre-encryption".
replies(2): >>stephe+eq >>nicksl+F81
â—§
5. zbentl+O[view] [source] 2025-08-10 21:25:26
>>andrew+(OP)
No, but many political figures have proposed banning the distribution/possession/operation of tools (e.g. Signal, Tor) which can be used to circumvent surveillance.
â—§
6. ymir_e+W1[view] [source] 2025-08-10 21:35:09
>>andrew+(OP)
Definitely wouldn’t break the encryption itself.

I think the way it could work is to send a letter to each of the messaging apps saying that they are now legally required to use the EU’s encryption keys and make the messages available to the EU.

Then they would make it so that the apps that don’t comply are not available in the app stores by pressuring google and apple respectively.

I think this is the reason why for example telegram is not end to end encrypted by default - as some regions require them to be able to access users info.

Software you’re using on your own wouldn’t be effected, but wouldn’t necessarily be legal either.

People who are technically savvy could get around it, but the vast majority of people just assume that their private messages are private.

replies(1): >>coldbl+gd
â—§
7. layer8+05[view] [source] 2025-08-10 22:02:42
>>andrew+(OP)
The proposed regulation is about imposing requirements on service providers, as defined by the Digital Services Act, for messaging and other services, effectively requiring them to implement backdoors in their software.

Purely P2P communication isn’t affected.

◧◩
8. layer8+w5[view] [source] [discussion] 2025-08-10 22:09:18
>>daniel+v
Not quite. It would be illegal for Signal to continue operating in the EU if they don’t implement the required scanning functionality. And Signal has already stated that they’d rather leave the EU.
replies(1): >>accoun+T91
â—§
9. protoc+47[view] [source] 2025-08-10 22:23:42
>>andrew+(OP)
The app that decrypts the message, will have the capability to provide that message, now decrypted, to the government.
◧◩
10. coldbl+gd[view] [source] [discussion] 2025-08-10 23:10:49
>>ymir_e+W1
Telegram is not E2EE because it's easier and faster to sync and transmit messages between millions of people. The scale of Telegram groups and channels is massive. Telegram, for a long time, has not complied with law enforcement requests and has made it hard for authorities to get data because of their architecture. You still have Secret Chats for E2EE messaging as an option.
replies(1): >>palata+LK
◧◩
11. stephe+eq[view] [source] [discussion] 2025-08-11 01:31:56
>>rkomor+K
Yes, what is proposed is breaking the end-to-end security model, not breaking the encryption itself.

Effectively it causes the same loss of security and trust as if they broke the encryption, but it allows them the fig-leaf of pretending that you're still secure because they "haven't broken the encryption".

replies(1): >>rkomor+ZF
◧◩◪
12. rkomor+ZF[view] [source] [discussion] 2025-08-11 05:31:08
>>stephe+eq
I like your wording.

I wasn't expressing an opinion in that comment but I do find the whole concept terrible.

◧◩◪
13. palata+LK[view] [source] [discussion] 2025-08-11 06:32:30
>>coldbl+gd
Not sure what your point is. Telegram is not an example when it comes to privacy. Anyone who has access to the server has access to pretty much everything. Nothing can tell you that governments (or bad actors) are not already reading your Telegram messages.
◧◩
14. nicksl+F81[view] [source] [discussion] 2025-08-11 10:41:33
>>rkomor+K
> The idea isn't to break encryption

That comes later with ProtectEU.

"Technical experts call on Commissioner Virkkunen for a seat on the table of the European Commission’s Technology Roadmap on encryption"

https://edri.org/our-work/technical-experts-call-on-virkkune...

◧◩◪
15. accoun+T91[view] [source] [discussion] 2025-08-11 10:58:06
>>layer8+w5
If the one western nation passes this then it's only a matter of time until the other ones do to. At that point Signal "leaving" means they may as well stop doing business. Companies like to say they won't bend the knee if it gets them support now but in the end they always do.
replies(1): >>daniel+J6j
◧◩
16. andrew+hq3[view] [source] [discussion] 2025-08-12 02:05:00
>>daniel+v
I can download the Signal APK from their site.
◧◩◪◨
17. daniel+J6j[view] [source] [discussion] 2025-08-17 14:31:19
>>accoun+T91
I wouldn't believe a for-profit company claiming it'd stand firm.

Signal is a 501c3 nonprofit. There isn't capital to lose

[go to top]