I've been wondering how Chat Control's proponents settled on such a comically villainous name for their project. They didn't even bother being Orwellian. Skeletor could have have come up with "Chat Control"
The name was coined by a former MEP Patrick Breyer, one of the most important opponent of the law. EU's other proposal for mandating backdoors into devices is however from a group officially called "EU Going Dark" tho (you thought Chat Control was the only thing coming?).
It’s the critics who named it Chat Control. The official name is Regulation to Prevent and Combat Child Sexual Abuse (Child Sexual Abuse Regulation, or CSAR). Let’s hope there will be enough Brutuses.
The next official name will be to prevent and combat terrorism, then the next proposal after that will be to prevent and combat child sexual abuse again, then the one after that will be to prevent and combat terrorism, then the one after that will be to prevent and combat child sexual abuse again..... and well you get the gist of that.
If terrorism is defined as using violence or threats to intimidate a population for political or ideological ends, then “Chat Control” qualifies in substance.
Violence doesn’t have to leave blood. Psychological and coercive violence is recognised in domestic law (see coercive control offences) and by the WHO. It causes measurable harm to bodies and minds.
The aim is intimidation. The whole purpose is to make people too scared to speak freely. That is intimidation of a population, by design.
It is ideological. The ideology is mass control - keeping people compliant by stripping them of private spaces to think, talk, and dissent.
The only reason it’s not “terrorism” on paper is because states write definitions that exempt themselves. But in plain terms, the act is indistinguishable in effect from terrorism: deliberate fear, coercion, and the destruction of free will.
You can argue legality if you like, but the substance matches the textbook definition.
The actual proposal is named (the predictably bland) "Regulation to Prevent and Combat Child Sexual Abuse". It's critics who like to call it "Chat Control", and I don't think we want to be arresting them over that.
That's nothing new. See: “Law on the Restoration of the Professional Civil Service” (1933, Nazi Germany) - bland wording, but it was the law that purged Jews and political opponents from public life. But it is actually on brand - terrorist organisations use do-gooding labels in order to draw support while pushing coercion.
quotemstr's thought was proponents call it "Chat Control" and that meant even all proponents were being blatant they feel it's a ridiculously villinious law. That's very different than thinking proponents call it something bland but really understanding the content says another that opponents give it a bad name for.
The state is the single moat prolific user of violence by far. If it wants to claim violence is wrong, its first step needs to be to dismantle itself.
Of course, violence is not always wrong. Violence is a tool, whether it's good or bad depends against whom you use it.
One man's terrorist of another man's freedom fighter.
The people in positions of power (both politicians and owners of large tech companies) have been waging a global war on violence and Chat Control is just one part of it.
Exactly - the state is the main user of violence, which is why it hides its violence in bland packaging. Call it ‘security’, ‘safety’, or ‘child protection’, but the effect is the same: coercion by fear.
‘One man’s terrorist is another man’s freedom fighter’ misses the point here: the methods define terrorism, not the branding. When the state uses psychological violence to intimidate citizens into silence, it is engaging in the very thing it condemns. Chat Control is just the polished, bureaucratic face of terror.
> ‘One man’s terrorist is another man’s freedom fighter’ misses the point
It's meant to express that our "democratic" governments use the same tools as dictatorships. For example, every time somebody in a position of power (not even just politicians) gets shot, other people in power say "ViOlEnCe DoEsN't BeLoNg In PoLiTiCs". Completely forgetting how many of today's democracies were created by widespread acts of violence against previous oppressive governments.
In fact, many countries celebrate their revolutions and their assassinations of dictators. So violence clearly does belong in politics, under some conditions. But instead of openly talking about those conditions, they are trying to brainwash the populace into docility.
---
(Tangent:
For example, reasonable people today agree today that by the end of the war, Hitler deserved to die, whether by assassination, execution, or suicide. But he was just a politician. In 1933, his party got 40%, he was a popular politician. So when was the line crossed from "violence does not belong in politics" to "Hitler is a dictator and mass murderer and must be shot"?
The reality is that once a person becomes dictator he immediately increases his own protection and surrounds himself with people just as bad or worse than him. So it's not just more difficult to kill him, it's also less practical. Reasonably people today say that Putin deserves to die but should not be killed because he purposefully made sure anybody in the line of succession would be even worse than him.)
---
Back on track, it's my belief that a government which is truly dedicated to remaining democratic and making sure the power comes from the people would make sure that the population is armed to a sufficient level that if a hostile takeover from within happened, the population would be able to successfully revolt and restore democracy.
And this is more true today than ever. Abusive governments used to have to employ people to spy on other people. They needed a certain ratio of sympathizers or the system would fall apart. Now much of it can be automated. The ratio of sympathizers a dictator needs is much lower than it used to be and potentially violent revolt can be detected much earlier and each invasion of privacy like Chat Control moves the needle towards resistance being harder and harder.
So those who believe violence does not belong in politics today should be very well aware than it might be necessary against the government tomorrow but it'll be impossible if nobody has guns and privacy to organize with other people who to use those guns. And yes, the price is some terrorist attacks. I am OK with that.
The level of surveillance which would stop a pressure cooker bomb at a public event or a lone gunman or a car ramming attack is completely unacceptable to me.
In fact, you will notice that most recent terrorist attacks would not be stopped by Chat Control. What would be stopped is organized resistance. That's a feature, not a bug.
For some more recent crimes against society and humanity, I'd also compare it to Stasi. Plenty of people alive today who lived with that.
Around 1 in 30 people was secretly telling on their neighbors. After unification, it was presented as a dark chapter in German history that had finally come to an end. People would get to look into their own "file" to see what and how much had been written about their daily activities. I was a bit young at the time, but I do remember frequent discussions on TV about how to move on from this, and how to make sure it doesn't happen again.
And now we're talking about reading everyone's private messages on a scale that would be the Stasi's wet dream.
I wonder - if the Stasi had been presented as a legitimate way to fight CSAM - would that have been okay?
Stasi works better if this is a purely German question, but this is an international issue. Gestapoware is way more obvious than Stasiware for people outside Germany, while both surely resonate inside the country.
Stasiware is more appropriate. Stasi (Staatssicherheit) was the administration in charge of spying each citizen of east Germany. It runs until 1989. So more people remember the opening of the archives in the 1990ies.
Besides that this is likely a criminal offense in Germany[1] we tried it 16 years ago with "Zensursula" and you can see how that turned out.
[1] §86a StGB "Use of symbols of unconstitutional organizations" applies also to words, not just symbols in the strict sense. It is also enforced in broad coarse strokes for example on the usage of the swastika inside a red prohibition circle (the one with a diagonal bar).
EDIT: Looking back at my comment, I realize it might come across as too negative. If you think shaming politicians is the right way to protest this, go for it.
I just believe convincing politicians that the spirit they summon may easily slip from their control and turn against them is a more likely successful angle.
No one should remove from us the right to privacy in chat rooms. Otherwise, PGP might become cool again, or I bet that there will be new ways to chat without mass surveillance.
How would PGP help in the long run? If client side scanning is mandated for everything then the natural place for it to wind up is in the OS. Once your OS is scanning all the things, your privacy is finished - pretty good or otherwise.
In fact, proprietary OSes already phone home so often it's just mind blowing. On the mobile camp, only GrapheneOS and niche Linux distributions like SailfishOS are quiet if you inspect network traffic. The tools for client-side scanning are there, it's quite easy to implement total control.
In that case you could an Arduino, Raspberry Pi, or similar to write and convert the message. The converted msg can then be sent over USB, wifi, etc to the computer
Right, and then Chat Control looks at the encrypted text and goes "oh huh this looks encrypted and suspicious, let's put this user on a list for closer inspection" or eventually just refuses to let you send the message at all. Steganography is hard and it will be very difficult to hide that you're sending encrypted messages.
But how do we then protect our messages to less tech savvy people? Encryption must be effortless and usable by the masses, or it will be almost pointless.
> If client side scanning is mandated for everything then the natural place for it to wind up is in the OS. Once your OS is scanning all the things, your privacy is finished - pretty good or otherwise.
An air gap can solve that problem:
1. Create an illegal message on a machine with no internet.
2. Encrypt the message.
3. Copy the encrypted message over to a machine that does have internet.
PGP will never ever see mass adoption. It's too complicated and nothing will fix that. If chat control succeeds, a handful of nerds might be able to protect their comms, but mass encryption as we have it today will be dead. I like how nobody can read my chats with my mom or my landlord and would prefer it stays that way. The average user simply does not care enough to jump through a single additional hoop.
"or I bet that there will be new ways to chat without mass surveillance."
In a way I am fatalistic about it now/see the good in the bad. If this really comes one day, it will be a great push for decentraliced anonymous communication networks again.
People need convenient access to PGP. If their App Store removes all PGP apps then they might have to upload their privatekey to a PWA. And then no one's any better off.
If the everyman is forced to choose between being surveilled or using PGP, I reckon I know what he'd choose regardless.
Nobody ever talks about S/MIME, but it's the corporate version of PGP/GPG for mail. Apple made it dead easy to use S/MIME encryption. Most vendors do, because it's still a requirement for some government purchasing (DoD is moving away from it). I was honestly and pleasantly surprised how easy it was to use S/MIME with the built-in mail programs on macOS and iOS/iPadOS, and I'm a bit surprised that Apple didn't just automate an S/MIME key for every iCloud mail user.
Does Proton allow you to use any email client? Last I checked IMAP and SMTP is disabled and you're captive in their webmail or official client unless you pay for their bridge software.
The CDU is legendary known for its umpteenth attempt to introduce illegal data retention (condemned by Germany's highest court).
The SPD - which is also part of the ruling coalition - is a flag in the wind as it has proven since coming to power. They will do anything to stay in power.
Deep down, Client Side Scanning that's what both want.
That is not correct. There is quite some opposition to this BS within the party. Just look at the SPD associated net policy think tank D64, we absolutely oppose this kind of legislative turd.
> Deep down, Client Side Scanning that's what both want.
Let's be absolutely real the CDU wants complete government access to all private communications on demand with essentially endless retention. They just aren't allowed yet.
Funny thing is, the last few times some guy attacked people, a few days later we could read or hear in the news updates that that person had already been known to be violent, and quite a few times we also learned that they were supposed to have been deported.
Information does not seem to be the bottleneck at all! (Too) Many times, when we read about the person responsible for some sudden attack, everything needed to prevent that attack had already been known well before the attack. It's just that the authorities didn't do anything.
Sure, one may say there are too many people fitting the criteria and we cannot do anything with so many potential suspects, most of whom have not actually done anything. But more information won't help in these many cases at all.
Examples (German) - all reputable sources, mostly local public broadcasting (ARD) and one law publisher:
Don't fall for the meme that this is to protect "the people". There's a literally 1984 Quote about it:
> "The Party seeks power entirely for its own sake. We are not interested in the good of others; we are interested solely in power. Not wealth or luxury or long life or happiness: only power, pure power"
They have the crosshairs on preparing the government and law for the AfD take over for the second trial of 1933. Just like the useless Bundestag of Weimar, they would like to leave as many mines and holes in the democratic institutions so their true self can show how perfect a racist government feels.
CDU doesn't need to secretly work with AfD. Many of CDU's members and its current administration have similar opinion of non-ethnically-Germanic residents with AfD. Merz has shown that he is willing to work with AfD before the election on those areas.
Being incompetent and shortsighted is enough. Being blinded with the idea that Germans will keep electing them and choosing them for power feeds their incompetence. They want extreme powers now. They don't think the extreme powers they give to the various organizations will be used against democratic society. This is just the repeat of Weimar republic.
Meanwhile they are filling Germans with hate against minorities and benefactors of the social system which legitimizes AfD. They also keep doing nothing (which is their core-competence really). They fix no parts of the broken system. This legitimizes AfD even more.
"For Signal, Chat Control is also an existential threat."
Perhaps it would not be if users could write their own clients and run their oown servers
Perhaps the commercial third party intermediary model of "private" and "secure" communication over the internet (cf. the free, open source, peer-to-peer model) is fundamentally-flawed. This is the model where a third party like Meta or Signal controls the software and requires connections be made to its servers in order to communicate over the internet. It is not an internet service provider, it's just a middleman trying to attract internet subscribers to use its software and connect to its remote servers
Perhaps this proposed legislation is simply leveraging that fundamental flaw
Acording to the latest draft I have seen, "Chat Control" does not attempt to regulate peer-to-peer communication, it does aim to stop internet subscribers from encrypting messages and sending them across the internet. It aims to regulate third party intermediaries providing "messaging services" to the public
The proposed legislation leverages the "centralisation" or "intermediation" of "private" messaging (the opposite of peer-to-peer) in Silicon Valley companies
How does this fit with Apple's pushback against the UK government's encryption backdoor efforts against them? Why aren't Apple also pushing back against this EU initiative?
Apple briefly proposed something similar but then reversed course pretty quickly and has unequivocally stated that it was a poorly thought out idea when they proposed it.
I'd have to assume that Apple and WhatsApp are taking a more behind the scenes approach on this and that they too would leave the EU if it came to it. Both of their messenger brands are so fundamentally tied to E2EE that its hard to imagine them thinking its worth it to stay and break their encryption.
> Under the guise of protecting children, the latest Chat Control proposals would require mass scanning of every message, photo, and video on a person’s device, assessing these via a government-mandated database or AI model to determine whether they are permissible content or not.
This is pretty terrifying, although not unexpected. Given Germany's aggressive crackdown on speech I wouldn't feel too optimistic. If the BKA is going to launch criminal investigations for calling overweight politicians fat, they're probably not going to protect any rights to private conversation.
The lack of free speech laws in Europe is becoming a serious issue
I don't think those issues are necessarily interconnected. If I have understood it correctly, many Germans view both hateful propaganda and surveillance as tools of dictators.
Surveillance of private communications obviously has a chilling effect on free speech as well, but freedom from surveillance does not imply a freedom to openly spread hate speech in public.
Platforms like Signal don't really allow one to spread something "in public" since it's mostly 1-on-1 or small group chat. I know similar products like Telegram do have wider-range features though. Moreover, the concept of "hate speech" is fuzzy in a way that's easy to abuse.
At the end of the day, if someone makes a racist joke with their friend in a one-on-one chat app I would say that's neither hate speech, nor the public distribution of said speech, but I don't think Chat Control makes this distinction.
German speaking here: People here in Germany do not want to think about just how bad our constitution really is designed. We only get free speech lte, There's no fruit of the poisonous tree doctrine leading to constant prosecutorial overreach and illegal searches[0] that are later ruled illegal but with on effect and our public prosecutors are so much lacking in independence that they aren't allowed to issue european arrest warrants [1]. But I've heard people tell me with complete conviction how great our constitution is. I can't even bother arguing about it anymore.
It's definitely not an EU only thing. China, Russia and such have been doing this for years. There have been attempts to introduce it in US (EARN IT Act) as well, and the current regime there might very well end up doing that. Australia has also been pretty authoritarian what it comes to this kind of things.
I don't understand your response and the downvotes. I'm saying Chat Control will spread to other countries. I'm aware of attempts from other countries. Add France and Sweden to your list.
Here on orange reddit you always get downvotes if you say anything but praises about candy colored EU paradise. What you should do is to say the illuminated MPs are being misled in their incessant quest for good.
It's great that signal / open whisper engage in the political situation and the pressure on these states.
We also need to be sure that signal / open whisper / matrix / telegram / everybody continues to make end-to-end encryption available regardless of what politicians say.
Math is bigger than human affairs. There is no shame in breaking laws that prohibit math.
Yeah, I see this argument all over HN. And in a sense it's true that the affront here isn't against math per se, but against general purpose computing.
But ultimately, the right to general purpose computing (ie, the right to run a program that doesn't snitch the plaintext) is the same as the right to engage in the underlying mathematics.
I think it's a distinction without a meaningful difference.
I have always used the word "plaintext" to mean content that has not been subject to encryption or hashing, whether it is text, arbitrary bytes (including multimedia formats), or even abstract ideas which can be somehow subject to a cipher.
But these terms are certainly used different in different situations by different people. But yeah, images and/or video can still be "the plaintext" in the parlance to which I'm accustomed.
I'm sorry to pick non-technical details, but this PDF is typeset on „Letter” paper, which is immediately noticeable (different aspect ratio). Normally it's on „yeah, whatever” level, but since this paper (sic) aims to influence European policy, now this detail is actually important.
This whole piece reeks „I'm an 1) outsider that 2) couldn't be bothered to get to know local culture so 3) probably has no stake in the affair” and as such is liable to get dismissed after only cursory glance. We know every single enumerated point above is false, but it doesn't matter. That every single word written on the page is right nd warranted, doesn't matter. @Meredith and anyone else writing papers aimed at EU, would you kindly please switch to A4 before exporting the PDF.
No, not only Germany should stand firmly against this bullshit Brussels tries to push but ALL member states should be. Especially the former soviet republics and other countries of the Eastern Bloc which during communistic times ran censorship offices and security services against their citizens.
Ideas like this shows that there's a power within EU structures that works against us, the citizens.
this is an objectively funny headline with how it so nimbly jumps from political to technical, “we must stand in a united front against client-side (software feature)” lol
Info: https://netzpolitik.org/2025/eu-ueberwachungsplaene-die-chat...
"Wichtige Stimmen wie Amnesty International, Reporter ohne Grenzen und der Chaos Computer Club appellieren eindringlich an die Bundesregierung, die Chatkontrolle zu verhindern. Sie warnen vor einem Angriff auf die Pressefreiheit, einem IT-Sicherheitsalptraum und einer Gefahr für die Demokratie."
ich wende mich heute an Sie, um meine große Sorge über die geplante Einführung der sogenannten „Chatkontrolle“ auszudrücken.
Die flächendeckende Überwachung privater Kommunikation stellt einen massiven Eingriff in unsere Grundrechte dar. Sie gefährdet die Privatsphäre aller Bürgerinnen und Bürger und untergräbt zentrale Prinzipien eines demokratischen Rechtsstaates. Der Schutz der Vertraulichkeit von Kommunikation ist ein unverzichtbarer Bestandteil unserer freiheitlichen Gesellschaft.
Zudem zeigen zahlreiche Expertinnen und Experten auf, dass das flächendeckende Scannen privater Nachrichten zur Bekämpfung von Kindesmissbrauchsdarstellungen nicht wirksam ist. Stattdessen schwächt eine solche Maßnahme die Sicherheit digitaler Kommunikation insgesamt und schafft gefährliche Überwachungsinfrastrukturen, die leicht missbraucht werden können.
Ich bitte Sie daher eindringlich, sich bei der entsprechenden Abstimmung klar gegen die Einführung der Chatkontrolle auszusprechen und sich für den Schutz der Bürgerrechte und der Privatsphäre einzusetzen.
How would chat control even work, with federated and decentralized networks? This is the reason you should not use signal. Moxie wants everyone to be in a closed loop, tightly controlled by his decisions. Matrix ftw!
Yes, because criminals and pedophiles care deeply about following laws. They would never even think of using a piece of software if it was illegal, right?
You're welcome to run any algorithm you want with paper and pencil, but you might not be able to run them on your devices that are allowed to talk to cellular networks.
Communications that look encrypted can also be straightforwardly flagged and logged for a closer look, perhaps keeping a closer watch on any cleartext messages, metadata that invariably leaks, etc
don't forget that you're dealing with the state so "we'll kidnap and/or murder you" is a legitimate option as a response to undesired behavior. at least, they think it's legitimate, and they think that thinking otherwise is undesirable behavior, which leads to a bit of a catch 182...
I wonder if we can make a chat app that doesn't use encryption but hides your messages inside random words. The solution should be saved locally on your device.
There isn't a technology solution for this. The solution is to realize the value Switzerland lost with Proton moving out of Switzerland, and what Germany could lose if Wire had to make a similar decision regarding their home in Germany. There's considerable value to having real effective security. These nations stand to lose that value.
Signal is doing phenomenal work here. They could've sold out long ago. I highly encourage anyone to donate whatever they can.
I've been wondering how Chat Control's proponents settled on such a comically villainous name for their project. They didn't even bother being Orwellian. Skeletor could have have come up with "Chat Control"
The name was coined by a former MEP Patrick Breyer, one of the most important opponent of the law. EU's other proposal for mandating backdoors into devices is however from a group officially called "EU Going Dark" tho (you thought Chat Control was the only thing coming?).
https://netzpolitik.org/2024/going-dark-eu-states-push-for-a...
That makes more sense
It’s the critics who named it Chat Control. The official name is Regulation to Prevent and Combat Child Sexual Abuse (Child Sexual Abuse Regulation, or CSAR). Let’s hope there will be enough Brutuses.
https://en.wikipedia.org/wiki/Think_of_the_children
The next official name will be to prevent and combat terrorism, then the next proposal after that will be to prevent and combat child sexual abuse again, then the one after that will be to prevent and combat terrorism, then the one after that will be to prevent and combat child sexual abuse again..... and well you get the gist of that.
If terrorism is defined as using violence or threats to intimidate a population for political or ideological ends, then “Chat Control” qualifies in substance.
Violence doesn’t have to leave blood. Psychological and coercive violence is recognised in domestic law (see coercive control offences) and by the WHO. It causes measurable harm to bodies and minds.
The aim is intimidation. The whole purpose is to make people too scared to speak freely. That is intimidation of a population, by design.
It is ideological. The ideology is mass control - keeping people compliant by stripping them of private spaces to think, talk, and dissent.
The only reason it’s not “terrorism” on paper is because states write definitions that exempt themselves. But in plain terms, the act is indistinguishable in effect from terrorism: deliberate fear, coercion, and the destruction of free will.
You can argue legality if you like, but the substance matches the textbook definition.
These people should be arrested.
The actual proposal is named (the predictably bland) "Regulation to Prevent and Combat Child Sexual Abuse". It's critics who like to call it "Chat Control", and I don't think we want to be arresting them over that.
That's nothing new. See: “Law on the Restoration of the Professional Civil Service” (1933, Nazi Germany) - bland wording, but it was the law that purged Jews and political opponents from public life. But it is actually on brand - terrorist organisations use do-gooding labels in order to draw support while pushing coercion.
quotemstr's thought was proponents call it "Chat Control" and that meant even all proponents were being blatant they feel it's a ridiculously villinious law. That's very different than thinking proponents call it something bland but really understanding the content says another that opponents give it a bad name for.
The state is the single moat prolific user of violence by far. If it wants to claim violence is wrong, its first step needs to be to dismantle itself.
Of course, violence is not always wrong. Violence is a tool, whether it's good or bad depends against whom you use it.
One man's terrorist of another man's freedom fighter.
The people in positions of power (both politicians and owners of large tech companies) have been waging a global war on violence and Chat Control is just one part of it.
Exactly - the state is the main user of violence, which is why it hides its violence in bland packaging. Call it ‘security’, ‘safety’, or ‘child protection’, but the effect is the same: coercion by fear.
‘One man’s terrorist is another man’s freedom fighter’ misses the point here: the methods define terrorism, not the branding. When the state uses psychological violence to intimidate citizens into silence, it is engaging in the very thing it condemns. Chat Control is just the polished, bureaucratic face of terror.
> ‘One man’s terrorist is another man’s freedom fighter’ misses the point
It's meant to express that our "democratic" governments use the same tools as dictatorships. For example, every time somebody in a position of power (not even just politicians) gets shot, other people in power say "ViOlEnCe DoEsN't BeLoNg In PoLiTiCs". Completely forgetting how many of today's democracies were created by widespread acts of violence against previous oppressive governments.
In fact, many countries celebrate their revolutions and their assassinations of dictators. So violence clearly does belong in politics, under some conditions. But instead of openly talking about those conditions, they are trying to brainwash the populace into docility.
---
(Tangent:
For example, reasonable people today agree today that by the end of the war, Hitler deserved to die, whether by assassination, execution, or suicide. But he was just a politician. In 1933, his party got 40%, he was a popular politician. So when was the line crossed from "violence does not belong in politics" to "Hitler is a dictator and mass murderer and must be shot"?
The reality is that once a person becomes dictator he immediately increases his own protection and surrounds himself with people just as bad or worse than him. So it's not just more difficult to kill him, it's also less practical. Reasonably people today say that Putin deserves to die but should not be killed because he purposefully made sure anybody in the line of succession would be even worse than him.)
---
Back on track, it's my belief that a government which is truly dedicated to remaining democratic and making sure the power comes from the people would make sure that the population is armed to a sufficient level that if a hostile takeover from within happened, the population would be able to successfully revolt and restore democracy.
And this is more true today than ever. Abusive governments used to have to employ people to spy on other people. They needed a certain ratio of sympathizers or the system would fall apart. Now much of it can be automated. The ratio of sympathizers a dictator needs is much lower than it used to be and potentially violent revolt can be detected much earlier and each invasion of privacy like Chat Control moves the needle towards resistance being harder and harder.
So those who believe violence does not belong in politics today should be very well aware than it might be necessary against the government tomorrow but it'll be impossible if nobody has guns and privacy to organize with other people who to use those guns. And yes, the price is some terrorist attacks. I am OK with that.
The level of surveillance which would stop a pressure cooker bomb at a public event or a lone gunman or a car ramming attack is completely unacceptable to me.
In fact, you will notice that most recent terrorist attacks would not be stopped by Chat Control. What would be stopped is organized resistance. That's a feature, not a bug.
A beautifully written message. Thank you to Meredith Whittaker and the Signal team for this.
I think a good way to shame politicians that push this type of erosion of civil liberties is to label it at gestapoware.
For some more recent crimes against society and humanity, I'd also compare it to Stasi. Plenty of people alive today who lived with that.
Around 1 in 30 people was secretly telling on their neighbors. After unification, it was presented as a dark chapter in German history that had finally come to an end. People would get to look into their own "file" to see what and how much had been written about their daily activities. I was a bit young at the time, but I do remember frequent discussions on TV about how to move on from this, and how to make sure it doesn't happen again.
And now we're talking about reading everyone's private messages on a scale that would be the Stasi's wet dream.
I wonder - if the Stasi had been presented as a legitimate way to fight CSAM - would that have been okay?
The Stasi while more recent and more correct a name to use here are still something not everyone knows about to the same extent as the gestapo.
In Germany they certainly do.
indeed. Gestapo is "a long time ago", Stasi is something half the country at least knows people personally affected by.
Stasi works better if this is a purely German question, but this is an international issue. Gestapoware is way more obvious than Stasiware for people outside Germany, while both surely resonate inside the country.
They did say these protesting on the street are outlaws who also rape and kill the little children.
Unsurprisingly the Stasi and Gestapo types always say things like that.
The trouble is that the Stasi are not seen in as negative of a light as the Gestapo.
In Germany?
I'm not German but the German people I do know don't see them positively. But could be selection bias
Only some rare soviet nostalgy people will see them as something positive. But there are indeed not considered as bad as Gestapo and I tend to agree.
Stasiware is more appropriate. Stasi (Staatssicherheit) was the administration in charge of spying each citizen of east Germany. It runs until 1989. So more people remember the opening of the archives in the 1990ies.
Stasiware. I like that.
Besides that this is likely a criminal offense in Germany[1] we tried it 16 years ago with "Zensursula" and you can see how that turned out.
[1] §86a StGB "Use of symbols of unconstitutional organizations" applies also to words, not just symbols in the strict sense. It is also enforced in broad coarse strokes for example on the usage of the swastika inside a red prohibition circle (the one with a diagonal bar).
EDIT: Looking back at my comment, I realize it might come across as too negative. If you think shaming politicians is the right way to protest this, go for it.
I just believe convincing politicians that the spirit they summon may easily slip from their control and turn against them is a more likely successful angle.
This or §90a ... anyway, better keep your bathrobe in reach in case they come visit you at dawn.
No one should remove from us the right to privacy in chat rooms. Otherwise, PGP might become cool again, or I bet that there will be new ways to chat without mass surveillance.
How would PGP help in the long run? If client side scanning is mandated for everything then the natural place for it to wind up is in the OS. Once your OS is scanning all the things, your privacy is finished - pretty good or otherwise.
You can run the forbidden Linux software on legacy hardware.
Of course, all new hardware will have hardcoded firmware scanning the DRM’d keyboard controller.
In fact, proprietary OSes already phone home so often it's just mind blowing. On the mobile camp, only GrapheneOS and niche Linux distributions like SailfishOS are quiet if you inspect network traffic. The tools for client-side scanning are there, it's quite easy to implement total control.
Microsoft has been pushing Recall for a while now. Clearly they will make it a cornerstone feature, potentially without the ability to opt out.
In that case you could an Arduino, Raspberry Pi, or similar to write and convert the message. The converted msg can then be sent over USB, wifi, etc to the computer
Right, and then Chat Control looks at the encrypted text and goes "oh huh this looks encrypted and suspicious, let's put this user on a list for closer inspection" or eventually just refuses to let you send the message at all. Steganography is hard and it will be very difficult to hide that you're sending encrypted messages.
But how do we then protect our messages to less tech savvy people? Encryption must be effortless and usable by the masses, or it will be almost pointless.
> If client side scanning is mandated for everything then the natural place for it to wind up is in the OS. Once your OS is scanning all the things, your privacy is finished - pretty good or otherwise.
An air gap can solve that problem:
1. Create an illegal message on a machine with no internet.
2. Encrypt the message.
3. Copy the encrypted message over to a machine that does have internet.
4. Send it.
Tinfoil Chat does that (and more).
https://github.com/maqp/tfc
PGP will never ever see mass adoption. It's too complicated and nothing will fix that. If chat control succeeds, a handful of nerds might be able to protect their comms, but mass encryption as we have it today will be dead. I like how nobody can read my chats with my mom or my landlord and would prefer it stays that way. The average user simply does not care enough to jump through a single additional hoop.
"or I bet that there will be new ways to chat without mass surveillance."
In a way I am fatalistic about it now/see the good in the bad. If this really comes one day, it will be a great push for decentraliced anonymous communication networks again.
> Otherwise, PGP might become cool
People need convenient access to PGP. If their App Store removes all PGP apps then they might have to upload their privatekey to a PWA. And then no one's any better off.
If the everyman is forced to choose between being surveilled or using PGP, I reckon I know what he'd choose regardless.
There's no reason email clients can't make PGP keys easy, proton actually makes it quite easy to add a PGP key for an email address.
Nobody ever talks about S/MIME, but it's the corporate version of PGP/GPG for mail. Apple made it dead easy to use S/MIME encryption. Most vendors do, because it's still a requirement for some government purchasing (DoD is moving away from it). I was honestly and pleasantly surprised how easy it was to use S/MIME with the built-in mail programs on macOS and iOS/iPadOS, and I'm a bit surprised that Apple didn't just automate an S/MIME key for every iCloud mail user.
What's the new standard that the DoD requires for secure communication with contractors?
Does Proton allow you to use any email client? Last I checked IMAP and SMTP is disabled and you're captive in their webmail or official client unless you pay for their bridge software.
Which makes this post ironic https://proton.me/blog/what-is-an-email-client
I use Thunderbird to access my Proton Mail. They have an app called Proton Mail Bridge that allows you to access it via IMAP or SMTP.
https://proton.me/mail/bridge
Edit: Missed the paid part in you message. Yeah, I have a paid account.
And what's stopping the government from forcing proton to hand over private keys or else?
There's no reason Chat Control can't mandate scanning in email apps, either.
https://autocrypt.org
I wouldn't expect much from this government.
The CDU is legendary known for its umpteenth attempt to introduce illegal data retention (condemned by Germany's highest court).
The SPD - which is also part of the ruling coalition - is a flag in the wind as it has proven since coming to power. They will do anything to stay in power.
Deep down, Client Side Scanning that's what both want.
Take a guess from which political party is Zensursula.
SPD has been firmly pro surveillance since Schily
That is not correct. There is quite some opposition to this BS within the party. Just look at the SPD associated net policy think tank D64, we absolutely oppose this kind of legislative turd.
> Deep down, Client Side Scanning that's what both want.
Let's be absolutely real the CDU wants complete government access to all private communications on demand with essentially endless retention. They just aren't allowed yet.
Funny thing is, the last few times some guy attacked people, a few days later we could read or hear in the news updates that that person had already been known to be violent, and quite a few times we also learned that they were supposed to have been deported.
Information does not seem to be the bottleneck at all! (Too) Many times, when we read about the person responsible for some sudden attack, everything needed to prevent that attack had already been known well before the attack. It's just that the authorities didn't do anything.
Sure, one may say there are too many people fitting the criteria and we cannot do anything with so many potential suspects, most of whom have not actually done anything. But more information won't help in these many cases at all.
Examples (German) - all reputable sources, mostly local public broadcasting (ARD) and one law publisher:
https://www.tagesschau.de/inland/festnahme-solingen-syrer-10...
https://www.swr.de/swraktuell/baden-wuerttemberg/faq-syrisch...
https://rsw.beck.de/aktuell/daily/meldung/detail/messerangri...
https://www.ndr.de/nachrichten/niedersachsen/braunschweig_ha...
https://www.ndr.de/nachrichten/mecklenburg-vorpommern/Tatver... (2nd to last paragraph, he had attacked people the month before already)
Don't fall for the meme that this is to protect "the people". There's a literally 1984 Quote about it:
> "The Party seeks power entirely for its own sake. We are not interested in the good of others; we are interested solely in power. Not wealth or luxury or long life or happiness: only power, pure power"
They have the crosshairs on preparing the government and law for the AfD take over for the second trial of 1933. Just like the useless Bundestag of Weimar, they would like to leave as many mines and holes in the democratic institutions so their true self can show how perfect a racist government feels.
Same toxic soup (high levels of social discontent, inflation, poor job market, constant stream of doom news) as back then.
Only thing the AFD has to to is to keep their feet still and wait. The ruling parties will do the rest.
A nice example of unfalsifiable conspiracism and self-fulfilling cynicism rolled into one.
What? Are you saying that the CDU is secretly working for the AfD?
First time I heard that, what bubble are you from?
CDU doesn't need to secretly work with AfD. Many of CDU's members and its current administration have similar opinion of non-ethnically-Germanic residents with AfD. Merz has shown that he is willing to work with AfD before the election on those areas.
Being incompetent and shortsighted is enough. Being blinded with the idea that Germans will keep electing them and choosing them for power feeds their incompetence. They want extreme powers now. They don't think the extreme powers they give to the various organizations will be used against democratic society. This is just the repeat of Weimar republic.
Meanwhile they are filling Germans with hate against minorities and benefactors of the social system which legitimizes AfD. They also keep doing nothing (which is their core-competence really). They fix no parts of the broken system. This legitimizes AfD even more.
There isn’t much difference between our current Chancellor and a AfD member of Parlament.
As much as Mr Merz and his politics disgust me, he's not an AfD member of parlament and that comparison is not okay.
"For Signal, Chat Control is also an existential threat."
Perhaps it would not be if users could write their own clients and run their oown servers
Perhaps the commercial third party intermediary model of "private" and "secure" communication over the internet (cf. the free, open source, peer-to-peer model) is fundamentally-flawed. This is the model where a third party like Meta or Signal controls the software and requires connections be made to its servers in order to communicate over the internet. It is not an internet service provider, it's just a middleman trying to attract internet subscribers to use its software and connect to its remote servers
Perhaps this proposed legislation is simply leveraging that fundamental flaw
Acording to the latest draft I have seen, "Chat Control" does not attempt to regulate peer-to-peer communication, it does aim to stop internet subscribers from encrypting messages and sending them across the internet. It aims to regulate third party intermediaries providing "messaging services" to the public
The proposed legislation leverages the "centralisation" or "intermediation" of "private" messaging (the opposite of peer-to-peer) in Silicon Valley companies
How does this fit with Apple's pushback against the UK government's encryption backdoor efforts against them? Why aren't Apple also pushing back against this EU initiative?
I thought Apple already voluntary implemented it on their devices?
Assume the worst. Everything Apple does is proprietary and closed, so you can never be sure. You paid for the device, but it's not yours.
Apple briefly proposed something similar but then reversed course pretty quickly and has unequivocally stated that it was a poorly thought out idea when they proposed it.
I'd have to assume that Apple and WhatsApp are taking a more behind the scenes approach on this and that they too would leave the EU if it came to it. Both of their messenger brands are so fundamentally tied to E2EE that its hard to imagine them thinking its worth it to stay and break their encryption.
Apple has sold out their Chinese users. Why would it not do the same for EU?
https://www.reuters.com/article/technology/apple-moves-to-st...
China market is much more lucrative and harder to enter
Are they really? I'd be surprised if a substantial portion of WhatsApp users even know what end-to-end encryption is.
“Apple cannot access your data.”
The quiet part:
“But selected agencies and partners in certain unspecified countries can.”
> Under the guise of protecting children, the latest Chat Control proposals would require mass scanning of every message, photo, and video on a person’s device, assessing these via a government-mandated database or AI model to determine whether they are permissible content or not.
This is pretty terrifying, although not unexpected. Given Germany's aggressive crackdown on speech I wouldn't feel too optimistic. If the BKA is going to launch criminal investigations for calling overweight politicians fat, they're probably not going to protect any rights to private conversation.
The lack of free speech laws in Europe is becoming a serious issue
I don't think those issues are necessarily interconnected. If I have understood it correctly, many Germans view both hateful propaganda and surveillance as tools of dictators.
Surveillance of private communications obviously has a chilling effect on free speech as well, but freedom from surveillance does not imply a freedom to openly spread hate speech in public.
Platforms like Signal don't really allow one to spread something "in public" since it's mostly 1-on-1 or small group chat. I know similar products like Telegram do have wider-range features though. Moreover, the concept of "hate speech" is fuzzy in a way that's easy to abuse.
At the end of the day, if someone makes a racist joke with their friend in a one-on-one chat app I would say that's neither hate speech, nor the public distribution of said speech, but I don't think Chat Control makes this distinction.
German speaking here: People here in Germany do not want to think about just how bad our constitution really is designed. We only get free speech lte, There's no fruit of the poisonous tree doctrine leading to constant prosecutorial overreach and illegal searches[0] that are later ruled illegal but with on effect and our public prosecutors are so much lacking in independence that they aren't allowed to issue european arrest warrants [1]. But I've heard people tell me with complete conviction how great our constitution is. I can't even bother arguing about it anymore.
[0] And they brag about it on 60 minutes https://www.youtube.com/watch?v=-bMzFDpfDwc [1] https://curia.europa.eu/jcms/upload/docs/application/pdf/201...
> People here in Germany do not want to think about just how bad our constitution really is designed.
I think that's exactly the same as in the US.
I think many outside of EU dismiss this as an EU only thing and don't think much about it.
1. Have you ever texted someone from EU? You are now chat controlled too.
2. EU is pumping billions to foreign countries to promote EU values. How long until they condition this "help" with chat control?
It's definitely not an EU only thing. China, Russia and such have been doing this for years. There have been attempts to introduce it in US (EARN IT Act) as well, and the current regime there might very well end up doing that. Australia has also been pretty authoritarian what it comes to this kind of things.
I don't understand your response and the downvotes. I'm saying Chat Control will spread to other countries. I'm aware of attempts from other countries. Add France and Sweden to your list.
I primarily meant that I haven't really encountered the belief that it was somehow EU specific
Here on orange reddit you always get downvotes if you say anything but praises about candy colored EU paradise. What you should do is to say the illuminated MPs are being misled in their incessant quest for good.
It's great that signal / open whisper engage in the political situation and the pressure on these states.
We also need to be sure that signal / open whisper / matrix / telegram / everybody continues to make end-to-end encryption available regardless of what politicians say.
Math is bigger than human affairs. There is no shame in breaking laws that prohibit math.
Chat Control doesn't prohibit you from using whatever encryption you want, it mandates that your phone snitch on any plaintext that it has access to.
Yeah, I see this argument all over HN. And in a sense it's true that the affront here isn't against math per se, but against general purpose computing.
But ultimately, the right to general purpose computing (ie, the right to run a program that doesn't snitch the plaintext) is the same as the right to engage in the underlying mathematics.
I think it's a distinction without a meaningful difference.
one nitpick:
CSAM isn't likely to be text that can be plaintext, is it? surely it would be image and/or video?
I have always used the word "plaintext" to mean content that has not been subject to encryption or hashing, whether it is text, arbitrary bytes (including multimedia formats), or even abstract ideas which can be somehow subject to a cipher.
But these terms are certainly used different in different situations by different people. But yeah, images and/or video can still be "the plaintext" in the parlance to which I'm accustomed.
I'm sorry to pick non-technical details, but this PDF is typeset on „Letter” paper, which is immediately noticeable (different aspect ratio). Normally it's on „yeah, whatever” level, but since this paper (sic) aims to influence European policy, now this detail is actually important.
This whole piece reeks „I'm an 1) outsider that 2) couldn't be bothered to get to know local culture so 3) probably has no stake in the affair” and as such is liable to get dismissed after only cursory glance. We know every single enumerated point above is false, but it doesn't matter. That every single word written on the page is right nd warranted, doesn't matter. @Meredith and anyone else writing papers aimed at EU, would you kindly please switch to A4 before exporting the PDF.
The letter also says “October 3, 2025” instead of “3 October 2025”. ;)
(https://commission.europa.eu/system/files/2023-11/styleguide...)
But anyway, if they truly wanted to address the letter to Germans, they should be providing a German-language version in the first place.
It’s a malicious attack, right now thousands of printers around Brussels are stuck with the message “PC Load Letter”.
No, not only Germany should stand firmly against this bullshit Brussels tries to push but ALL member states should be. Especially the former soviet republics and other countries of the Eastern Bloc which during communistic times ran censorship offices and security services against their citizens.
Ideas like this shows that there's a power within EU structures that works against us, the citizens.
this is an objectively funny headline with how it so nimbly jumps from political to technical, “we must stand in a united front against client-side (software feature)” lol
Handle jetzt: https://chat-kontrolle.eu/index.php/2025/10/02/der-kampf-geg...
Info: https://netzpolitik.org/2025/eu-ueberwachungsplaene-die-chat... "Wichtige Stimmen wie Amnesty International, Reporter ohne Grenzen und der Chaos Computer Club appellieren eindringlich an die Bundesregierung, die Chatkontrolle zu verhindern. Sie warnen vor einem Angriff auf die Pressefreiheit, einem IT-Sicherheitsalptraum und einer Gefahr für die Demokratie."
Politicians to reach out to in Germany, with a template email:
poststelle@bmi.bund.de, poststelle@bmjv.bund.de, info@bmds.bund.de, baerbel.bas@bundestag.de, lars.klingbeil@bundestag.de, friedrich.merz@bundestag.de, landesleitung@csu-bayern.de, fraktion@cducsu.de, matthias.miersch@bundestag.de, sebastian.fiedler@bundestag.de, alexander.throm@bundestag.de, johannes.schaetzl@bundestag.de, ralph.brinkhaus@bundestag.de
Sehr geehrte Damen und Herren,
ich wende mich heute an Sie, um meine große Sorge über die geplante Einführung der sogenannten „Chatkontrolle“ auszudrücken.
Die flächendeckende Überwachung privater Kommunikation stellt einen massiven Eingriff in unsere Grundrechte dar. Sie gefährdet die Privatsphäre aller Bürgerinnen und Bürger und untergräbt zentrale Prinzipien eines demokratischen Rechtsstaates. Der Schutz der Vertraulichkeit von Kommunikation ist ein unverzichtbarer Bestandteil unserer freiheitlichen Gesellschaft.
Zudem zeigen zahlreiche Expertinnen und Experten auf, dass das flächendeckende Scannen privater Nachrichten zur Bekämpfung von Kindesmissbrauchsdarstellungen nicht wirksam ist. Stattdessen schwächt eine solche Maßnahme die Sicherheit digitaler Kommunikation insgesamt und schafft gefährliche Überwachungsinfrastrukturen, die leicht missbraucht werden können.
Ich bitte Sie daher eindringlich, sich bei der entsprechenden Abstimmung klar gegen die Einführung der Chatkontrolle auszusprechen und sich für den Schutz der Bürgerrechte und der Privatsphäre einzusetzen.
Mit freundlichen Grüßen
lol
https://fightchatcontrol.eu/
How would chat control even work, with federated and decentralized networks? This is the reason you should not use signal. Moxie wants everyone to be in a closed loop, tightly controlled by his decisions. Matrix ftw!
You make those networks illegal to use. Just using them would be illegal, regardless of the contents of your communications.
Yes, because criminals and pedophiles care deeply about following laws. They would never even think of using a piece of software if it was illegal, right?
In the end it's saying you can learn all the math you want except certain formulas. Just not those.
Good luck with that
You're welcome to run any algorithm you want with paper and pencil, but you might not be able to run them on your devices that are allowed to talk to cellular networks.
Communications that look encrypted can also be straightforwardly flagged and logged for a closer look, perhaps keeping a closer watch on any cleartext messages, metadata that invariably leaks, etc
Moxie hasn't worked at Signal for a while now
I wouldn't trust Matrix for my personal security:
https://soatok.blog/2024/08/14/security-issues-in-matrixs-ol...
https://web.archive.org/web/20240606031827/https://gist.gith...
Pursue criminal action against the people making apps or providing servers for decentralized/federated networks.
don't forget that you're dealing with the state so "we'll kidnap and/or murder you" is a legitimate option as a response to undesired behavior. at least, they think it's legitimate, and they think that thinking otherwise is undesirable behavior, which leads to a bit of a catch 182...
I wonder if we can make a chat app that doesn't use encryption but hides your messages inside random words. The solution should be saved locally on your device.
Encryption is defined as "the process of converting information or data into a code, especially to prevent unauthorized access."
What you describe is the same thing just not cryptographic.
Specifically, steganography: https://en.m.wikipedia.org/wiki/Steganography
Let's invent it and name it Enogma. For the fun sake
> I wonder if we can make a chat app that doesn't use encryption but hides your messages inside random words.
This technique is called "chaffing and winnowing": https://en.wikipedia.org/wiki/Chaffing_and_winnowing
There isn't a technology solution for this. The solution is to realize the value Switzerland lost with Proton moving out of Switzerland, and what Germany could lose if Wire had to make a similar decision regarding their home in Germany. There's considerable value to having real effective security. These nations stand to lose that value.
That's just an insecure form of encryption
> The solution should be saved locally on your device.
Installed as a signed app...?