Chat Control Must Be Stopped

Posted by Improvement 4 days ago

Chat Control Must Be Stopped(www.privacyguides.org)

782 points | 255 commentspage 2

causal 4 days ago|

The article gives some examples of scope creep but missed the biggest one IMO: copyright enforcement. I suspect if you follow the money, copyright is what keeps things like Chat Control coming back. Fully expect Sony, Disney and other IP to be added to the list of flagged content, keeping us safe from dangerous pirates.

77pt77 4 days ago||

For those complaining the article doesn't explain at the very begining what it is:

https://en.wikipedia.org/wiki/Regulation_to_Prevent_and_Comb...

EU's latest attempt to squash privacy rights.

fbhabbed 3 days ago|

Even the title of that Wikipedia page is misleading and choosen in a way that almost forces your opinion on this (you can't be against a regulation made for such a noble intent, can you?)

Why not just call the page Chat Control 2.0?

77pt77 3 days ago||

It's not the official name.

I'm surprised nazi is not part of the title like it has in the past at the national level.

dkdcio 4 days ago||

it would be great if this article actually explained what Chat Control is somewhere at the top. it says it will, but I’m quite a few paragraphs in and have no idea what I’m supposed to be mad about yet

warkdarrior 4 days ago||

If you follow the link for "Chat Control" in the first sentence, and then scroll down for a while, you will find a subsection titled "What Is Chat Control". Probably they assume that if you do not know what it is, you should not care about it.

From that section:

> "In 2021, the EU approved a derogation to the ePrivacy Directive to allow communication service providers to scan all exchanged messages to detect child sexual abuse material (CSAM). Although this first derogation was not mandatory, some policymakers kept pushing with new propositions.

> A year later, a new regulation (CSAR) was proposed by the European Commissioner for Home Affairs to make scanning messages for CSAM mandatory for all EU countries, and also allow them to break end-to-end encryption. In 2023, the UK passed a similar legislation called the Online Safety Act. These types of messaging mass scanning regulations have been called by critics Chat Control."

dwedge 4 days ago|||

People who know about it are generally already annoyed. The trouble is most people don't know what it is, and those are the people who should be targeted

dkdcio 4 days ago|||

right and if you read that subsection, it does not tell you what Chat Control is. which I find odd. it just goes on about how bad it is (after making an analogy earlier about police entering my home every morning). am I missing the explanation in the article of what Chat Control actually is?

the article also explicitly says it affects non-Europeans. I’m interested! I just can’t figure out what it is

warkdarrior 4 days ago||

The other page I was referring to does have some more detail: https://www.privacyguides.org/articles/2025/02/03/the-future...

SV_BubbleTime 4 days ago||

A bit of a scroll past the probably justified but still alarmism is the actually bad proposal.

> The most recent proposal for Chat Control comes from the EU Council Danish presidency pushing for the regulation misleadingly called the Child Sexual Abuse Regulation (CSAR). Despite its seemingly caring name, this regulation will not help fight child abuse, and will even likely worsen it, impacting negatively what is already being done to fight child abuse (more on this in the next section).

>The CSAR proposal (Chat Control) could be implemented as early as next month, if we do not stop it. Chat Control would make it mandatory for all service providers (text messaging, email, social media, cloud storage, hosting services, etc.) to scan all communications and all files (including end-to-end encrypted ones), in order to supposedly detect whatever the government deems "abusive material."

dkdcio 4 days ago||

ah this is the relevant piece, which I did skim over given I was getting annoyed at paragraph after paragraph not telling me what it is:

> Chat Control would make it mandatory for all service providers (text messaging, email, social media, cloud storage, hosting services, etc.) to scan all communications and all files (including end-to-end encrypted ones), in order to supposedly detect whatever the government deems "abusive material."

thanks!

jonaharagon 4 days ago|||

I shared your comment with the author and we're going to reorder some of the sentences in a little bit to highlight the fact it's a backdoor earlier. We've talked about Chat Control so much over so many years (because it keeps reappearing) that it's easy to forget many haven't heard of it lol

3np 4 days ago||

I think one source of confusion is that many probably see "Chat Control", expecting it to be a reference to one specific proposal or legislation (a la "GDPR" or "DMA"), while it's an umbrella term you use to group different proposals pushing the same agenda and end-results. Readers look for one face to point at but it's a hydra and they just leave confused.

Clearly defining the term and its intended meaning would do well, I think.

awesome_dude 4 days ago|||

> including end-to-end encrypted ones

How the hang are they planning to do that?

I mean, if someone has an end to end encrypted conversation, it's encrypted when it gets to the carrier, and the carrier shouldn't (technically, not anything related about whether they are allowed to or not) be able to decrypt the conversation.

If the carrier is terminating the connection, then it's either not end to end encrypted, or it's broken.

edit: sorted the grammar/punctuation at the end to improve clarity

LocalH 4 days ago||

I imagine they'll push for apps to do the scanning prior to encryption and directly after decryption.

closewith 4 days ago||

For context, this refers to the proposed EU Regulation to Prevent and Combat Child Sexual Abuse: https://en.m.wikipedia.org/wiki/Regulation_to_Prevent_and_Co...

zmmmmm 4 days ago||

Of all the arguments presented I'm surprised to see absent the one that seems most obvious to me: encryption is just math, there's no way to actually ban it. If criminals think their conversations are going to be detected they aren't going to just say "oh well let's not crime now". They are going to simply spin up their own e2e encrypted channels. The software is nearly trivial, the technical barriers are very low - it's hard to think why it won't happen.

So then what? They start outlawing encryption altogether? knowledge of math? How would you claw back all the public and freely available software that people can already use to encrypt messages to each other?

jonaharagon 4 days ago||

> They start outlawing encryption altogether?

This is the direction places like the UK have gone in, yes. Can't decrypt something? Then we assume it is illegal content.

Tade0 4 days ago|||

Steganography it is then. Can't assume something is illegal, if it's hidden.

int_19h 4 days ago||

Sure you can. For example, UK will jail you if you refuse to disclose a cryptographic key for something encrypted that the court wants to see, so long as the judge is convinced that you know it. I could easily see that extending to steganography: "there's no rational justification for you to have this file, and statistical analysis patterns show that it likely has a steganographic payload".

Tade0 4 days ago||

"Sir, those are just internet memes I've been sharing with a friend of mine"

The whole point of this technique is that with sufficiently low information density the data is not recoverable unless you know what you're looking for, because it's indistinguishable from noise.

int_19h 3 days ago|||

> "Sir, those are just internet memes I've been sharing with a friend of mine"

"I don't believe you, so now you're going to be in the locker for contempt of court until you provide law enforcement access to this critical evidence."

Tade0 3 days ago||

"What evidence? This is normal noise associated with lossy compression. Have an expert look at it - they'll confirm what I've said."

mbs159 3 days ago|||

> "Sir, those are just internet memes I've been sharing with a friend of mine"

Then it is reasonable to assume that you can just show us these internet memes?

Tade0 3 days ago||

Of course, because I can bet on the fact that no one will find anything having just those images.

Again: the signal is below the noise floor. Unless you really know what to look for, you'll just find noise. Whoever seizes these files would have to at least know the specific method used, particularly if the content is also encrypted.

Take for an example JPEG as a vessel for steganographic content: the image is divided into 8x8 pixel chunks. If you encode just one bit of entropy in each chunk, a 320x240 image will yield 1200 bits, so 150 ASCII characters. Mangle it with a one-time pad for good measure so that it actually looks like noise. How did that noise get there? Well, it's lossy compression your honor.

There are so many ways to encode that one bit in such a large piece of information that authorities are better off drugging, bribing or torturing you or whoever was the recipient of that message than trying to decode it.

Nursie 4 days ago|||

I mean, not just the UK - it eventually changed in the US, but anything deemed too strong to crack was classified as a munition for a while in the 90s and 00s, and some things are still banned from being shipped to some places -

https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

"It's just math, you can't ban it" has never been true.

jihadjihad 4 days ago|||

https://en.m.wikipedia.org/wiki/Illegal_number

dlivingston 4 days ago||

> Any image file or an executable program can be regarded as simply a very large binary number.

This had never occurred to me before but is totally obvious in hindsight. An interesting corollary is that, given an infinite natural number space, all programs that have ever and will ever exist can be found as a single point on this natural number plane. The larger the number, the more complex the program. What else is emergent from this property?

ImPostingOnHN 4 days ago|||

Sounds like The Library of Babel:

https://en.wikipedia.org/wiki/The_Library_of_Babel

latexr 4 days ago|||

https://github.com/philipl/pifs

zamadatix 4 days ago|||

I'm sure many core proponents of Chat Control would like to also make it illegal to "hide" from scanning by applying your own encryption (and, even if not caught directly, it would add to the list of crimes someone might be charged with) but that large of a change probably puts it too far outside the Overton Window of today in a single push.

Nursie 4 days ago|||

People have been selectively "banning math" for decades -

https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

const_cast 4 days ago||

They don't even need to spin up their own channels, they can just continue to use existing channels and encrypt their messages.

I mean, if youre in the business of CSAM surely you don't mind encrypting a zip and emailing it or putting it on Google drive or whatever. Its trivial, requires next to zero technology knowledge.

Its inconvenient, sure, which is why we don't currently do that. But I'm sure the CSAM distributors don't care. Why would they?

MaKey 4 days ago||

I emailed all MEPs for my country one month ago. Apart from out-of-office notices I didn't get anything back yet.

fbhabbed 3 days ago|

You will eventually get a canned AI made reply (just like all the canned AI mails they have received these days due to websites creating templates for them).

txrx0000 4 days ago||

They control the guns, so you can't fight back with bullets. They control the airwaves, so you can't fight back with ideas. You're running out of options.

The next step is to control your mind.

deadbabe 4 days ago||

Sometimes I think if this stuff ever got really bad, abandoning smart phones altogether wouldn’t be so bad.

I’m already taking most photos with a dedicated digital camera and they are so much better than phone captured images. I hate social media these days and am waiting to give myself a reason to delete all the apps and my accounts entirely. The internet is a shithole, most my search is done through LLMs and my interaction with people is through comment sections. I have no interest in being in group chats, I’d rather meet up with people in person and socialize that way.

It’s not the end of the world if smartphones just become a convenient way for governments to track you, there is totally a different way to live without them, and maybe it’s simple and beautiful.

If you really have a serious use case for peer to peer end to end encryption, you should be using something like Meshtastic.

poly2it 4 days ago||

Enlightening, I'm already looking forward to the next ten years of civilisation!

bojo 4 days ago||

This was my thought as well. Back to dumb devices and call it a day.

deadbabe 4 days ago||

Yup. Everything a smartphone does can be done by other things way better.

egorfine 4 days ago||

I'm afraid the Chat Control will pass, sooner or later. The procedure is very simple: reintroduce the bill every other year until the public will not be bothered to hear anymore.

Now, you may think you are the smart one and can always revert to the good old days of OTR[1].

But no, the next thing I can see happening is the smartphone OS conveniently doing client-side scanning of everything on the screen for you. You know, for developers' convenience. And then it's game over: you will not be able to take a look at the Tiananmen Square picture in any installed app.

1. https://en.wikipedia.org/wiki/Off-the-record_messaging

cphoover 3 days ago|

I'm no expert but to me, what's particularly silly about "breaking encryption" is it does nothing to prevent using user agents from employing their own encryption layers over other messaging system like gpg/pgp or others. So this does nothing to stop someone who is intent on hiding illegal content and it decreases security and privacy for the average user.

More comments...