Posted by _p2zi 9/8/2025
From that section:
> "In 2021, the EU approved a derogation to the ePrivacy Directive to allow communication service providers to scan all exchanged messages to detect child sexual abuse material (CSAM). Although this first derogation was not mandatory, some policymakers kept pushing with new propositions.
> A year later, a new regulation (CSAR) was proposed by the European Commissioner for Home Affairs to make scanning messages for CSAM mandatory for all EU countries, and also allow them to break end-to-end encryption. In 2023, the UK passed a similar legislation called the Online Safety Act. These types of messaging mass scanning regulations have been called by critics Chat Control."
the article also explicitly says it affects non-Europeans. I’m interested! I just can’t figure out what it is
> The most recent proposal for Chat Control comes from the EU Council Danish presidency pushing for the regulation misleadingly called the Child Sexual Abuse Regulation (CSAR). Despite its seemingly caring name, this regulation will not help fight child abuse, and will even likely worsen it, impacting negatively what is already being done to fight child abuse (more on this in the next section).
>The CSAR proposal (Chat Control) could be implemented as early as next month, if we do not stop it. Chat Control would make it mandatory for all service providers (text messaging, email, social media, cloud storage, hosting services, etc.) to scan all communications and all files (including end-to-end encrypted ones), in order to supposedly detect whatever the government deems "abusive material."
> Chat Control would make it mandatory for all service providers (text messaging, email, social media, cloud storage, hosting services, etc.) to scan all communications and all files (including end-to-end encrypted ones), in order to supposedly detect whatever the government deems "abusive material."
thanks!
Clearly defining the term and its intended meaning would do well, I think.
How the hang are they planning to do that?
I mean, if someone has an end to end encrypted conversation, it's encrypted when it gets to the carrier, and the carrier shouldn't (technically, not anything related about whether they are allowed to or not) be able to decrypt the conversation.
If the carrier is terminating the connection, then it's either not end to end encrypted, or it's broken.
edit: sorted the grammar/punctuation at the end to improve clarity
I’m already taking most photos with a dedicated digital camera and they are so much better than phone captured images. I hate social media these days and am waiting to give myself a reason to delete all the apps and my accounts entirely. The internet is a shithole, most my search is done through LLMs and my interaction with people is through comment sections. I have no interest in being in group chats, I’d rather meet up with people in person and socialize that way.
It’s not the end of the world if smartphones just become a convenient way for governments to track you, there is totally a different way to live without them, and maybe it’s simple and beautiful.
If you really have a serious use case for peer to peer end to end encryption, you should be using something like Meshtastic.
So then what? They start outlawing encryption altogether? knowledge of math? How would you claw back all the public and freely available software that people can already use to encrypt messages to each other?
This is the direction places like the UK have gone in, yes. Can't decrypt something? Then we assume it is illegal content.
The whole point of this technique is that with sufficiently low information density the data is not recoverable unless you know what you're looking for, because it's indistinguishable from noise.
"I don't believe you, so now you're going to be in the locker for contempt of court until you provide law enforcement access to this critical evidence."
Then it is reasonable to assume that you can just show us these internet memes?
Again: the signal is below the noise floor. Unless you really know what to look for, you'll just find noise. Whoever seizes these files would have to at least know the specific method used, particularly if the content is also encrypted.
Take for an example JPEG as a vessel for steganographic content: the image is divided into 8x8 pixel chunks. If you encode just one bit of entropy in each chunk, a 320x240 image will yield 1200 bits, so 150 ASCII characters. Mangle it with a one-time pad for good measure so that it actually looks like noise. How did that noise get there? Well, it's lossy compression your honor.
There are so many ways to encode that one bit in such a large piece of information that authorities are better off drugging, bribing or torturing you or whoever was the recipient of that message than trying to decode it.
https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
"It's just math, you can't ban it" has never been true.
This had never occurred to me before but is totally obvious in hindsight. An interesting corollary is that, given an infinite natural number space, all programs that have ever and will ever exist can be found as a single point on this natural number plane. The larger the number, the more complex the program. What else is emergent from this property?
https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...
I mean, if youre in the business of CSAM surely you don't mind encrypting a zip and emailing it or putting it on Google drive or whatever. Its trivial, requires next to zero technology knowledge.
Its inconvenient, sure, which is why we don't currently do that. But I'm sure the CSAM distributors don't care. Why would they?
The next step is to control your mind.
Now, you may think you are the smart one and can always revert to the good old days of OTR[1].
But no, the next thing I can see happening is the smartphone OS conveniently doing client-side scanning of everything on the screen for you. You know, for developers' convenience. And then it's game over: you will not be able to take a look at the Tiananmen Square picture in any installed app.
If other people around you recognize the name of a chat platform you're using, then it's not decentralized and it's almost certainly monitored.
I'm not sure if something like it exists. I'm not sure if it could exist. PhotoDNA (the old CSAM detector) ended up being somewhat reversible, so that you could actually turn signatures back into obscene material. because of this, the signature databases were shared under strict NDA, only to large players.
probably the most realistic solution is a generic porn classifier convnet. if it blocks adult porn, it should block CSAM too (hopefully?)
they are not reliant on image hashes, and reversibility concerns apply less because the dataset used to train it was presumably legal (if distasteful.)