Top
Best
New

Posted by gasull 1 day ago

Chat Control 1.0 and 2.0 Explained(fightchatcontrol.eu)
845 points | 324 comments
mikaeluman 21 hours ago|
Most everyone would love to see more work on stopping child sexual abuse.

But this is the ultimate "grant me dictatorial powers so I can do good" play.

Rather than narrow and specific - it's a broad based law that suddenly touches everyone even though offenders are a small percentage and should be able to be targeted more efficiently.

cortesoft 21 hours ago||
Yep, and this is a perfect example of a base rate fallacy situation... even if the scanner is 99.99% accurate, because an even higher percentage of photos are innocent, most matches the scanner will find will be false positives.
wesammikhail 19 hours ago|||
Funny you bring this up.

Back in the day when I was like 15 and DC++ was still a thing, I used to browse people's shared folders. One day I came across a file called "the paradox of false positive". It was a 1 pager that described how a machine which is 99.9% accurate at identifying terrorists would be completely useless due to this false positive base rate fallacy you're describing.

It really stuck with me throughout the years. It's kind o remarkable how even a 99.9% accurate heuristic is insufficient at scale.

Which begs the question: lets assume the intentions are pure (which we know they're not but lets be generous), what other options are there when 99.9% heuristic is not good enough? how do you design systems when they're guaranteed to fail as they scale up?

edit: and what do you know, I just saw this as I scrolled down on HN https://news.ycombinator.com/item?id=48816959

Asmod4n 11 hours ago|||
The system we got for this is called parenting.

And there is a saying where I grew up: you need a village to raise a kid, I feel like we lost track of that and feel the issues of that now.

Btw, von der leyen is trying to get stuff like this written down as laws since 2009, it got her the nickname Zensursula.

joe_mamba 8 hours ago|||
>Btw, von der leyen is trying to get stuff like this written down as laws since 2009, it got her the nickname Zensursula.

And Germans and Europeans looked at that and thought the best place for her is leading the EU?!

Remind me again how she got elected in that position?

Because it seems like the entire EU population knew her being infamous for that, except for the few elites who appointed her there via "democratic process" to the head of the EU.

arrowsmith 7 hours ago|||
The president of the European Commission is “elected” through a thin pretence of democracy that the people of Europe have effectively no control over, and mostly pay no attention to. If you think she’s there because the greater public decided she’s the best person for the job then you don’t know how the EU works.

Also most of the EU population don’t know her for anything at all. I’d be surprised if more than 50% of Europeans could name her.

kvgr 7 hours ago||||
Not a single person that is not attached to EU voted for he. She is second hand vote. These roles should all be result of direct vote. This way you only get votes by people who are sucking the money of Eu parliament or. The only position people vote for is EP. And that % is so small, that if they ask the people who didn't vote if they want it, they would have to tear it down.

I am not against EU cooperation, mainly in external security and free market economy. But the system we have is not very democratic, and def not very representative of people. They act like demigods, elected by parliament with no real consequences of their actions.

narag 3 hours ago||
These roles should all be result of direct vote.

I disagree. That's an executive power position for an entity that lacks sovereignty. Giving it the legitimacy of direct vote is highly problematic.

Start by giving more power to parliament.

spwa4 1 hour ago||
I think you'll find it's the EU member countries that lack sovereignty, not the EU. EU law overrides member state law, not the other way around.
mbeex 7 hours ago|||
You have to reconsider what "elected" means when it comes to the EU. Certainly not acts of "Germans and Europeans".
latentsea 10 hours ago|||
> The system we got for this is called parenting

And it fails miserably.

wolvoleo 10 hours ago|||
Not really. Yes most kids will see porn before they're 18 but it doesn't damage them or give them the wrong idea about consensual behaviour.

If anything I find GenZ a lot more focused on explicit consent than GenX.

joe_mamba 8 hours ago||||
>And it fails miserably.

No it doesn't. That's just needlessly reductionist doomerist take with no argumentation to back that up.

Define failure and success of the system in this context.

wesammikhail 9 hours ago||||
It's been working for tens of thousands of years. What changed in the last few decades wasn't parenting or technology. It was the rise of the nanny state where the parents gave up the parenting of their kids and entrusted that to educational institutions instead.
DiggyJohnson 5 hours ago|||
I genuinely think it’s all three:

1. The cultural factor is rising expectations for children and their parents, costing both time and money;

2. The political/social factor is nanny states and academic institutions that the public expects to not only teach but raise their kids;

3. Technology. Especially the Internet, mobile devices, social media, and short form content. Technology distracts and isolates both kids and parents.

An example of the three factors at work is the all-too-common local news trope of ”Nosy neighbor calls CPS because the family next door lets their kids walk to school. Whole family traumatized as a result.”

p-e-w 9 hours ago|||
It both works and fails, like many other things. But if you hold the goal that it must never fail in sufficiently high esteem, you invariably end up with a system like the one we have now.
Dilettante_ 8 hours ago|||
>the goal that it must never fail

That's a good way to put it

joe_mamba 8 hours ago|||
If the goal of a system is to never fail, then the bureaucrats in charge of running that system will just game the metrics and cover up all the issue, while it fails first very slowly then very suddenly.

In fact that's why nothing ever gets done to improve things in the EU/west, because we expect perfect outcome in every new change and we want potential risks to be zero before something new is implemented, so it's easier for leaders to just never do anything, never change anything, just sit and maintain the status quo while we go through managed decline complaining things keep slowly getting worse.

wartywhoa23 7 hours ago|||
Do you realize you'll end up in fascist dystopia where your children belong to the state, with this line of thinking?

Or is that where you want other people to end up while you peddle propagandist fairytales about failed parenting?

m12k 18 hours ago||||
The intuition I've built is that you can't talk about a false positive rate being high or low on its own - it's always relative to the actual occurrence rate of positives in the tested population. E.g. if there's a 1 in 10000 risk of a false positive, but real positives also are only 1 out of 10000 tested cases, then a positive case will have a 50/50 chance of being a false positive (because for every 10000 tests, you'll have on average one false positive and one real positive). So a false positive rate can only be said to be low if it's significantly lower than the real occurrence rate of positives.
ablob 16 hours ago||
The mentioned accuracy in the comment you are replying to already encapsulates the relation of true positives to false positives.
cortesoft 2 hours ago|||
It really doesn’t, and it is easy to demonstrate by using an extreme example.

Suppose I invent a device that can detect whether there is a giant invisible dragon living in your house, and it has an accuracy of 99.999%

Now, I use it in your house and it tells me there is an invisible dragon… so what are the chances that there is a dragon in your house?

Based on your statement, it would be 99.999% likely that there is an invisible dragon in your house. However, we actually know that there is a 0% chance there is an invisible dragon, so even with the positive test result we still know there is a 0% chance a dragon is there.

fc417fc802 13 hours ago||||
No I don't believe it does. I interpret 99.9% accurate to mean 1 in 1000 false positives. If 0.1% of your population are terrorists that means each alert has a 50% chance of being correct. That's nowhere near good enough to fully automate things but it is quite reasonable assuming this is merely information provided to a human agent.

Whereas if only 0.001% of your population are terrorists then 99 out of 100 alerts are false positives at which point the system is well on its way to being useless.

There is an important difference between scenarios where we care about the relative versus absolute frequency of errors.

ablob 8 hours ago||
You're right it doesn't. At least not completely. I was thinking about precision (i.e.: if the test is positive, what are the odds that its prediction is true). It turns out, that accuracy is not defined as "true positive / (true pos. + true neg.)", but "correct predictions / all predictions". The whole point of OP's statement: "It's kind o remarkable how even a 99.9% accurate heuristic is insufficient at scale.", which you actually support with your example.

> There is an important difference between scenarios where we care about the relative versus absolute frequency of errors.

The context is chat control without probable cause over the whole population of Europe with a low prevalence. My point, and presumably that of OP, is that even a small relative frequency of errors will yield an unsustainably high absolute frequncy of errors.

> This is merely information provided to a human agent.

It will be in theory. In practice the human agent will just forward the decision. A human agent is not sufficient; you need to test only with probable cause for the kind of scenario we're talking about. The exact opposite of "Chat Control 1.0 and 2.0".

P.S.: The comment I originally replied to choose a very convoluted way of saying that the false discovery rate of the test matters for a proper evaluation. Both you and they explain this by throwing numbers without context in combination with slightly inaccurate definitions. I got the definitions mixed up differently, which led to this follow-up.

fc417fc802 6 hours ago||
I think we largely agree about being opposed to chat control however we seem to disagree somewhat about the underlying reasoning leading us to that conclusion.

> even a small relative frequency of errors will yield an unsustainably high absolute frequncy of errors.

That depends entirely on the rate of true positives in the general population and the rate at which the test successfully catches them. If the success rate is reasonably high and the rate of true positives is within one base ten order of magnitude of the rate of false positives then regardless of volume the stream of reports would be expected to prove quite useful.

To put this in concrete terms, if 1 billion messages are scanned, there are 100 violations, 99 of those violations are successfully detected, and there are an additional 1000 false positives reported, then you've got about a 10% hit rate when examining reports. That would provide a genuinely useful starting point.

But it's not at all clear that we can expect numbers like that. Both because the scanners are likely much worse but also because criminals can't reasonably be expected to stick around on conforming platforms in the event that such measures are enacted.

Even if the reports were 100% accurate I'd still be opposed to it on ideological grounds. I don't think pervasive surveillance of that nature is compatible in the long term with a free and democratic system of government.

> Both you and they explain this by throwing numbers without context in combination with slightly inaccurate definitions.

It was my intent to provide reasoning for all the numbers I put forward. They were meant as examples.

As to definitions I wasn't going by anything formal. I tried to spell out exactly what I meant by each term. Apologies if I wasn't entirely clear about that. Regardless, the precise definitions of the terms aren't what matters here. It's the practical end result - what percentage of the alerts are false?

matheusmoreira 13 hours ago|||
False result rate is a property of the test. They're describing predictive value, derived from that rate and population statistics.

https://en.wikipedia.org/wiki/Positive_and_negative_predicti...

nanis 3 hours ago||||
Because no one around me understood how to calculate false positive/false negative probabilities, I put together this calculator[1] in 2020.

[1]: https://www.covid2020.icu/false-positive-false-negative-simu...

dtj1123 10 hours ago||||
I thought this was known as Bonferonni'a principle? Or am I getting mixed up?
vaylian 4 hours ago||
Bonferonni correction is relevant when you calculate multiple p-values. Most statistical tests are used with a p-value threshold of 5% to reject the null-hypothesis. But because you are repeatedly testing, the probability for false positives increases and that is why you need to decrease the threshold and make it harder, to obtain a p-value below that threshold to declare a significant result.

You typically use the Bonferroni correction when making general statements about a statistical relationship. You wouldn't use it for checking if a particular image shows illegal content. If you kept testing with your image classifier, your significance threshold would need to be continuously lowered and you would asymptotically reach zero.

Relevant XKCD: 882

tjpnz 9 hours ago||||
Google have already caused significant hardship to a father for such kinds of photos. What's particularly galling is how they've continued to maintain they were in the right, despite the police saying no crime had been committed.

https://www.koffellaw.com/blog/google-ai-technology-flags-da...

joe_mamba 8 hours ago||
Of course google and every other big-tech platform is gonna insta-wipe every account containing detected nudes of children, regardless if you're the parent.

The corporate liability of such content being found on their cloud is so insanely nuclear, that they're not gonna wait and ask you "hey are those nudes your own kids or are you a pedo?" before they wipe the account with all pics off their servers.

zmmmmm 4 hours ago||
And yet the will badger you endlessly to the point their photos app is near unusable to turn on auto sync which slurps up every photo and makes it very awkward to then delete them after. To me, this makes Google a liable party even if real CSAM is stored.
kleiba2 11 hours ago|||
> even if the scanner is 99.99% accurate, because an even higher percentage of photos are innocent, most matches the scanner will find will be false positives.

If the scanner is 99.99% accurate, then most classifications will be correct.

cenamus 11 hours ago|||
If you scan 1,000,000 pictures (with let's say 10 CSAM), you'll have 100 false positives and 10 true positives, giving you like only 10% correct results
kleiba2 10 hours ago||
Ah, sorry, I misread what the OP meant by "matches" - thought they were referring to all classifier outputs, while they specifically meant the positives. I changed my original comment to better reflect what I meant, even though that makes it a bit of a non-sequitur now.
acksmack 11 hours ago||||
https://en.wikipedia.org/wiki/Base_rate_fallacy
usrnm 11 hours ago|||
How many child abusers do you think there are out there?
myrmidon 6 hours ago||
Even if 10% of population were actively criminal pedos (which is waaaay too high), its pretty safe to assume that the majority of even their online footprint would be ordinary images/messages.

So a quota of 0.1% or even less material being detectably criminal sounds realistic (probably not much less, though).

order-matters 23 minutes ago|||
its also just disastrous for signal to noise ratios. scanning everything means any sort of error rate is going to cause massive amounts of incorrect labelling. this means innocent things getting flagged and put into a system where people are treated like offenders when they arent until they can get an actual human with authority to review their circumstances (not guaranteed to happen at all btw), or some actual offenders get away with more bc they passed a scan

outlier cases aside, there is also just a large amount of processing power that will go into this, the service can only be worse off for it. Privacy is not just about being able to hide things, it is also about being in control of how you present to the world. not because that control is maniupulative but because we all exist within our own microcosms of uniqueness, using words slightly differently than each other, and having certain balances of intention and meaning with those we send messages to that cannot be fully presumed from a 3rd party. even in images.

Are they really saying "if you want to send private messages then go make your own network" ?

pixl97 11 minutes ago|||
>Are they really saying "if you want to send private messages then go make your own network

No, because with the way things work, they'll make that illegal next.

dpoloncsak 16 minutes ago|||
>"if you want to send private messages then go make your own network"

Unironically, we should all move to using TOR.

Anyone setup a .onion mirror for HN yet? I'd assume usual HN-mirror-rules, no login or posting but free to view...

AlexanderHanff 1 hour ago|||
I have put up a list of all the MEPs who voted for the urgency procedure yesterday (in breach of EU rules) as well as their voting history on fundamental rights issues and who has been lobbying them:

https://www.thatprivacyguy.com/blog/chat-control-the-415-who...

vaylian 1 hour ago||
Thanks. Please note that your link doesn't work with the tor browser.
AlexanderHanff 40 minutes ago|||
I cannot see what is causing the issue, the certificate's full chain is sent, the clock is synced, the cert is showing zero errors in OpenSSL - so this is very confusing.

The irony is, you don't actually need Tor on my site because there is no logging, no third parties, no adtech etc. it is just static HTML files - so whereas I would normally recommend Tor I designed the site specifically to be privacy first.

I will try to figure out what is going on though because obviously I am fully supportive of people protecting their privacy with Tor.

AlexanderHanff 56 minutes ago|||
Not sure why, it is working fine everywhere else - I see in Tor it gives an invalid certificate error, but the Lets Encrypt certificate is working fine in other browsers, so seems to be a Tor thing specifically.

I will investigate.

baxtr 10 hours ago|||
I’ve shared this before, I really like this quote:

"The urge to save humanity is almost always a false front for the urge to rule."

H.L. Mencken

myrmidon 8 hours ago||
Mencken just has the best quotes. Here's a few of my favorites:

> The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all.

> For every problem, there is a solution that is simple, neat, and wrong.

> Freedom of press is limited to those who own one.

greenleafone7 16 hours ago|||
In the list of people that are worried about children.... the government is at the very end.
f6v 9 hours ago|||
> Most everyone would love to see more work on stopping child sexual abuse.

By the parents. Install parental controls that only allow to message you and closest relatives. Problem solved.

bonoboTP 20 hours ago|||
The bad consequences are diffuse, abstract and distant (conspiracy-looking, tinfoil-like), while it's very easy to viscerally understand that "even if they just save one child, it's already worth it".

They should give precise numbers of how many such crimes are detected via such means or are expected to be detected per year, and how many of those are not possible to catch through regular investigative work. It just seems ridiculously out of proportion especially that with all this flurry around the topic, the criminals surely aren't using WhatsApp for this any more, but especially won't be once the law is adopted. Sure, many are likely stupid but if they are so stupid, won't they fall into other honeypots?

Why are chat apps the best leverage for uncovering this? They'd have to justify this with some sort of data and numbers.

Because later they can just come back and say, well unfortunately they are now all using other means, so now we need to break https,we need to ban e2e, we need to ban vpns, tor and foss operating systems etc etc.

u8080 10 hours ago|||
Yeah, and also how many such crimes are actually prosecuted because you know, there is certain island with certain high-ranked people.

Anyways, once that implemented noone will report to you and there will be no means of pushing against it because all your online efforts to coordinate will be compromised.

iamnothere 18 hours ago|||
They should add to those metrics: hours and funds wasted investigating false positives, reputations ruined from false accusations and investigations, decline in public trust, etc.
eunos 7 hours ago|||
> Rather than narrow and specific - it's a broad based law

Because narrow law is easier to avoid or find the loophole and a single case is enough to induce panic and anger.

latentsea 10 hours ago|||
At some point we just have to accept the kids as collateral.
taneq 7 hours ago||
What, like with guns? Never!
ggthrowaway 21 hours ago|||
CSA makes ppl lose all logic, so is used to justify illogical things.

Reminder that none of this has any evidence that it helps CSA, but nobody cares about the actual children.

teaearlgraycold 19 hours ago||
I feel like the world cares more about stopping the spread of CSAM than it does the actual abusive actions against children.
mrtesthah 18 hours ago|||
We can look to certain world "leaders" for confirmation of that.
pydry 7 hours ago|||
It's not the world that's the problem it's the small group of individuals trying to create stasi 2.0, hiding behind the children.
englishspot 21 hours ago|||
so much for the principle of least privilege..
attila-lendvai 18 hours ago|||
especially that the guard applying to protect the henhouse seems to have a suspiciously furry tail...
sneak 10 hours ago|||
Technology is, furthermore, the wrong place to address child abuse of any kind, sexual or otherwise.

This is like trying to prevent burglary by working with the factory that manufactures pry bars.

EarlKing 14 hours ago|||
> stopping child sexual abuse

> suddenly touches everyone

..............I see what you did there.

brikym 17 hours ago||
[flagged]
bwhitty 17 hours ago|||
Hot take !== unsubstantiated, xenophobic take
wredcoll 17 hours ago|||
That's not a hot take, it's just boring old racism.
worldsayshi 10 hours ago||
> Is scanning mandatory? - No — voluntary.

Voluntary for whom? The service provider? Can I opt out of getting scanned?

> Does it touch encrypted messages? - No. End-to-end encrypted communications were never scanned but providers could deploy client-side scanning under this law.

So it circumvents e2e encryption?

---

How would these laws prevent me from just side loading my own open source client?

cbg0 6 hours ago|
> How would these laws prevent me from just side loading my own open source client?

They do not.

xiphias2 4 hours ago||
You need open hardware and open software at that point and you won't be able to use government identification as they depend on closed source parts of the Android ecosystem. Also you need identification for side loading apps at some point.

Non of these laws stop you from opting out of surveillance, but altogether it gets so hard that at some point you get more suspicious and tracked if you do all this than if you don't do any of these.

cbg0 4 hours ago||
Assuming these concerns were real you could just turn the app into a website.
coffeebeanHH 22 minutes ago||
Excuse me, you have to vote a majority against something that only a bunch if suckers want? If they want a new law they should have a majority to get it. Shitshow in brussels.
arjie 22 hours ago||
I don't understand. How does it affect encrypted messages? It seems like either you need:

1. allow MITM decryption by a privileged authority

2. require all devices doing E2EE have a non-user-modifiable piece of functionality to scan on-device

The second is the Apple style on-device CSAM scanner? I have to say that I do sometimes think about it while taking a photo of my baby playing in the bathtub - photos like my parents have of me which have been kind of nice to see later. It would be a pity if I had to have a separate analog camera just for baby photos because then I'd need to learn the whole developing film stuff.

petcat 22 hours ago||
> It would be a pity if I had to have a separate analog camera just for baby photos because then I'd need to learn the whole developing film stuff.

Polaroid coming back in business! I would not complain at all if we started reverting some of our lifestyle behaviors back to analog.

arjie 21 hours ago||
Haha, we do have those Instax Mini cameras. They make for a nice dose of nostalgia. We have a big frame full of photos of our friends and family on the wall and it's nice to walk by.
xeromal 12 hours ago||
Same. We have albums full of those instax photos
pqtyw 21 hours ago|||
Apple's proposal was only for photos being uploaded to iCloud and not local ones.

IIRC weren't there some thoughts that they'd switch iCloud to E2E but add local scanning on upload (compare to what it currently when Apple, Google, etc. freely scan all your cloud photos anyway). That didn't seem like a terrible deal on paper.

vekker 10 hours ago|||
What does "scanning" mean though?

Does this mean every parent has to now make sure not to take pictures of their children playing in bath for instance, in order not to trip these scans for false positives?

u8080 8 hours ago||
>in order not to trip these scans for false positives

They CLAIM they scan for CSAM, so watch out your documents and pictures with something that govt also wants to track.

SXX 12 hours ago||||
E2EE on iCloud with advanced data protectiob still keeps metadata not encrypted likely exactly for this purpose.
sneak 10 hours ago|||
No. iCloud Photos and Files are and have always been non-e2ee and they already scan everything in it.

Even with e2ee enabled for iCloud Photos/files (which NOBODY uses, and furthermore is entirely disabled in the UK), it sends identifying hashes of plaintext file content to the server without e2ee.

nicce 21 hours ago|||
> The second is the Apple style on-device CSAM scanner?

This is exactly what has been proposed. E.g. WhatsApp has a piece of code that scans images and texts before sending. After that, they are "encrypted".

alethic 17 hours ago||
This is of course a massive privacy violation, since the code that scans for CSAM can be switched out to scan for anything else at any time. (It's even easier to do now than when Apple first proposed it, as language models since have gotten good at reading images.)
ribosometronome 15 hours ago||
Apple was already doing image recognition on device for photo searchability when they proposed that solution.
nicce 3 hours ago||
But that did not really carry data out from the device, other than hashes. I think Apply knew this was coming, and tried to do it better.
grg0 21 hours ago|||
I am not fully acquainted with the details, but I would not discard (3) make e2ee illegal, at least for platforms of certain size etc. That is what the proponents ultimately want anyway. If they settle for anything else, it's because of the resistance.
jeremyjh 6 hours ago||
This is their actual objective.
ExpertAdvisor01 21 hours ago|||
Platforms will stop offering E2EE . Didn't Instagram abandon E2EE ?
arjie 21 hours ago||
That is a much more simple prediction. I do use Telegram with our family claw-like and it does not do E2EE by default. You need to do a secret chat or whatever. I think you're probably right. We'll just lose E2EE.
Gigachad 13 hours ago||
E2EE has UX issues that are difficult to paper over aside from just legislation issues.
vaylian 20 hours ago|||
You are correct in that both option 1 and 2 are possible. For end-to-end encrypted messages only option 2 is possible. The content will be scanned directly on your own device and the data will be sent to the authorities without your knowledge, if the software detects something suspicious. This is called client-side-scanning.
Gigachad 13 hours ago||
The proposed Apple system was at least more restrained in that it was looking to identify known abuse images. Which is better than the Google one which aims to identify new unseen content which constantly flags parents acting legally sharing photos to medical professionals.
earth-tattoo 17 hours ago|||
There are in betweens of an iphone and analog camera. You can use a digital camera with an SD card that you plug into a laptop that never connects to internet.
Gigachad 13 hours ago||
So the average person is having to set up an air gapped system to store normal family photos while while Epstein's clients and co conspirators communicate over plain text Gmail and for some reason we can't do anything about it.
keremimo 5 hours ago||
You aren't that rich, so you are correct.
khalik 2 hours ago|||
[flagged]
cortesoft 21 hours ago||
[dead]
1vuio0pswjnm7 1 hour ago||
If so-called "tech" companies are allowed to have control over internet users' communications ("chat control"), where control over communications lies _exclusively with the company, not the user_,^1 then it stands to reason that governments, among others, may influence how that control is exercised

Unlike governments, generally, the companies may use control over communications for any purpose. For example, a surveillance-based advertising services is one purpose that we know about. The companies can collaborate with any party; it may be another another company, it may be a government. The company can utilise surveillance data collected and/or its ability to throttle and censor communications to further any purpose. The parties with whom the company collaborates may potentially use the data for any purpose

Unfortunately for users, the company is not required to disclose with whom it collaborates nor the terms of such collaborations. Hence users have no way to verfiy. Users of these "free services", have few, if any, rights against the company

This situation is preventable. What enables it to exist is user "consent" to ceding control over their private communications ("chat control") to so-called "tech" companies

1. This is accomplished through granting the company total control over the client software, e.g., "automatic updates'. The company effectvely (a) blocks chat participants from using their own client software and (b) forces chat participants to use client software controlled by the so-called 'tech" company. This software is provided for free and primarily serves the company, not the user, advancing the company's commercial interests, e.g., surveillance-based advertising services, at the expense of the user's privacy and security interests

This fact was summarised in a submission that reached the HN front page yesterday: https://news.ycombinator.com/item?id=48792203

keraf 16 hours ago||
The same governments pushing for this type of regulation are also the ones that fail to condemn high profile individuals involved in the crimes that these regulation are supposed to help fight. Makes you really wonder if it's about protecting the children.
wavemode 2 hours ago||
You make it sound as though this is a proposal for legislation in the US...
keraf 1 hour ago||
There are plenty of friends of that one famous financier roaming the old continent, who probably won't ever see a courtroom or prison cell in their lifetime, despite a lot of incriminating evidence.
matheusmoreira 12 hours ago||
It was never about children. They're just using children as political weapons to justify their 1984 panopticon dictatorships.
rixed 6 hours ago||
So many messages about child safety in the press and even here... Who cares about chat control when they already have mind control.
kotberg 5 minutes ago||
EuSSR = "Demooocrazy" in action. Enjoy. You Liberals cried for it.
Zufriedenheit 22 hours ago||
They claim to protect consumers and privacy and then push this creepy surveillance state.
pqtyw 21 hours ago||
Well it's privacy from private companies. The government still needs to see everything you do just in case. Its not like you have anything to do hide? Do you?
pembrook 19 hours ago|||
I keep trying to explain to people that private companies harvesting your data, while not good, is done solely for the purpose of trying to get you to voluntarily buy more toilet bowl cleaner.

Meanwhile, Governments can take away your freedom, block your right to speech, ruin your entire life, seize your private assets/wealth, take away your children, deport you, etc...all depending on how the cultural wind is blowing on a particular day. And they are legally entitled to hold a gun to your head or kill you if you don't comply.

These are not the same level of risk. Yet more hysterical attention is paid to the former instead of the latter. This is dumb.

Be more worried about governments. Read more history.

jolmg 14 hours ago|||
> I keep trying to explain to people that private companies harvesting your data, while not good, is done solely for the purpose of trying to get you to voluntarily buy more toilet bowl cleaner.

A reminder that governments can buy from private companies. A company like Palantir can buy data from private companies then incorporate it into the software it sells to governments.

kvgr 6 hours ago||
Yes and government should not be able to do this.
dinkleberg 18 hours ago||||
Exactly. And it is also incredibly short-sided and naive to push for more power for the government when you think it is just going to be used by "your side" for the issues you care about. When you want to wield those powers to promote your own ends against those you oppose, don't be surprised when those you oppose come into power and use those same powers back against you.
wredcoll 17 hours ago||||
Your comment seems to frame this as a "two sides issue" as if it was a see-saw and you can only move back and forth between one side and the other with no room for nuance or alternate directions.

Governments can do a lot of things that hurt you, this is a consequence of having power. Giant Corporations can also hurt you because they also have power.

In general I would agree that say, walmart, is mostly interested in encouraging you to shop at their stores more frequently with the information they gather, it's also true that other corporations are currently selling the information they gather to the government.

And, of course, if I dislike what e.g. the department of labour is doing with information it's collecting, I can vote for various representatives up and down the hierarchy of power, in the USA this would include things like state governors / attorneys, federal legislators, presidents, etc, all of whom have some level of influence over my information being collected and used.

If I dislike what walmart is doing, my options are considerably more limited. I can lobby for a law to be passed against it or I can essentially wish for it to go out of business.

wartywhoa23 7 hours ago|||
> Governments can do a lot of things that hurt you, this is a consequence of having power. Giant Corporations can also hurt you because they also have power.

False dichotomy, they are the same Lernaean Hydra.

neonstatic 15 hours ago||||
> if I dislike what e.g. the department of labour is doing with information it's collecting, I can vote for various representatives up and down the hierarchy of power

How has that been going? Did you manage to elect someone, who made a positive change? Let's be charitable - you can pick an example from your life that goes back up to 50 years.

pembrook 13 hours ago|||
> Your comment seems to frame this as a "two sides issue" as if it was a see-saw and you can only move back and forth between one side and the other with no room for nuance or alternate directions.

No. My point is you should fear centralized power in general, and in exact proportion to the scope of the power being centralized. All power gets abused.

Governments are centralized power on a scale that makes the most powerful corporation on earth look like an ant. Historically AND currently, the worst atrocities come from governments, not companies.

Yet, internet discourse (and new legislation) over the past 10 years has pretended like the biggest threat to us re: data collection is private companies. They are indeed a threat. But they are NOWHERE near the scale of the threat that data collection by governments represents.

This blind spot is part of the reason mass surveillance legislation is being rolled out (largely successfully) everywhere right now.

For example, we've created such a boogieman out of facebook/social media (which, ironically, doesn't even exist anymore as people remember it) that it has manufactured consent among the public for governments building the infrastructure for 1984. A far greater threat to us than micro-targeted face cream ads ever were.

sensanaty 7 hours ago|||
Yeah 'cause we've never had private corporations like Coca Cola or Chiquita Bananas hire paramilitary forces in South America before.

Both large gov't and large corpo are horrible and both should be equally avoided.

pembrook 4 hours ago||
So your position is that, because Coca Cola once funded paramilitary action in South America...companies are a worse threat to us than governments?

You don't seem able to hold two ideas in your head.

Yes, companies can abuse their power. Yes, governments can abuse their power.

However, the power wielded by governments is on a whole different scale, so the capacity for abuse and atrocity is exponentially larger (governments have killed millions and can literally destroy the entire world with firepower 100X over).

u8080 8 hours ago|||
Wtf are you talking about if NSA PRISM was discovered 10+ years ago which proved all private companies cooperated with govt to spy on you?

You say that govt is holding a gun to citizen's head, but govt also holding a gun at private company's head.

berkes 6 hours ago||||
Companies fall under the government. So what a company harvests (to sell more toilet bowl cleaner), is accessible to the government it falls under.

By that logic, you should fear companies at least as much as their governments when handing them your data.

But companies have additional goals: to increase profit. Which can be achieved by selling more toilet bowl cleaner. But also by externalising harm/pollution/costs, monopolising, reducing taxes, etc. All of which harm you, personally.

So, sure, worry about governments. But worry more about (big) companies. Read more history.

joenot443 5 hours ago|||
Governments have a monopoly on violence, companies generally do not.

This fact alone makes the comparison you’re trying to make pretty silly. You have far, far more to fear from the country from which you’re a citizen than the company for which you’re a customer.

Read more history.

asdewqqwer 4 hours ago||
Read Second Amendment.

Also, governments consists of a large amount of human each acting for their own benefit. Assuming they can easily collectively united as a single force to use violence to harm all citizen (on the topic of privacy, it really is the case) suddenly is wild.

On the contrary, for a limited government, it very likely will result in using the monopoly of violence to provide extreme capitalism style IP and private property protection which results in dominating power of large companies. On the other hand, every bit of history demonstrated you can never maintain monopoly of violence if you are really against people.

Monopoly on economic is strong because it can be guarded by violence, while violence cannot be easily guarded by itself within a country (unless AI overlord really comes).

Read more history.

pembrook 4 hours ago|||
This is actually a fantastic example of the blindspot I'm talking about.

You fundamentally are unable to judge risk correctly due to your political bias.

You're even admitting the risk of companies harvesting data is that it may fall in the hands of governments.

Yet you still think a private company lobbying to reduce taxes is a greater threat than your government wielding enough firepower to kill millions of people and destroy the entire world.

belorn 4 hours ago||||
The distinction is very much blurred, and there is much more profitable way to use data than getting people to voluntarily buy more toilet bowl cleaner.

Companies can use it to determine voting patters and sell that to interested political parties. Government are made from political parties and can steer money to those parties, thus the data can now be sold indirectly to the government.

Companies can use it to indirectly target competitors through their customers. Creating a monopoly is much more profitable than just selling more products. Gaining favors with political parties in the above strategy can also help here.

Companies can sell data to governments of other countries. Just because your own government has laws that forbids it, it doesn't mean other countries has the same laws or will treat the citizens of your country as their own. Trade like this can also occur in multiple steps. Company sell data to country A, and country A shares/sells it to your own government. Your own government might finds this preferable to buy it directly as laws may not apply to data shared/bought, even if that data is about their own citizens.

Selling personal data to the government is profitable, but there are also other interested parties. People in legal disputes may want information about the other side, or the juries, or even the judge. Companies that want to do industry espionage would want to buy information about other companies employees. Criminal organizations very much like to buy information about vulnerable people like the elderly. Again, the data doesn't need to be sold directly but can go through many hands until it finally reach the most scummy buyers, and the money will slowly trickle upwards to the seller.

As long as someone collects the data and is willing to sell it to someone, sooner or later it will be sold/leaked to someone who shouldn't have it. That is the fundamental issue with companies collecting personal information.

protocolture 17 hours ago||||
>I keep trying to explain to people that private companies harvesting your data, while not good, is done solely for the purpose of trying to get you to voluntarily buy more toilet bowl cleaner.

I keep trying to explain to people that any data companies harvest, for whatever purpose, can then be accessed by the government, and that trying to draw distinctions in what is a big massive ouroboros is irrelevant.

Even if you trust the company AND trust the government, the data exists forever, and no one can trust all future governments and all future corporations.

pembrook 17 hours ago||
The root issue is still government having absurdly asymmetric power over you.

If the government weren't legally able to use the toilet bowl cleaner companies data against you, it wouldn't matter.

The problem is us giving governments the right to use this data against us (passports to access the internet, messages being under constant surveillance, etc.)

In Europe we're happily handing over our rights every day so that governments have more power over us (supposedly to "protect" us from the big bad evil American tech companies).

Except, Google just wants to make $100/yr off me instead of $50/yr by me voluntarily choosing to use them.

Meanwhile, EU governments want to literally control what I think and feel and do, and take out $100,000 in debt on the backs of each of my children (we're at 115% debt-to-GDP in France) to fund this nightmare surveillance state.

ribosometronome 15 hours ago|||
The law can change. Which is why it's better if that data was not collected in the first place.

Plenty of companies collecting data are operated by people who want to control what you think, feel, and do both for profit and based on their owners personal beliefs.

protocolture 16 hours ago|||
>The Root Issue

Look trying to separate them is foolhardy. Corporations exist due the limitation of corporate liability provided by government. There's no scenario where you have a corporation without government. A corporation will sell you out wholesale to continue having the right to make 100 bucks a year off of people.

like_any_other 9 hours ago|||
> is done solely for the purpose of trying to get you to voluntarily buy more toilet bowl cleaner.

And to steal tips [1], lower your salary [2,3], charge you more [3,4], and limit how you may use "your" property [5]. I'm sure there are many I've missed.

Oh and how could I forget - to smear you if you stand in their way [6].

[1] https://en.wikipedia.org/wiki/DoorDash#Withholding_of_tips_a... (try doing that when tips are in cash)

[2] https://www.morningstar.com/news/marketwatch/20260401139/emp...

[3] https://towardsjustice.org/wp-content/uploads/2025/02/Real-S...

[4] https://en.wikipedia.org/wiki/Price_discrimination

[5] https://www.cnbc.com/2017/12/27/nvidia-limits-data-center-us...

[6] https://www.theguardian.com/business/2019/aug/07/monsanto-fu...

pembrook 4 hours ago||
Oh the horror, they might try to lower your salary forcing you to find another competing employer!

Meanwhile governments wield enough power to destroy the entire world 100X over, and are currently shoveling young boys into the meat grinder of war to be slaughtered by the thousands every day.

As a left-leaning forum, HN has a giant blind spot re: government power vs. corporate power. I'm trying to point this out.

Yes, companies can abuse their power. But their power pales in comparison to government power.

pqtyw 4 hours ago||
> As a left-leaning forum

Even if true it's almost entirely orthogonal.

The "right" is usually only against government control, intervention and surveillance until they get into power. Then they double down on them. Also right wing parties/groups are generally better at controlling and silencing internal opposition (since they are lot better shutting up and falling in line when push comes to shove regardless of their personal beliefs). So they are usually a lot more effective at imposing these things.

wartywhoa23 7 hours ago|||
I really hope this was /s.
nenadg 21 hours ago|||
>everyone else is doing it so why miss out the opportunity
rvz 20 hours ago|||
You are now finally realizing what a trojan horse is.
petcat 17 hours ago||
You think USA is the Trojan Horse? Barak Obama said, in no uncertain terms, that Europe needed to mobilize and arm itself.

But of course Europe just ignored that warning. Like it anyways has.

petcat 21 hours ago||
At this point I think it's obvious that EU is in turmoil. They're struggling to come to grips with the idea of a Russian invasion on their eastern borders, and simultaneously USA pivoting to Asia and not willing to front their defense after 40+ years of imploring them to do so themselves.

They've outsourced nearly every critical component of a large sustainable society to the rest of the world: Russia, USA, China, India.

But at the same time, their politicians can't do anything because the minute they suggest that they might have to start cutting pensions and public welfare, and all of these different things in order to start supporting national industry and defense, they lose support immediately.

sdsdssweew213 19 hours ago|||
EU has quite successfully decoupled from Russia already, we aren't heavily dependent on Russian energy or other natural resources anymore.

Also, EU countries in Eastern Europe do already have a high military spending, and even Western European countries are improving.

The situation is less than ideal but not hopeless.

sunshine-o 8 hours ago|||
> Also, EU countries in Eastern Europe do already have a high military spending, and even Western European countries are improving.

I would really challenge that idea that increasing military spending will create a solid and useful military force.

Most of the money you inject within the military industrial complex is wasted and stolen. At some point it can become counterproductive, we can see it with the US military where recently Iran’s $30k shahed drone destroys $300M US radars.

Note that today's politician never state goals in practical military terms but rather in billions and trillions spent. So they are always victorious. I do not remember Alexander the Great, Hannibal, Julius Caesar, Napoleon Bonaparte or Genghis Khan stating their objectives in terms of money spent.

joe_mamba 7 hours ago||
>I would really challenge that idea that increasing military spending will create a solid and useful military force.

Germany is the EU proof of that. It outpends France at defense spending but its military is massively smaller and less capable, and also non-nuclear to boot. So they're getting a very poor bang for their buck. Mostly because of bureaucracy and corruption are eating most of their money before it gets spent on the troops.

>Most of the money you inject within the military industrial complex is wasted and stolen.

That's why I'm not holding my breath at the whole "German rearmament" propaganda. Most of the money will go to boost the stock of Rheinmetall and friends, not boost the troops.

holoduke 19 hours ago|||
It's hopeless. Enormous amounts of money is flowing out of Europe into China and the US. Europe has dogshit to offer. You already see it with gdp not growing. Whereas rest of the world did grow. Even Russia has higher GDP growth than Germany. Euro leadership is not smart.
Barrin92 15 hours ago||||
>They've outsourced nearly every critical component of a large sustainable society to the rest of the world: Russia, USA, China, India.

The EU is about twice as industrialized as the US is, In the town of Unterlüß of four thousand people Germany produces about half as many artillery shells as the entire US does (and nationally alone now produces more) and Ukraine and Europe have, for the last 18 months, defended Ukraine without about any support from anyone else. Where do you get your information about Europe, on twitter?

coredev_ 21 hours ago||||
Whoa, where do you get your news from - Fox?
pessimizer 21 hours ago||||
[flagged]
holoduke 20 hours ago||
Well the Americans are not particularly clean in this situation. For them it's all about creating a situation where Europe keeps buying overpriced weapons from the US to support Ukraine in their slow march to death. Most euro leaders have sold their souls to the devil and live in a bubble of illusions and wishful thinking. They are all employees of the the American system. You won't even make it to the selection level it you don't comply with their ideas and morals. The only way out of this is a new wave that ditches the US completely and start doing business with Russia and China on a massive scale. Not gonna happen though.
petcat 18 hours ago||
Every American president since 1980 begged Europe and NATO to take responsibility and invest in is own security.
martimarkov 21 hours ago|||
[flagged]
bluebarbet 17 hours ago|||
This comment adds zero value. Make a point if you have one.
wredcoll 17 hours ago|||
The parent post adds zero value, why start now?
izacus 10 hours ago|||
It is dishonest and unreasonable to demand that a pile of utter nonsense is answered with more energy it took to spew out bs.

Go demand that the original poster provides value.

bluebarbet 7 hours ago||
I like to think we might all agree that two "piles of utter nonsense" are worse than one.
petcat 20 hours ago|||
Why don't you tell me what you know about this topic
kvgr 6 hours ago|
What i found the most fascinating, is that they say its to protect children. But when you look at real child abuse cases, there are huge gaps in sentencing, policing and protecting kids in all countries. Where i live child abuser will get lower sentence than someone who sold weed. There is a lot of real police work that can be done, honey trap pedos on roblox, infiltrate public whatsapp groups to check and monitor for soliciting. Actually listening and responding to child abuse. Work with schools. But this just requires real work. They don't want to do real work. And at the end, it will get thrown out by some senile corrupted judge.

They just want total control.

Closi 5 hours ago|
It's 100% about control - it's the same in the UK.

Last year it was about having to scan your face to verify your age to access porn (to protect the children). They said: It's not about control, it's about protecting children.

Last month the same government announced they will use the same technology to prevent access to Youtube and Twitter without giving over your ID and confirming who you are... Still under the 'protecting the children' banner.

More comments...