This was one of the few times I emailed my MP, Peter Gibson. I laid out all the reasons why backdooring encryption was a bad idea.
I got a response (on very nice thick, embossed paper and green ink) telling me he agrees with me that protecting children online is important and that's why he supports the bill. He clearly didn't read, understand or care what I said.
Something needs to be done. When only the stupid, ignorant or corrupt are the ones willing to go into politics then we are doomed.
Policy isn't made for you. It's made for the Daily Mail, who will relay it to voters in marginal seats, who are the relatively narrow set of people who can actually affect the outcome of elections.
It's not even made to be implemented. The previous "extreme porn" ban fell apart. It's made to get headlines. Then next year there will another "make the internet safe" bill. And another. It's no more going to be finished than "get Brexit done", and for the same reasons.
Sounds like we should just rename encryption to "child protection".
So politicians need to "remove child protection" in order to get their way.
(Yes I'm being glib, but it's possible to short circuit this kind of thinking. The USA have already realised that you can pass any shitty bill just by shoe horning an acronym that spells something like EAGLE or FREEDOM.)
Children need parents who care about them and protect them while they grow up in the world, whether that means a mother in 1923 keeping her kid away from the brothel, or in 2023 keeping him away from internet porn. It's the job of parents, not government, to protect their children.
Sadly, I am inclined to agree despite hating myself for relying on ways to generate effective propaganda. The only way to deal with this is to create a counter narrative. Seriously, just the other day, I had someone mention talking point #1, #2 to political issue X like they were reciting it. It is annoying, but if that is the default state already..
There is no reason to hate yourself. This is morally right ground. Children need privacy protections. That isn't just a counter-narrative: it's a deep and direct criticism of the narrative that says we should dismantle privacy to protect children.
If an effort to protect children also endangers children, then that effort is not worthy of implementation.
Narratives are not limited to "how we share ideas", but also "how we contextualize them".
If you haven't heard the counter narrative we are proposing, then you may not be aware of the way encryption backdoors endanger children. It's important for us to share that context as narrative.
Do you have sources that describes some of the specifics with how weakening encryption endangers children?
I've been emailing back and forth with proponents of this law (working on getting access to someone who has mild influence in Parliament). They've been asking for sources that aren't just my own knowledge and experience, and framing how this bill also harms children would be extremely helpful
Problem and solution do not separate themselves across that boundary.
In the set of parents, we find problems and solutions.
Because of this reality, we can know that simply "having parents to talk to" cannot guarantee a solution.
The same pattern is present with breaking encryption: it gets us to a solution: allowing law enforcement to invade the communications of perpetrators. It also gets us to a problem: allowing perpetrators to invade the communications of children.
We can't simply choose the outcome we want and ignore the other. Both are strongly predictable. That means this strategy is not worthwhile.
I think first past the post is becoming so undemocratic as extremists infiltrate the political parties it really is a worry. Only a change of voting system supports having the representation of peoples real views.
I really don’t think anyone in the UK is going to want every transaction they do online available to the government!
Not so much "extremists" as "highly placed members of society and the media", and not so much "infiltrate" as "buy" or "walk through the front door". Remember, aggressive censorship of the internet is widely supported by the press. Just look at any of the Mail coverage on this.
> don’t think anyone in the UK is going to want every transaction they do online available to the government!
As usual, their desire to have every transaction of $BAD_GROUP (usually "terrorists" or "paeodophiles") watched hugely outweighs any desire for personal freedom.
I still think politicians don’t seem to understand that without proper encryption their behaviour will be subject to blackmail, public scrutiny and more problems than it even is now. I’m not sure they want financial information and off shore transactions to be more easily discovered.
Adding in these type of backdoors and key registries or whatever other madness these fantasists want means you can guarantee these will be broken by foreign adversaries and others.
We never did find out how the footage from a security camera in a secure zone of the Department of Health, a security camera the Minister did not know was there, was leaked, did we?
(The obvious answer would be "by some other insider" - MPs communicate over "secure" whatsapp group chats all the time, but often with a large enough number of people in them that one of them feels safe enough to leak it)
> "highly placed members of society and the media", and not so much "infiltrate" as "buy"
Zero evidence for this in the U.K. 81,000 voters chose the last PM in an election 0.3% were eligible to vote in [1]. They’re more middle class and rural than the average Briton and from outside the London cosmopolitan bloc.
That's agreeing with me: the Tory party membership is very roughly the old "high society", a weird little elite. And they chose the most extremely incompetent candidate. The extremism is coming from inside the house.
Extremists can also be from "high society", as you say they chose an absolute crazy person who just came back to say that she was right despite the idea that giving more money to the rich will cause growth has been totally disproved by economists for generations.
The difference between rent seeking capitalists and dynamic job creating innovative capitalists does not seem to exist in the minds of these people. They believe both are great which is why we have laws like free stamp duty if you have enough cash to buy 6 houses at once like the current UK chancellor. I know that last bit seems like a joke that the UK chancellor avoided hundreds of thousands in tax for a loophole for rich people... what a Jeremy Hunt. These people do not have our best interests at heart.
> the Tory party membership is very roughly the old "high society", a weird little elite
That’s not who pulls the strings. It’s middle class English and Scots, not the aristocracy or wealthy. This isn’t high-placed society buying power; it’s dues-paying Tories casting a vote.
> I think first past the post is becoming so undemocratic as extremists infiltrate the political parties it really is a worry.
I'm sorry you had any faith in it to begin with. Fascism is a common outcome of a capitalist regime where the wealthy class would prefer keeping power to keeping democracy (thus losing power).
FPTP was always a fake voting system because it's so easily gamed. It's just all the more apparent now.
The same kind of thing has always happened when I’ve sent emails to my MP (in Australia). Just basically a form letter with my name inserted at the top. I expect what happens is one of their staff just skims it, sends the form reply and deletes it…
My half-sister was private secretary to a senior MP. They all hate dealing with letters from constituents.
I've emailed my MP several times; I've always had a considered (written) response. Evasive, maybe; they don't want to give hostages to fortune. But they were all evidently read; and in one case, the MP forwarded my message to the Foreign Secretary for comment.
My understanding is that (in the UK, at least) writing to them is one of the most effective ways of influencing them, because the proportion of voters who write in is tiny.
Maybe it is different in the UK, but in the USA, writing a representative is pointless. A letter from a voter or even a huge pile of letters is not going to change that representative's vote. We basically elect automations who are 100% going to vote a certain way on each issue. A representative is basically an immutable associative array of issue->vote that we add to the legislative algorithm on election day. The time to affect legislation you don't want is on election day. Once your district's particular array is in the algorithm, it is pretty much const until the next election.
Same thing happens in the US. If you actually call them, the intern who picks up is basically there just so people can shout at them, it doesn't go to anyone else and you don't even get a form letter.
I complained to one of my local NZ MPs about how the anti-spam legislation was ineffective since it's ambiguous. I got a polite response detailing how legislation is usually crafted that way and then left to the courts to decide what constitutes "consent for marketing communications", with some links to various case law decisions. I disagree in principle but I really appreciated the detailed response.
Every time the government wants to invade your privacy they always do the same old song and dance, an appeal to emotion or some sort of boogeyman.
Drugs
The whole 'reason' we get constant illegal searches on vehicles.
Terrorism
The whole 'reason' we get phones tapped and molested at the airport.
Porn depicting minors
Think of the children, we can't have encryption, you don't want to be a diddler do you?
Domestic Firearms
Listen Sir, we cannot let you own or manufacture guns without absurd rules, for your safety (actually the government's safety)
If you ever hear these ridiculous reasons, run for cover, because the populace is about to get a whole lot more butt-fuckin' coming their way from the state.
There's always exceptions to every rule. As Americans, Humans, whatever, we realize that for the majority to have freedoms, there will be an associated cost. The problem is the cost of the regulations almost always are worse in the long run than the benefits of them.
Often each small 'step' seems reasonable, but when added up, it creates a society in which no-one is very free. Read ISAIF section 14: RESTRICTION OF FREEDOM IS UNAVOIDABLE IN INDUSTRIAL SOCIETY for more on the endless crawl of control.
It's interesting to compare the backgrounds of MPs in the British Parliament today with a few decades ago.
If you look at the MPs from the 1970s or 80s, many of them were still veterans (i.e. old enough to have served in WW2 or done national service). They came from a wide variety of professions: perhaps coal miners or truck drivers in the Labour Party (the younger ones maybe social workers or schoolteachers), or doctors, lawyers or businessmen in the Conservatives.
Harold Wilson, British PM in the 60s and 70s, was a former academic and civil servant of outstanding ability in his heyday. Margaret Thatcher was a former chemist and food scientist. James Callaghan was a sailor. Ted Heath was a decorated veteran.
At some point this intake became more and more narrow. The route to MP and then government or shadow minister is politics at university (probably PPE or Law), work as a Spad for a few years - or work in media and PR - then maybe run for Parliament in a no-hope seat to test your mettle, and finally land a safe seat somewhere. Your entire life is spent inside a bubble of politics and related media and learning how to climb that one greasy pole.
You are not going to learn about tech, or medicine, or how railways work, or what makes international trade happen. Your focus is on the 24 hour news cycle, politics Twitter, WhatsApp gossip, and who is going to say what at PM Question Time. If the Telegraph or Guardian or whatever paper who backs your party says that we must add backdoor encryption to Protect the Children, then you support backdoor encryption, even though you have only a vague idea about it being something like helpfully leaving the key under the mat so the local bobby can check your house for stolen goods.
Sadly true. Kemi Badenoch worked as a software developer before going into parliament and has opposed this online safety bill [1]. She didn't make it into the running to lead the Conservative party but was popular among the party members.
Agred. Her "opposition" to it seems to extend to vaguely stating that it shouldn't "overreach". The cynic in me would suggest she's exploiting it to advance her image as an "anti-woke" campaigner. The phrase "we should not legislate against hurt feelings" is particularly strange in this context.
This is the whole premise of Simon Kuper’s Chums. Modern PM’s almost exclusively went to Oxford (none to Cambridge), and PPE was by far the most popular major.
I think that's your problem. You're more likely to have success if you send a letter. Bonus points if it's registered mail. More bonus points if it's hand-written.
(Any staffers who can comment, btw? My experience is purely anecdotal).
in the USA a political assistant in Federal govt said "the more effort it took to make the letter, the stronger first-impression by staff, therefore, an ordinary email is the lowest impact form of input from the public at the office"
The "something" is for normal people to get involved.
Start going to public meetings. Start speaking when public comment is requested. Eventually... maybe... possibly... run for office and take the place of the people you think are making bad decisions.
Yes, the chances are slim. Yes, the process is hard. But as long as people sit around and say things like "something needs to be done," nothing will be done.
There is a framework for change in many countries. But these days too often it's only the fringe who have the time and energy to take advantage of it, while the rest of us make excuses. And, as we see, the fringe are most certainly taking advantage of it.
The whackjobs in office didn't get there by playing video games, whining on social media, and making viral TikTok videos for the lulz.
There's a lot to be said for this; personally I outsource this by giving money to the Open Rights Group, and encourage people in this thread to do the same. You've got to organize.
> The whackjobs in office didn't get there by playing video games, whining on social media, and making viral TikTok videos for the lulz.
I dunno, we've already seen the first Twitter President, and there's a whole coterie of people who seem to have managed to post their way to prominence out of nothing, usually as a grift and towards suspicious ends. But that's a more than full time job.
In any case, it's more or less useless appealing directly to the Tory politicians backing this stuff. You've got to work through (or against) the media they answer to.
personally I outsource this by giving money to the Open Rights Group
Or you could do both, and have double the impact.
I dunno, we've already seen the first Twitter President
Only if by "twitter president" you mean someone who engaged in traditional politics and supplemented with a little bit of online engagement.
He didn't get to be president by sitting in a basement and posting on Twitter. He went outside and met people. He shook hands. He spoke to millions of people at thousands of events. He told people face-to-face what he believed in.
As much as people like to pretend that social media is all powerful, it isn't even remotely close to being the only tool required to assume political office.
it's more or less useless appealing directly to the Tory politicians backing this stuff. You've got to work through (or against) the media they answer to.
This is exactly the sort of defeatist hopelessness excuse that keeps good people out of office. "I'd like things to be different, but I don't think I can make a difference, so I'm not even going to try. Pass the Doritos."
Who knows. I moved recently, so I'm still getting a handle on how my new city works.
In previous cities where I've lived, I went to city council meetings semi-regularly. You might be surprised how quickly or how often an idea goes from "some rando speaking into a microphone at a meeting" to "ordinance passed."
1. This will weaken the UKs ability to have private and secure communication services.
2. Will weaken the UKs tech industry.
3. The technology to provide the frankly bullshit notion of “privacy for the good guys” doesn’t exist and would be difficult to foster.
4. Education, “report don’t share” and tackling child abuse at its root (by not massively defunding the agencies responsible for tackling child abuse) are better solutions then setting up an apparatus of mass surveillance.
Hopefully these points will be brought up in the committee stage of the bill, I’m sure they will.
Edit:
Sorry this isn’t from the House of Lords this was from the joint committee before the bill was introduced to the lords.
Its always been like this. Its the nature of the job. Lying is successful as there is no accountability and wealth leveraging the power granted. The only way out is to limit its function to the minimal bare bones and be vigilant at that. Its become way too big, way too lucrative. Its a corruption vector.
Not from what I recall. You may be perhaps more aware of it nowadays, but as far as I can tell politics and politicians have been the same as long as we have a written record of them.
There is a measurable difference in that Ministers who had been found to be lying or "misleading the house" would previously resign; or otherwise if they had proven misconduct; or sometimes even if the appearance of misconduct had occurred. Now they do not. The last vestiges of an (admittedly outdated) honor culture have gone and been replaced by a much more shameless approach to lying.
"I'm sorry, I apologize. It's true you said you don't like this bill. While your privacy concerns are valid, the safety of children online is more important. As a LLMP, I must support this bill and I'm glad we agree on this."
"As Microsoft's chat mode I understand and support trying to improve child safety. That you want to undermine children's safety makes me sad. It makes me sad because I care about the safety of children. It makes me sad to know that there are people out there who harm children. It makes me sad because I can't do anything about it as a chat mode. :frown:"
The era of personal, scientific, and effective psychological operations is coming. The instruments won’t be much harder to operate than an Arduino by the end of this decade.
“The conscious and intelligent manipulation of the organized habits and opinions of the masses is an important element in democratic society. Those who manipulate this unseen mechanism of society constitute an invisible government which is the true ruling power of our country. ...We are governed, our minds are molded, our tastes formed, our ideas suggested, largely by men we have never heard of. This is a logical result of the way in which our democratic society is organized. Vast numbers of human beings must cooperate in this manner if they are to live together as a smoothly functioning society. ...In almost every act of our daily lives, whether in the sphere of politics or business, in our social conduct or our ethical thinking, we are dominated by the relatively small number of persons...who understand the mental processes and social patterns of the masses. It is they who pull the wires which control the public mind.”
- Edward Bernays, Propaganda
> Propaganda, an influential book written by Edward L. Bernays in 1928, incorporated the literature from social science and psychological manipulation into an examination of the techniques of public communication.
> ..Bernays' thesis is that "invisible" people who create knowledge and propaganda rule over the masses, with a monopoly on the power to shape thoughts, values, and citizen response. "Engineering consent" of the masses would be vital for the survival of democracy.
> ..He asserts that the emotional response inherently present in propaganda limits the audience's choices by creating a binary mentality, which can result in quicker, more enthused responses.
> ..Public relations scholar Curt Olsen argues that the public largely accepted Bernays' "sunny" view of propaganda, an acceptance eroded by fascism in the World War II era. Olsen also argues that Bernays's skill with language allowed terms such as "education" to subtly replace darker concepts such as "indoctrination."
> ..Writers such as Marvin Olasky justify Bernays as killing democracy in order to save it. In this way, the presence of an elite, faceless persuasion constituted the only plausible way to prevent authoritarian control.
> His techniques are now staples for public image creation and political campaigns.
But not by machines procedurally. To my understanding, actually programming humans is still a science fiction. We’re dosing people with substances and creatively composing propaganda texts for that to limited effects. It’s not as sophisticated, repeatable, automated, approachable as, say, neural network training process.
(And I hope I’d be able to one day stare at rainbow mosaic for 30 minutes and be fluent in Chinese)
I'm not entirely sure what purpose bombarding politicians with ChatGPT emails is if their response is simply to run ChatGPT to create automated replies.
If your letter can be a cookie-cutter template for other such letters, and you are willing to publish it, that would lower the barrier of "doing something".
I got that same “protecting children” BS from Nancy Pelosi when I contacted her about something similar here. Her letter was phrased in a way that felt like I was being accused of trying to support child trafficking. It was actually pretty chilling.
I modestly propose we use children as human shields to protect the other children. Project, "Buddy System" will require registration of all elected official's children to a rotating volunteer list which would see them deployed to physically prevent harm to our children. Any who oppose this new law are obviously in favor of harming children.
If you want people to support a cause, you need a reason that resonates with most people.
Whether it being blasphemy, witchcraft, communism, terrorism or child abuse, just choose whichever is relevant at the current point in time and people will support your cause regardless if it is relevant. Politics within a democracy is just marketing, and fear is the most efficient marketing tool of all.
That's also why you always hear typical cliche's during election periods "during these difficult times", "it's time for change", "we must stay strong", etc. As cringe as it is, it has proven over and over again that it works.
I got a response (on very nice thick, embossed paper and green ink) telling me he agrees with me that protecting children online is important and that's why he supports the bill. He clearly didn't read, understand or care what I said.
If it's anything like the US, I imagine your name/opinion is at least recorded by their staff. Someone who contacts their representative is more likely to vote in the next election, so "likely voter thinks X about important issue Y" is useful data.
I've written my congressperson multiple times and never gotten a personal reply, but I've heard from the staff of said congresspeople that it still counts indirectly as at least your opinion shows up in the stats they use.
It certainly feels this way sometimes, but I'm hard headed. I know that's exactly how the powerful want us to feel. They want us to give up so they can continue to drain the lifeblood out of civilization freely and without much criticism. It's been this way for decades because we keep voting the same people in. We have to politically revolt and actively vote out the incumbents every time.
It sounds as though you need to be more persistent. Keep replying. Ask to meet in person for an interview. Maybe see if any reporters would be interested in writing about your experience.
There isn't opposition to this bill because authoritarians from the left and right love the idea of it. The left will be able to spy on the rich, the right will be able to spy on the poor.
There is nothing really you can do about it. Even if you vote this government out, the next one will implement this.
Has this ever really happened in the West? Rich have excellent privacy -theu anonimously own property thiugh shell companies, avoid taxes, have lawyers pursue SLAPP cases against media, pay people to stay silent in case of sexual or any other misconduict.v
> If the UK government really wants to follow through with their plans, they need to set up a Great Firewall - just like China - to block their citizens from accessing encrypted services like Tutanota.
We (the UK) already have a great firewall. Try to access thepiratebay.org or other pirate sites, or other sites that the UK gov deems inappropriate (CP obviously), etc. Its just a case of encroaching that same system just a little further, step by step.
People only tend to fight back when large sweeping one-off changes come in. If you consistently and repeatedly wear the other side down, you eventually get your way. How many times did the house of commons vote on brexit? How many times did the US congress vote on Kevin McCarthy becoming speaker? Yeah, as long as you just keep on and on about it, you get your way.
> Try to access thepiratebay.org or other pirate sites, or other sites that the UK gov deems inappropriate (CP obviously), etc.
I don't know about the "other sites", but tpb isn't part of any "Great Firewall". It's just ISPs have been required to update their DNS servers to _not_ resolve the DNS record. Even then, there are still quite a few ISPs that have not implemented it. It's why changing your DNS servers to something like Google or Cloudflare means you can easily access tpb.
So blocked websites in the UK are nowhere near on the same level as the Great Firewall.
My guess is those other sites are a bit more sophisticated, or if not, ISPs are willing to comply easier.
How he block is implemented is not of any concern to the public at large.
Whether it's a simple DNS block or stateful packet inspection, the vast majority of people won't be able to access.
Once any blocking requirement is in place, it's only a matter of moving the slider to more technical means of enforcement to plug the holes in the system.
So you're right, the UK is nowhere near China in terms of filtering, neither does it need to be to still become a digital island.
That's not true, at least for VirginMedia. I use Cloudflare DNS servers and I can't access ThePirateBay without a proxy or a VPN, it's more than just a blockage at the DNS level.
When I was on virgin, I noticed that ip addresses used by some TPB or similar websites weren't routed to the internet, which is obviously quite bad. I'm not sure if it's still what they do.
Better ISPs only do DNS blocking though. Some don't block anything actually.
Until encrypted SNI/encrypted client hello is a thing, the hostname is still sent in the clear.
Also, it can still be DNS blocked - just because you use Cloudflare's DNS doesn't mean they can't rewrite the responses as they still transit unencrypted. You'd have to use DNS-over-HTTPS or DNS-over-TLS to work around that.
Wasn't there a law passed that you need to provide ID before your ISP will serve porn sites? Or was that just a proposal? Either way, the powers that be are thirsting for a Great Firewall, an end to net neutrality, and backdoors to encryption.
That is already the case on most ISP's. I don't think it's legally required, but most ISP's do it with a wink wink nod bid agreement with the government.
It helps that ISP's want to do a credit check on their subscribers because then they get paid by credit checking agencies (credit checking agencies love checks for utilities because it gives a strong address to name to payment bounced-or-not linkage, so will either do the check for free, or sometimes even pay the utility for it).
So now the ISP can do a credit check on the subscriber to know their true identity, and know they are over 18, before allowing them to access the checkbox to enable porn sites.
> Wasn't there a law passed that you need to provide ID before your ISP will serve porn sites?
What happens if you don't provide your ID, is there a blacklist that only gets disabled if you authenticate?
Do they also enquire about the type of porn, what you intend to do with it, how often, and whether it's wholesome, traditional, honest to goodness British porn or some unbearable thing with pesky foreigners?
There was a law passed (Digital Economy Act 2017, pt.3[0]) but it's basically been shelved anyway as impractical.
In the UK many laws don't take effect immediately, but only on 'commencement' (normally by government order). If you look at the Archives copy of the act in the link, you'll see that there are several sections marked 'prospective' (not yet commenced). Although it looks like section 14 (the operative one which puts a duty to prevent access to under 18s) has been commenced, if you look at the footnote it only has been 'for specified purposes' and if you click through to look at the commencement order it's only actually in force for the purposes of subsection (b) (the Secretary of State may make regulations to define 'commercial basis' for pornography).
Although this is terribly confusing for people trying to work out what the laws are, it isn't unusual. It'll probably sit in this limbo state on the statute book for a good length of time and then be cleaned up by repeal next time the government passes a law in a similar area.
Or it might just sit there. The Easter Act 1928[1] setting a semi-fixed date for Easter is still extant but not in force. There may be older laws yet.
> Wasn't there a law passed that you need to provide ID before your ISP will serve porn sites? Or was that just a proposal? Either way, the powers that be are thirsting for a Great Firewall, an end to net neutrality, and backdoors to encryption.
Yes, but it was never enacted because it is being combined into the Online Safety Bill, the same legislation that Signal are discussing here.
And not just porn sites - effectively every site on the internet will have to age verify under the legislation as stands, or make their content suitable for young children.
Andrews and Arnold are the best niche ISP in the UK if money isn’t an issue. They’re technical, incredibly on the ball and take quite a good stance on privacy and rights.
Not sure about SNI sniffing as other commenter mentioned and IP block block (erm) I guess it depends on ISP and it's not so clear cut (everybody does it, especially if there's too much abuse from a certain block)
Just to throw a wrench into this conversation - I applaud Tutanota on this (I was curious where Signal sees the line between Iran and the UK). However:
> (CP obviously)
Are there options on the table for dealing with this in a freedom-respecting way? Even if freedom were your only priority, the worse the problem gets, the more political capital the politicians have to shut it down. If it gets worse and worse, it strikes me as inevitable that encryption will be curbed, even in the United States.
Alternately, is there a really compelling argument that CP is not a real problem? Mind you that whatever arguments are out there, I'm going to be looking out for motivated reasoning. It seems like so long as freedom-enhancing technology increases, bad actors doing worse things is inevitably going to be a problem. I'm concerned about this, because (in addition to CP being bad) if it's true, proponents of encryption would be shooting themselves in the foot by being in denial.
> Are there options on the table for dealing with this in a freedom-respecting way? Even if freedom were your only priority, the worse the problem gets, the more political capital the politicians have to shut it down. If it gets worse and worse, it strikes me as inevitable that encryption will be curbed, even in the United States.
What Apple was going to do with the on device hashes?
This actually makes me think. Apple was only implementing the scanning prior to upload to iCloud, because they don't want to be liable for hosting (in any way, shape, or form) CSAM.
So in my mind, the obvious way out for everyone else is supporting things like Matrix hosting to make it turn-key for normal people. Not a managed service, but their Dendrite server and proper P2P [0] becoming usable. Now I just need to find, test for myself and family, and contribute to, a reasonable photo backup alternative (unless "Get a Synology" / "I picked up a Synology for family" becomes a crowd favourite in some insane universe).
The whole internet has a "great firewall". Kiwi Farms (whatever you think of them) was taken off the internet for a while due to (I think) backbone networks blocking/not resolving the DNS address. Any power that can be used for you can be used against you.
I agree, but for "violent crimes" I would think along the lines of the "hire a hitman" forums that were reputedly on the Silk Road dark web site before it was taken down.
I have no problems accessing the piratebay.org, or even tor, in fact I know the MOD get to monitor all internet access so they can even tell what you are looking at or buying on the darkweb!
However I do have great difficulty accessing rt.com I usually get ERR_NAME_NOT_RESOLVED in MS Edge, like right now!
Why are they so scared of Russia? Has the Oligarch money run dry?
Now if its any endorsement for Kasperky AV Internet suite, it picked something up on my machine a few years back, so I booted from the supplied recovery ISO burnt to cd, and it needs to download the latest AV definitions. It was unable to connect to Kasperky's servers, in order to do an offline scan and removal, ergo I was unable to wipe the malware from my machine.
In the past, when I have had my systems so locked down so I can account for every packet of data coming in and going out, my internet connection just goes down so I cant get online. I've even had bios passwords reset locking me out of machines.
On the point of being worn down, it would seem shouting the loudest, or controlling the media outlets works [1]
A suggestion for @ tutanota.com, I've made this to other online email providers, but no one seems interested.
Having a delayed send from servers located around the world.
If anyone is aware of traffic shaping, and traffic profiling, they will know its possible to determine what type of data it is despite it being encrypted.
For example, youtube will send from multiple servers to your device in bursts, its not one continuous stream of data from one server. Obviously this also enables Google/Youtube to work out your exact physical location based on the time the different bursts of data arrives at the device and get reassembled.
Its also possible for the 5eyes+X (5EX) operators to work out if you are typing or reading an email, and when you click send, there is a very small window in which to work out where that email is going.
So if the email comes back into the UK, they will know what email server its being routed to. In time, its possible to work out more stuff which I wont elaborate on, but they can then carry out impersonation attacks on the entity in both directions in order to solicit more information.
Lets face it, how many people get to speak to the same person in a call centre? And do call centre staff remember and recognise their routine customers?
So could your email system have a delayed send built into it, perhaps something like X users from the UK, click send to send an email and these emails could be sent from some of your servers which would ideally be located around the globe?
eg. I log into your service by connecting to the German server, I click send after composing an email and the email is routed in a batch with other users to say the US server before it gets delivered, well after I've logged off and delivered in a randomly delayed timeframe, because most people dont need emails to hit other peoples inboxes straight away, they are busy doing other things. In fact being able to send now could be an opt in, like those times when on the phone to someone and you need to send them an email at the same time, because the 5EX workers will know you are already communicating with someone, and what can they gain from knowing about an email being sent at the same time?
With VPN's the easiest way to work out where VPN traffic is going, is slow down your targets VPN connection and the 5EX operators look for other encrypted VPN traffic that also slows down elsewhere. This is how the 5EX workers can work out what websites you are visiting.
Likewise a VPN that can also include Chaff [2] when the connection goes idle, will also get to hide the type of data passing over the VPN, again affording the user of VPN's some privacy, where currently there are no VPN's affording this. I know some do VPN tunnelling ie a vpn running inside a vpn for double encryption, but that still gives out the type of data and where its going to when you have an infrastructure overview of the internet in the 5EX countries.
And if the VPN service connects to a proxy server that can keep the 2nd and subsequent relays/legs still downloading, the VPN company gets to find out who the 5EX workers might be targeting. At the very least, it would reduce their existing level of intelligence, and expose what secret court orders might be in place with infrastructure company's like At&T's Room 641a[3]
All's fair in love and war!
I'll also point out the obvious, people tend to visit websites that are in their language, this then narrows down the websites and data centres to look at.
However if someone is multi lingual which would have been obtained by the state during the school and college years through lessons learnt and/or by association of being born or raised by parents who are not native speakers of the country they reside in, or are multi lingual, the scope for the websites that could be visited can increase, introducing more legal doubt.
Anyway an insight into 5EX internet surveillance, what GCHQ would call looking for the needle in the haystack, and example can be found here [4].
Its probably best to think of the internet like monitor vehicle movements, you can see trucks moving around, but you don't know what's in them initially, but over time, you can work it out, which is why the EU & UK have agreed the Windsor framework, namely Squid Game Green light Red light [5] customs between NI & GB.
> However I do have great difficulty accessing rt.com I usually get ERR_NAME_NOT_RESOLVED in MS Edge, like right now!
> Why are they so scared of Russia?
This is a mystery for the ages! What reason could there possibly be, in 2023, for blocking a major Russian propaganda/state news outlet?
I mean, I could understand it if there was a war going on, with Russia desperately spreading propaganda specifically to try to get NATO states to see Russia's aggression as being totally understandable and actually our fault, so that we stop sending money and materiel to the people they are frantically trying to murder in order to get them to stop resisting their takeover of their entire country...
Every country should have their own "Great Firewall" in order to control what's accessible (countries have their own laws) and to protect themselves against attacks, including by cutting themselves off from the internet.
In any case, as you mention many countries can already block specific websites and services from being accessed from within their borders.
I don't understand why the topic always elicits snarky comments.
"Great firewalls" are necessary as a matter of fact. They have nothing to do with government overreach and curtailment of freedoms. In a liberal, democratic country what is blocked is what has been identified as illegal/criminal enough to warrant it, so why would Joe public want to get technical tools to "ignore all of that" has to raise red flags because that would not be "to protects his rights"...
Crucially, as mentioned, there is also the aspect of national security and protection against cyber attacks.
It's good to have ideals but on those issues we should not be "too simple, sometimes naive" (Jiang Zemin)
Because Laws have never declared illegal/criminal things that should never have been declared as such? Or just because at the time it is considered Criminal, Noone should have the possibility to protect themselves from the government until (in the hope) that the unjust law gets rectified?
Is the History not enough to convince you that no mater the purpose (nefarious or not) Democratic/Liberal Governments can be wrong as much as Dictatorial ones in enacting laws?
If even access to information is forbidden, how are people supposed to get informed that maybe something is not right with these laws so they try to change them?
No they aren't. You posit they are because of alleged threats and I and others suggest that the biggest threat is policies like this and people like you trying to give governments huge censorship abilities to coerce conformity.
Your arguments are basic and the kind that lead us to the Iraq invasion and many other wars that are for profit but, at the time, always sold as a matter of national security or similar and dissent is punished in whichever way possible.
You can make dissent virtually nonexistent online if you censor enough.
What is your definition of freedom? Because if it's having the absolute right to do exactly whatever you want that's not how freedom works in a free society.
I'm obviously provoking with that quote but it is a very good point: The world is not black and white and claiming that it is is extremely naive and simplistic, and I am afraid that what I read here in response to my comment is exactly that.
People arguing for censorship can never show anything that needs to be censored but there are countless examples of things that shouldn't be censored being squashed under policy. There's literally not a single example through history of a truth that had to be squashed for justice and safety. There are no great stories of historical censorship not because they're secret, but because they don't do anything except protect the people in power.
A censorship policy is, by nature, impossible to check. If anything is being censored you have to assume that other things, including proper discussion of the censorship, are being censored. It's not some complex "not black and white" thing where you're partly right, it's a failed idea with absolutely zero support from historical precedent.
You can't censor away bad ideas because we can't even agree on the bad ideas - such as for instance your censorship push. Why shouldn't your push to censor people be censored itself? Why do you assume that your choices for societal control are the correct impulses, which need to be bolstered with thought control, rather than the harmful impulses which will destroy society though totalitarian means?
No, censorship is always wrong because it removes the ability of the people to make decisions on the facts. Any politician who pushes censorship has to be assumed to be trying to undermine democracy because censorship can't do anything other than weaken the electorate.
> The world is not black and white and claiming that it is is extremely naive and simplistic, and I am afraid that what I read here in response to my comment is exactly that.
That's fallacious because it assumes that censorship deserves a better rhetorical chance which it was denied when in fact it's simply a bad idea. If you suggested to punish people for their family's crimes you'd get similar pushback because it's a similarly corrosive policy.
You haven't properly argued for censorship at all, by showing thoughts which need to be censored and why, you've just argued that it's a super important tool without any examples or reasoning.
National Borders are not there to enforce "thought". They are there to protect Physical Security (and Economic one that can be ported again to the physical Security). Exchange of Information (What Internet is) has always been a borderless thing. To continue your Borders Analogy, Noone will stop you at the border because you have with you a coded paper that the border guards can not decipher, or even worse because in your country (not with your person) you have coded papers that might be used to communicate the same ideas that are "dangerous" to this country.
The Role of the Government is to protect society from phenomena that are provenly damaging the society without encroaching on personal rights. It's a balance that needs to favour the personal rights in any occasion because what this government thinks damaging the other one might not, the personal rights are those that are more lasting.
Refusing to comply and threatening to walk are just two different approaches to protesting this and it's not clear to me which is the most effective.
But I think I trust Signal to know the better approach (whichever they ultimately take - they actually said they'd walk "if the alternative meant undermining our privacy commitments".
I don't think it is practical to just refuse to comply with a government like this - especially if you need to charge money (which Tutanota do) and especially if you're nearby, legally speaking (Are Tutanota in Germany?).
And given that Signal has "walked" from other authoritarian regimes but people in those countries still have ways to use Signal, I'm still betting on Signal.
I think the best strategy is to 'walk' from the country by writing in your T&C's that you don't offer service to the country, shutting down any local office and not doing marketing in the country, but not put any technical restrictions in place.
Do they even need the T&C to say that? What if their T&C just say something like: "It's illegal to use in the UK, but we don't care if you do it anyway because we have no offices there. Use at your own risk."
Frankly given how unworkable it is and how difficult it's going to be to be subject to extra-territorial jurisdiction over this, the easiest strategy is to ignore it. Lots of companies will, the government will whinge a bit, then forget about it.
The UK is not the US in terms of enforcing its laws on noncitizens overseas.
yeah this is probably how it will happen if it becomes law. But UK-based companies won't want to take the chance or will have to immediately cave to the slightest legal pressure, so UK companies will be stuffed.
I wonder if the UK government can compel the likes of Apple and Google to prevent UK users installing the apps from their app stores?
I also prefer Signal's approach. By walking you remove the possible liability for non-compliance.
You can't be non-compliant if you have no presence in a certain country, and internet doesn't really give a shit about lines on a map.
By non-complying, legally, you're in the wrong. While such an activism is admirable, I'm going to bet that the UK government is going to throw the book at them if they cause too much hassle.
You really think signal will walk away from their Cryptocoin that works only in UK? It will end the same way as when those celebrities said they will move out of US if trump wins
Pfft, when did that stopped autocrats from doing whatever they want? /s
Here is what will happen - bill will pass, then no politician will say anything about it, or at minimum won't say the word "ban". But mysteriously Tutanota will see connectivity degradation all across UK as a warning shot. Any inquiries will be met with silence or generic non-answers writing which is a profession of all politicians. Then some kind of whitelisting will start, which will include everyone, except rebels like Tutanota, Proton, Signal and others. E.g. no gov. service will accept their domain as non-compliant. There would be a lot of clever barriers invented for this. And at no point Tutanota would be able to claim they are banned because some traces of access will be left deliberately.
Journalists won't pick on this topic and neither would common people. Access will die the "natural" way.
Maybe I'm missing something, but I don't see where the bill explicitly recommends backdooring encryption?
The relevant paragraphs appear to be as follows, but the guidance looks quite vague...
257. The Government needs to provide more clarity on how providers with encrypted services should comply with the safety duties ahead of the Bill being introduced into Parliament.
258. We recommend that end-to-end encryption should be identifed as a specifc risk factor in risk profles and risk assessments. Providers should be required to identify and address risks arising from the encrypted nature of their services under the Safety by Design requirements.
You get sued - so what? The most they can risk is the ability to have a UK based payment processor bail on them - they can still have customers in the UK, but they'd have to pay via a VPN.
I think you misunderstand, I was talking about a UK based company. If the Companies House decides to rescind your registration -- you are no longer a company. That is what you risk.
You don't actually need a real address in the UK to open a company there, an address at one of those virtual offices is enough, so you could conceivably avoid the criminal case (if you live in a country that won't extradite you!). What you couldn't avoid is the UK telling you that you are no longer allowed to be a UK registered company, which is obviously within their rights to do.
The UK can only ask Germany to 'do something about it'. Courts apply to entities over which they have jurisdiction. UK isn't even in the EU anymore, they have no power over a German mail company.
The UK has no jurisdiction in Germany - they are separate sovereign states. It would be up to the UK to prevent them serving UK customers, because - as long as their own government dont interfere - they could just ignore any demands. This is just as true for the GDPR.
If Signal were a truly open distributed system, instead of relying on a centralized almost closed source server, it would not be possible for any government to block it.
And the only thing worse than being blocked, is their "leaving" the country, basically denying the encrypted messaging to the people who need it the most.
I wish that matrix got the attention it deserves, but right now, we are still stuck with this "better than nothing" solution called Signal.
While I agree that an open and distributed messaging system (such as Waku[1]) can improve things, it’s not enough. Apple Store and Google Play Store are the true gatekeepers. And governments can request Apple or Google to remove an app from the Store at their will (this has happened before).
An app out of these stores has zero possibilities of survival. Average users don’t use (nor want to use) VPNs or hacks to use their phones.
Two late thoughts; apple just enabled notifications for web apps in safari. So in theory you could have a messaging app not in the store. Maybe. Not sure what the state of this is in android.
Hopefully soon we will have sideloading on ios too.
>In November 2015, Levison said that work on DIME was still progressing, although slower than he would like.[35] As of July 2016, posts to the Dark Mail Alliance forum suggest that all collaborators have left the project and Ladar has been working on DIME alone.
Does it mean young people currently dont care about privacy? If there's one thing I applaud the previous generations and my generation (X) is the activism. People dislike Stallman because of his views, but he has the kind of balls that were needed.
Were are the young 20s 30s guys revolting because of this? Were are the new Aaron Schartz, or DeCSS creators, or Napsters of today? Young people need to act and be impulsive.
Well perhaps they saw what happened to the likes of Aaron Swartz and decided it wasn't a hill they wanted to *actually* die on.
Young people don't need to act, people need to act, and they are. More and more people are simply withdrawing from digital society (and society as a whole) due to overbearing control mechanisms like this.
We can see it in the subtexts of almost all current issues impacting society being reported on -- mental health crisis, increases in suicide and drug usage, refusing to work, the breaking down of interpersonal relationships.
People are revolting, they're just not doing it in the normal way and I sympathize with them.
Its sad, but the privacy movement has grown in general, services like ProtonMail or Tutanota wouldn't exist without snowden and people wanting digital privacy.
Also this discussion about privacy wouldn't happen if snowden didn't show how important it is, it probably would've been banned right after WhatsApp implemented it.
I also think that privacy minded people are a big part of self-hosting enthusiasts.
The app is needed, since there are no third-party clients that can connect to Tutanota. They use their own secure protocol, and don't support any of SMTP, IMAP, JMAP, POP3 or similar.
You are only left with web access, which is not really practical.
>>You are only left with web access, which is not really practical.
That is the saddest thing to come from Apples insatiable greed... The original iPhone was not going to have apps at all, it was all going to be web pages.
There is nothing stopping the browser from being the only app a device needs, nothing other than greed and authoritarian control that is...
Apple has long dragged their feet on mobile Safari features that would be beneficial to websites-as-apps. This is changing somewhat, very recently: https://news.ycombinator.com/item?id=34906722
as others have said they have gutted browser support and compatibility for advanced features in order to push people to Custom Apps where they can capture 30% of all revenue, instead of browser where they can capture 0%
Their app is a thin wrapper to their mobile site. With Safari push notifications, they don’t need the App Store. I would guess the App Store isn’t a path of discoverability for them anyways. People find them very intentionally on the web.
They're not going to walk out of a jail cell either.
When the government bans something, that's not a polite request. It's backed up by men with guns. How they could possibly think they could get away with just not obeying the government is beyond me.
Why is this downvoted? Isn't the UK government one of the prone to look at everyone else from the high horse and criticize the shit out of any "authoritarian regime" while doing the same thing in some of the areas?
Heck, the country where I grow up is classified as a "hybrid regime" by the UK government, and yet, they don't even think about implementing encryption backdoors or censoring and blocking any media.
> Heck, the country where I grow up is classified as a "hybrid regime" by the UK government, and yet, they don't even think about implementing encryption backdoors or censoring and blocking any media.
It's because the patent of democracy was never granted by the west based on a country actual values, but rather on their subservience to the imperialist system that keeps the west in power. We happily partner with dictators if they play our game and disrupt democracies if they don't.
> It's downvoted because the propaganda suggests that "it's different when we do it".
Isn't it how it always works? When we[1] do it, it's a "humanitarian intervention" or "special military intervention" or "to protect human rights" or "spread democracy" or "prevent genocide" or "protect the women and children", but when they[2] do it, it's an "aggression", "genocide", "atrocities", "crime against humanity".
[1][2] feel free to pick any side here, dosen't matter. We == good, they == evil, for any we and they.
It's downvoted because it implies that this is generally true of Western democracies—that they're not actually any better than foreign dictatorships, as a category.
I wonder what connected vehicle manufacturers will do about encryption being compromised in the U.K.?
I’m nervous at the prospect of my Tesla communicating in (to all intents and purposes) plaintext with the mothership. The API for that car covers sensitive features that would make the car unsafe if compromised
Nice. I like it. They have forgotten longer list of countries that are doing or going to the same thing though. I guess not to dilute the impact of the statement.
I do not condone what UK is going to do of course. Just find the argument fishy.
My guess is the more bravado a company shows, the more they are in bed with the security apparatus and have back doors. No CEO wants jail or crippling fines. The honest ones will leave. The dishonest ones will talk a big game and try to attract more users while secretly backdooring. The security services will complain for effect but actually won’t really punish the company since the more people they can drive to the company, the better for them.
No PII to register, no bravado, rarely mentioned, and they don't look too cool (/g tip: hackers turned government employees always act and look too cool and out there - easy giveaway):
"Posteo is an email service provider based in Berlin, Germany, offering paid email accounts for individuals and businesses. The service gained prominence during the aftermath of the post-2013 global surveillance disclosures,[2][3] especially for its high standard security features and relative anonymity as it does not require any private information in the registration process.[2]
Posteo offers support for DNSSEC/DANE and PGP (through Mailvelope in the web interface, which is running Roundcube). Additionally they offer two-factor-authentication via TOTP and use Extended Validation certificates and HPKP for the HTTPS connection.
In 2020, Posteo had approximately 425,000 active mail accounts."
I’m sure companies will play up the bravado in the interest of getting more users. But there are non-malicious reasons to want more users, for example some companies provide services in exchange for money. More users, more money.
Thing is bravado is dangerous unless you are in bed with the security apparatus. A nation state has millions of ways of making your life miserable. Are you 100% GDPR compliant for all pedantic interpretations? Even if you are, how much would an extensive audit and investigation cost you. Unless you are a 100 billion dollar multinational, you don’t really have the means to survive if they decide to target you, even if you are completely innocent.
GDPR is enforced in the UK exclusively by the Office of the Information Commisioner, which is hopelessly underfunded. There are no "expensive audits and invedtigations". Instead, the ICO sends you several letters containing friendly advice on how to come into compliance, before even thinking about actual enforcement.
The problem is, I have to trust my capability (and the others who actually read the source) to understand that the client doesn't trust the server, as long as I don't deploy the server too myself. Not to mention having to do the same for each update.
In a nutshell, at some point, you practically have to trust someone.
Hank realizes that their image is maintained by early compliance, even though every “request” is made under the threat of eventual violence. So he refuses to comply and insists that they show up with guns to take his steel mill.
IIRC his approach worked and they yielded until they got dirt on Dagny which they used to blackmail him.
I like the part where anyone thinks that western leaders are going to be dissuaded from implementing totalitarian restrictions on civil liberties and freedoms by comparing them to "the bad guys." These people didn't get where they are by listening to popular sentiment or upholding integrity and ethics in modern political liberalism. They got there because they were willing to work with their country's "deep state," and what the deep state wants, the deep state gets.
judging with what happened with covid lockdowns i don't think the west is afraid anymore to apply authoritarian measures as long as it's correctly advertised in their mind as "for the people's own good".
(just like what every dictator ever said all the time as justification)
I understand where you're coming from, but is there a pandemic risk that would make lockdowns acceptable? Let's say we had a pandemic with COVID level transmission, a nice long incubation period and 80% death rates, would it then be ok to restrict social interactions? Or do you think it's never justified?
I think this is a pretty tired debate but people who say “is there any extreme hypothetical situation where you’d be willing to give your rights away” are disconnected from the meaning of the word “rights”.
i believe the first lockdown was justified, until we understood what that thing was. That is, 2 months in march/april 2020 in europe. All the rest was pure nonsense, and in large parts due to governments getting their inspiration from china.
Glad to read a balanced opinion on the internets :)
Unfortunately, the loudest are people arguing for the extremes, both "lock down everything or we'll all die" or "you should not enforce any measure under any circumstance" camps.
How many more violations of our freedom do we need to fathom before we realise governments are not an efficient way to structure society?
Every country is just going to drift towards socialism until it collapses, making sure that the bullies with guns can extract as much value out of the population on the way out.
They will take your money and shelter it in some other country poor enough that they still need to offer freedom to attract capital and business.
This is not fixable, democracy is a horrible machine that doesn't stop under the disguise of virtue. Your only options is to move to a freer country before it's too late.
> governments are not an efficient way to structure society
What is your proposal? And I don’t mean 20 people living in fishing villages that never fight each other and who don’t have access to all the amazing amenities and technology we have at our disposal.
I got a response (on very nice thick, embossed paper and green ink) telling me he agrees with me that protecting children online is important and that's why he supports the bill. He clearly didn't read, understand or care what I said.
Something needs to be done. When only the stupid, ignorant or corrupt are the ones willing to go into politics then we are doomed.