Forgive me if this is an obvious stupid question, but with all this talk (again) about the EU trying to force chat platforms to check the content of its messages, I can help but think: how are they ever going to prevent me and my friend from sharing public keys and using them to encrypt our messages to each other? In other words: how are they ever going to be able to ban encryption?
Pretty easy honestly.
You do something like remove section 230 (or whatever the EU equivalent is) that provides safe harbor from liability for transit providers like ISPs and content providers like websites that host user submitted content. You condition any safe harbor on the services in question being able to turn over and ID exactly who the offending person was without fail and tie any and every packet to a real world person. You make explicit that not being able to scrutinize content (because of encryption) is not an excuse. Thus someone pirating or sending CSAM over your network via a VPN makes you liable for not stopping them.
As a result this forces ISPs to block all encrypted traffic detected via deep packet inspection. Only traffic encrypted with public key infrastructure that has government issued keys that allow snooping on it is allowed.
Tada. There’s no way around this that doesn’t involve painstaking steganography which can possibly be nailed by AI anyways. Things like embedding a secret message in pictures you send with some pixels shifted to hide the data and your friend having a program and key that can decode it. Or things like taking all the capitalized letters and applying rot13 or something to them with some sort of algorithm but then you need to find a way to make the message intelligible on the surface as if you’re sending constant unintelligible messages you might get flagged and blocked or visited by the police (or the police get a warrant and have your mobile company deploy malware onto your devices and spy on you as a threat because of that).
The only other alternative is using alternative infrastructure. HAM radio type network transmission via a series of hops with similar activists but this wouldn’t be practical for most given the expense and the bandwidth would be awful. Also probably illegal and if they wanted to it would be trivially easy to identify and arrest those running these nodes and relays due to triangulation.
Turns out the whole liberal west with freedom of thought and speech was in fact a lie. Kept around to use as a stick to whack at the USSR with but now dropped at the first signs of serious popular discontent and trouble in favor of total control. Supposed values quickly dropped with no more excuse than “Russians” or “think of the children” or the usual criminals and terrorists.
They can’t stop a really determined actor from engaging in encrypted messaging but they can stop 98% of the population and that’s more than enough to control thought and action of the population.
deleted by creator
Does anti-DPI software not counter this?
@Majestic@lemmy.ml @KurtVonnegut@mander.xyz
There’s no way around this that doesn’t involve painstaking steganography which can possibly be nailed by AI anyways.
As both a fairly power user of LLMs and someone who tinkers with ciphers a lot (including creating my own techniques), I can guarantee: Markov chains aren’t smart enough to detect well-elaborate ciphers.
I’ll give an example: Let focus on plain characters.
The previous phrase contains a hidden message. It’s not simply an acrostic (when a word is formed by every initial letter from a sentence/verses/paragraphs), it’s an acrostic with Caesar cipher. And it’s not simply Caesar cipher, it’s a Caesar cipher with increasing shifting (decreasing when decoding):
L (-0 -> L), F (-1 -> E), O (-2 -> M), P (-3 -> M), C (-4 -> Y as it wraps around from A back to Z) => LEMMY
I can guarantee you, as someone who tested every single LLM out there: they’re unable to detect these kinds of ciphers. And it gets worse when we consider the possibility of adding other layers of ciphering: nothing stops me from adding Vigenere on top of Caesar, associating the letter with the corresponding number, then getting the nth prime at that position, and using wrap-add to add letters to produce another letter (okay, this is a very complicated example).
Also, when I say “creating my own techniques”, I’m not joking. I’ll present you with a cipher I created:
Maceió, Niterói, Rio Branco, Palmas, São Luís, Varginha.
Believe it or not, the previous list of Brazilian cities hides the word “BRAZIL”. How? List each Brazilian state alphabetically (excluding Distrito Federal as it’s an administrative state rather than a common state), and you’ll get a list with exactly 26 states. And what else have 26 elements? The English alphabet. Map each alphabetical letter not just to the state (e.g. L, the 12th letter, would be Minas Gerais), but to a city within that state (e.g. Varginha):
Maceió = Alagoas = 2nd from ordered list of states = B
Niterói = Rio de Janeiro state = 18th = R
Rio Branco = Acre = 1st = A
Palmas = Tocantins = 26th = Z
São Luís = Maranhão = 9th = I
Varginha = Minas Gerais = 12th = LAgain, creativity is the only limit. One can wrap it in steganography, use random coordinates and then map each digit to letters to form a long text… There’s no way to stop end-to-end encryption when two or more people have enough knowledge to convey their own tool chain of ciphering techniques. And LLMs will be clueless. Even human censors would be clueless.
people can already “vibe code” p2p encrypted apps for communications, its not that hard and it will only get easier to do.
HOWEVER. obviously not bullet proof, and once meaningful quantum computing combines with AI every keystroke and deleted message, every sneeze or fart you had near a smart phone or a router in your life will be recorded and accessed by it, at the will of its controllers.
every recorded secret will be known, or at least be accessible. the blackmail is gonna be off the chain hook. people are going to start doing things that make zero sense. and youll know why.
“in 2008, senator, you googled “how to tuck my wiener so i can fart into my urethra” in twelve separate variations, and when that didnt yield the results you wanted. you looked up “how to inject fart into urethra, safely”… now, you are going to vote yay on the children coal miners bill, or we’ll drop 2008s search history, and maybe take a look at 2014 to see how you discovered how you wanted to be a furrys “dog knotted bitch slave” while on vacation in vegas…looks like we have all the messages…every second of your visit was recorded by your cell phone and iWatch, all the way down to your heart rate spiking when “white fang” pegged you for the first time that weekend…so…its gonna be a…yay?”
When all fails, there is always Happy Net Box
Maybe I’m missing the point (or a joke) but could you explain how this will save us from governmental monitoring?
Do you really think that they still are monitoring an paleolitic, forgotten since almost 50 years (1971), pre-internet command line protocol, like Finger, transmitted with a Ping not even over web? They have enough with monitoring high tech steganographic encrypted chats and socialnet, I2P and TOR network. It’s something like a knock on the door, asking if someone is at home, serve for short text messages Often the best hideout is a plain sight,
Type in your command line
finger zerush@happynetbox.com
They probably won’t bother actually enforcing a ban against you and a buddy using PGP by hand. What they don’t want is normies encrypting everything so they lose the ability to casually spy on the masses. At the point at which they care enough about you personally to notice you’re using PGP, you’ve already “committed suicide.”
The same way they prevent you from transmitting any other illegal content: they fine you and/or throw you in jail if they know you’re doing it.
It’s trivially easy to detect encrypted messages just by measuring the entropy of each message. A messaging provider would just turn you in if they detect it.
You could probably get away with peer-to-peer messaging, but your ISP would be able to detect that you’re using unapproved encryption and then turn you in to the government.
Thanks. And fuck this.
They can’t stop you. But they can criminalize your behavior.
It becomes yet another tool in the toolbox, if you become a person of interest, the tool comes out and they start hitting you with it.
The fact that it’s impossible to implement isn’t important.
Ham radio in the US has restrictions on sending encrypted data over ham frequencies.
They can’t stop you, they probably won’t even catch you unless you are egregious about it. But if they do catch you, it’s like a $10,000 fine.
I think the whole world is quickly moving closer to China’s model. Everything that gets encrypted will need the government’s key on it anything they can’t decrypt will get blocked.
You basically set up some rules at the backbone level looking for suspect traffic. They could now have AI review the suspect traffic and try to tell if what’s going on is viable data or nonsense words/coded messages. All communications will need to be identified. None of the blocking would work real time but once they know who’s sending it in think that you’ve sent some stuff that you shouldn’t be sending they could just turn you off.
I read an article somewhere recently where AI was able to tell if an image was being used with even the most advanced steganography with a fairly high reliability.
They’ll never be able to stop people from privately communicating at small scale, But man will there be some watch lists.
Thanks. 😥
deleted by creator
That’s exactly what makes the proposed regulation so absurd. If you’re not completely tech illiterate, you’re gonna use whatever fork of your FOSS software of choice to keep communicating securely. This regulation is just a very obvious data grab for the whatsapp users that are too lazy to switch.
whatsapp is not meaningfully e2ee
please share
It’s closed source. So it’s impossible to verify Facebook doesn’t have you pkey and goes MitM.
They say they don’t, but you can only take their word for it.i guess that fb does store keys after all; they do respond to police requests
i also found this: https://www.reddit.com/r/privacy/comments/v7tsou/is_whatsapp_lying_about_its_endtoend_encryption/
Encryption in WhatApp is actually a fake, because the encryption keys are generated and stored on Facebook’s servers, accordingly, they can read any of your messages as plain text, and the intelligence services obviously have access to them.
Also a few months ago there was a leaked slide from an FBI training course or something where they compared different messengers in terms of how well they cooperate with the police, guess who came first ?
WhatsApp provides data to the police in near real time (about 15 minutes from the time of the request)
The message from WhatApp at the beginning of the chat - that your data is not available to third parties is the height of hypocrisy.
In what sense? It’s encryption is based on that of Signal. Are you referring to metadata? I also avoid whatsapp, but not because of the encryption.
Even if it’s based on Signal’s encryption, it doesn’t mean it’s implemented as it is in Signal.
Exactly.
They generate the keys, that’s all you need to know in order to know that it isn’t secure.
They would have to regulate the clients that you and your friend use. So if you do it with pen and paper they can’t do anything about it.
You don’t even have to do it with pen and paper. You can install whatever operating system and software you want on your computer. If blocking certain resources on the internet is an issue, you could torrent public keys, use tor, use i2p, or worst case scenario deliver a USB drive to your friend’s door.
One time pads can be used in public message apps or irc nothing they can do about it
Yup
If you have a deck of cards, you have the ability to send securely
