Stop this!
Would anyone accept if the government installed a door into your house that only they have the key to?! Just in case they need to come in and avoid kicking the normal door when I am not home...
this post was submitted on 25 Feb 2025
619 points (99.2% liked)
Privacy
34311 readers
1289 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
As ever, a "technical backdoor" for anyone is for everyone.
Just like the non-technical backdoor
"Every house should break open a wall and build a door only to be used by the police whenever they want to. It will only be used for your protection ;)"
With a universal key to every single door that is easily copyable and sharable, but not really possible to know if one bad cop decides to share it for $$$$
A rep for the Centerparti literally used this argument on the news today, they are very against it. It is just a proposal at the moment, even the military passovely criticized it as they use Signal for communication.
Hopefully that's enough for it not to pass but you never know. If it passes that's a new low.
load more comments
(1 replies)
load more comments
(4 replies)
This is why you make a protocol rather than an app so there is no owner.
Protocols are much more difficult to create and implement.
The barrier for technical ability and maturity is much higher. Which is why you don't see them as often, and when you do see them they tend to suck, have massive gaps, or some other significant failing that prevents them from really scaling out.
Building reliable and robust protocols with a hobby project is a nearly impossible task, it takes a lot of effort and a lot of minds over a long period of time to settle on the specifications. And just as long to actually implement it.
Usually this requires some sort of funding and dedicated resources from the get-go. Which many of these projects lack.
"But doing things correctly in life is difficult so why try".
People still do and build thinga the correct way. See Matrix and Element.
Matrix is a long fuckin shot from "doing things right" it's not even funny. Have you not seen their funding crisis, the cost to host, and the general inability for it to scale affordably?
It's almost a poster child for what I just said. Protocols are hard, that's a great example. Funding is hard, that's a great example. Software engineering is expensive, that's a great example. 🤦
Also please don't straw man me. I'm stating the facts, protocols are hard to make. If you want to make one, you should know this, if you want to hand wave the word, then you should know this.
Being more informed isn't defeatism, stop trying to be toxic and swing anti intellectualism as a weapon to shut down conversation. If you don't want people to talk and discuss topics of interest, STFU and go somewhere that isn't here with that sort of attitude.
load more comments
(4 replies)
The Swedish government can go suck a lemon.
I don’t think this will happen: Their department of defense has adopted Signal for internal communication, and there is no way in hell they would want a backdoor built in. In fact, the article says they have already opposed the suggestion.
The government is very split on many questions. Privacy being a weird one because it's the (somewhat) left-leaning Social Democratic that usually come up with these crazy ideas without understanding the implications of privacy.
See Chat Control 2022-2024 https://www.techradar.com/computing/cyber-security/chat-control-all-you-need-to-know-about-the-eu-plan-to-scan-all-your-whatsapp-chats
Article with no trackers
The encrypted messaging app Signal is growing – now even the Swedish Armed Forces are using the app.
But the government wants to force the company to introduce a technical backdoor for the Police and the Swedish Security Service.
"If it becomes a reality, we will leave Sweden," says Signal's boss Meredith Whittaker, in an exclusive interview with SVT.
If the government has its way, the bill will be passed in the Riksdag as early as March next year.
The bill states that companies such as Signal and Whatsapp will be forced to store all messages sent using the apps.
Leaving Sweden Signal – which is run by a non-profit foundation – now states to SVT Nyheter that the company will leave Sweden if the bill becomes a reality.
"In practice, this means that we are being asked to break the encryption that is the basis of our entire business. Asking us to store data would undermine our entire architecture and we would never do that. We would rather leave the Swedish market completely," says Signal's head of Meredith Whittaker.
She says the bill would require Signal to install so-called backdoors in the software.
"If you create a vulnerability based on Swedish wishes, it would create a path to undermine our entire network. Therefore, we would never introduce these backdoors.
But don't you as a supplier have a responsibility to support efforts against crime?
"Our responsibility is to offer technology that upholds human rights in an era where those rights are being violated in more and more places. In today's digital world, there are very few places where we can communicate privately or whistleblow.
The Armed Forces critical Meredith Whittaker mentions the Chinese state actor Salt Typhoon's 2024 attack on several internet service providers in the United States, where text messages and phone calls were leaked. She believes that a Swedish back door would open the door for the same thing.
"There are no back doors that only the good guys have access to.
The purpose of the bill is to enable the Security Service and the police to request subsequent notification history for persons suspected of crime. Both authorities were positive in the consultation round.
"The opportunities for law enforcement authorities to effectively access electronic communications are absolutely crucial," Justice Minister Gunnar Strömmer (M) said earlier at a press conference.
But the Armed Forces are negative and recently the Armed Forces urged their personnel to start using Signal to reduce the risk of eavesdropping.
In a letter to the government, the Armed Forces writes that the bill will not be able to be realized "without introducing vulnerabilities and back doors that may be used by third parties".
Wherever a service with encryption exists any government in the world thinks they need to be the special child with the access to the contents.
E2E with privately generated and held keys, have you published your PGP public key yet?
E2E with privately generated and held keys, have you published your PGP public key yet?
Exactly. You can't stop secure encryption.
I remember in the very old days of the internet when only the US had strong encryption and thought it was some gotcha. They labeled it a weapon to prevent overseas export. Phil Zimmerman created PGP, lobbed the source into a book (protected under 1st amendment) then shipped it overseas.
If strong encryption exists and people want to use it, you're just not going to be able to stop them.
load more comments
(1 replies)
I wish PGP was easier to use. The barrier to entry is way too high for everyday use.
load more comments
(2 replies)
Because that worked so well with the US government’s back door into telecom companies. I don’t think they got the Salt Typhoon group out of the system yet.
Governments have long wanted backdoors on secure private communication, and so long as we have an ownership class, they always will.
And backdoors will always be more useful to hackers, industrial spies and terrorists than they are these departments of state looking to ensure national security (or watch for proletariat unrest. We're already pissed.)
And the private sector will always route around these backdoors, possibly by modding the client or offering new services that are still secure.
States should get used to disappointment. Investigation bureaus should prepare for going dark. Once upon a time they had to rely on detective work rather than asking Google whose phones were near the incident or what web-surfers were asking questions about the circumstances pre-hoc.
it always bugs me how governments who demand backdoors continuously fail to realize that even if they backdoor the encryption of Signal: PGP, or more similarly to Signal, Pidgin+OTR and/or OMEMO all still exist, are well maintained and are designed to work on top of insecure channels. This isn't gonna be the way to catch actual bad actors, they'll all just get SimpleX or Pidgin or any other number of things and continue communicating and "going dark".
...not to mention that Signal's source code is open, so even if they compromise the Signal client, you can just switch to Molly or build an older version - or if the server is compromised, you can run your own with the backdoor disabled or stripped out. This is a zero-sum-game all the way down.
Only Swedish backdoor I want is...
Ah the ol' Kingsmen ending.
As a sweed, I get really irritated at my country. We were also the ones who introduced chat control into the EU... I fear we're turning into the USA...
Also Spain has been full force behind chat control. Something something no independence for Catalan?
load more comments
(11 replies)
You can still download the APK from their repository, install it, and use signals built in censoring-evasion setting as far as I know.
They are even working on self updating app feature IIRC.
This is why I donate to signal. I know there are decentralized alternatives but I can barely get my family and friends to use Signal.
i would recommend molly instead. its a zero google vode fork of signal, and also available through fdroid.
I have gotten a few family members and friends to use signal as I stated to them that this is the only way to get ahold of me. Other than this, you won't. And because of me, they decided to do so :P some haven't, but its up to them to decide.
load more comments
(3 replies)
load more comments
(6 replies)
This is why you should prefer a better protocol like SimpleX
What are you talking about?
Centralized communications are susceptible to government controls, while decentralized systems are more difficult to stop, like Lemmy for example.
It can also be more safe depending on where the centralization happened.
Id argue that if decentralization is the goal, matrix is the right path forward.
And I want a better future. Guess we're both gonna be disappointed ain't we
How does this even make sense? The criminals would just move to another platform like SimpleX or use a VPN.
Whole article in English:
The encrypted messaging app Signal is growing - now even the Swedish Armed Forces use it.
But the government wants to force the company to introduce a technical backdoor for the police and Säpo.
- “If this becomes a reality, we will leave Sweden,” says Signal's CEO Meredith Whittaker, in an exclusive interview with SVT.
If the government gets its way, the bill will be passed in the Riksdag as early as March next year.
The bill states that companies such as Signal and Whatsapp will be forced to store all messages sent using the apps. Leaving Sweden
Signal - which is run by a non-profit foundation - has now told SVT Nyheter that the company will leave Sweden if the bill becomes reality.
- “In practice, this means that we are being asked to break the encryption that is the basis of our entire business. Asking us to store data would undermine our entire architecture and we would never do that. We would rather leave the Swedish market completely,” says Signal's CEO Meredith Whittaker.
She says the bill would require Signal to install so-called backdoors in its software.
- “If you create a vulnerability based on Swedish wishes, it would create a path to undermine our entire network. Therefore, we would never introduce these backdoors.
But don't you have a responsibility as a supplier to support anti-crime efforts?
- Our responsibility is to provide technology that upholds human rights in an era where those rights are being violated in more and more places. In today's digital world, there are very few places where we can communicate privately or whistleblow. Armed forces critical
Whittaker cites the 2024 attack by the Chinese state actor Salt Typhoon on several internet service providers in the US, where text messages and phone calls were leaked. She argues that a Swedish backdoor would open up for the same thing.
- “There are no backdoors that only the good guys have access to.”
The aim of the bill is to allow the Security Service and the police to request the message history of criminal suspects after the fact. Both authorities were positive in the consultation.
- “The ability of law enforcement authorities to effectively access electronic communications is crucial,” said Minister of Justice Gunnar Strömmer (M) earlier at a press conference.
But the Swedish Armed Forces are opposed and recently urged their personnel to start using Signal to reduce the risk of interception.
In a letter to the government, the Swedish Armed Forces wrote that the bill could not be implemented “without introducing vulnerabilities and backdoors that could be exploited by third parties”.
load more comments
(1 replies)
People host signal proxy for countries where it is banned already. The primary impact of this law is on non technical people and new users thinking to switch to.
The real danger is people downloading random apks that could be compromised.
Here's the repo in case anyone is interested in hosting an instance: https://github.com/signalapp/Signal-TLS-Proxy
I really like that Signal is able to update itself. Even our of the stores, it can still be up-to-date.
Before any politician asks for a backdoor into an encrypted service they should be required to explain Project Rubicon
load more comments
(4 replies)
view more: next ›