News/Interesting Stories/Beautiful Pictures from Europe πͺπΊ
(Current banner: Thunder mountain, Germany, π©πͺ ) Feel free to post submissions for banner pictures
(This list is obviously incomplete, but it will get expanded when necessary)
Also check out !yurop@lemm.ee
Banning geoblocking - based
Forcing websites to be transparent about cookies - based
Forcing websites to apply proper data security - based
Forcing Apple to use usb c - based
Ending end to end encryption - fucking clowns
Ending streaming service geoblocking - back on track, hopefully?
what those posts have in common is that they're both about EU attempts to reduce the power of US tech companies. (In the first they're reducing those companies' power to violate privacy, and in the second they're reducing their power to protect it.)
Nobody spies on our citizens but us
TLS is a US company now?
This doesn't restrict TLS, a protocol, it restricts the implementations of TLS by the handful of companies who develop and distribute widely-used web browsers - which are mostly US-headquartered multinationals.
Mandating trusted CAs opens the door to fucking with the communication in progress. Ie undermining TLS whose job it is to protect that communication. Spinning this as an attack on the companies making the browser is a bit too creative for me. That's like saying wiretaps are an attack on the telco, not the phone calls being listened in on.
Currently browser vendors are able to make their own decisions about which CAs to trust, and how to validate certificates. Most browsers trust a lot of nation states' CAs, but they (the browser vendors) are currently free to unilaterally stop trusting them when they learn of abuses.
Thatβs like saying wiretaps are an attack on the telco, not the phone calls being listened in on.
Often it is both. Remember MUSCULAR?
That's categorically false, they want to inject their own trusted certificates into browsers that're distributed in the EU, so that any MITM traffic will "just function". Basically they're forcing a backdoor for every encrypted channel.
Furthermore they want to make certificate transparency next-to-illegal; remove protections and warnings for when someone is requesting certificates for your domain when you haven't requested them, plus other uses.
I'm not sure what part of my comment you're saying is categorically false? I agree with your assessment of eIDAS! I even made a meme about it.
I guess you're disagreeing with me saying this restricts companies' implementations of TLS rather than TLS itself? I'm saying that because the law is specifically talking about web browsers, and doesn't appear to apply to other uses of TLS.
Yeah someone has to (verbally of course) beat the crap out of the people constantly wanting to destroy democracy and privacy...
The EU is the ultimate centrist. They can be people-friendly, but also corporate-friendly. They're accused of being a neoliberal for a good reason.
A quick google finds me a government website explaining eidas and what it's for. By that, I know it's not behind closed doors or undisclosed, nor requiring compromised certificates.
With a quick google, you might find the same. The eu's website, are a reliable source for information about the EU I think
You may want to read this: https://last-chance-for-eidas.org/
That's a lot, I'll have a better look this afternoon. Here's my government's website on this feature
reading further, (summarising) the change is to no longer exclusively trust parties like Google to rule who is and isn't considered trusted online and instead delegates this to EU member states. This does not affect the use of encryption, or a safe dns provider. No worries about your data being recorded.
However, it does stop large organizations like google and Mozilla from abusing their position of authority to harm competitors availability and trust online
also, last-chance-for appears to be from mozilla and worried about article 45. I can recommend reading it for yourself. If there is one thing I learned in recent years its that orgs funded 95% by google might not be the most trustworthy when talking about internet regulations. So I suggest to not take mozilla by their word, cuz without google funding they're dead
here is the legal text if you'd like to read
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2014.257.01.0073.01.ENG
If you really don't trust Mozilla I recommend you to directly check out this open letter (which is signed by more than 300 experts).
Edit: fixed link, changed language
Looks like I might have had an old version of the doc. Clicking the link I read this morning I find a 404. After finding it again, I do find a doc where recognize what they're concerned about
