It's official now, but it was obvious for years. Snowden published his leaks in 2013, eight years ago, and the practice of snooping had been running for years at that time.
Do not expect privacy, unless you took measures for it, like entering your house and closing doors and windows. There's no expectation of privacy in a public place, or in an office.
Same applies online: expect no privacy unless you took measures. Expect no keeping secrets from governmental agencies unless you took really serious, possibly exceptional measures, and your opsec is top notch. Everything else will be visible, at least to some degree, if the government needs that badly enough.
Of course, most of the time your government doesn't care about private details of your life. This gives you some modicum of security by obscurity. But you never know why you might end up in the limelight. Extraordinary things, like epidemics or acts or terror, happen, and then you might draw interest along with hundreds and thousands who just happened to be in a wrong place at a wrong time.
If you think I'm suggesting to wear a tinfoil hat, I'm not; tinfoil hats are useless. A certain amount of civil action, from petitions to street protests, may help a bit. Use of encryption, etc, can help a bit. But there's no way back into the society where you could mostly expect privacy by default. It's time to get used to a more transparent, more observable, fundamentally less private society. So it goes.
Acts of terror and pandemics are not just "happening" by chance. It's an intentional effort to change society to one with no privacy and around the clock automatic surveillance of everybody (facial recognition, AI, robotics).
This applies to unencrypted communications and in no way limits use of properly secured communication channels. So, if you care about keeping your communications private, just use the right tools and assume other communications are actively monitored. As you should have for the last decades. This just formalizes that status quo and doesn't really change a thing.
It seems the usual child pornography argument was used to push this through. Kind of baffling as most such people have long known to avoid any unencrypted channels. As do terrorists, criminals, and basically everyone with an incentive to keep their communications private. So this won't accomplish anything.
The scary discussion is the one where governments will challenge your right to secure private communications. I don't think there's popular support for that though. Until then use Signal or similarly end to end encrypted channels and avoid the default unencrypted channels like email or popular chat platforms without default end to end encryption.
This is why i use vintage tech for my "real, important" data (ever tried to fit a state trojan in 4 MB RAM?), why i only discuss "unimportant" and "non-compromising" things via phone / smartphone... and why more and more of my friends are starting to do the same. We exchange data via sneakernet and tend to "fly under the radar".
Yeah, we might be practical paranoid weirdos, but at least it gives us the illusion that it is possible to avoid the leviathan.
* Floppy Drive and Gotek (a Floppy drive "emulator" that uses USB Sticks to store Floppy images)
* Ultrasatan (SD Cards as Harddrive)
* some other accessories (Printer, Scanner) that makes life more productive
For mobile work i use an Atari Portfolio, which turned out to be a real handy tool if your work involves often to hook up to a serial console of industrial machinery.
To exchange data with friends: Just pack everything you want to share on a USB Stick and send it via DHL or - better - just drive over and hand it out.
And yes, i have an "modern" PC too, but this is only used for the unimportant stuff (watching youtube, unimportant internet usage... lets call it "noise generation")
My friends and i are experimenting with setting up a private Dial-In BBS. It IS still possible to use a Modem over a VoIP line, so... it may be unencrypted, but the few weirdos who uses such communication vectors may be to unimportant and to far under the radar for "Saurons Eye" of the governments to monitor...
> To exchange data with friends: Just pack everything you want to share on a USB Stick and send it via DHL or - better - just drive over and hand it out.
What do they plug the USB Stick into? A computer with an internet connection?
The friends who are as paranoid / weird as i am have either no internet or distict devices to use on the net and other devices that will never be connected to the net.
Sorry, i forgot to mention that i also have a Netusbee (a Ethernet / USB Card for the ROM-Port of the ST), so its no big deal to write directly to USB Sticks.
If you ask a group of people if they are OK with having cameras in their toilets and bedrooms that could be watched by strangers many people would not agree. Many of the current surveillance proposals are trying to something very similar.
In some cases it might be a good idea to put people under such surveillance, but I think that authorities should be able to explain why this was a good decision.
There is a psychological difference between being watched by an abstract entity and some people working for it and being watched by every passer-by, including everyone in your own group. In that sense a camera is a more fitting comparison than leaving the door open.
This stupid regulation will make life harder for whistleblowers, journalists, will help blackmailing people who are uncomfortable for the Police, government, secret services.
But for sure will not make life harder for criminals, who has resources to send encrypted messages in thousands different ways (like adding some encrypted message to a funny cat JPEG sent from some hijacked/abandoned account of some other person put somewhere on FB, Instagram, chat, etc.).
Because Telegram has headquarters in London, United Kingdom
(legal domicile) [1] and becuase conversations on Telegram are not E2EE, does that mean that they could voluntarily scanning them?
For users who signed in from the European Economic Area (EEA) or United Kingdom, the General Data Protection Regulations (GDPR) are supported by storing data only on servers in the Netherlands, and designating a London-based company as their responsible data controller.[1]
Now, question is, because there is a London-based company, are they allowed to read and store all messages?
"The technologies used to achieve the goals of the Regulation need to be the least privacy-invasive, state-of-the-art and can only be used for the strict purpose of detecting and reporting CSAM, not for any other purposes"
I'm from the UK and, given what we know has been happening for a decade or so (mass snooping, collection, analysis), this actually does give me some pause for thought. In theory, this closes a loophole the Tories/UK state have been pushing at as a justification for ever deeper intrusion for years now. Obviously it won't apply here anymore since we left the EU, but this bill by itself doesn't fill me with utter dread.
The European Parliament has correctly identified their great enemy: The ability of the grass roots to whisper in each others' ears privately, cheaply and at scale. Free speech, privacy and free association is indeed a threat -- or at least a speed bump -- on the path to the dominance of central authority. The justification will evolve. Terrorism, anti-vaxxers, child abuse, fascism, the outrage of the moment. What doesn't change is the consistent pressure to suppress private communication and coordination, in service to the leviathan.
Bureaucrats only care whether they can get the info they need, they don't really care how they get it whether it's ethic or even lawful and thus they will do what ever they can to extract the data they want including forcing corporates to hand out their customer's data, snooping all the internet/telecom traffic, deliberately plant weaknesses/backdoors to encryption algorithms etc. Following that line, lobbying for prohibiting encryption is definitely the next step or I should rather say has already going on for a while. Such move will leave normal citizens vulnerable but does not mean much to criminals /terrorist as they will always find the crypto provider they need anyway.
You would need to get the leaders of your country and other countries in the EU to request that their commissioner push forward a change and then get your MEPs to agree to that change.
EU parliament can't revoke bad legislation without the push first coming from the commission.
Actually, they are. By and large, email is sent unencrypted, and can be spied on by a variety of groups, both private and public.
Opening USPS mail requires a warrant, and it is a federal agency that protects their jurisdiction and customers.
Back when I did drugs, and back when I bought them off the silk road, many US based distributors used USPS overnight mail, because intercepting and opening a package took a court order, whereas FedEx and UPS retain the right to inspect their packages as they see fit (which may include at the request of authorities).
Er... Most email is encrypted [1]. But since there is only a handful of big email providers in the world, and they are all in US, your Montenegro / North Corean / Birman governments won't be able to spy on these email providers, but US government will.
I was hoping most of HN would be aware that this only applies to CSAM (in fact there is a clause in there that prohibits use outside CSAM detection) and doesn't affect a providers ability to just encrypt the users communications.
This legislation merely means if the provider has cleartext access, they can voluntarily scan for CSAM. This basically creates a loophole in the GDPR for CSAM processing with some protections for both users and the provider.
Sadly I was proven wrong, most commenters read the title, skip the content and then run off with US-based narratives about Snowden and PRISM or some other new noun that the conspiracy people use to scare people off their political platform.
GDPR is a subsidiary law to any other. If there's another law that contradicts GDPR then it gets precedence.
But it is yet an interesting question since the reason for GDPR is that privacy is considered a basic human right according to the European Convention of Human Rights.
I would say it has officially been almost a decade now and people still wonder if() this happens, which is kind of mind boggling.
Keep informing people everyone, the truth will eventually reach everyone(or at least those interested in it).I just wonder if it'll be too late and we will just enter 'a new cycle' without changing our paradigm about basic things that are the pillars of our civ.
https://news.ycombinator.com/item?id=27753727
https://news.ycombinator.com/item?id=27759814