THO: They want to criminalize GrapheneOS

grayway2

argante the chat control law will never pass. Mistakes from scanning tools can lead to serious privacy violation.

And even if Google lock the bootloader it will probably not be worldwide, so Japanese Pixels or US are very unlikely to be locked.

And to lock the bootloader from current devices, Google need to push an update which they can't since we don't run stockOS.

argante

grayway2 the chat control law will never pass. Mistakes from scanning tools can lead to serious privacy violation.

This is a flawed way of thinking when it comes to the law. For example, consider a mobile network operator or a bank, and these entities, in accordance with data retention regulations, are obligated to record, for example, your phone calls, the content of your text messages, and emails. The bank is obligated to record your transaction history, etc. Does this violate your privacy? Legally, no. You'll hear from these entities that they protect your privacy, as required by, for example, the General Data Protection Regulation (GPDR). These companies would violate your privacy if, for example, they shared your data with a third party or failed to implement security measures to access your data. Chat control, if implemented, legally does not violate your privacy—they will actively protect it. You can, of course, refuse to consent to such control by not using the mobile network or banking services. If you wish to use them, you automatically consent to what I wrote above.

Yes, it is an invasion of our privacy, but lawyers and politicians do it to take away our privacy. I recommend another podcast from THO.

argante

grayway2 And even if Google lock the bootloader it will probably not be worldwide, so Japanese Pixels or US are very unlikely to be locked.

I'm concerned about Google's announcement that they don't want the Pixel to be a reference device for AOSP. This seems to be preparing the groundwork to block the ability to install, for example, GOS. There are studies indicating that Google sells hardware at or below cost because it wants to profit from its services. Therefore, the popularity of GOS is not in Google's best interest.

N1b

I wouldn't worry. History shows us you can't really suppress ideas and ideals, plus how would you prevent an Open Source code?

GOS just became too big to be ignored by our politicians, it's actually a good sign.

That being said: Here's a reminder that every support and donation counts. If you can, please give some of your talent or money to the cause. There are only few projects more important for humanity.

Damiansd

The problem is that all use cases are being aggregated as criminal.

Two use-cases come to mind:
1: Person does not want Big Tech using and abusing all of their personal data. That's me.
2: Person does not want authorities to be able to track them. Not for nefarious reasons, although that's where the media leans. This person is more about visibility, control and individual rights.

An effort needs to be made to ensure policy makers understand there are legitimate use cases.

Phead

argante

As far as I know chat control is off the table for now. Germany and some others blocked the proposal. Conservative forces are gathering up in Europe, however, and the argument, only criminals and pedophiles use encrypted devices or services never fails to spike discussions among concerned politicians - concerned about votes and power, of course.

In times like these it's important to keep the media informed. Talk to journalists, give them what they need to counter such claims. I've read many bullshit articles about this and related topics but was amazed by the amplitude of the backlashes they received. I have hope we can turn this around.

grayway2

argante Record phone calls or content of text message ? As far as I know, no ISP in Europe is doing that. Do you imagine the cost to store every message, picture or phone call for at least a year from millions of people ? An ISP can't afford such cost and is only required to store metadata.

Now you're talking about a law that will permit some scanning tools to search in our entire phone for CSAM with an obvious risk of false positive and definitely abuse. It won't happen.

Xtreix

argante For example, consider a mobile network operator or a bank, and these entities, in accordance with data retention regulations, are obligated to record, for example, your phone calls, the content of your text messages, and emails

This is a bold statement that ignores local laws, it depends where you are, technically these recordings and retention are not necessary for proper functioning, what happens in almost all cases is the retention of metadata and it has been proven that they talk too much, ie what number you called/texted, the day and time, but the content is never necessary, if local laws are pretty acceptable, as is somewhat the case in the EU (compared to other countries) and if you are the subject of a serious criminal investigation, in this case, you can be technically bugged by your mobile operator's collaboration with the authorities which is very different, but phone tapping is becoming less and less reliable and are very resource intensive.

SMS and calls via the operator are not recommended because they are not secure, but the recording and conversation is not systematic, it's the same with ISPs, it depends, for example, the URL is not relevant for the router, only IP addresses are, for emails, don't use the mailbox provided by your ISP, for banks, I will not get into it.

As @N1b wrote it, I wouldn't worry to much, or at least I want to think positive, even if that sounds naive. Of course, we mustn't give up, because the idiots who propose absurd, freedom-destroying laws keep coming back for more.

argante

grayway2 Have you read this summary on data retention? It's quite detailed there, detailing who implemented what. And I agree, these are huge costs, and I remember a discussion about how it would burden companies to store and secure all this data.

Now you're talking about a law

I'm presenting a different perspective. The bank doesn't violate your privacy even though it knows exactly what and where you spend your money. This is because the bank complies with regulations and the law, and you consented to its actions (by entering into a contract and accepting the terms and conditions). A violation of your privacy would occur if the bank shared your information with a third party without your consent. It's important to understand this difference.

If chat control is implemented, it will be the law, and legally, it won't be considered a violation of your privacy, ceteris paribus. Because you have the choice to either agree to it or stop using the service.

argante

Xtreix This is a bold statement that ignores local laws, it depends where you are

I completely agree, which is why I added ceteris paribus in my next answer, which should be understood as the absence of conflict with other regulations—for example, the Constitution. The risk, however, lies elsewhere. Data retention is mandatory in some countries, and I think we all agree on that. If chat control is implemented, even if a third of EU countries implement this directive, Google will see it as the entire European market. This could lead to Google not wanting to be accused of circumventing chat control regulations by installing GOS, and thus may consider it an argument for permanently blocking the bootloader. See how aggressively France wants to control encrypted communications. And that's the risk I'm emphasizing. I'm not saying it will happen, but that the risk exists.

Quantum

In Norway ISPs are required by law to store IP addresses for 12 months. My SIM carrier also stores metadata for calls and messages, not sure for how long though

Edit: Looks like at least 3 months for calls and texts

Edit: I do remember the ISPs being pissed they would need to start storing IP addresses for that long. Them not getting long to implement it, the costs and them wanting the goverment to pay for it. They used to store it for maybe 7-30 days before.

Xtreix

argante which is why I added ceteris paribus in my next answer

Ok sorry, I hadn't read.

argante even if a third of EU countries implement this directive, Google will see it as the entire European market. This could lead to Google not wanting to be accused of circumventing chat control regulations by installing GOS

Chat Control (which didn't pass) has nothing to do with the idea of banning GrapheneOS, and that would be irrelevant, it's perfectly possible to use Molly and SimpleX on the original operating system without going through traditional app shops like the Play Store, I'd be more worried about compatibility with iOS users if such a law, which will be circumvented, were to pass.

argante See how aggressively France wants to control encrypted communications

I live in France and the part of the law on backdoors to access encrypted communications was rejected and censured by the Constitutional Council, it didn't pass and the defenders of it lost (including URL analysis, an another bad proposed law for surveillance), these people want to ban encryption, it's a war that started about 13-14 years ago in the United States, it's nothing new, banning encryption is the same as wanting to ban physics and mathematics, it makes no sense.

Maitre Alexandre Archambault is our lawyer who works in digital law, he has been a member of the Paris Bar since 2016, he's a good lawyer and he's against these absurd proposed laws, we have several organisations and cybersecurity professionals in France who are fighting to protect encryption and its integrity, we're fighting.

dc32f0cfe84def651e0e

argante Paywall :(

argante

dc32f0cfe84def651e0e Yes, but you can listen to the beginning of the podcast. He makes a living from these videos and podcasts. He doesn't have any commercial sponsorship. He strongly promotes GOS, so by promoting him, we also promote GOS. I don't want to encourage anyone here, but I support him.