EU folks, the latest @EU_Commission proposal for scanning private communications and undermining end-to-end encryption is an extreme threat to privacy.

It threatens the right to meaningful encryption and would force your communications to be subject to scanning and classification by AI outside of your control. Truly dystopian shit.

This won't become law without the EU parliament's assent, so please follow this closely and speak up. See EDRI's analysis here:

@eloquence @EU_Commission "The 21st century version [of #2A] would be a rule forbidding govt regulation of encryption. A govt that has no way of knowing what who is saying to whom lacks the most powerful weapons for winning an information war."

@eloquence @EU_Commission

OK, so I hate this legislation and we need to stop it, but, I hate CSAM. I wanna protect kids. Why whenever there's stuff like this do people sometimes make CSAM the hill they wanna die on.
For example, when Apple put in this sort of scanning for iCloud stored images, I thought that was pretty reasonable. iCloud is their own thing, after all.

There are hundreds of other reasons why this new proposal is bad, and they can all be summarized by the fact that they would need root on all our computers. Which is not OK. It's a security issue. It's a completely unreasonable proposal because it is the end of having your own computer (or phone or whatever).


I think the arguments against Apple's approach were well-articulated by EFF and others at the time. (The plans not only included iCloud but also iMessage, again using AI to guess image contents.)

Regardless, as you say, it's a different story with this proposed approach, which would legally mandate message scanning & make it impossible to offer secure messaging apps like Signal to EU users without a backdoor.


I remember that because that was a big reason why I distanced myself from the EFF and the FOSS community. I was creeped out by them running up that particular hill.

I understood the arguments and how they followed naturally from our FOSS values and priorities.

To me, it said a lot about how wack our values and priorities had become.

Apple can't call iMessage and iCloud e2ee after this, but Apple isn't morally mandated to provide e2ee in those particular apps either.

Additionally, because of the layered nature of all software stacks since von Neumann, it's still possible to use e2ee on top of those apps (for a trivial and dumb example, I can paste one-time-pad XOR text into an iMessage).

So it's a pretty inconsequential and toothless decision and it becomes a question of optics of anti-scan vs optics of anti-CSAM.

Our overreaching entitlement is not more important than protecting kids.

We want proprietary software to die anyway so what does it matter what they do in their li'l walled garden? Our own goal is to have our own gardens, our own apps, our own servers and our own root accounts. Not to be beholden to FAANG.

Apple preventing sideloading on apps is, for example, a much bigger problem (since it establishes them as bosses & roots on the devices they "sell") than how their own dumb messaging and file storage apps work. Who cares!

Like, they have the power to select what font they use or what colors bubbles are (stuff that I love being able to change in FOSS apps) and if I'm not gonna fight them on those design issues that I do care about, I'm sure as heckfire not gonna fight when they try to stem something I hate (CSAM).

Since the apps aren't even free in the first place!

It's like being in a prison being forced to eat prison food and watch prison TV and do prison labor and sleep in prison bed and it's all gross and bad and I'm in hell and then someone comes and says "Hey, they're checking our pockets for CSAM so let's start a riot against that" and I'm like "This?! This creepy shit is what you're dying on a hill for!!?! Count me out!" I was with them when we were fighting nor having our own food, our own TV, our own labor, our own beds—the prison itself is the problem. If the issue they're gonna riot over is the lack of CSAM in there, that's creepy and fucked up and I'm gonna wonder what messed up side I've even been on all these FOSS years.

This new EU proposal is very different, because of the far reaching consequences and ripple effects of actually trying to implement something like this, and it's important to be crystal clear about that. It's making a prison out of our own homes as opposed to regulating the prisons people already rushed to lock themselves up in.

I ended up pasting my other reply (that you got tagged into) into a stand-alone web page at
@eloquence To be clear, I'm not conflating them (the EFF) with you, or shooting you as messenger for mentioning them. You made it clear that you do understand the difference between that issue and this issue.
@Sandra @eloquence @EU_Commission i haven't really read the whole proposition, but i do recall writing them against it as well...

still, claiming they want root everywhere sounds way more extreme and worst than i ever imagined!

and i couldn't find any mention of "root" in that link. i wouldn't even worry about it, because that would surely trigger every devops against it!!

what do you mean, exactly?

The only way to prevent FOSS e2ee like Matrix or PGP or OMEMO is to own everyone's uid zero.

Owning everyone's uid zero is not OK for a hundred ripple effects. Passwords, finance, love letters, computational resources…

This is different from already external apps like Signal or iMessage or iCloud, apps which are like hiring someone to come over to your house to fix your broken sink. Any given plumbing company can introduce&advertise an idea like their plummers can wear a body cam to prevent assault, for example, and such cameras can be regulated or even mandated by the EU.

That'd be a draconian future (or I guess draconian present wrt iMessage/iCloud), and I don't advocate for it, but it's at least possible. Please differentiate between actively advocating for it (which I'm not) vs not being super eager to die on a hill against if (when there are other things I care a lot more about, like climate).

But trying to also curb FOSS e2ee like OMEMO is extremely different. It's like installing a permanent camera over the sink in every home so that no-one tries to fix their own sink. And then needing to watch the camera itself so no-one tampers with it, and then need to watch THAT mechanism so no-one tampers with it, all the way up to having permament and exclusive control over the house keys probably better known as uid zero a.k.a. root. In other words, the ripple effects from the infrastructure needed to set up a camera in every house are not OK.

@EU_Commission @eloquence
@Sandra @eloquence @EU_Commission i see, so the whole idea comes from the assumption that we can only spy on every encrypted message by having zero uid/root access to every machine.

makes sense.

it will obviously never become real. i couldn't worry any less about this as something that could happen, even if all politicians of the world would inject all their money into this together.

it will always be trivial to "install yet another backdoor" on top, by a single counter-spy agent, and then it can get used by everyone. like it already happens in china, for instance.

@Sandra @eloquence @EU_Commission
The children protection was the beginning of internet censorship in Russia.

First you plant a back-door into the secure technology justifying it by something most people could consider right. Then you can use this back-door any way you want 🤷‍♂️

@Sandra @eloquence @EU_Commission With "Let's protect the children!", you can get people to accept all kinds of BS. People will simply share their CSAM using other channels or pre-encrypt the data so that the new spyware won't find them. What this measure means is to have a permanent house search without court order performed on all EU citizens. People won't feel free to speak any more, which is bad for democracy.

BTW you can write to the European Parlament at

@eloquence @EU_Commission "For the European Commission, this strategy is the ultimate get-out-of-jail-free card. By claiming ‘we don’t care how you do it, we only care about the outcome’, the proposal opens the door very wide for abuses, while closing its eyes to reality and absolving the Commission of any responsibility for the collateral damage of its proposal."

Sign in to participate in the conversation

A Fediverse instance for people interested in cooperative and collective projects.