New branding, same scanning: Upload moderation undermines end-to-end encryption [pdf]

224 points by unnervingduck 1 year ago | 42 comments
  • Centigonal 1 year ago
    I just want to express how much I appreciate Meredith Whittaker. She helped organize the Google walkouts, She's been working on AI safety since at least 2016, She advised Lina Khan at the FTC, and new she's out here advocating for preserving E2EE. A lot of people online give her flak for her opinions, but she's been consistently very loud and occasionally influential.

    She's done some cool uncontroversial tech work too (like helping start M-Lab), but her advocacy is what is most interesting to me. I don't agree with all of her positions, but I like that there are still people in the tech world who are willing to take strong and sometimes radical stances on moral issues against the current of capitalism. I feel like she's the closest thing we have to an rms-type figure today.

  • t0bia_s 1 year ago
    Why those moderation attempts are not considered as national security threat? I can imagine how foreign power could take advantage of this.
    • eterps 1 year ago
      I'm wondering if this proposal is enforced, and you opt out, how would it be known whether you're sending someone a URL? How would a URL even be distinguished from other text when you have opted out?

      I suppose you could detect some patterns, and it definitely wouldn't be clickable. But is the text google.com considered a URL for example? I guess it isn't?

      (yeah I know, it's a stupid law anyway, but just wondering)

      • throwaway22032 1 year ago
        It's like the oldschool scam days on MMO's.

        g3tfr33g0ld DOT сом

        • Sephr 1 year ago
          If you 'opt out', service providers can prevent you from sending anything under these new rules. You might not even be able to reach out to support to complain without consenting to your messages being scanned.
          • nicce 1 year ago
            So what is the difference of opt-in and opt-out here?

            In both cases, they identify and scan something.

            Not sure, if there is out at all.

            • CRConrad 1 year ago
              > In both cases, they identify and scan something

              No, as I understood the GP comment, if you opt out there won't be anything for them to identify and scan, because you can't send anything.

              > Not sure, if there is out at all.

              Sure there is: You can opt out from being on the Internet.

          • pera 1 year ago
            It wont be perfect and it will fail in stupid ways, by design.
          • barfbagginus 1 year ago
            [dead]
            • alicehenry57 1 year ago
              [dead]
              • mihaic 1 year ago
                After losing my phone and not having a way to recover a lot of data, I've come to the realization that I don't want end to end encryption. I just want a responsible entity to store all my data in a secure way, and they'd only make money from what I'd pay them. If I lose everything, I still want access to my data, even if a proof of identity costs me.

                Of course incentive systems make that very hard in today's corporate world, but I can still wish for my ideal world.

                • squigz 1 year ago
                  This is not just idealistic - it's bordering on naive. Tech companies have proven, repeatedly, over decades, that they are not responsible with our data.
                  • AlexandrB 1 year ago
                    And even if they are at one point in time, there's no guarantee that this behavior will continue. The rush to scan everything into AI is a prime example.
                    • mihaic 1 year ago
                      And are users more responsible with their data? I'm not saying to trust companies, I'm merely saying that it's a harder challenge to put the burden on users doing everything correctly than on the products being built with more ethics in mind.
                      • squigz 1 year ago
                        The difference is a user doesn't bundle up the data of millions or billions of people to sell.
                    • scotty79 1 year ago
                      I don't think end-to-end encryption prevents server backup. It means that decryption keys is in your mind and at most on your personal device.
                      • nine_k 1 year ago
                        No, the key is also on a piece of paper somewhere safe. On a piece of metal if you care so much, see crypto wallet keys.

                        This helps against everything except a valid search warrant from your government. If you don't do outright illegal stuff, and don't live under an authoritarian regime, it should be fine. (If you do both, you have bigger problems.)

                        • fiddlerwoaroof 1 year ago
                          A server backup is useless if you can’t decrypt it and it’s very easy to accidentally lose the keys for end-to-end decryption. I too have lost my Signal history by migrating to a new phone incorrectly.
                          • 7bit 1 year ago
                            The two are not related. Signal has no proper backup and restore, otherwise you could have restored.mulziple times over. It's one of the things that piss me off about signal. Just give me a fucking Backup that I can restore on android and iPhone and desktop alike!
                        • Retr0id 1 year ago
                          I'm pretty sure you just described iMessage + iCloud backup (among other setups)
                          • lxgr 1 year ago
                            I too wish that encryption wasn't necessary, and people could just be nice to each other (or, in grown-up speak, incentives between literally every person and group were always perfectly aligned).

                            Until somebody figures out a non-dystopian way to achieve that, I'll stick with end-to-end encryption, though.

                            If you want to opt out of that, I can't stop you – I bet you'll be able to find an entity that will take both your money and your encryption keys. I just don't want that to become the default, or even only, way of doing things.

                            • dijit 1 year ago
                              Your ideal situation is likely federation.

                              But Signal doesn't want that, and most people are too cowardly to trust anyone other than the people who absolutely must make a profit running such a system.

                              • lukeschlather 1 year ago
                                Federation doesn't help at all if your host is untrustworthy. This is a question of having strong data privacy rules baked into law and also a good compliance regime. In fact, federation can make things a lot worse since federation makes it a lot harder to reason about who is transmitting and storing your data.
                                • dijit 1 year ago
                                  Nothing helps if your host is untrustworthy.

                                  But need I go into the little rant about how signal controlling the clients and the network means you have to take it on trust?

                                  However the point of federation is that you can find someone you trust. - and you get to control data residency, all those weird hard to comply with laws become super easy if your uncle hosts a family chat server that federates with others; or your ISP, or your favourite local library.

                                • wojciii 1 year ago
                                  This is not about trust. Its about ease of use and not wanting to learn to do anything complicated. Like using encryption or something more complicated than a Facebook feed.

                                  Try taking to normal people. They will find their pitchforks if you mention encryption and privacy.