trumpet talked to putler and delayed sanctions "by 2-3 weeks" today. But that's hardly news, since only a fool expected anything different from the 2 clowns. What is news-worthy is another attempt to force us to decrypt all our chats. All for the sake of children. Problem is... It's all bullshit.
I already touched upon this topic, but from a bit of a different angle in a previous post here, but there is a new initiative in European Union, and unfortunately, at the time of writing it's supported by 15 members, opposed by only 3 with 9 (including Finland) - undecided. You can read more about it, and also try to oppose it from your side here, but in this post I would like to share my own thoughts about why enforcing decryption of your chats and purposeful monitoring of all of them is a bad idea. They will, probably mirror what's already written on "Fight Chat Control" website, but maybe this will convince some people? I may be russian, but I am vocal about things, that I believe are detrimental not just for me but for the whole society.
Not helping
First of all, children do need protection from certain content, let alone outright abuse, so I am not saying that something should not be done. But what is being suggested fill not help, and and will only expose children (and not only) to more abuse. Same as UK's age verification thing. Think about it: right now when you talk to someone on the Internet you do not know their age, unless they tell it to you directly. You can assume age based on some circumstantial evidence, but even if you will talk to some profile on social media, that has a child on a photo (why are you doing this?), you have no tangible evidence that is a child.
This fact alone provides some level protection to children, albeit very minimal and easily "breakable". It's security through obscurity, in a sense. That's why people are able to use the system(s) to find, expose and prosecute actual predators (until Roblox bans you, because they are a bunch of pedos). This is a good thing. You know the name of this thing? It's privacy. And what's the proposal so far? To strip it away.
I have no privacy
Yes, it's not the same way as UK's age verification does it (which is not done for the sake of kids, but for the sake of censoring Wikipedia and similar resources). Heck, I can even support some level of age verification, if there is a system, that I can trust as a backbone for it. EU is trying to test something, which is even open source (which is extremely good for something like this, although can still cause some concerns), and it has potential to be... "Reasonable". Decrypting chats, though?.. Not that reasonable.
If you think that you do not need to encrypt your chats, because you are not doing anything illegal - check yourself. Perhaps you have been brainwashed and do not see how data about you is being abused. If it was not, there would be no services like Incogni or DeleteMe (which I still do not support). Every single word, that you say may be used against you in some way, if there is a malicious actor. At the least, any information that you share can be used in order to gain your trust. You say to a friend, that you are going on out on day X at time Y to a place Z - someone can plan to meet you at that place or use the fact that you are not at home at that time to get in, and... Do something. Use your imagination or watch some spy movies, dunno.
I am already watched
One can say: "But they already watch our chats, it does not matter". Well, yes, and no. Several reasons:
- We rarely know for sure if the chats are monitored, especially if there is a claim of end-2-end encryption. We can only speculate.
- While our speculation will most like be correct, and the chats are monitored, they are most likely monitored by some automatic systems, that only flag things, and then react based on some criteria, that may gradually increase the scrutiny. Companies that provide the service to you are [usually] not obligated to do anything and report anything to anyone, unless there is some local jurisdiction - then maybe.
- Even when there is an obligation, companies generally setup the system in such a way, that the need to follow that obligation is reduced. Why? Because that's extra load, time wasted for them. And time is money. And what the companies love most of all? Yes, money. So they are just not incentivized to monitor you too closely, because it's just not humanly possible.
- You can now say "but there is AI". Yes, there is. And it's been used since way before OpenAI and others for various purposes, including for scanning of chats and media content for the sake of moderation. But... It's not perfect and will probably never be perfect or even comparable to a real human (because that would mean that we understand fully how our own minds work, and are able to transfer that to code), so human will still be making decisions or be participating in appeal process. Unless you are "MxR Plays", and you try to appeal your YouTube channel deletion.
- Even if we assume that AI become perfect and a company would not need to waste a single human-hour on monitoring and processing, they would not be sharing all the data that they find. Or at least they will not be obligated to do that by default, and they would not have any incentive to do that. Yes, Meta, Google, Microsoft and the like sell your data to brokers, but they sell only very specific information, and not all of it, and it is being sold with a promise of agreed level of "certainty", it's not really sold with "we can guarantee that this is truth". At the least, they can hike up the prices to limit accessibility to the data collected, and brokers will need to hike their prices in turn.
- Let alone that, with E2E encryption all of this becomes even more complicated, even if not impossible. Which further decreases incentive for companies to really do this.
- Generally you can assume, that if someone is actively monitoring your chats - that's because of court order. Because there is a legitimate suspicion of your nefariousness.
Naked king
With the proposal, all of that will (or at least can easily become) void. You and all your secret crushes at your school teachers and characters in TV shows will be exposed. Practically through obligation. Companies will have to monitor all chats, and that means that they will have to not use encryption somewhere, or not use E2E encryption or implement in such a way, that will allow them to decrypt things in order to read them. And not based on court orders, but constantly.
ALL. THE. TIME.
What that means? Well, check how often data leaks happen now when major players are investing into at least some privacy for their users. Balloon that so much, that the balloon pops. If no malicious actors do not have incentive to waste time on some random dude (or dudette), because there is encryption or at least some protocols, that make things difficult, with the proposal going live - it will be a buffet.
Think about it: if you will be able to use some exploit, some network sniffer (HTTPS is not perfect, guys, and VPN is not a magic bullet either) to get some personal information about that bully from middle-school. You get the information, and then present it somewhere in such a light, that authorities need to arrest him (or her), and, at least, waste the time of everyone involved in the process. Or maybe steal credentials and post some message impersonating them, but still resulting in some sort of defamation.
Get off your high horse
Yes, maybe you personally would not do that. Maybe you personally would have good enough morals and high enough standards to resist the temptation. Can you say the same for everyone on the whole goddamn planet? Have you not seen the news in the past... Dunno... Decade? Or have you not read any history books? I mean real ones, and not those like they use in russia. Newsflash: people = shit. Would you want someone to use this exploit against you or your kids? Oh, wait, maybe you think that since you are not in EU - it's fine? Nope, this is still a concern for you, because... Apple switched to USB-C because of EU legislation. Or rather because it was cheaper for them to do that for everyone (and that's why experts believe the same will happen with alternative app stores).
What's the alternative then? No idea, truly. Again, I discussed some related things in previous post, and there are some things, that can theoretically be done, that could work, but there are still a lot of gaps there. I think for the moment the best thing is to... Do it yourself. Protect your kids yourself. Don't expect that the government will do that for you. I mean, look at russia - people also offloaded a lot of responsibility on schools there, and now schools teach kids how to hate the world on "lessons about important things".
There are lots of tools for parental control on various levels. Even some routers have those, let alone the phone/tablet, that you give to your kids. I can't advise any specific one, since I am not a parent, so simply do not use those, but you can find lots of articles and videos about these tools. Educate yourself. And be ready to talk to your kids about things, that may see or have seen already by accident, because these tools are not perfect.
More importantly talk to your kids in general, in a way that will foster critical thinking. Don't be like russian parents with "do whatever I tell you or get beaten or otherwise punished, if you don't". Explain why certain ways of doing things are better. With evidence. Let them kids question you, and even give me chances to fail and learn on their mistakes (when you know it will be safe). Just, frigging, be a good parent, so that they will feel encouraged to discuss things with you, when in doubt or stressed or whatever.
As for government... Personally, I think governments should strive for more privacy for the people, not less (again: security through obscurity, this is one of the few cases, where it actually makes sense). And maybe help with providing resources for learning about parental control and good parenting. I don't know, force examination about good parenting and parental control tools before your child is return to you after birth of something. I am joking and exaggerating, of course, but still I believe that purpose of the government is not blind regulation of things, but providing easy access to easily-understandable learning materials about various things. Without censoring like UK is doing right now. Don't be like that.
Be better.
