- According to Whittaker, the bill requires the encrypted messaging app Signal to install so-called backdoors in the software.
This law cannot go through! This is a threat to democracy in our country.
Privacy matter. You must be able to talk to your friends without needing to worry about if the government is listening to you. This will not help to catch the bad guys as they will just change to some other protocol. But it opens up the possiblity for third party doing something that they should not even be able to do. Stop this now.
The Swedish politicians tried adding backdoors to encrypted apps for at least 20 years :P I don’t really understand why they still (ever) think it is a good idea
The problem is that politicians don’t understand cyber security, whta their asking is basically the equivalent of closing the front door of a house and leaving the backdoor open. It was already proven to be a bad idea, eternalblue is a good example.
What about Threema? 🤔
Next in line should be matrix. People say it’s hard to use but the devs have gone through like 3 app revisions since then. Main instance requires email but a lot are fully anon.
DeltaChat makes so much more sense imho for texting. It is based on E-Mail. You can either use their e-mail service (requiring only a username) or you can use your existing imap-email account. End-End encryption is handled automatically.
I found the other Threema user! 🎉
I use it too and am happy they finally added emoji reactions!
Meanwhile, the Swedish Armed Forces recently decided to use Signal for secure communication: https://www.forsvarsmakten.se/sv/aktuellt/2025/02/forsvarsmakten-anvander-appen-signal-for-oppen-kommunikation-med-mobiltelefoner/
Half of the original article:
The Armed Forces, on the other hand, are negative and write in a letter to the government that the proposal cannot be realized “without introducing vulnerabilities and backdoors that can be exploited by third parties”, reports SVT.
So that’s covered.
There needs to be a messaging app which provides a backdoor for every government that requests it. Every time some dumbass legislator asks for a super-giga-secure-backdoor they promise not to misuse, they should be directed to that app.
That sounds like unencrypted communication with extra steps. Why not skip all of that and just give them an unencrypted service anyone can read and use. While we are at it, getting rid of those pesky passwords and unwieldy usernames is also a great idea. What could go wrong… I mean CLEARLY no one has anything to hide…
goatse.cx used to work wonderfully for that.
Hello there, fellow Internet old-timer!
Imagine the complexity of the encryption algo with 100 different custom made backdoors!
That’s the secret you give them all the same backdoor.
But each of them is special!
You just encrypt it with every key. It’s wasteful, but not all that complicated.
At that point, you just don’t encrypt things at all.
Is this law broad enough to also catch up Proton and its services?
This attack by governments on encryption is getting more and more concerning.
Proton is a company claiming to operate under Swiss law (which is doubtful,as the company itself is US based).
Sadly Swiss data privacy laws are shit and it’s intelligence agencies are known for overreach, especially when it comes to cross border data traffic.
Is this law broad enough to also catch up Proton and its services?
They don’t need a law, they already logged and complied on request
They want less accountability for themselves so they can get away with more corruption.
I hope people take notes.
Proton is swiss
And gobbles Trump’s knob publicly.
They won’t need a law to force compliance.
Sci-fi writing in here I see
EDIT: For the downvoters:
- He clearly didn’t support Trump in general, but he did praise Trump’s pick for the antitrust position.
- Proton code for the clients is opensource, so it’s not possible to add backdoors without being discovered (encryption happens in the clients).
- Proton business model is inherently disincentivizing them to do so. They are a profitable company with a clear profile that would lose so many customers if they decide to do so.
- Proton is incorporated in Switzerland, it’s unclear what the benefit would be to “appease” Trump.
- Proton is controlled by a nonprofit. In the board of this nonprofit there are people like Carissa Veliz (author of “Privacy is power”) and Tim Berners Lee. So even if Andy Yen was a full on MAGA, he still wouldn’t have autonomy to decide that. Note that he ceded control himself.
- There is absolutely nothing in the history of Proton that suggests they would be open to backdooring their software.
- There is a long track record of choices to protect users’ privacy. This also includes yearly substantial donations to nonprofits who work in this space.
If this is not enough, I don’t know what is, but for sure the baseless accusations of a random user shouldn’t be enough as well.
How dare you go against the lemmy hive mind. We need to shit on Proton or you will be punished with negative numbers!
you will be punished with negative numbers!
Thanks for making me chuckle.
I wanted to reply to your points but someone beat me to it.
Learn to think critically. Close the app for a day, cool off and re-read all of these replies.
Do you think we would all just dump on something for the fun of it or just to piss you off? This isnt reddit.
Cmon man, take a second, look around and understand that the taste of boot leather is not very pleasant. Proton is not here for your privacy … I mean it is, unless you’re a french journalist … or a person of interest for the right people.
“Learn to think critically, ignore the actual facts you put together to explicit your actual reasoning, trust the fact that if 10 people down vote you or argue with you, you must be wrong”
I can’t see any problem with this logic.
Yes, I think plenty of people are incompetent or just terminally online and see purity testing as a form of political activism. The fact this is not reddit doesn’t mean much.
that the taste of boot leather is not very pleasant.
Q.e.d.
Let me tell you from my socialist perspective why this is absurd. Defending an organization that is an underdog in the industry, that creates product that don’t harm users, that pushes for the right values (privacy) and at the same time developed a healthy business model (no VC funding, privately owned, but also no cloud usage that reduces costs and keep the money in the EU/EEA, no delocalization) is in my interests, because it is a step in the right direction within a toxic and harmful industry. You call this boolicking? Go ahead, for me it is actually a political success if more orgs like proton succeed and outcompete big tech.
unless you’re a french journalist … or a person of interest for the right people.
There is no org that can defend you from the law being applied. If that organization wants to exist they have to comply with the law. In all those cases we should blame the government for abusing laws (like antiterrorism laws for that environmental activist). Also in neither of those cases (I am aware of 2) any mail data has been disclosed (IP addresses for VPN connection they have been forced to log and recovery address, respectively).
He clearly didn’t support Trump in general
lie
so it’s not possible to add backdoors
lie
Proton business model is inherently disincentivizing them to do so. They are a profitable company with a clear profile that would lose so many customers if they decide to do so.
Didn’t work on you
Proton is incorporated in Switzerland, it’s unclear what the benefit would be to “appease” Trump.
Straw man
So even if Andy Yen was a full on MAGA, he still wouldn’t have autonomy to decide that.
being a non profit and him owning enough of it to do what he wants are unrelated.
There is absolutely nothing in the history of Proton that suggests they would be open to backdooring their software.
There is a long track record of choices to protect users’ privacy.
Tell that french activist they turned logging on for and gave up to the authorities.
lie
We have the tweet, the context, his direct statements saying he didn’t. You have your own interpretation. See also https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e
so it’s not possible to add backdoor
lie
Quoting an incomplete sentence is peak bad faith. Please, elaborate on how they can backdoor the email communication without the change be visible in the clients. Take a proton to proton communication, and show me how they can backdoor the PGP encryption. I will propose 2 ways:
- maliciously patch the JS code of the webmail client, which will show the change in the browser, network communications etc.
- simply backdoor the client which will make it visible in the repo.
Didn’t work on you
Because they didn’t do anything that indicates they are violating my privacy. If they would, I would redirect my domain and drop them in a blink of an eye.
Straw man
It’s not a strawman lol. Pointing out the fact that it’s not evident what the advantage would be is an actual argument against saying that they would backdoor the software in compliance with trump’s wishes. Asking what the benefit is for such an immoral and illegal action seems reasonable to me?
being a non profit and him owning enough of it to do what he wants are unrelated
False. He gave away his stocks of the for profit company, which is now controlled by the nonprofit where he is 1 out of 5 (or 6?) In the board. A decision like this realistically will need to be approved by the board. Explain how he “owns enough to do what he wants” please.
Tell that french activist they turned logging on for and gave up to the authorities.
what would you expect any organization could do in that position? If there is a culprit there, it is the government. Complying with legal orders (which BTW they are transparent about and they challenge lots of them too) is a requirement for a company to operate. There are 2 cases that I know of so far (in the other they have been forced to give all the data they had about a user, and the only data they gave was a recovery email address), and they are 100% expected. Unless you want to be a rogue organization, there is nothing you can do in those cases. This if anything is a good test that shows how little data they collect or have. Unfortunately for logs of VPN connection there is no technical solution that will ever prevent from logging data again (mullvad is now experimenting with a double tunnel, but that is just a small nuisance for law enforcement), like there is for encryption (I.e., encryption happened with keys we cannot retrieve, sorry can’t help you).
k, moderator wants to censor my calling you out on trolling, LET’s PLAY!
We have the tweet, the context, his direct statements saying he didn’t.
You just cited an opinion piece written by the PR department of Proton (https://medium.com/@ovenplayer) one article, 0 followers.
We do have the tweet. All of them in fact. They back up my claims.
The other person you commented on already addressed this and you just downvoted him without any rebuttal.
Quoting an incomplete sentence is peak bad faith. Please, elaborate on how they can backdoor the email communication without the change be visible in the clients
Backdoor is on the server side. For you to mention a backdoor on the webclient makes me thing you don’t actually know how all this works. where they store your email. They already busted an activist for the french government by changing their backend terms.
Because they didn’t do anything that indicates they are violating my privacy
They violated other peoples privacy, but I see, if they don’t violate yours to your face, it didn’t happen?
It’s not a strawman lol.
no one claimed it in the first place, that makes it a straw man.
what would you expect any organization could do in that position?
If you’re going to bust people, be open about it up front, Here we have people like you fighting as hard as they can to say how incredibly private they are simply becuase they said so . You bought into their propaganda so far that you’re willing to ignore anything done wrong by them and continue to claim how secure they are.
I maintain that you are either a PR plant for Proton, or just Trolling us.
Civil enough mods?
Removed by mod
If y’all are expecting (and relying on) legal businesses to tell police raiding their offices to fuck off, then you clearly don’t understand secops.
If they go after encryption in earnest there’s not going to be any room for secops left.
Uuh… Ok? How is that relevant?
And now it starts. Programs specifically designed to be encrypted getting attacked.
“Now”? Apps like Signals are constantly under fire. Whitaker already told the whole EU it would just leave if they introduced the “chat control” legislation.
Apps like Signals
This was about a different app named ‘Signal’, I think, without the s.
‘Signal’, I think, without the s.
Never heard of this ignal app
Just a typo.
It’s worth noting that mullvad is based in Sweden
Mullvad has proven time and time again that they don’t log anything at all. Even if they give backdoor access, there’s nothing to record.
Literally the first sentence of the article: “The government wants Signal and Whatsapp to be forced to store messages sent using the apps.”
WireGuard protocol logs very little information by default. There is literally no way to make it log more than it does by default.
Even then, Mullvad has no customer information. You’re given a customer number, which is intentional.
I stand by my initial post in that there is very little, if anything, to record on a Mullvad server. If I’m not mistaken, Mullvad recently announced they are running all VPN services through a RAM only setup, therefore, there aren’t even any drives to record customer information even if they chose to.
There absolutely is a way to make it log more. Simply add a function to dump the data passing through it. Just because right now there is no such function does not mean one cannot be added.
Sure, add it, but good luck logging in a RAM only setup. We’re talking semantics because frankly, it doesn’t currently affect Mullvad. If it does, we’ll have to worry about it then.
I’m a bit surprised that the armed forces are openly opposing this, but good for them!
That is because they just decided to switch to use it for internal communications. This means that they would have to roll back that decision.
Technically only for non-classified internal communication. Classified stuff is restricted to be discussed only using military approved locked down hardware. But still, issuing a strong recommendation for Signal above all other options when communicating using regular devices is a good thing. Lots of “regular” conversations can still leak more than you expect through metadata, timing, etc, so they trust Signal to protect that
It would have been good of the article to mention that important tidbit…
Don’t know if it’s a trustworthy source, but:
https://cornucopia.se/2025/02/forsvarsmakten-infor-krav-pa-signal-for-samtal-och-meddelanden/
Nice, I get to use the only thing I know how to say in Swedish (forgive the lack of diacritics): forlat, jag pratar inte svenska.
I’m not familiar with EU law, but wouldn’t this set a precidence across the whole EU?
There is no such thing as a precedent in EU law. Any court can in general disagree with any other court. Appeals still exist, but they are only valid for that one case.
Judges don’t make laws here.
Not unless turned into EU law, or a lawsuit over it reaches EU court. Individual countries can’t change the rules of the union on their own.
There’s already EU court precedence against mandatory backdoors
Is there a supremacy clause like what the US has? Like, if the EU court has a ruling, does a member country get to override that?
The EU in general uses civil law, not common law. Courts in general don’t establish precedents, so it does not matter what a court rules beyond that specific case, laws are wrtitten to be super specific, and you generally can’t challenge laws in court like in the US.
The EU works through a double process of lawmaking.
It can create directives that are like how US laws work as they need specific interpretation, except it’s national legislatures, not courts doing the interpretation.
And there are regulations - like the GDPR - that have to be adapted and enforced verbatim.
This is a cornerstone of the ongoing Big Tech dispute, they thought they can forum shop by buying the Irish judiciary, but they can still get indicted, even for the same violation, in any other EU court if that court also has jurisdiction.
I don’t get how its supposed to work…they want to require messengers to include backdoors in their software? So when a program is FOSS, then you can literally just use it knowing there is no backdoor…also, what blocks you from using a server in different country? Wtf that even means…
Then politicians would simply require for “any technical measures to ensure the backdoor to be available” or something like that, meaning it would be Signals’ job to ensure the backdoor works. They don’t give a shit how something is done (IT is just too complex for most of them), only that it gets done somehow. For that very reason federal digital services are such a shitshow so often, they just don’t understand what they even ask for so professionals always have to work around politicians’ demands constantly breaking even the most basic security principles.
Its them just being idiots, like illegal activities will kedp going using old good pgp, and normies will get spied by political shit, as always…no privacy for honest people.
Nice PR move, but when do you announce leaving the US, which is the much bigger issue right now?
The “if” to that “then” being that if they pass a law that would make Signal illegal in Sweden, then Signal will leave Sweden.
Illegal unless they install the backdoors. They could choose to do that instead of leaving Sweden, but they are choosing to leave Sweden.
If they did that, Signal would no longer exist at all. Nobody anywhere in the world would want to continue using it.
I think you wildly misunderstand the average person’s motivations and how they weigh decisions.
We’re talking about Signal, not FB Messenger. People use Signal because of the encryption, and they would leave.
I use Signal because my workplace decided to default to it.
