• ExtremeDullard@lemmy.sdf.org
    link
    fedilink
    arrow-up
    62
    arrow-down
    1
    ·
    edit-2
    1 year ago

    I don’t understand how “client-side scanning” - i.e. an invasive piece of code pushed by OS makers to YOUR computer or mobile device to scan YOUR files without your consent - is even being discussed.

    This is tantamount to an Apple or Google rep forcibly entering your house, sitting on the couch next to you in your living room and reporting to the mothership or the police what you watch on TV. People would take to the street if this was mandated by law. Yet they seem to be waiting for the Apple or Google rep to sit on their device and report what files you have in it with complete resignation.

    How did we get here? This obscene proposal would have been a major scandal not 25 year ago. Actually it wouldn’t even have been proposed at all. But today it’s on the verge of becoming law! The mind boggles…

    • Skull giver@popplesburger.hilciferous.nl
      link
      fedilink
      arrow-up
      17
      arrow-down
      2
      ·
      1 year ago

      After about thirty years, politicians have realised that you can’t break encryption without also leaking their own secrets, eventually.

      If the system was transparent, open, and provided an easy way to get false positive sorted, I wouldn’t necessarily even have a problem with the concept.

      If the choice is between this or banning E2EE like the EU and UK tried to do, I would prefer client side scanning. However, this fake binary is exactly what politicians want you to think of.

      You know how illegal shit gets shared to the masses? Telegram channels. Unencrypted, tied to phone numbers, publicly available if you just know the link. Sure, a bunch of pedos will use top of the line encryption and try to get perfect OPSEC, but that’s extremely hard to pull off, even for seasoned professionals.

      Automatic scanning isn’t a solution to a lack of knowledgeable officers and a lack of public prosecutors getting their shit together. Politicians don’t like the idea of someone using encryption to get away with disgusting shit, and that’s enough for them to come up with ridiculous laws.

      • ExtremeDullard@lemmy.sdf.org
        link
        fedilink
        arrow-up
        22
        arrow-down
        1
        ·
        edit-2
        1 year ago

        If the system was transparent, open, and provided an easy way to get false positive sorted, I wouldn’t necessarily even have a problem with the concept.

        How can you even say that?

        This is what baffles me the most: how does anyone even entertain the idea of letting a third-party scan their own files on their own device uninvited? Even if the process is transparent and there’s a 100% fool-proof way of taking care of false positives, the very idea of letting anyone scan anything on my computers in the first place is completely unacceptable!

        People would have never deeemed anything like this even remotely acceptable 25 years ago. But in 2023, enough people have internalized the idea enough that this actually has a chance to become law without creating an outrage. I am utterly distressed by what society is willing to accept nowadays.

        • Skull giver@popplesburger.hilciferous.nl
          link
          fedilink
          arrow-up
          4
          arrow-down
          4
          ·
          1 year ago

          That’s why I put the conditions “if the system was transparent, open, and provided an easy way to get false positive sorted” on there. That’s like saying “if people were good, I’d believe in communism”. In the real world, these conditions will never be met.

          We have antivirus software and it works just fine without sending samples to the mothership (though it does work a lot better if you let it upload stuff to their sandboxes). The theory behind the system is solid and well-intentioned people working together can make a real difference.

          A big problem I’m seeing with this debate is that politicians aren’t going to give up on trying to enforce scannability of all messages. “I don’t want nothing of the government on my device!” is how you get a 2030 law banning Linux on the desktop. Every politician of every political party has heard every argument by every activist. Everyone in the general public has heard how bad the concept is. Nobody is capable of stopping the inevitable legal attack on properly private messages.

          I think we can get more people behind this if messenger apps are willing to work together and show people the implications in terms they understand. If WhatsApp shows “Ursula von der Leyen (EU) has been added to the chat” to every chatroom and adds a label “No problem, only x% chance of child porn content” on every image or meme shared (where x is just the percentage of pixels with a skin color hue), people would riot. Maybe add random emoji responses by “Ursula” too just to remind everyone that she’s watching. Of course no app will ever want to spook their users like that, but I think it’s the only way to stop this movement.

          I’m very pessimistic about the future. We’ve had useful encryption for about 20 years after it being considered a military secret for hundreds or even thousands of years, and I think we’ll eventually lose it again.

          • ExtremeDullard@lemmy.sdf.org
            link
            fedilink
            arrow-up
            6
            ·
            1 year ago

            Your entire line of thinking hinges on the premise that the politicos (and presumably, whichever oligopolies their do the biddings of) will have their way one way or the other. What you’re saying is, if we don’t make concessions on the client-side scanning and accept some implementation of it, the privacy-respecting tools we have now will be banned.

            My question is this: why is any of this inevitable?

            None of what’s being proposed here solves any problem. Pedo material can be fought with the legal and technical tools we have now, as demonstrated by the news of entire pedo rings being dismantled, and pedophiles going to jail as a result on a regular basis.

            The fact that you’re willing to make compromises on solutions to a fake problem means that you’ve already acknowledged we’ve already lost.

            The truth is, if people today were as outraged as people of my generation are over this, this false choice wouldn’t have to be made at all. Things are just fine the way they are today, and you don’t have to give up anything if you don’t assume you’ll have to give something up.

            • My question is this: why is any of this inevitable?

              At what point have we gained freedoms and reduced government control over the internet since OpenPGP broke the international ban on cryptography? I only remember a downward curve.

              Maybe it’ll take 50 years, maybe it’ll take 5, but I haven’t seen any attempt at all to protect end-to-end encryption by law. There have only been attacks on it. The EU’s upload filter made it into law, intelligence services are gaining more and more power to tap the internet all over the world, and gen-Z’s perception of privacy will let the big corporations win. The boomers and older gen-X’ers who don’t understand the internet are easily swayed with “think of the children” and gen-Z didn’t grow up with the core concept of privacy that previous generations knew.

        • Depends on the criminal. Some are smart enough to use Signal, but many others buy special crypto phones (which then get hacked by law enforcement because law enforcement isn’t dumb either).

          You won’t catch the smartest criminals, but you will catch up the dumb ones who can provide you with information about criminal networks.

    • Kidplayer_666@lemm.ee
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      Google has been doing it on drive for years now. False positives have been several times reported to the police, despite a human reviewing it

      • ExtremeDullard@lemmy.sdf.org
        link
        fedilink
        arrow-up
        15
        ·
        edit-2
        1 year ago

        Yeah but that’s different: you entrust files to Google drive. It’s their digital real estate: I expect them to do whatever they want with what you put on it. If you don’t want false-positives, don’t send your files to Google.

        But your cellphone or your computer at home is your digital real-estate. It’s your home. I for one do not welcome Google in my home, and I absolutely refuse to let them see what’s inside my home.

        Because really, client-side scanning is nothing more than home invasion.

    • miss_brainfart@lemmy.ml
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      Oh, something very similar has been proposed already some time ago, just under the guise of stopping terrorism. That excuse evidently doesn’t work anymore.

    • Simon@lemmy.utveckla.re
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      It’s already being discussed to be put in law but people still aren’t rioting. Chat control 2.0 is just this.

  • misteraygent@lemmy.fmhy.net
    link
    fedilink
    arrow-up
    37
    ·
    1 year ago

    Johansson, however, has not blinked. “The privacy advocates sound very loud,” the commissioner said in a speech in November 2021. “But someone must also speak for the children.”

    Fuck the children.

      • squid@feddit.uk
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        1 year ago

        Yep fucking children will only add more coal to the fire. Fuck the pedos though

    • some_guy@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      20
      ·
      1 year ago

      The arrogance of her statement is really frustrating. People who know more about this domain than you do are telling you it’s a bad idea, you shithead!

    • ExtremeDullard@lemmy.sdf.org
      link
      fedilink
      arrow-up
      6
      arrow-down
      4
      ·
      edit-2
      1 year ago

      You know what? I know what you mean, but on the internet of 2023, I would never post that last line on a forum for fear of it being archived by Google and used against me in some form or other years later. This is the sort of self-censorship one has to do these days.

      • Takumidesh@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        I mean, if you’re worried about Google doing something like that, they could just as easily manufacture statements by you with enough supporting evidence to screw you no matter what you say.

        The owner of the lemmy instance you are on, can sign in as you and leave comments all over the place and hide them from your view and manufacture the logs to look like it was posted from your IP address.

  • makeasnek@lemmy.ml
    link
    fedilink
    arrow-up
    24
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Keep in mind that one of the leading organizations pushing laws like this is Thorn. You know, the one Ashton Kutcher ran. You know, the guy who sent a letter to a judge asking for leniency for a convicted serial rapist. All these laws are smokescreens to take away people’s right to privacy and dissent.

  • miss_brainfart@lemmy.ml
    link
    fedilink
    arrow-up
    21
    ·
    1 year ago

    Once a system like this is up and running, nothing is stopping a government from abusing it.

    Oh actually, we think it’d be a good idea to broaden its capabilities to do stuff we’ve never explicitely mentioned before. You don’t mind, do you?

  • squid@feddit.uk
    link
    fedilink
    arrow-up
    20
    arrow-down
    1
    ·
    1 year ago

    I’m all for the fight against child abuse but these actions are under the guise of fighting child abuse. Now if government implemented awareness, destigmatization of abuser so they can seek help. And dealt with core issues rather then chasing the shit storm thats already been and gone, well wed have a far better society. Its really about control though, once you’ve got money, a high societie social group what else is there

  • erranto@lemmy.world
    link
    fedilink
    arrow-up
    18
    ·
    1 year ago

    At this point you should consider that all your devices are compromised or compromisable.

    the amount of data gathered by your device’s OS , is akin to a surveillance tool. Microsoft, Google and Apple have shown an ever growing appetite to siphoning user data back to their servers. and no consumer really has an extensive view of what is gathered. if you want sovereignty over your device a linux OS you compile yourself from source is the only guarantee you can rely on .

    I bought an affordable xiaomi phone. and I was floored by how much data the device is trying to collect and how restrictive this vendor version of android has become. they have replaced stock android apps with their own apps that all try to phone home. you can’t even change your ringtone straight from the config panel. it redirects you to xiaomi’s propriatary app just to replace the ringtone with one that is already store on the phone. their proprietary shit apps keep filing my firewall’s blocklist log.

    • Psyblader@feddit.de
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      1 year ago

      I had a Xiaomi Redmi Note 5 and noticed the traffic to China. I blocked network access for all Xiaomi apps and the phone started overheating because it tried over and over again pinging back to China. Never again Xiaomi.

    • iturnedintoanewt@lemm.ee
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      I think you went on to check literally for the worst possible offender. That’s how they subsidize their cheap phones. They have now monitors (not TVs!) with smart features, only so they can continue to phone home. I’d advise to unlock and install something like lineageos on it.

      • erranto@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Unfortunately Lineage OS stopped supporting xiaomi phones at least 2 years back. they only focus on pixel phones now. Xiaomi catalogue is quite big. and the amount of their cheap phones sold is 20 times bigger than pixel. but I guess Lineage is only focused on what phones westerners use.

        • iturnedintoanewt@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I mean if you want you should be able to download/compile to your phone model. With lineage its about as simple as downloading the source, running a specific single command that customizes the specific drivers for your phone, then hit compile and go take a coffee. You’ll end up with an installable image you can just copy to your phone.

  • jsdz@lemmy.ml
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    They may benefit from it, but it’s pretty hard to believe that a bunch of sleazy “AI can do everything” snake oil salesmen, along with the politicians and lobbyists they’ve bought, got to be this influential and well-funded on their own. It’s not as if their arguments are all that convincing on their merits.

  • Boring@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    I wish a big company would go against the grain on the child protection issue.

    Everyone wants to protect children, but child predators aren’t going to be storing their abuse materials on the cloud.