• rockSlayer@lemmy.world
    link
    fedilink
    English
    arrow-up
    33
    ·
    edit-2
    1 year ago

    The reason it will impact security worldwide is that the UK is part of the “14 eyes” alliance, an alliance between the US, UK, Canada, Australia, New Zealand, Denmark, France, Netherlands, Norway, Belgium, Germany, Italy, Spain, and Sweden used to spy on citizens. This data from the 14 eyes is also shared with countries in strategic alliances, like NATO members not listed here, Israel, South Korea, Japan, etc.

    Any encrypted data going to or through the UK will need to have this backdoor, exposing all encrypted traffic to this vulnerability while also sharing that data with foreign governments. Edward Snowden exposed that the US government was paying the UK government to spy on US citizens for the data. This is what will happen in the UK, but for people around the globe.

      • rockSlayer@lemmy.world
        link
        fedilink
        English
        arrow-up
        21
        ·
        1 year ago

        The 5 eyes still exist, they’re like the “inner circle” of eroding privacy. I think it’s no longer useful to just refer to the 5 eyes, because data about our personal life is shared with far more than even 14 governments

    • eleitl@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      1 year ago

      VPN tunnels don’t magically become transparent when packets pass UK fiber and routers. And legislation doesn’t translate well into which software people are allowed to run, for endpoints in UK. They can try to become North Korea of course, good luck with that.

      • rockSlayer@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        1 year ago

        I’m aware, but most software utilizing E2EE are maintained by corporations. If those companies want to operate in the UK, they will need to implement a back door, most companies utilize encrypted traffic to and from their server rather than E2E, and most people don’t know someone outside of the UK able to create a vpn tunnel that isn’t operated by a company. I’m willing to bet that the UK is also prepared to leverage lawsuits and warrants against individuals that write encryption algorithms without a back door, regardless of what country they live in. I’m willing to bet github and gitlab also don’t want to take the risk in hosting encryption algorithms that don’t comply.

        • Steeve@lemmy.ca
          link
          fedilink
          English
          arrow-up
          8
          ·
          1 year ago

          They won’t do that, they’ll either turn off the option of E2EE or pull the app from the UK market if the app is entirely E2EE, because the UK market isn’t big enough to be making worldwide demands like this.

          • rockSlayer@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 year ago

            I generally agree, Apple has threatened to remove some apps from the UK market over this, so it’s not like this will be accepted lying down. But the reality still exists that most things like VPN tunnels are operated by companies, so they can’t legally operate in the UK without the backdoor. Overall, this will primarily hurt UK citizens, but this law threatens to impact everyone on Earth

        • Rooki@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          1 year ago

          But are e2e from big corp REALY e2e? Like whatsapp? How many cases there were “Whatsapp Chats from the attacker showed that they were backed by terrorists” or so. Github… was github EVER encrypted? or Gitlab? They dont want big corporation rather “small” open source like the matrix chats or other sorts of real encrypted chats.

          • rockSlayer@lemmy.world
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            2
            ·
            1 year ago

            End To End Encryption (E2EE) is a very precise term meaning that something gets encrypted on your device and doesn’t (usually can’t) get decrypted by anything other than the destination. I don’t know what they call it, but if Whatsapp calls it E2E then it’s a misnomer. They encrypt to and from their central server, which is not E2EE.

          • Steeve@lemmy.ca
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            edit-2
            1 year ago

            Yes, WhatsApp is fully E2EE, there is no back door, Meta can’t see or be forced to hand over your messages. I’ve never seen those headlines personally, but they probably got just got access to their phones.

            I don’t know about GitHub, is there any reason to believe it isn’t encrypted?

            • Rooki@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              2
              ·
              1 year ago

              Whatsapp had been ever back doored. In germany there are so many news “Whatsapp chats show terrorist was a bad guy”, “Facebook gave police chats of a suspect”…

              If you really think even if it is really E2EE, does a data greedy company not have that encryption key? Are you really that Mainstream Apple fan?

              Is there any reason to belive it IS encrypted?

              • Steeve@lemmy.ca
                link
                fedilink
                English
                arrow-up
                6
                arrow-down
                2
                ·
                edit-2
                1 year ago

                Lol wait, so you’re making the claim that an app that’s widely known to be encrypted isn’t encrypted because you made assumptions based on news headlines and you want me to prove it is encrypted? Well that hardly seems fair…

                But sure, I’ll do it anyways.

                https://www.justsecurity.org/79549/we-now-know-what-information-the-fbi-can-obtain-from-encrypted-messaging-apps/

                FBI themselves admitted they can’t get messaging data from WhatsApp. At best they can get iCloud or Drive backups, but even those use full encryption now.

                https://faq.whatsapp.com/444002211197967

                In fact, WhatsApp straight up tells local law enforcement that no, you can’t request messaging data.

                But sure, yeah, let’s go with your German headlines that I’m pretty sure you’ve misinterpreted.

                • Rooki@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  2
                  ·
                  1 year ago

                  Whatsapp is NOT widely known to be encrypted of a privacy killing company. I really doubt that still. I have heard of Signal that they give no f*cks about law enforcements. But never Whatsapp. And we cant trust if they are just backdooring it for them and only in the dark giving them to the fbi. Do you really think that meta “encrypts” anything REALLY.

                  • Steeve@lemmy.ca
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    arrow-down
                    1
                    ·
                    1 year ago

                    Whatsapp is NOT widely known to be encrypted

                    I work in this industry, yes, it is. Just because you don’t know something doesn’t make it not true.

                    I have heard of Signal that they give no f*cks about law enforcements.

                    No actually, they still have to respond to requests for metadata. They actually do very much give a fuck about the laws of the countries they operate in.

                    And we cant trust if they are just backdooring it for them and only in the dark giving them to the fbi.

                    They aren’t, I literally just sent you proof of that.

                    Do you really think that meta “encrypts” anything REALLY.

                    Yes, because they do.

                    Man you’re off your fucking rocker dude.