- cross-posted to:
- hackernews@lemmy.bestiver.se
- europe@lemmy.ml
- cross-posted to:
- hackernews@lemmy.bestiver.se
- europe@lemmy.ml
- According to Whittaker, the bill requires the encrypted messaging app Signal to install so-called backdoors in the software.
You must log in or register to comment.
The Swedish politicians tried adding backdoors to encrypted apps for at least 20 years :P I don’t really understand why they still (ever) think it is a good idea
The problem is that politicians don’t understand cyber security, whta their asking is basically the equivalent of closing the front door of a house and leaving the backdoor open. It was already proven to be a bad idea, eternalblue is a good example.
What about Threema? 🤔
Next in line should be matrix. People say it’s hard to use but the devs have gone through like 3 app revisions since then. Main instance requires email but a lot are fully anon.
I found the other Threema user! 🎉
Good point
Meanwhile, the Swedish Armed Forces recently decided to use Signal for secure communication: https://www.forsvarsmakten.se/sv/aktuellt/2025/02/forsvarsmakten-anvander-appen-signal-for-oppen-kommunikation-med-mobiltelefoner/
Half of the original article:
The Armed Forces, on the other hand, are negative and write in a letter to the government that the proposal cannot be realized “without introducing vulnerabilities and backdoors that can be exploited by third parties”, reports SVT.
So that’s covered.
There needs to be a messaging app which provides a backdoor for every government that requests it. Every time some dumbass legislator asks for a super-giga-secure-backdoor they promise not to misuse, they should be directed to that app.
That sounds like unencrypted communication with extra steps. Why not skip all of that and just give them an unencrypted service anyone can read and use. While we are at it, getting rid of those pesky passwords and unwieldy usernames is also a great idea. What could go wrong… I mean CLEARLY no one has anything to hide…
goatse.cx used to work wonderfully for that.
Hello there, fellow Internet old-timer!
Imagine the complexity of the encryption algo with 100 different custom made backdoors!
That’s the secret you give them all the same backdoor.
You just encrypt it with every key. It’s wasteful, but not all that complicated.
At that point, you just don’t encrypt things at all.
It’s worth noting that mullvad is based in Sweden
Mullvad has proven time and time again that they don’t log anything at all. Even if they give backdoor access, there’s nothing to record.
Literally the first sentence of the article: “The government wants Signal and Whatsapp to be forced to store messages sent using the apps.”
WireGuard protocol logs very little information by default. There is literally no way to make it log more than it does by default.
Even then, Mullvad has no customer information. You’re given a customer number, which is intentional.
I stand by my initial post in that there is very little, if anything, to record on a Mullvad server. If I’m not mistaken, Mullvad recently announced they are running all VPN services through a RAM only setup, therefore, there aren’t even any drives to record customer information even if they chose to.
No wonder they pussied out and removed port forwarding
And now it starts. Programs specifically designed to be encrypted getting attacked.
“Now”? Apps like Signals are constantly under fire. Whitaker already told the whole EU it would just leave if they introduced the “chat control” legislation.
Apps like Signals
This was about a different app named ‘Signal’, I think, without the s.
Just a typo.
Is this law broad enough to also catch up Proton and its services?
This attack by governments on encryption is getting more and more concerning.
Proton is a company claiming to operate under Swiss law (which is doubtful,as the company itself is US based).
Sadly Swiss data privacy laws are shit and it’s intelligence agencies are known for overreach, especially when it comes to cross border data traffic.
Is this law broad enough to also catch up Proton and its services?
They don’t need a law, they already logged and complied on request
They want less accountability for themselves so they can get away with more corruption.
I hope people take notes.
Proton is swiss
And gobbles Trump’s knob publicly.
They won’t need a law to force compliance.
Yeah, to be honest if you need to hide from the government, don’t use Proton. Actually, don’t use email.
Proton is good for hiding from Google and Facebook, and not having a life full of ads.
Sci-fi writing in here I see
EDIT: For the downvoters:
- He clearly didn’t support Trump in general, but he did praise Trump’s pick for the antitrust position.
- Proton code for the clients is opensource, so it’s not possible to add backdoors without being discovered (encryption happens in the clients).
- Proton business model is inherently disincentivizing them to do so. They are a profitable company with a clear profile that would lose so many customers if they decide to do so.
- Proton is incorporated in Switzerland, it’s unclear what the benefit would be to “appease” Trump.
- Proton is controlled by a nonprofit. In the board of this nonprofit there are people like Carissa Veliz (author of “Privacy is power”) and Tim Berners Lee. So even if Andy Yen was a full on MAGA, he still wouldn’t have autonomy to decide that. Note that he ceded control himself.
- There is absolutely nothing in the history of Proton that suggests they would be open to backdooring their software.
- There is a long track record of choices to protect users’ privacy. This also includes yearly substantial donations to nonprofits who work in this space.
If this is not enough, I don’t know what is, but for sure the baseless accusations of a random user shouldn’t be enough as well.
How dare you go against the lemmy hive mind. We need to shit on Proton or you will be punished with negative numbers!
you will be punished with negative numbers!
Thanks for making me chuckle.
He clearly didn’t support Trump in general
lie
so it’s not possible to add backdoors
lie
Proton business model is inherently disincentivizing them to do so. They are a profitable company with a clear profile that would lose so many customers if they decide to do so.
Didn’t work on you
Proton is incorporated in Switzerland, it’s unclear what the benefit would be to “appease” Trump.
Straw man
So even if Andy Yen was a full on MAGA, he still wouldn’t have autonomy to decide that.
being a non profit and him owning enough of it to do what he wants are unrelated.
There is absolutely nothing in the history of Proton that suggests they would be open to backdooring their software.
There is a long track record of choices to protect users’ privacy.
Tell that french activist they turned logging on for and gave up to the authorities.
If y’all are expecting (and relying on) legal businesses to tell police raiding their offices to fuck off, then you clearly don’t understand secops.
If they go after encryption in earnest there’s not going to be any room for secops left.
lie
We have the tweet, the context, his direct statements saying he didn’t. You have your own interpretation. See also https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e
so it’s not possible to add backdoor
lie
Quoting an incomplete sentence is peak bad faith. Please, elaborate on how they can backdoor the email communication without the change be visible in the clients. Take a proton to proton communication, and show me how they can backdoor the PGP encryption. I will propose 2 ways:
- maliciously patch the JS code of the webmail client, which will show the change in the browser, network communications etc.
- simply backdoor the client which will make it visible in the repo.
Didn’t work on you
Because they didn’t do anything that indicates they are violating my privacy. If they would, I would redirect my domain and drop them in a blink of an eye.
Straw man
It’s not a strawman lol. Pointing out the fact that it’s not evident what the advantage would be is an actual argument against saying that they would backdoor the software in compliance with trump’s wishes. Asking what the benefit is for such an immoral and illegal action seems reasonable to me?
being a non profit and him owning enough of it to do what he wants are unrelated
False. He gave away his stocks of the for profit company, which is now controlled by the nonprofit where he is 1 out of 5 (or 6?) In the board. A decision like this realistically will need to be approved by the board. Explain how he “owns enough to do what he wants” please.
Tell that french activist they turned logging on for and gave up to the authorities.
what would you expect any organization could do in that position? If there is a culprit there, it is the government. Complying with legal orders (which BTW they are transparent about and they challenge lots of them too) is a requirement for a company to operate. There are 2 cases that I know of so far (in the other they have been forced to give all the data they had about a user, and the only data they gave was a recovery email address), and they are 100% expected. Unless you want to be a rogue organization, there is nothing you can do in those cases. This if anything is a good test that shows how little data they collect or have. Unfortunately for logs of VPN connection there is no technical solution that will ever prevent from logging data again (mullvad is now experimenting with a double tunnel, but that is just a small nuisance for law enforcement), like there is for encryption (I.e., encryption happened with keys we cannot retrieve, sorry can’t help you).
None of your statements here are accurate your original statements were lies and you are a troll.
I wanted to reply to your points but someone beat me to it.
Learn to think critically. Close the app for a day, cool off and re-read all of these replies.
Do you think we would all just dump on something for the fun of it or just to piss you off? This isnt reddit.
Cmon man, take a second, look around and understand that the taste of boot leather is not very pleasant. Proton is not here for your privacy … I mean it is, unless you’re a french journalist … or a person of interest for the right people.
“Learn to think critically, ignore the actual facts you put together to explicit your actual reasoning, trust the fact that if 10 people down vote you or argue with you, you must be wrong”
I can’t see any problem with this logic.
Yes, I think plenty of people are incompetent or just terminally online and see purity testing as a form of political activism. The fact this is not reddit doesn’t mean much.
that the taste of boot leather is not very pleasant.
Q.e.d.
Let me tell you from my socialist perspective why this is absurd. Defending an organization that is an underdog in the industry, that creates product that don’t harm users, that pushes for the right values (privacy) and at the same time developed a healthy business model (no VC funding, privately owned, but also no cloud usage that reduces costs and keep the money in the EU/EEA, no delocalization) is in my interests, because it is a step in the right direction within a toxic and harmful industry. You call this boolicking? Go ahead, for me it is actually a political success if more orgs like proton succeed and outcompete big tech.
unless you’re a french journalist … or a person of interest for the right people.
There is no org that can defend you from the law being applied. If that organization wants to exist they have to comply with the law. In all those cases we should blame the government for abusing laws (like antiterrorism laws for that environmental activist). Also in neither of those cases (I am aware of 2) any mail data has been disclosed (IP addresses for VPN connection they have been forced to log and recovery address, respectively).
Removed by mod
Removed by mod
Yes, what possible benefit could a Swiss company that sells privacy might receive from cozing up to a fascist state?
Lies about what the CEO said with the official account.
One of his direct statements btw:
"10 years ago, Republicans were the party of big business and Dems stood for the little guys, but today the tables have completely turned.”
Thinks non-profit is anything but a tax status. Hasn’t paid enough attention to all the “non-profit” companies switching to for-profit as soon as it’s financially convenient, much less the “non-profits” that only exist to funnel money to their overpaid executives.
Doesn’t realize that Proton’s biggest security vulnerability is Proton the organization.
Fucking lol. Actual clown shit trying to bait people into the honeypot.
A long comment that doesn’t say anything.
Yes, what possible benefit could a Swiss company that sells privacy might receive from cozing up to a fascist state?
Yes. What? Is Trump going to send them customers? Money directly? What is the benefit. If it is so obvious to you, state it clearly.
One of his direct statements btw
Quoted out of context. Yes, he thinks that Republicans are more likely to fight against big tech. Stupid? Naive? Probably. But it still doesn’t mean supporting Republicans in general (or Trump). BTW, don’t take my word for it, he explicitly elaborated that point in a reddit comment.
Thinks non-profit is anything but a tax status.
Imagine lol Proton is still a for profit company (tax status muh) but it is controlled by a nonprofit, which means that the steering wheel of the for profit company is in the hands of an organization with no profit motive, with a solid board. Now let me hear the mental gymnastic about tax status.
Doesn’t realize that Proton’s biggest security vulnerability is Proton the organization.
Again a sentence that doesn’t mean anything. You want to explicitly say what this threat model means? Go ahead. Throwing things like this is pointless.
Actual clown shit trying to bait people into the honeypot.
Keep your tinfoil hat, I don’t care. I am not promoting even, I am stating some facts about the fact that it seems very unlikely that Proton will backdoor their encryption for no reason but to please Trump.
Removed by mod
Removed by mod
Yeah, I don’t get if these are Proton PR bots, or they’re just heavily invested in the company and are in denial. They just take that PR, add some flourish then a bunch of unrelated BS.
Neither.
I elaborated on my reasons on a comment above.
It’s also called critical thinking for me, which means I don’t get influenced by whatever the new scandal in the fediverse is for who is a bad guy, and I try to think for myself. Being a security engineer I also think to possess some competencies when it comes to understand technical setup and topics like encryption, so again, I don’t take other people opinions (possibly unqualified) as gospel.
That said, I have specifically listed some points to back my own side, disagreeing with those (which would be nice to elaborate on) doesn’t make other people PR bots or corporate fanboys. This is a mental shortcut to avoid challenging your own opinion IMHO. I am not suggesting everyone here is a google shill aiming to sabotage valid competitors, for example.
It’s not called critical thinking it’s called being a troll. And I’m not respond to you with anything but this statement.
“It is harder to convince someone they have been tricked than to trick them in the first place” and such.
Uuh… Ok? How is that relevant?
The news is about a proposed law in Sweden, not Switzerland.
It’s relevant because Switzerland is not Sweden, and thus Swedish laws do not apply to Swiss companies…
Directly.
The “if” to that “then” being that if they pass a law that would make Signal illegal in Sweden, then Signal will leave Sweden.
Illegal unless they install the backdoors. They could choose to do that instead of leaving Sweden, but they are choosing to leave Sweden.
If they did that, Signal would no longer exist at all. Nobody anywhere in the world would want to continue using it.
I agree that it would destroy the reason many people use it, but they aren’t outlawing Signal specifically. What they are doing is arguably worse, but this isn’t an “anti-Signal” action.
Well yeah, they are not attacking Signal the company, just their core busibess model.
I think you wildly misunderstand the average person’s motivations and how they weigh decisions.
We’re talking about Signal, not FB Messenger. People use Signal because of the encryption, and they would leave.
The “average person” you have in mind who obviously does not care about cryptographic security also does not use Signal.
There are a few people in my social bubble that are not technical at all, but heard a few bad things about WhatsApp and that’s why they are using Signal. Nothing more, they do not know how it works, they do not know who provides it.
And now they’ll hear something bad about Signal and move on as they did with WhatsApp, as per your example.
Seems to me one of the main things that got people to move away from Whatsapp en masse a few years ago was a rumour that they’d added a backdoor to it similar to the one Sweden is thinking of demanding. If an unfounded rumour did that much, the real thing might do substantial damage to Whatsapp as well if they were to go along with it. It probably wouldn’t completely demolish it, as it would for Signal — or at least its demise might take longer.
thats not the target audience, thankfully.
The target audience is everybody with a Smartphone.
The majority of people in my signal contacts are there because someone (sometimes me) pushed them to use it instead of WhatsApp.
While that’s generally true, one of the main reasons why people choose apps like Signal is the privacy. People that aren’t aware and don’t care generally wouldn’t have switched to Signal in the first place.
deleted by creator
I don’t get how its supposed to work…they want to require messengers to include backdoors in their software? So when a program is FOSS, then you can literally just use it knowing there is no backdoor…also, what blocks you from using a server in different country? Wtf that even means…
Then politicians would simply require for “any technical measures to ensure the backdoor to be available” or something like that, meaning it would be Signals’ job to ensure the backdoor works. They don’t give a shit how something is done (IT is just too complex for most of them), only that it gets done somehow. For that very reason federal digital services are such a shitshow so often, they just don’t understand what they even ask for so professionals always have to work around politicians’ demands constantly breaking even the most basic security principles.
Its them just being idiots, like illegal activities will kedp going using old good pgp, and normies will get spied by political shit, as always…no privacy for honest people.
I’m a bit surprised that the armed forces are openly opposing this, but good for them!
I mean beyond everything else, any group actually interested in the safety and security of citizens (so, not politicians or cops anywhere apparently), should be pushing everything to be encrypted everywhere. In the modern digital world anything not properly encrypted is at risk for ate tracks by bad actors.
That is because they just decided to switch to use it for internal communications. This means that they would have to roll back that decision.
Technically only for non-classified internal communication. Classified stuff is restricted to be discussed only using military approved locked down hardware. But still, issuing a strong recommendation for Signal above all other options when communicating using regular devices is a good thing. Lots of “regular” conversations can still leak more than you expect through metadata, timing, etc, so they trust Signal to protect that
It would have been good of the article to mention that important tidbit…
It happened like 2 weeks ago so I will forgive them for missing it.
Don’t know if it’s a trustworthy source, but:
https://cornucopia.se/2025/02/forsvarsmakten-infor-krav-pa-signal-for-samtal-och-meddelanden/
Nice, I get to use the only thing I know how to say in Swedish (forgive the lack of diacritics): forlat, jag pratar inte svenska.
I’m not familiar with EU law, but wouldn’t this set a precidence across the whole EU?
There is no such thing as a precedent in EU law. Any court can in general disagree with any other court. Appeals still exist, but they are only valid for that one case.
Judges don’t make laws here.
Don’t worry we stopped that in the US too. Congress doesn’t make laws either. We are post-laws.
Not unless turned into EU law, or a lawsuit over it reaches EU court. Individual countries can’t change the rules of the union on their own.
There’s already EU court precedence against mandatory backdoors
Is there a supremacy clause like what the US has? Like, if the EU court has a ruling, does a member country get to override that?
The EU in general uses civil law, not common law. Courts in general don’t establish precedents, so it does not matter what a court rules beyond that specific case, laws are wrtitten to be super specific, and you generally can’t challenge laws in court like in the US.
The EU works through a double process of lawmaking.
It can create directives that are like how US laws work as they need specific interpretation, except it’s national legislatures, not courts doing the interpretation.
And there are regulations - like the GDPR - that have to be adapted and enforced verbatim.
This is a cornerstone of the ongoing Big Tech dispute, they thought they can forum shop by buying the Irish judiciary, but they can still get indicted, even for the same violation, in any other EU court if that court also has jurisdiction.
https://commission.europa.eu/law/law-making-process/types-eu-law_en
Each country may still have the equivalent of a constitution, and the majority of EU laws are directives which the country may translate to fit their local law, also there’s various negotiated exceptions to EU laws. But the general idea is that the treaties establishing EU are meant to require full cooperation
no.
I have to ask. If Signal “leaves” Sweden because it is deemed illegal without backdoor, how would this even work regarding enforcement? Your phone gets searched and if they find Signal you get a fee? Messaging being blocked somehow by Swedish ISPs, is that even possible?
Signal will be delisted from Android/Apple store. That’ll curb the majority of Signal use in Sweden. I suspect Sweden isn’t going to after individuals. They could if they wanted to. ISP blocking, probably not, but yes ISPs can block Signal by blocking all known Signal servers. That’s why Signal supports special proxies that allow individuals to run to allow people from blocked locations to access the Signal servers.
That’ll curb the majority of Signal use in Sweden.
…unless a bunch of users plan to actually do something illegal, in which case a delisting from the app store doesn’t stop anything. Once again, it’s just to enable data collection about as many ordinary citizens as possible.
The proposed law would require messaging apps to store copies of user messages.
The law isn’t targeted at users directly. It’s targeted at the service providers. If the cops can access your phone you’re already screwed.
Blocking Signal traffic might be theoretically feasible but it would be a game of whack-a-mole. Legally, Signal might have to stop serving IPs in Sweden but that’s Sweden’s problem and VPNs exist.
They will likely IP geofence Sweden to block connections to Signal’s servers being made there.
Removed by mod
The question was what Signal would do though …
Removed by mod
Removed by mod
i am searching their link to Sweden
no link found yet, i will search again
.
https://signal.org/
© 2013–2025 Signal, a 501c3 nonprofit. “Signal”, Signal logos, and other trademarks are trademarks or registered trademarks of Signal Technology Foundation in the United States and other countries (more info here).
.
https://signal.org/donate/
Signal Technology Foundation is a nonprofit under section 501c3 of the US Internal Revenue Code..
“Leaving a country” for digital services usually means not providing services there anymore.
Yeah, but why do they feel forced to? I understand the EU is imposing fines on Meta and Google because they have branches in member states. But Sweden can do to Signal as much as the US could do to The Pirate Bay.
Thanks, this makes a lot more sense.
… i keep, time and again, searching for things, only to discover my “search goal” is not based in reality.
Nice PR move, but when do you announce leaving the US, which is the much bigger issue right now?
ISP blocking, probably not, but yes ISPs can block Signal by blocking all known Signal servers. That’s why Signal supports special proxies that allow individuals to run to a
The US as of now is not threatening to kill end-to-end encryption.
