Swedish government wants a back door in signal for police and ‘Säpo’ (Swedish federation that checks for spies)

Let’s say that this becomes a law and Signal decides to withdraw from Sweden as they clearly state that they won’t implement a back door; would a citizen within the country still be able to use and access Signals services? Assuming that google play services probably would remove the Signal app within Sweden (which I also don’t use)

I just want the government to go f*ck themselves, y’know?

  • Uriel238 [all pronouns]
    link
    fedilink
    English
    455 months ago

    Governments have long wanted backdoors on secure private communication, and so long as we have an ownership class, they always will.

    And backdoors will always be more useful to hackers, industrial spies and terrorists than they are these departments of state looking to ensure national security (or watch for proletariat unrest. We’re already pissed.)

    And the private sector will always route around these backdoors, possibly by modding the client or offering new services that are still secure.

    States should get used to disappointment. Investigation bureaus should prepare for going dark. Once upon a time they had to rely on detective work rather than asking Google whose phones were near the incident or what web-surfers were asking questions about the circumstances pre-hoc.

    • @[email protected]
      link
      fedilink
      English
      35 months ago

      it always bugs me how governments who demand backdoors continuously fail to realize that even if they backdoor the encryption of Signal: PGP, or more similarly to Signal, Pidgin+OTR and/or OMEMO all still exist, are well maintained and are designed to work on top of insecure channels. This isn’t gonna be the way to catch actual bad actors, they’ll all just get SimpleX or Pidgin or any other number of things and continue communicating and “going dark”.

      …not to mention that Signal’s source code is open, so even if they compromise the Signal client, you can just switch to Molly or build an older version - or if the server is compromised, you can run your own with the backdoor disabled or stripped out. This is a zero-sum-game all the way down.

      • @[email protected]
        link
        fedilink
        35 months ago

        Centralized communications are susceptible to government controls, while decentralized systems are more difficult to stop, like Lemmy for example.

        • @[email protected]
          link
          fedilink
          English
          15 months ago

          It can also be more safe depending on where the centralization happened.

          Id argue that if decentralization is the goal, matrix is the right path forward.

  • @[email protected]
    link
    fedilink
    345 months ago

    People host signal proxy for countries where it is banned already. The primary impact of this law is on non technical people and new users thinking to switch to.

  • troed
    link
    fedilink
    95 months ago

    This is where Signal’s biggest problem shows. It’s centralized. Matrix is the better choice since it will be up to you if you decide to break the law if it’s banned, since there will still be plenty of servers you can reach.

    • ᕙ(⇀‸↼‶)ᕗ
      link
      fedilink
      95 months ago

      yes. but transition takes time and my mom just installed signal last year. we will get there for sure.

      • @[email protected]
        link
        fedilink
        35 months ago

        I moved my whole family over to Signal specifically because it was so easy. SimpleX is easier than Matrix, imo, but when Matrix is equally as easy to set up as Signal, then we’ll see where things are.

        The only big issue I’ve heard with Matrix is the current implementation doesn’t scale well, due to how servers are required to clone data (or something). I think they’re working on a fix, but it’s still not ready for prime time, I think.

        • @[email protected]
          link
          fedilink
          3
          edit-2
          5 months ago

          SimpleX is not easy to setup either. There are two flaws I pointed out on GitHub over a year ago which have been ignored:

          FLAW #1
          Scanning a QR code invite with your camera app does not work. It has to be scanned AFTER you install SimpleX using the camera function of SimpleX.

          FLAW #2
          Clicking on an invite received in Messenger confuses Signal because Messenger appends a question mark and some tracking code rubbish. SimpleX could easily strip the rubbish but it doesn’t. It simply fails.

          Simple ❌

          • @[email protected]
            link
            fedilink
            15 months ago

            The first one is pretty standard stuff, and it makes sense why you need to do it from the primary app and not from a third party one (like the camera). You would not want that other app digesting and sending off that invite link to the bowels of Google or whatever, which defeats the purpose of limited invites.

            The second one seems pretty easy to workaround. I agree that perhaps their (Facebook?) Messenger implementation should account for the tracking data they tack on, but I’d hardly consider that a deal breaker when you can copy the invite link by hand.

            I work in QA, and if I was a PM, I would flatly reject the first “flaw” as introducing weaknesses into the design and assign a low priority to the second due to an easy workaround and only affecting a single app.

            • @[email protected]
              link
              fedilink
              3
              edit-2
              5 months ago

              Good point re first one.

              Second one is a problem for most people. They just click on a link and expect it to work. They would have to figure out themselves what the workaround is because SimpleX says something like “bad invite” or “bad link”.

              And even if I told them what to do, they don’t even know it is possible to copy, paste, edit, hit return.

              I have about 30 activists using Signal whom I would like to migrate to SimpleX. I didn’t want to handhold each of them. I think you are overestimating general computer literacy out there.

              Similarly I would like to migrate over 600 of them from Facebook into our own group in Lemmy however they are older people and a third of them have enough problems signing up to and navigating Facebook.

              Adding to my frustration is their English illiteracy. “more than half of Americans between the ages of 16 and 74 (54%) read below the equivalent of a sixth- grade level.”

              • @[email protected]
                link
                fedilink
                25 months ago

                You know, now you’ve got me wanting to try my hand at submitting a fix for your second issue.

                So to summarize:

                • You copy or share a one-time contact link via SimpleX.
                • The sender sends it.
                • The receiver gets it.
                • The receiver clicks on the link, and Meta adds a bunch of extra tracking nonsense onto the link.
                • SimpleX throws an exception (“invalid link” or something, right?)

                Is that how it goes, in your experience?

      • @[email protected]
        link
        fedilink
        7
        edit-2
        5 months ago

        Increased censorship, increased support for military expansion, broad political support for genocide, increasing support for anti-immigrant policies, increasing government spying and authoritarianism, escalation against leftists by the authorities… along with more & more European politicians openly aligning themselves with Nazis.

        What am I missing?

        • @[email protected]
          link
          fedilink
          2
          edit-2
          5 months ago

          You can’t just use any unrelated topic to post this. Are you a Russian troll? If not, you’re in the wrong thread.

          • @[email protected]
            link
            fedilink
            5
            edit-2
            5 months ago

            In what way is this unrelated? The increase in government authoritarianism across Europe is inextricably tied to their escalation in tech-enabled government authoritarianism.

            I don’t understand how opposing the spread of Nazism across the globe isn’t at the top of everyone’s priority list. And I’m not sure why anyone would take issue with me calling it out, unless they’re sympathizers/collaborators.

            • @[email protected]
              link
              fedilink
              1
              edit-2
              5 months ago

              This is completely unrelated to the topic at hand. You should look up the definition of nazism.

                • @[email protected]
                  link
                  fedilink
                  15 months ago

                  Nazis might do surveillance. But surveillance doesn’t make you a nazi. You’re confusing correlation with causation.

  • Monkey With A Shell
    link
    fedilink
    English
    1505 months ago

    Wherever a service with encryption exists any government in the world thinks they need to be the special child with the access to the contents.

    E2E with privately generated and held keys, have you published your PGP public key yet?

    • @[email protected]
      link
      fedilink
      English
      48
      edit-2
      5 months ago

      E2E with privately generated and held keys, have you published your PGP public key yet?

      Exactly. You can’t stop secure encryption.

      I remember in the very old days of the internet when only the US had strong encryption and thought it was some gotcha. They labeled it a weapon to prevent overseas export. Phil Zimmerman created PGP, lobbed the source into a book (protected under 1st amendment) then shipped it overseas.

      If strong encryption exists and people want to use it, you’re just not going to be able to stop them.

      • @[email protected]
        link
        fedilink
        55 months ago

        Reminds me of the story of immigrants who tatooed the algorithm on their back. It was illegal to send them back.

      • Monkey With A Shell
        link
        fedilink
        English
        115 months ago

        There’s a function built into Thunderbird to create keys, and I think publish the public cert directly to the MIT repo.

        • @[email protected]
          link
          fedilink
          15 months ago

          While I appreciate they have it, this is still rocket science when you describe it to an average user of mail. This stuff needs to be almost automatic and happen in the background for it to really be used by the masses. :-(

  • @[email protected]
    link
    fedilink
    English
    305 months ago

    Before any politician asks for a backdoor into an encrypted service they should be required to explain Project Rubicon

  • @[email protected]
    link
    fedilink
    75 months ago

    They will probably just show message to Swedish ip addresses and state that they cannt provide you with the binary as you are using a Swedish ip.

    Something very clear to say use a VPN 😉