For a future with privacy, not mass surveillance, Germany must stand firmly against client-side scanning in the Chat Control proposal [PDF - Statement from Meredith Whittaker, President, Signal Foundation]
this post was submitted on 03 Oct 2025
188 points (100.0% liked)
Privacy
42260 readers
808 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
I always threaten to pull out, but I never do
Dumbass. Always pull out. And wear a condom.
Canary coal mine kind of signal (pardon the pun)
Edit: they also obviously do not have a choice. If they legally must weaken their work and the core of their work is that it's not weak... then they have no work. So they can't accept it.
If signal pulls out of Europe we're in a pretty fucked state. Apps like signal will be reduced to operations it a few fringe countries eventually
We still have Matrix.
Signal is nice because it has a pretty good adoption rate even with non techies (which is why they've been mentioned by name in the chat control proposal). But privacy enthusiasts will still have briar/simplechat/xmpp. Those aren't centralised like Signal and will be a lot harder to regulate
ChatControl 2.0, if passed means your entire device is backdoored so it doesn’t matter what apps you installl, they can get your info pre-encryption
Custom roms is your best bed at that point. I do use GOS already.
It's great as long as you can guarantee that the person you're communicating on the receiving side does the same. Otherwise it's useless as your messages will be read on the receiving device. In practice it will make private communication extremely cumbersome and niche.
Also, the authorities can backdoor your custom ROM device at will, when seized.
I mean I don't see them back dooring GOS anytime soon. But your right both ends need to have a custom ROM.
Steganography. There’s more than one way to protect your communication.
And encryption in transit is better than no encryption at all (assuming the baddies don’t already have full access to your phone data).
assuming the baddies don’t already have full access to your phone data
That's the whole point of Chat Control 2.0
Not quite; Chat Control hearkens back to Apple’s doomed attempt at on-device CSAM filtering - the idea is that on-device images and message contents would be scanned for known hashes. This means a nation state could go fishing on devices for known content, but it wouldn’t allow them to indiscriminately sift through all the content at rest — they’d have to know what they were looking for.
That’s where the steganography comes in, because the hash based approach will fail if the content they’re looking for is obscured in some manner.
Custom roms is your best bed
Didn't know they come with sleeping facilities. They're so versatile nowadays! SCNR
😅🤣
You won't be able to install those apps soon after Android bans sideloading of apps that aren't signed, or bans sideloading of apps that are not from the playstore itself.
What then?
I don't think privacy enthusiasts use vanilla Android. People will stick to Lineage/Graphene for as long as it works and then switch to something like Postmarket. It's already in a state where it's rough but usable.
Europe: Companies can't lock down your operating system.
Also Europe: Companies must force back doors into their operating systems.
I wonder how long those two things can coexist.
Well, Google’s current behaviour is already putting the future existence of F-Droid into question.
We need FOSS phones badly and in numbers that manufacturing isn't horrible. That is until our governments force carriers not to connect them.
If I could find a reasonably priced 8" Linux tablet, I'd sell my phone and buy a cellular wifi AP.
You can spoof IMEI and pretend your phone is an old iPhone. Carriers wouldn't know.
Yes, but not everyone they want to talk to will go through that effort. It's already hard enough to convince someone to download another messaging app that they will only use with you.
"privacy enthusiasts" not everybody can do that. also remember that privacy is a spectrum.
I don't understand how this "threat" is supposed to work. If the law passes won't any and all chat encryption be affected? In that case it doesn't matter how you get the app, or if you manage to get it in europe. Its encryption will be broken/unavailable.
Laws don't magically break encryption. I'm not sure what you're trying to say.
They're trying to force Signal to weaken the application, Signal says they won't do it.
They can ban Signal for not complying, but you know how difficult it is to ban a digital application? It might make it more popular since it'll be one of very few actually secure messaging apps out there.
I imagined the law would be enforced by a deal with google and some global android state approved keylogger/backdoor completely bypassing all apps including Signal. But yeah, I'm having trouble wrapping my brain around this.
Encryption isn't magically broken because a legislature says it is.
They have to apply teeth to a market they control. Not everything is within their control. Though, signal is.
I suspect that signal will be asked to add a backdoor to their encryption, they will refuse and subsequently banned from EU app stores.
banned from EU app stores
What even is that? Aren't the 2 app official app stores American anyway?
Yes they are based in america but they have to comply with regional laws since they operate internationally. the apps available in these stores, and the laws that apply to them, differ per country.
If I understood correctly "they" here means Google and Apple because they are corporations that sell products, advertisement brokerage, SaaS, physical devices, etc in the EU. They have to comply otherwise they wouldn't be able to make money if one of the most profitable markets. They solely chose to comply because it puts their baseline at risk, not solely because of regional laws.
Shocker. I do however wonder what prevents someone from downloading and installing the apk to their phone. Am I wrong in believing this is a real way to bypass them leaving a market?
what prevents someone from downloading and installing the apk to their phone
google.
https://www.androidsage.com/2025/08/26/google-blocks-sideloading-of-android-apps/
So first step is installing an alternative phone OS then.
yeah, except according to my understanding of the topic, there is not much adult alternatives. graphene will have the same problem.
Doesn't Signal work with phone numbers? They will probably block every EU number from accessing the service to protect themselves legally. Maybe you could use something like jmp.chat to circumvent that? Probably need a VPN as well to mask your IP. In any case, it will decimate the user base, so you're left chatting with yourself anyway.
To my understanding, you just need a phone number to make an account. I think it can be a burner number. But then if you ever lose access to the account you can't recover it.