The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption.

Requiring government-approved software in peoples’ messaging services is an awful precedent. If the Online Safety Bill becomes British law, the damage it causes won’t stop at the borders of the U.K.

Random thoughts...

Even if platform-assisted end-to-end encryption (pseudo e2e) is censored, perhaps we could still use true user-to-user encryption. If "end" means the messenger software itself or a platform endpoint, then the following will be true e2e - "pre-end" to "post-end" encryption:

1. Alice and Bob exchange their public keys. While using a secure channel for this is ideal, a monitored channel (e.g. a normal message app) is okay too for the time being.
2. Alice prepares her plain text message locally: Alice.txt
3. She does gpg -sea -r Bob -o ascii.txt Alice.txt
4. Alice opens ascii.txt, pastes the ascii string in it to her messenger, sends it to Bob like normally.
5. So Bob gets this ascii-armored GPG message, and saves it as ascii.txt
6. gpg -d -o Alice.txt ascii.txt, and he has the original Alice.txt
7. He types his reply locally (not directly on the messenger): Bob.txt
8. gpg -sea -r Alice -o ascii.txt Bob.txt and sends back the new ascii string
9. Alice gets it, so she does gpg -d -o Bob.txt ascii.txt to read Bob.txt

In theory, scanning by government-approved software can't detect anything here: Alice and Bob are simply exchanging harmless ascii strings. Binary files like photos can be ascii-armored too.

Admittedly this will be inconvenient, as you'll have to call gpg manually by yourself. But this way you don't need to trust government-approved software at all, because encryption/decryption will be done by yourself, before and after the ascii string goes through the insecure (monitored) channel.

The U.K. Government Is Very Close To Eroding Encryption Worldwide::The U.K. Parliament is pushing ahead with a sprawling internet regulation bill that will, among other things, undermine the privacy of people around the world. The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption. No

HN Discussion

[ comments | sourced from HackerNews ]

There is a discussion on Hacker News, but feel free to comment here as well.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/technology by /u/EmbarrassedHelp on 2023-07-28 19:36:39.

cross-posted from: https://monyet.cc/post/153506

The U.K. Parliament is close to passing the Online Safety Bill, which threatens global privacy by allowing backdoors into messaging services, compromising end-to-end encryption. Despite objections, no amendments were accepted. The bill also includes content filtering and surveillance measures. There's still a chance for lawmakers to protect privacy with an amendment preserving encryption. A recent survey shows the majority of U.K. citizens want strong privacy on messaging apps.

The U.K. Parliament is close to passing the Online Safety Bill, which threatens global privacy by allowing backdoors into messaging services, compromising end-to-end encryption. Despite objections, no amendments were accepted. The bill also includes content filtering and surveillance measures. There's still a chance for lawmakers to protect privacy with an amendment preserving encryption. A recent survey shows the majority of U.K. citizens want strong privacy on messaging apps.