Germany must stand firmly against client-side scanning in Chat Control [pdf]

https://signal.org/blog/pdfs/germany-chat-control.pdf

300•greyface-•1h ago

Comments

NoiseBert69•1h ago

I wouldn't expect much from this government.

The CDU is legendary known for its umpteenth attempt to introduce illegal data retention (condemned by Germany's highest court).

The SPD - which is also part of the ruling coalition - is a flag in the wind as it has proven since coming to power. They will do anything to stay in power.

Deep down, Client Side Scanning that's what both want.

IlikeKitties•55m ago

> Deep down, Client Side Scanning that's what both want.

Let's be absolutely real the CDU wants complete government access to all private communications on demand with essentially endless retention. They just aren't allowed yet.

nosianu•47m ago

Funny thing is, the last few times some guy attacked people, a few days later we could read or hear in the news updates that that person had already been known to be violent, and quite a few times we also learned that they were supposed to have been deported.

Information does not seem to be the bottleneck at all! (Too) Many times, when we read about the person responsible for some sudden attack, everything needed to prevent that attack had already been known well before the attack. It's just that the authorities didn't do anything.

Sure, one may say there are too many people fitting the criteria and we cannot do anything with so many potential suspects, most of whom have not actually done anything. But more information won't help in these many cases at all.

Examples (German) - all reputable sources, mostly local public broadcasting (ARD) and one law publisher:

https://www.tagesschau.de/inland/festnahme-solingen-syrer-10...

https://www.swr.de/swraktuell/baden-wuerttemberg/faq-syrisch...

https://rsw.beck.de/aktuell/daily/meldung/detail/messerangri...

https://www.ndr.de/nachrichten/niedersachsen/braunschweig_ha...

https://www.ndr.de/nachrichten/mecklenburg-vorpommern/Tatver... (2nd to last paragraph, he had attacked people the month before already)

IlikeKitties•43m ago

Don't fall for the meme that this is to protect "the people". There's a literally 1984 Quote about it:

> "The Party seeks power entirely for its own sake. We are not interested in the good of others; we are interested solely in power. Not wealth or luxury or long life or happiness: only power, pure power"

okanat•46m ago

They have the crosshairs on preparing the government and law for the AfD take over for the second trial of 1933. Just like the useless Bundestag of Weimar, they would like to leave as many mines and holes in the democratic institutions so their true self can show how perfect a racist government feels.

NoiseBert69•30m ago

Same toxic soup (high levels of social discontent, inflation, poor job market, constant stream of doom news) as back then.

Only thing the AFD has to to is to keep their feet still and wait. The ruling parties will do the rest.

GLdRH•20m ago

What? Are you saying that the CDU is secretly working for the AfD?

First time I heard that, what bubble are you from?

nickslaughter02•35m ago

Take a guess from which political party is Zensursula.

pantalaimon•31m ago

SPD has been firmly pro surveillance since Schily

kekqqq•1h ago

No one should remove from us the right to privacy in chat rooms. Otherwise, PGP might become cool again, or I bet that there will be new ways to chat without mass surveillance.

bigyabai•1h ago

> Otherwise, PGP might become cool

People need convenient access to PGP. If their App Store removes all PGP apps then they might have to upload their privatekey to a PWA. And then no one's any better off.

If the everyman is forced to choose between being surveilled or using PGP, I reckon I know what he'd choose regardless.

reorder9695•59m ago

There's no reason email clients can't make PGP keys easy, proton actually makes it quite easy to add a PGP key for an email address.

dwedge•31m ago

Does Proton allow you to use any email client? Last I checked IMAP and SMTP is disabled and you're captive in their webmail or official client unless you pay for their bridge software.

Which makes this post ironic https://proton.me/blog/what-is-an-email-client

Telemakhos•30m ago

Nobody ever talks about S/MIME, but it's the corporate version of PGP/GPG for mail. Apple made it dead easy to use S/MIME encryption. Most vendors do, because it's still a requirement for some government purchasing (DoD is moving away from it). I was honestly and pleasantly surprised how easy it was to use S/MIME with the built-in mail programs on macOS and iOS/iPadOS, and I'm a bit surprised that Apple didn't just automate an S/MIME key for every iCloud mail user.

roywiggins•30m ago

There's no reason Chat Control can't mandate scanning in email apps, either.

udev4096•54m ago

https://autocrypt.org

thadt•41m ago

How would PGP help in the long run? If client side scanning is mandated for everything then the natural place for it to wind up is in the OS. Once your OS is scanning all the things, your privacy is finished - pretty good or otherwise.

layer8•30m ago

You can run the forbidden Linux software on legacy hardware.

Of course, all new hardware will have hardcoded firmware scanning the DRM’d keyboard controller.

ForceOfEntropy•22m ago

In that case you could an Arduino, Raspberry Pi, or similar to write and convert the message. The converted msg can then be sent over USB, wifi, etc to the computer

roywiggins•15m ago

Right, and then Chat Control looks at the encrypted text and goes "oh huh this looks encrypted and suspicious, let's put this user on a list for closer inspection" or eventually just refuses to let you send the message at all. Steganography is hard and it will be very difficult to hide that you're sending encrypted messages.

0cf8612b2e1e•15m ago

Microsoft has been pushing Recall for a while now. Clearly they will make it a cornerstone feature, potentially without the ability to opt out.

killparty•1h ago

Handle jetzt: https://chat-kontrolle.eu/index.php/2025/10/02/der-kampf-geg...

Info: https://netzpolitik.org/2025/eu-ueberwachungsplaene-die-chat... "Wichtige Stimmen wie Amnesty International, Reporter ohne Grenzen und der Chaos Computer Club appellieren eindringlich an die Bundesregierung, die Chatkontrolle zu verhindern. Sie warnen vor einem Angriff auf die Pressefreiheit, einem IT-Sicherheitsalptraum und einer Gefahr für die Demokratie."

jhoho•2m ago

https://fightchatcontrol.eu/

guywithahat•1h ago

> Under the guise of protecting children, the latest Chat Control proposals would require mass scanning of every message, photo, and video on a person’s device, assessing these via a government-mandated database or AI model to determine whether they are permissible content or not.

This is pretty terrifying, although not unexpected. Given Germany's aggressive crackdown on speech I wouldn't feel too optimistic. If the BKA is going to launch criminal investigations for calling overweight politicians fat, they're probably not going to protect any rights to private conversation.

The lack of free speech laws in Europe is becoming a serious issue

IlikeKitties•57m ago

German speaking here: People here in Germany do not want to think about just how bad our constitution really is designed. We only get free speech lte, There's no fruit of the poisonous tree doctrine leading to constant prosecutorial overreach and illegal searches[0] that are later ruled illegal but with on effect and our public prosecutors are so much lacking in independence that they aren't allowed to issue european arrest warrants [1]. But I've heard people tell me with complete conviction how great our constitution is. I can't even bother arguing about it anymore.

[0] And they brag about it on 60 minutes https://www.youtube.com/watch?v=-bMzFDpfDwc [1] https://curia.europa.eu/jcms/upload/docs/application/pdf/201...

AAAAaccountAAAA•7m ago

I don't think those issues are necessarily interconnected. If I have understood it correctly, many Germans view both hateful propaganda and surveillance as tools of dictators.

Surveillance of private communications obviously has a chilling effect on free speech as well, but freedom from surveillance does not imply a freedom to openly spread hate speech in public.

udev4096•1h ago

How would chat control even work, with federated and decentralized networks? This is the reason you should not use signal. Moxie wants everyone to be in a closed loop, tightly controlled by his decisions. Matrix ftw!

keanb•1h ago

You make those networks illegal to use. Just using them would be illegal, regardless of the contents of your communications.

munchlax•44m ago

In the end it's saying you can learn all the math you want except certain formulas. Just not those.

Good luck with that

roywiggins•28m ago

You're welcome to run any algorithm you want with paper and pencil, but you might not be able to run them on your devices that are allowed to talk to cellular networks.

Communications that look encrypted can also be straightforwardly flagged and logged for a closer look, perhaps keeping a closer watch on any cleartext messages, metadata that invariably leaks, etc

supriyo-biswas•1h ago

Pursue criminal action against the people making apps or providing servers for decentralized/federated networks.

enmyj•1h ago

Moxie hasn't worked at Signal for a while now

ratelimitsteve•35m ago

don't forget that you're dealing with the state so "we'll kidnap and/or murder you" is a legitimate option as a response to undesired behavior. at least, they think it's legitimate, and they think that thinking otherwise is undesirable behavior, which leads to a bit of a catch 182...

tiku•1h ago

I wonder if we can make a chat app that doesn't use encryption but hides your messages inside random words. The solution should be saved locally on your device.

byteknight•1h ago

Encryption is defined as "the process of converting information or data into a code, especially to prevent unauthorized access."

What you describe is the same thing just not cryptographic.

markild•59m ago

Specifically, steganography: https://en.m.wikipedia.org/wiki/Steganography

nixass•55m ago

Let's invent it and name it Enogma. For the fun sake

bigyabai•1h ago

> The solution should be saved locally on your device.

Installed as a signed app...?

Trasmatta•1h ago

That's just an insecure form of encryption

cesarb•45m ago

> I wonder if we can make a chat app that doesn't use encryption but hides your messages inside random words.

This technique is called "chaffing and winnowing": https://en.wikipedia.org/wiki/Chaffing_and_winnowing

Zigurd•43m ago

There isn't a technology solution for this. The solution is to realize the value Switzerland lost with Proton moving out of Switzerland, and what Germany could lose if Wire had to make a similar decision regarding their home in Germany. There's considerable value to having real effective security. These nations stand to lose that value.

ChrisArchitect•59m ago

Aside: any reason why is this a pdf and not a post on their blog? Can include a pdf download alongside.

throw_a_grenade•56m ago

I'm sorry to pick non-technical details, but this PDF is typeset on „Letter” paper, which is immediately noticeable (different aspect ratio). Normally it's on „yeah, whatever” level, but since this paper (sic) aims to influence European policy, now this detail is actually important.

This whole piece reeks „I'm an 1) outsider that 2) couldn't be bothered to get to know local culture so 3) probably has no stake in the affair” and as such is liable to get dismissed after only cursory glance. We know every single enumerated point above is false, but it doesn't matter. That every single word written on the page is right nd warranted, doesn't matter. @Meredith and anyone else writing papers aimed at EU, would you kindly please switch to A4 before exporting the PDF.

layer8•15m ago

The letter also says “October 3, 2025” instead of “3 October 2025”. ;)

(https://commission.europa.eu/system/files/2023-11/styleguide...)

But anyway, if they truly wanted to address the letter to Germans, they should be providing a German-language version in the first place.

nisten•56m ago

I think a good way to shame politicians that push this type of erosion of civil liberties is to label it at gestapoware.

Netcob•42m ago

For some more recent crimes against society and humanity, I'd also compare it to Stasi. Plenty of people alive today who lived with that.

Around 1 in 30 people was secretly telling on their neighbors. After unification, it was presented as a dark chapter in German history that had finally come to an end. People would get to look into their own "file" to see what and how much had been written about their daily activities. I was a bit young at the time, but I do remember frequent discussions on TV about how to move on from this, and how to make sure it doesn't happen again.

And now we're talking about reading everyone's private messages on a scale that would be the Stasi's wet dream.

I wonder - if the Stasi had been presented as a legitimate way to fight CSAM - would that have been okay?

1718627440•34m ago

They did say these protesting on the street are outlaws who also rape and kill the little children.

petre•17m ago

Unsurprisingly the Stasi and Gestapo types always say things like that.

beezlewax•32m ago

The Stasi while more recent and more correct a name to use here are still something not everyone knows about to the same extent as the gestapo.

volkl48•29m ago

In Germany they certainly do.

some_random•27m ago

The trouble is that the Stasi are not seen in as negative of a light as the Gestapo.

godelski•2m ago

In Germany?

I'm not German but the German people I do know don't see them positively. But could be selection bias

hommelix•42m ago

Stasiware is more appropriate. Stasi (Staatssicherheit) was the administration in charge of spying each citizen of east Germany. It runs until 1989. So more people remember the opening of the archives in the 1990ies.

bikson•27m ago

Stasiware. I like that.

weinzierl•6m ago

Besides that this is likely a criminal offense in Germany (§86a StGB) we tried it 16 years ago with "Zensursula" and you can see how that turned out.

luxuryballs•49m ago

this is an objectively funny headline with how it so nimbly jumps from political to technical, “we must stand in a united front against client-side (software feature)” lol

quotemstr•46m ago

I've been wondering how Chat Control's proponents settled on such a comically villainous name for their project. They didn't even bother being Orwellian. Skeletor could have have come up with "Chat Control"

nickslaughter02•43m ago

The name was coined by a former MEP Patrick Breyer, one of the most important opponent of the law. EU's other proposal for mandating backdoors into devices is however from a group officially called "EU Going Dark" tho (you thought Chat Control was the only thing coming?).

https://netzpolitik.org/2024/going-dark-eu-states-push-for-a...

quotemstr•43m ago

That makes more sense

layer8•42m ago

It’s the critics who named it Chat Control. The official name is Regulation to Prevent and Combat Child Sexual Abuse (Child Sexual Abuse Regulation, or CSAR). Let’s hope there will be enough Brutuses.

ktallett•3m ago

The next official name will be to prevent and combat terrorism, then the next proposal after that will be to prevent and combat child sexual abuse again, then the one after that will be to prevent and combat terrorism, then the one after that will be to prevent and combat child sexual abuse again..... and well you get the gist of that.

nickslaughter02•46m ago

I think many outside of EU dismiss this as an EU only thing and don't think much about it.

1. Have you ever texted someone from EU? You are now chat controlled too.

2. EU is pumping billions to foreign countries to promote EU values. How long until they condition this "help" with chat control?

AAAAaccountAAAA•11m ago

It's definitely not an EU only thing. China, Russia and such have been doing this for years. There have been attempts to introduce it in US (EARN IT Act) as well, and the current regime there might very well end up doing that. Australia has also been pretty authoritarian what it comes to this kind of things.

nickslaughter02•3m ago

I don't understand your response and the downvotes. I'm saying Chat Control will spread to other countries. I'm aware of attempts from other countries. Add France and Sweden to your list.

rlpb•29m ago

How does this fit with Apple's pushback against the UK government's encryption backdoor efforts against them? Why aren't Apple also pushing back against this EU initiative?

oytis•22m ago

I thought Apple already voluntary implemented it on their devices?

ls612•3m ago

Apple briefly proposed something similar but then reversed course pretty quickly and has unequivocally stated that it was a poorly thought out idea when they proposed it.

I'd have to assume that Apple and WhatsApp are taking a more behind the scenes approach on this and that they too would leave the EU if it came to it. Both of their messenger brands are so fundamentally tied to E2EE that its hard to imagine them thinking its worth it to stay and break their encryption.

jMyles•28m ago

It's great that signal / open whisper engage in the political situation and the pressure on these states.

We also need to be sure that signal / open whisper / matrix / telegram / everybody continues to make end-to-end encryption available regardless of what politicians say.

Math is bigger than human affairs. There is no shame in breaking laws that prohibit math.

roywiggins•22m ago

Chat Control doesn't prohibit you from using whatever encryption you want, it mandates that your phone snitch on any plaintext that it has access to.

alltheseas•4m ago

Fourth Reich let's goooo

CometJacking: One Click Can Turn Perplexity's Comet AI Browser Against You

Hume AI Octave 2: new text-to-speech model

China Pushes Trump to Drop Curbs as It Dangles Investment Pledge

Moravec's Paradox

Parachute is full of holes – and that's a good thing

The AI bubble is 17 times the size of the dot-com frenzy, analyst says

ICE Wants to Build Out a 24/7 Social Media Surveillance Team

Show HN: Turn Instagram/YouTube vids or blogs into day-by-day travel itinerary

Better data infrastructure is needed for the AI era

Multigres: Horizontally scalable multi-tenant Postgres architecture

Pentagon decrees warfighters don't need 'frequent' cybersecurity training

Why Understanding Customer Behavior Matters in High-Value Wealth Management

Aaaan.net

Show HN: Correctify – The everything app for restaurant menus

Ink Deformation – A Review

CLI tool to convert OpenBSD Packet Filter config files to JSON and vice versa

We Tested Go's Experimental Green Tea Garbage Collector and It Didn't Improve

Apple removes ICEBlock, won't allow apps that report locations of ICE agents

Protect Your Open-Source Project Before It's Too Late: A Legal Horror Story

Serving Python apps using Caddy web server

The Supabase Remote MCP Server

Perplexity bets on free AI browser, tests compute power limits

Supabase Series E

Bridge between Alzheimer's theories: Amyloid beta and inflammation converge

Man using Meta AI glasses to film women prompts USF warning

China's Repression of Uyghurs in Xinjiang

My Life in Ambigrammia

Ask HN: Any concrete drawbacks from using Vercel's AI SDK?

Body: Bash script to get the middle of a file, instead of head – tail

Europe is saying no to electric scooters. The data says not so fast