Do you have a license for this TCP packet?

The realistic outcome, most likely, is mDL (mobile driver's license) automatically being passed through from your OS, to your browser, to the website. This will make compliance with age verification requirements easy, in addition to making ban enforcement and blocking crawlers/robots/spam much easier.

There's already a W3C browser standard in development - The Digital Credentials API. Apple is adding support for "Verify with Wallet on the Web" in iOS/macOS 26. Chrome is currently rolling out Origin Trials.

https://digitalcredentials.dev/

https://www.w3.org/TR/digital-credentials/

https://developer.apple.com/videos/play/wwdc2025/232/

https://developer.chrome.com/blog/digital-credentials-api-or...

On the flip side, there's no anonymity. Welcome to the real Web 3.0 - an internet which has been finally put in a box, for better and worse. An internet which is finally forced to respect national laws, for better and worse. An internet where what you say online, will be treated with no difference than if you had said it in person.

Nobody is in charge. It's a headless blunder operating under the illusion of a master plan.

The endgame is to kill independent media

I think that decentralized solutions to the Web mostly suck because they're worse to use for the majority of people. But if the Web becomes useless for things people actually care about, decentralized solutions will creep in. People won't simply give up, the things that work will become better in the ways that serve prospective users.

That's kind of the worst case scenario, though, where bad politicians don't get removed from office. We can hope that most people will decide that enough is enough, or politicians will quietly back down when they realize they're dooming their own careers.

Full government control of all digital media and digital communication.

Westerners always pointed fingers at China, North Korea and Russia, but in this case we are seemingly attempting to lap them.

Residential ISPs will only transmit packets that have a valid device attestation signature from one of the well-known device vendors. "Unsafe" software won't get access to the devices' secure enclave to sign their packets, so their packets will either have to be transmitted in plaintext, or they'll be dropped by the ISP.

The end game is politically controlled speech. First you can't share porn, then you can't share violence, then you can't share police abuse, until it starts to creep into the world of anything unflattering to those in power.

And of course, it will all be under the guise of safety and harm reduction, but the veil will keep getting thinner and the amount of things covered more comprehensive

What happened in Nepal earlier this month proves that a brighter future is possible, if people get fed up enough.

Without the ability for people to have private conversations and organize politically in private, democracy is impossible. It wasn’t as much of a problem in the times when everything happened IRL, but now online is the default.

So the endgame is that an anti-democratic government eventually wins an election and uses its new tools to crush dissent and make opposition parties impossible.

Boot stomping on a human face forever.

On sufficiently long time scales, there is only one realistic outcome: the internet will not tolerate censorship and will not abide state control. It is bigger than people and computers; it's an evolutionary force.

IMO, the endgame is tyranny that we cannot escape. Something like stasi on hi-tech steroids. Such a tyranny can only be possible if there are no places on earth we can escape to and if domestic survelliance is so comprehensive that potential threats are eliminated before those threats realise what they are up to. In such a state, when there is neither external no internal pressure, the tyrant can rule for centuries. The thing is, there is a nontrivial number of those among us who prefer this way of life, and they are very capable in achieving their goals.

The goal is always to suppress the ability to dissent political.

It was trialed during covid and people absolutely cheered for this type of control.

Now it's only a matter of time unless people accept that it's never acceptable. Not even with "perceived threats". Covid passes and social scores to do activities where absolutely a wet dream for govs and corporations alike. The corporations that benefit from government mandated tools love getting free money and governments love control. They know the tools never spy on them, and that's why everytime they're the ones committing crimes or ignoring their rules it's "a mistake or nothing to see here".

Easy. They really like what China is doing, but they can't because of that pesky democracy.

China is every wannabe dictator's digital wet dream.

Notes are usually leaked by netzpolitik.org a few days after.

How come pigs fly so gracefully?

The comment is such nonsense it's impossible to even begin correcting it.

...and Hungary, Belgium, Sweden before Denmark. All tried to pass it. The next in line for EU presidency is Cyprus, a supporter.

The Nordic countries have always been into social control but Denmark adds a side of paranoid ethnonationalism into the mix which leads to some very strange values.

The current world is so crazy that I would easily bet that it is strange that a small country like Denmark is so obsessed about running all European privacy, and there might be hidden corrupt interest behind that.

I would but be surprised that US is pressured some people there.

For some reason names are sensored because of the ”privacy and security requirements.”

Follow the money. AI surveillance companies like Thorn are shaking in excitement.

https://balkaninsight.com/2023/09/25/who-benefits-inside-the...

The state itself.

Any shred of rights or privacy has reduces it's ability and/or increases the cost of it doing what it deems worth doing.

Lobbyists from surveillance product companies.

And law enforcement agencies.

What is extraordinary is that the idea that there shouldn't be a word exchanged between two individuals that the state cannot listen to was a Stasi wet dream. It is just shocking that western democracies that have held totalitarian regimes at bay for so long at great expense, are now going full big brother.

> Who, exactly, is so strongly motivated to make such legislation?

For the part that Denmark is playing, I think the answer is somewhat readily found in the current national politics of Denmark. We've just had a pretty prominent politician 7 years ago get convicted of being in possession of CSAM. I think that's very personally offensive to our current prime minister. That has to be viewed along with her personal view of herself as the "children's prime minister", to make it into a double whammy.

We've also been dealing an inability of the police to investigate some crime, and the investigative committee established to figure out what to do about it recommended an ability for police to more readily be able to investigate digital material. I imagine the current policymakers imagine Chat Control to play a part of enabling that at a national level.

It's surveillance companies, i.e. follow the money. Imagine if you can force every IM app to include your nonsense? BILLIONS of instant installs and subscription fees.

The EU ombudsman actually asked the EU Council to comply with a Freedom of Information request about who attended the meetings about this and all we got was a fully redacted PDF with a list of about 30-40 individuals/groups (literally blacked out in the PDF). It's absurd how non-transparently this is bought & paid for.

Swedes and Danes are at the forefront.

The truth is that Scandinavian societies are much more authoritarian and illiberal than they want people to believe.

Our "minister of Justices" is a scared little boy, deeply traumatised by a childhood characterised by the lack of a basic sense of safety. This trauma has never been addressed and with age he has unfortunately become a politician and earned a law degree. His rational faculties and academic degree are of course a faint echo compared to his childhood trauma, so he has no reservations destroying any personal liberty in the name of safety. I feel deeply for the boy, but fear the man.

I think you're confusing technical encryption with the privacy of encryption.

For example, let's say I implemented a CSAM-scanning AI model in my chat app, which runs locally against your message, before communicating the message over an encrypted HTTPS channel. If the message is flagged, it can be sent over an encrypted HTTPS channel to authorities, on a secondary separate connection. At no point, did it leave the device, in unencrypted form.

Is that message encrypted? Yes.

The way that you want? No.

Governments have recognized this distinction, and have figured out they can have their cake and eat it too; the security of encryption with none of the privacy.

The seeming trend that worries me the most these days is the lack of competence at multiple levels of society. Our leaders, their supposed subject matter experts, the people doing "the science" all seem to be demonstrably incompetent at their jobs. I don't know if this is an actual trend or just the perception of one but it's concerning either way.

This is about power of the state over the individual. Full stop.

all of this is basically irrelevant, given that the type of ppl who this legislation claims to target can always just resort to email + pgp or some such, over which governments don't really have any meaningful control...

> I lost count how many times the "lets get rid of encryption" plans have been tried and failed.

They only need to succeed with it once, so they'll keep trying again and again.

That's exactly why it's very important to raise awareness about it everywhere.

It is perfectly possible to encrypt a message such that two different keys can decrypt it. There is nothing in modern encryption that makes that impossible. See https://faculty.cc.gatech.edu/~aboldyre/papers/bbks.pdf and many others.

So your chat app encrypts your message with the recipient's public key and the state's public key.

Hey presto, you have a message which cannot be read by someone who casually intercepts it. If the state seizes your message - or records it for later analysis - they do not need to break encryption. There's no plain-text version laying around for anyone to sniff.

Is this a good idea? No. Even ignoring the civil liberties aspect, we know that key management is extremely difficult. A leak of the state's private key(s) could be devastating.

But let's not pretend that this is somehow technologically impossible.

I do not agree with you that they have good intention or have good goals. They know what they are doing, and they are doing it to gain control. I think by saying they have good goals, but they don't know better, we are down playing the danger. They know what they are doing, and they are doing it to have more power over people.

> they still managed to not listen to anyone who knows anything about encryption and online safety

Why do you assume something like that? Do you actually know the arguments that the parties in favor of this kind of regulation are presenting? And can you dismiss them based on objective facts?

> The goal they are trying to achieve is good

That is what should be, in my opinion, the basis of this discussion. Assume good intentions and try to work out with the parties involved to achieve the goal in a reasonable way. This is the way, I believe.

Hand-wavingly dismissing other party's arguments would be in my opinion disingenuous.

Key enablers that ensured those plans fall apart were PC platform and default code freedom on it. It doesn't work because anyone can just compile the clean versions of apps using gcc, on PC. Same cannot be guaranteed on Android and is not even happening on iOS.

We shouldn't have shrugged off the weird feeling of shackles on our wrist when iOS(iPhoneOS) was first released. We should not have relied on geohot stopping by and dropping a jailbreak he found. We should have voted to force it open by law.

Are vpns controlled by private companies safe?

Isn’t the point of Chat Control to scan on the device so that they can say encryption isn’t affected?

> Makes me really worried about the future.

It's important to remember that government is not your friend, isn't meant to be, and never has been. It's a machine of control that needs to be held in constant restrain by the population. Obtaining more control is the expected behavior of those who come into power, shown through all of history.

My guess has been an unholy alliance between 'IP holders' like Hollywood (and increasingly games), and the surveillance industrial complex.

Add in the fact that both China and the US already have practically near omniscient digital oversight of everything their citizens do through server and OS level backdoors, the uninformed politicians in the EU/UK are easier to tempt by lobby groups crying in the name of the children.

The proximate goal they're trying to achieve is mostly irrelevant when compared to the broader technical goal. That goal is to force all messaging systems to re-architect so they include a "bump on the wire" that hosts a scanning mechanism sophisticated enough to recognize novel (unknown) image content. This implicitly requires re-architecting these systems to contain neural-network image classifiers that operate over a model that's kept secret (to the user/client.) Everything else is sort of irrelevant compared to the implications of this new architecture.

The "good news" for now is that the systems deployed in this model won't classify text, only images and URLs. The bad news is that the current draft explicitly allows that question to be reviewed in the future. And of course, once you've re-architected every E2EE system to make image scanning possible, most of the damage to cybersecurity is likely already done; a year or two down the road, text scanning will probably be viewed as a modest and common-sense upgrade. I expect that folks who object to text scanning on cybersecurity grounds will be informed that the risks are already "baked in" to the image-scanning model, and so there's no real harm in adding text scanning.

Leaving aside the privacy issues, this is basically an existential national security risk for Europe. It's amazing to me that they're walking right into it.

> these people don't understand anything about encryption and therefore still think this is a good idea.

Fixed that for you.

I suspect the primary reason that people in this position fail to understand anything about encryption is that it is their job to do so.

I don’t understand how people like you continue to grant good faith to government.

You are the people who make this kind of repeated attack on freedom possible.

> The goal they are trying to achieve is good, but the execution is just stupid and will make everyone, including and maybe especially the people they want to protect, less safe online.

If so, the best way to stop that is to sugest a good way to achieve the good goal.

How would solve these good goals?

The reptile-brained politicians really hate that we can think our thoughts in secret and communicate with each other in secret.

1984 playing out in front of us. Again.

Politicians like Peter Hummelgaard are ghouls. They want their eyes in your home, watching you at all moments. And then they want to control what you do and see and think.

Defending our liberties and privacy is a never-ending battle.

Denmark has integrated Palantir for the police, so the Minister of Justice is likely the one who pursuits it most.

More about Palantir in Denmark:

https://www.tandfonline.com/doi/full/10.1080/1369118X.2024.2...

Every chat application must comply by law and companies which make them without government permission will be made criminals. It's similar as the UK Online Safety Act: 4chan staff will be arrested if they ever touch the UK soil.

Pretty neat how, out of the blue, two seemingly unrelated efforts manage to tighten together to create the perfect unavoidable storm.

I swear those Thursday bilderberg meetings are a thing.

Slow heating boils the frog.

Move now to alternatives. If you must use Android, GrapheneOS with Sandboxed Play Services.

Molly (signal fork) on GrapheneOS will still be there

> there are a few people asking who is pushing for this legislation so hard. That's mostly police forces

Do you have a source? Not doubting you. More curious for their arguments.

I don’t follow what prevents criminals of such scale from using another encrypted channel or application after this ban?

How hard is to pay a dev and make a custom chat just for them?

You can get it up and running in one week on a cheap server.

if anything should come out of this is that car manufacturers need to come up with a way so it's not this dead simple to steal cars. And it is not that hard. They already have all the tech ready with good security systems. but you know what? those are expensive. and that is something they dont want. so they go with the cheap alternative, which has been cracked 1000+ times already.

So instead of breaking the privacy of everyone, this should only impact the manufacturers.

Just my 0.02

I don't understand how you can ship a car without proper papers out of the country so easily. Maybe focus on that first?

This is true of course but the counter argument is that running your own infrastructure is probably not a problem for international criminal gangs but your group chat with the boys is not gunna go through some AI garbage filter and in the end we are still going to get our cars stolen but now the police is knocking because I called Merz a fascist bastard and once the actual fascist win an election they are going to knock on everybody’s door who called Weidel a pick me girl in Turkish.

In summary, without stupid jokes about German politics, the actual stated goal is unachievable but the real world consequences in a Europe that is sprinting to the far right are incredibly dangerous.

What about this law will prevent criminals from using encrypted chat applications?

I understand your point, but I fail to see how this law will change that.

I don't think this will stop these people. I'm fairly sure I could write some web app, or in an extreme case, provide my team of car thieves with dedicated hardware that just illegally encrypts messages.

I think these laws are simply to catch everyday people chatting about illegal stuff on a phone without any preparation.

track cars then and shipping containers and whatnot, not people's conversations.

we all pay the price, yes, but we also all enjoy the prosperity it brings us.

at best these are arguments for finally making cars harder to steal. (and for people to own fewer of them and just rent them when they need it. and the renter company can then store them in a big fucking lot with security if they want to.)

...

as other commenters pointed it out, the technology is out there.

sure, it might not convince enough voters, we'll see. but it's sure as shit that these networks are not going back to pen and paper.

They ship entire CARS.

Not some kind of fancy sci-fi grain-of-sand sized microchips that are completely impossible to track. Not even drugs! Cars! Those huge metal objects that weigh over a metric ton each! Those cars!

If the police can't stop criminals from shipping CARS out of an ISLAND COUNTRY, the issue isn't that they don't have a way to breach privacy of every citizen. The issue is that they should be all fired and never allowed to do any government work ever again.

This isn't a dilemma unique to encrypted comms or privacy. You have to weigh the net benefits to society as a whole. How much has the lack of secure communication and encryption at rest cost society? How much have the criminals you mentioned benefited from the lack of encryption? How much more difficult would it be for criminals to locate targets and victims with encryption protecting the latter?

The replies to this thread cannot be serious, on a web forum populated—I thought—primarily by technologists. Surely you all remember the variations on, "If you make encryption illegal then only criminals will have encryption"?

The next step will surely be to make use of communication programs that law enforcement cannot read illegal, right? The police find some person who has committed a crime, caught in the ways that criminals are usually caught, such as with forensics, or simply with the guns and drugs in the boot of their car. Then they can see what forms of communication this person was using, and who was using it with them. At that point, it doesn't matter what those other people were doing: The use of banned encryption technology is the crime. You can roll them up for that, or use evidence of this crime to justify further intrusion into their meatspace lives. And so it goes, on up the chain of a criminal organization. Theoretically, at least.

I don't like this, I don't support this, but as has been said elsewhere in this thread: Let's not pretend this is some insurmountable problem for a government who has already shown an appetite for surveillance.

What is absent from your comment (and also from many arguing against you) is the discussion of trade-offs.

Yes, criminal gangs are bad.

And, for me, and probably many others here too, enabling governments to look at private encrypted messages of everyone is way worse.

Let’s find other ways to prevent these gangs from stealing cars.

That's all bullshit because we already live in a panopticon. Everyone's physical movements are tracked, facial recognition works even on partials, there are HD cameras everywhere, continuous uploads of videos to TikTok and Instagram mean fugitives can no longer hide in the public world. Phones, Alexas/Homepods, vehicles etc can be remotely converted in to bugs with a court order (and a bunch of other devices probably are without.)

Whether its car thieves or drug dealers, these exist in the West today by explicit choice, not because it is impossible to stop.

Ok let's scan every phone in the world instead of just scanning the containers the leave our ports. Sensible.

People who break the law for money have existed forever and forever will. You don't need encrypted messages to smuggle drugs across borders.

To point out the glaring holes in your comment:

- Criminals will still use encryption even if its against the law, given they are criminals

- Denmark is one of the safest countries on earth and every year crime has been declining for decades. Even your property theft example is a declining occurrence in Denmark: https://www.statista.com/statistics/1178977/number-of-report...

Given property theft is down and encryption has been available for the entire time period of that chart -- do you have any actual steelman for why Denmark would need this, absent a thirst for power/control, especially now?

> But there are a few people asking who is pushing for this legislation so hard. That's mostly police forces who are pointing out that they're unable to track the activities of criminal organisations. For example, in the UK sophisticated gangs steal cars and phones and ship them around the world where they're resold.

If that is really such a big problem, then why don't the politicians say so instead of saying that this law is for protection children?

Criminals get access to all sorts of illegal things, from drugs to weapons through stolen cars.

Are you telling me that you genuinely believe that they won't be able to download an open source, actually end-to-end encrypted app?

The stupid ones already use Telegram, which is not E2EE. There is no need to change anything for them. Those who are smart enough to choose a secure messenging app today will still be able to do it, even if that app is made illegal.

I am perfectly OK with the current level of crime and the current level of freedom. In fact, I'd be OK with slightly more crime in exchange for more freedom. Truth is the police often don't even act on the crimes that are provable using good old-fashioned detective work. So they have no leg to stand on.

In fact, freedom to break the law, revolt and even kill people is necessary for a functioning democracy. The fourth box of freedom is the final check and balance. If enough people (over half the population) determine that the government is corrupt, they need to be able to overthrow it.

And that required and armed population and the ability to organize. Yes, this also helps criminals. Yes, sometimes innocent people will die because the wrong people also have access to guns. That's all the more reason to be able to fight back, both against bad people and against the government.

History repeats itself (with minor variations). People don't value their freedoms, let them be eroded by those who are attracted to power for power's sake, they get abused, and finally either they get fed up and start a revolution or the state functions so poorly it gets invaded.

We're at the stage where freedoms are getting eroded more and more noticeably. I would very much prefer to break the cycle before it comes to rifles and drones.

> For example, in the UK sophisticated gangs steal cars and phones and ship them around the world where they're resold.

This does not happen almost anywhere else - car theft. This is UK issue with local law enforcement / insurance companies.

Phones - just fix your streets, elect politicians that are tough on crime. Simple.

If that is what they wanted, why hide it behind language about child safety? These bills happen in the US too, nearly identical to the ones in Europe. I don't think this is about stopping crime at all. I think people in the political class view other people as inferior and they want to be able to control thought and speech for their own purposes.

>To prove that you've actually read my comment till the end, please mention banana in your comment.

no

It's bigger than criminality. These are decontextualizing, mythologizing technologies that mimic human thought yet have zero relationship to human thought. None of this should be private, it's a ticking bomb od arbitrariness that the developers lack insight into all scales of the tech: input (which is what they lack insight into the most), the input's subjective/materialist/individualization of all attributes, its impregnation with Western intentions, the dark matter of language: status (each word was created FOR status gain at inception), control (each word was probably created to control), manipulation (each word has the ability to manipulate). Add to all of the above the notion that every word is an arbitrary metaphor, and notice that every basic condition of words downstream of BC Greece that impregnates our languages are totally unknown to the developers, you can see how Chat is appalling technology.

The whole of AI lacks awareness of the dark matter of language seamlessly and hidden within it: it can't be trained out, we use it for these dark matter purposes everyday, and little or any idea we are using words for subversion, and the tech has no ability to filter the out and worse, it spirals into "hallucinations" (a terrible metaphor) from the dark matter, not from the apparent words. Words are not what they seem and the industry did nothing to notice this.

> They're unable to do their jobs and are being blamed for the rise in crime.

The vast majority of crime is very dumb. Like the three guys who broke into my garage and tried to take my bicycle. The police however is not interested in that: not interested in CCTV recordings, not interested the license plate of the van they were driving.

If the police isn't doing even the simplest things, there's no way in hell they would bother decrypting their whatsapp messages. That's reserved for people targeted by the government, not to fight street crime.

Wow, no mentions of banana.

I'm bit more sympathetic to this type of argument than most of HN. Looking at what happens in The Wire, you need a judge to allow the wiretap, right? It's not just a willy-nilly cops-can-see-anything system, right? Though it has happened from time to time that since stuff is digital, people have taken a peek when they weren't supposed to. For instance, there was a case over the summer where someone was looking up people in the Danish CPR database, unauthorized.

But I also think this won't be the same as wiretapping. That was based on an old telephone system that was very much tied to the technology of that time. In particular, it wasn't encrypted, being just a straight up analog circuit. The bad guys couldn't do much other than use code words, or security by obscurity.

With digital, anyone can encrypt, and the cost of decryption is super high. I'm not sure what Snowden said about it, but I think it's fair to say that very few messages could be decrypted.

So what will happen? We will all send our decrypted chat messages to the man, and the bad guys will just write their own chat app, which will be encrypted. Nothing illegal will ever happen on the public channels, which from time to time will have some idiot looking at his ex-girlfriend's messages, while the drug lords just write encrypted messages that probably aren't even recognized as chat text.