This kind of legislation fundamentally misunderstands how easy it is for bad people to build their own end-to-end encryption layers on top of other messaging systems.

This person is mistakenly taking the justifications for these laws at face value. These governments aren’t trying to thwart bad actors, they’re trying to control their entire population. To point out that scofflaws can circumvent the laws is to misunderstand their true purpose.

Various lawmakers in different countries are proposing to require messaging services to provide a mechanism for law enforcement to decrypt end-to-end encrypted messages. This kind of legislation fundamentally misunderstands how easy it is for bad people to build their own end-to-end encryption layers on top of other messaging systems.

Requiring Signal, WhatsApp, and so on to introduce vulnerabilities into their products does not make life much harder for criminals. Criminals can easily build or buy an extra layer of encryption on top and exchange messages that can't be decrypted.

It does make everyone else less safe. If a backdoor exists and is usable by authorised people, it will eventually be exploited and used by malicious people.

This repository contains a trivial demonstration of this. 👉

I haven't read the article, but I'm going to guess that it describes a form of encrypted tunnel with pre-shared keys that operates over any text messaging app and is trivial to implement.

In the world of tech illiterates, the script kid is a seasoned cybercriminal.

I don't think anyone thinks that e2ee bans prevent people from using e2ee. What it does is force companies in their jurisdiction to install a backdoor

It is entirely plausible and it will make many people (who dont migrate to secure service providers) loose security and privacy.

Languages

Hack 99.1% Other 0.9%

Fukin lol

Can't bad actors just create their own messaging app and their own encryption methods?

I am glad you had fun writing that blog post but, for any purpose that matters: Yes, it is possible. And we are already seeing the pathway to it

1. Increasingly build a narrative that encrypted communication is for CSAM. The tor crowd are already doing a good job of providing fuel for this.
2. Argue "terrorism" for the rest. "Fortunately" people have realized the mess in Israel/Palestine is a lot more complicated, but it is only a matter of time
3. Strongly pressure/incentivize the major app/social media companies either disable it at the app level or maintain internal keys to decrypt messages (effectively disabling it)

End result? Only "tech savvy" people will know how to set up their own entirely parallel "internets" (similar to tor). And then the phone and OS app stores increasingly lock down on third party apps for "security". Hell, I can even see a world where Redhat and Ubuntu strongly discourage these tools from being allowed in any official repositories because they want the government contracts for their premium OSes.

Will e2e truly be "banned"? No. But the only people doing it have insanely janky phones and linux.users with laptops. Which means it is nigh useless for the vast majority of whistleblowers and that "secretly being gay or a woman" becomes a huge mess where the vast majority of people will never understand how to protect themselves.

I find this article more complex than it should. For me the logic is more basic:

You want to ban encryption? So no https so no banking online.

That was a fun read.