noncebox

[Video Game Fan 2000]

This'll be a laugh if its an adult actor playing the child.

[Inspector Norse]

I don't like nonces

10cc consider rewrite

[Zetetic]

This'll be a laugh if its an adult actor playing the child.

It's hard to think of a more appropriate form of community service for relevant sex offenders.

[Video Game Fan 2000]

It's hard to think of a more appropriate form of community service for relevant sex offenders.

They should only pick ones who get off on pretending to be a child to make it even more appropriate.

[Sebastian Cobb]

The UK government just basically admitting that Mark Zuckerberg runs the world now and there's absolutely fuck all anyone can do to stop him except advise their citizens to be angry about it.

Sure, they could cut them off by blocking access to Facebook services but, of course, they have their reasons for not wanting to do that.

I was reading an article about whatsapp's moderation team. A lot of it is just to remove annoyances like spam but they can also deal with abuse and harassment, although the platform is end-to-end encrypted reporting can forward the last few messages on after your device has decrypted them.

Which struck me a little odd for personal encrypted chat, if you were getting abuse through the post I doubt you'd be turning to Royal Mail.

https://gizmodo.com/whatsapp-moderators-can-read-your-messages-1847629241

It's also of course a horrible job for the moderators who end up underpaid, burnt out and suffering ptsd.

[Consignia]

10cc consider rewrite

Boomtown Rats, surely?

[dissolute ocelot]

Surely you could set up a counter-stunt where a child is protected from a pedophile by end-to-end encryption of the child's messages to its little friends.

Or just ban kids from having mobile phones. Admittedly, some would be lost alone late at night and die in ditches, but they wouldn't be able to buy loot boxes or play techno on buses.

I'm hoping that the major banks, arms companies, technology companies, etc, will politely inform the government that they'd rather not have random North Koreans reading all their emails? But maybe you'll need a licence to get proper encryption and the public will have to rely on handkerchief codes and mumbling.

[Zetetic]

The aim of Western governments, obviously, wouldn't be data to be in plaintext in transfer but for it to be available for access at rest in particular repositories.

(See how backups already work for Apple's messaging, WhatsApp, etc.)

[gilbertharding]

Alright, judgey!

10cc consider rewrite.

[Sebastian Cobb]

The aim of Western governments, obviously, wouldn't be data to be in plaintext in transfer but for it to be available for access at rest in particular repositories.

(See how backups already work for Apple's messaging, WhatsApp, etc.)

WhatsApp claim they can't read your messages unless your device decrypts them and forwards them back though. In theory they shouldn't need to decrypt the message body to back up the data in the interests of disaster recovery, that could stay encrypted and unreadable to them at rest, they just need to know who the recipient is and whether it has already been successfully delivered.

[Zetetic]

My point is that - in practice - WhatsApp already encourages, quite strongly, users to backup their messages to Google Drive, unencrypted.

[Sebastian Cobb]

Oh for personal backups (or indeed for forwarding to WhatsApp Web). I'd imagine any state surveillance solution would use escrow so the messages could be read at rest or in transit - if they were forwarding the message to a state silo then they might as well do that when the message is sent rather than received.

[Zetetic]

Sure. I guess I brought it up, because the unencrypted 'personal backups' are almost certainly a major part right now of why Western governments haven't been more upset by end-to-end encryption.

[Sebastian Cobb]

I think that's also indicative of the fact it's probably not terrorists or peados the government expect to snare with this.

In actual fact the government and spooks have been quite bothered by e2e for some time, it comes in waves. Cameron went for it occasionally.

I'm not a Sun reader but I've flicked through discarded copies in pubs when bored just curious of what lines they're pushing and have encountered big hit pieces on encrypted messaging on more than one occasion. It read like it was handed to them by spooks.

[Ferris]

Is it just a data scraping exercise so GCHQ can put your messages onto a server somewhere in Wiltshire and have a look whenever it fancies only when it has a strict warrant?

That's what the NSA were doing with it, there's stories of people tracking their spouses and looking up random people's messages for a laugh. E2E encryption is the only reason I use whatsapp tbh, though I'm pretty uninformed about it as a service.

Worthless post, sorry.

[monkfromhavana]

I know Channel 4 has a reputation for putting out edgy programming, but I really don't want or care to know what peads make of prime time telly.

[Sebastian Cobb]

Is it just a data scraping exercise so GCHQ can put your messages onto a server somewhere in Wiltshire and have a look whenever it fancies only when it has a strict warrant?

That's what the NSA were doing with it, there's stories of people tracking their spouses and looking up random people's messages for a laugh. E2E encryption is the only reason I use whatsapp tbh, though I'm pretty uninformed about it as a service.

Worthless post, sorry.

Basically yeah. Although it wouldn't surprise me if a lot of low-level convictions these days rely on device-seizures (and possible access to other places once they have the device based on what you were logged in to) because it's easier to compel you to unlock your device and let them look into it rather than building enough grounds to compel a judge.

I don't know enough about the specifics of the terror legislation that can get you 2 years in prison simply for withholding encryption keys, or rather at what point that legislation kicks in and whether they have to build reasonable grounds of suspicion.

I think the spouse spy thing might not happen as much now, but it's probably due to increased auditing of users in the wake of Snowden and Manning leaks more than any will to prevent it specifically.

[Paul Calf]

So... the UK gov want to destroy the IT industry in the country?

That's exactly what will happen. No-one will have their software developed in a jurisdiction where their security is riddled with deliberate holes.

[Ferris]

Basically yeah. Although it wouldn't surprise me if a lot of low-level convictions these days rely on device-seizures (and possible access to other places once they have the device based on what you were logged in to) because it's easier to compel you to unlock your device and let them look into it rather than building enough grounds to compel a judge.

I don't know enough about the specifics of the terror legislation that can get you 2 years in prison simply for withholding encryption keys, or rather at what point that legislation kicks in and whether they have to build reasonable grounds of suspicion.

I think the spouse spy thing might not happen as much now, but it's probably due to increased auditing of users in the wake of Snowden and Manning leaks more than any will to prevent it specifically.

Makes sense, the refusal to hand over encryption keys thing reminded me of the FBI compelling them from Lavabit, who ended up providing the data in the form of 11 pages of hardcopy printouts, in size 4 font, scanned to the point of near-illegibility. 10,000 characters, and if the FBI made a typo then the whole thing stops working, brilliant bit of non-violent resistance.

The FBI decided it wasn't enough even though he technically complied with the request - I suppose when you're in that deep with intelligence agencies, rules become irrelevant pretty quick.

[Zetetic]

That's exactly what will happen. No-one will have their software developed in a jurisdiction where their security is riddled with deliberate holes.

That's demonstrably untrue, isn't it?

[Sebastian Cobb]

Makes sense, the refusal to hand over encryption keys thing reminded me of the FBI compelling them from Lavabit, who ended up providing the data in the form of 11 pages of hardcopy printouts, in size 4 font, scanned to the point of near-illegibility. 10,000 characters, and if the FBI made a typo then the whole thing stops working, brilliant bit of non-violent resistance.

The FBI decided it wasn't enough even though he technically complied with the request - I suppose when you're in that deep with intelligence agencies, rules become irrelevant pretty quick.

In the US you can actually plead the fifth a lot of the time. What's interesting is that this can be used to withhold a password but there is no similar recourse with biometrics, if you've set a thumb or facial unlock a judge can sign off on this being taken by force.

[Zetetic]

The FBI decided it wasn't enough even though he technically complied with the request - I suppose when you're in that deep with intelligence agencies, rules become irrelevant pretty quick.

Nah. It's entirely reasonable - if you've decided to have such a law - to recognise vexatious attempts to "technically" comply. You might as well just provide a random integer and argue that there exists some decoding scheme that will provide the appropriate key.

(I may be somewhat influenced by dealing with dogshit responses to FoI requests where authorities try to refuse to provide electronic copies of things that they hold electronically.)

[Sebastian Cobb]

I get that he was being compelled to provide something to release evidence about other parties so pleading the 5th doesn't directly apply, but why couldn't he claim that he was a user of the service as well and then refuse to potentially incriminate himself on those grounds?

[Zetetic]

This probably deserves a mention, relating to extracting data from devices and planned Police Bill:
https://www.gov.uk/government/publications/police-crime-sentencing-and-courts-bill-2021-factsheets/police-crime-sentencing-and-courts-bill-2021-data-extraction-factsheet

[Zetetic]

Apologies if I've missed a link to this video from the Home Office:
https://twitter.com/ukhomeoffice/status/1483375279477305356

[Ferris]

Nah. It's entirely reasonable - if you've decided to have such a law - to recognise vexatious attempts to "technically" comply. You might as well just provide a random integer and argue that there exists some decoding scheme that will provide the appropriate key.

(I may be somewhat influenced by dealing with dogshit responses to FoI requests where authorities try to refuse to provide electronic copies of things that they hold electronically.)

Haha maybe! I still think it's a clever way of protesting it - you want the password, here it is. Good luck lads.

@Sebastian Cobb I think the 4th amendment (protecting you against unreasonable search and seizure) is probably apposite too, but again - intelligence agencies. They'll do what they like.

[flotemysost]

Given how Charles Saatchi usually likes his creatures in glass tanks, it's not looking great for kid or nonce.



CHILDE GONNA BE CHOPPS

[Midas]

chopp'd & bumm'd

on reflection, this is probably a dead cat story isn't it

[Johnny Yesno]

chopp'd & bumm'd

on reflection, this is probably a dead cat story isn't it

When the box has gone black, we can't even be sure whether it's alive or dead.

[JesusAndYourBush]

Someone should subvert it by turning up in hi-viz looking all official so they're not challenged, and when the box turns dark, whip out a paintbrush and some black paint and paint the outside of the box.  (I'm not sure what point they'd be making, I didn't think it through that far.)