The CSS in the proposal is implemented on an app level, like Whatsapp or Signal does the detection before sending the encrypted message, not at the OS level.
If you use an app that connects to your own xmpp server, there will be no snopping.
Same if you encrypt your message and post it in Whatsapp.
I'm worried that as soon as this is implemented, someone will make a patched version of the signal client which doesn't do the scanning, and soon after all the affected apps will be forced by law to use remote attestation like Play Integrity.
The CSS in the proposal is implemented on an app level, like Whatsapp or Signal does the detection before sending the encrypted message, not at the OS level.
If you use an app that connects to your own xmpp server, there will be no snopping.
Same if you encrypt your message and post it in Whatsapp.
I'm worried that as soon as this is implemented, someone will make a patched version of the signal client which doesn't do the scanning, and soon after all the affected apps will be forced by law to use remote attestation like Play Integrity.
Signal said that they will the EU market if push comes to shove, so there won't be a Signal client to patch because there won't be a Signal app.
There will still be an APK which can be sideloaded, and you could continue to use it through a VPN.