Funny thing is, my private conversations of sexual nature with my 28 years old girlfriend could probably flag "their" system as CSAM. It has happened to a couple of people before from what I recall.
If this passes, just stop using anything inherently insecure. You may want to stop using WhatsApp, Instagram, Facebook, etc. for private conversations. I already do this.
There are alternatives that will not be affected by this, stick to these. I would give you a list, but I should better be quiet about it.
> There are alternatives that will not be affected by this
An app, in an official app store no less, is not going to be a solution for long. If you want an actual technical attempt at a solution you first need to regain ownership over your computing devices.
It is on F-Droid, not on Play Store. Does that make a difference?
It does today but not for long, Google is planning to add developer ID verification system for apps installed from any source, just like Apple's notarization, which will give them the technical ability to revoke their distribution on demand. It won't matter if the APK is distributed via F-Droid, Github, self-hosted servers, or in any other way.
By pure coincidence the walls are closing in from all sides.
No, that's the thing. Just anything you type on your device and send over the internet can be screened.
What about old PCs? I inherently do not trust my phone.
https://en.wikipedia.org/wiki/Intel_Management_Engine
You can trust GNU/Linux phones though (Librem 5 and Pinephone).
You can read the article you're replying on. If the device uses the internet, chances are they're gonna be able to listen in.
That is way different from client-side [...] from applications though. I thought this was the case.
> There are alternatives that will not be affected by this
For how long?
i know this is amazing concept but you can just.. not follow the law, and use 'illegal' encrypted communication.
Steganography to do key exchange on any compromised channel using DH, and then you just send normal encrypted messages - their magical idea is to do client side scanning.
this does require control over your device, but such regulations would just spring up black market for such devices.
The alternatives I have in mind, indefinitely (ideally forever the way they work). You could also just continue using older versions, whereas you need to update WhatsApp to continue using it, for example.
If they can be private indefinitely, then you wouldn't need to keep them secret.
These attacks on freedom will continue until every computing device is mandated to have an ML system tracking your every input. And no communication method is safe from that.
Not even steganography would save you because more and more people would do it and they'd make it illegal too.
---
EDIT: Technology can give us tools to fight it but this has to be defeated at the political level, likely by enshrining privacy is a core human right.
> until every computing device is mandated to have an ML system tracking your every input
Well, in that case yeah, that would suck. OTR, OMEMO, etc. would not help then. Collectively not buying new hardware and pushing against it collectively might.
Signal, foolishly, is also time-bombed.
Does it still require a phone number?
In any case, Signal is not what I had in mind. Telegram is not what I had in mind either, and in fact, Telegram still has no E2EE on desktop so whatever.
Yes, but any phone number will work. That’s irrelevant to the crypto part.
EDIT: (I’m throttled and can’t reply to the child reply) - I said ANY phone number will work. You can get a number from any country, or a VoIP number, or a landline. It doesn’t need to be a sim card from the country you’re in. It doesn’t need to be a sim card at all. Any number will work.
If your country requires details to get a number, get a number from a different country. Unless you’re in China or Russia, we’re on the same internet with the same access to jmp.chat and others.
It is irrelevant to the crypto part, but not when it comes to privacy because as you may know, you cannot just get a prepaid SIM card without your details in many countries, so yeah Signal is not something I would choose.