new | ask | show | jobs
daemin 3 days ago  [ - ]

I was just thinking that if something like this ever does get through and become law, then creating open-source alternatives which do not obey these laws would be quite trivial. What would not be trivial would be deciding where to host the servers and source code, and how to actually get this software onto people's devices.

What country would be safe for hosting code that does this that people would also trust in general? Would this be hosted on the dark web or would someone actually be brave enough to host it on their private machines? Would there be DNS that could point to this?

Then how would you install the software? You'd need a way to side-load it, which means you'd want a way to sign it. Which means either adding a new root signing authority or being able to have an existing root authority sell you a signing certificate and not revoke it.

You kind of quickly end up in some weird dystopian cyberpunk setting thinking all of this through.

walterbell 3 days ago  [ - ]

EU CRA disallows shipment of non-accredited binaries in "critical" software categories.

__loam 3 days ago  [ - ]

Okay so are they going to block foreign github repos? This seems totally unenforceable.

brap 3 days ago  [ - ]

You underestimate the power EU believes it has

ceayo 3 days ago  [ - ]

> believes

walterbell 3 days ago  [ - ]

Subset of industry feedback on EU CRA, https://github.com/orcwg/cra-hub/blob/main/product-definitio...

roywiggins 3 days ago  [ - ]

You just mandate the scanning into the OS, then mandate what OSes hardware is allowed to boot.

bigyabai 3 days ago  [ - ]

> You kind of quickly end up in some weird dystopian cyberpunk setting thinking all of this through.

The most dystopian concept out of everything you mentioned is still "you can't install unsigned software" to me.

simonw 3 days ago  [ - ]

Good luck preventing people from loading up a web page that runs a pure JavaScript (or WebAssembly) implementation of common cryptography algorithms and lets people copy and paste each other encrypted messages.

roywiggins 3 days ago  [ - ]

Chat Control wants to require on-device scanning, so if this becomes common they can move to mandating scanning at the OS or browser level as well.

__loam 3 days ago  [ - ]

Good luck convincing American tech to take on a liability like this. There's a reason big tech is moving to e2e encryption like Signal and it isn't user privacy. Telling governments to fuck off because you don't have the data limits liability.

bigyabai 3 days ago  [ - ]

"Luck" wasn't what coerced American tech businesses into subsuming the PRISM program liability. Your naivete is admirable though.