Swedish government wants a back door in signal for police and ‘Säpo’ (Swedish federation that checks for spies)
Let’s say that this becomes a law and Signal decides to withdraw from Sweden as they clearly state that they won’t implement a back door; would a citizen within the country still be able to use and access Signals services? Assuming that google play services probably would remove the Signal app within Sweden (which I also don’t use)
I just want the government to go f*ck themselves, y’know?
You must log in or register to comment.
This is why you should prefer a better protocol like SimpleX
What are you talking about?
Centralized communications are susceptible to government controls, while decentralized systems are more difficult to stop, like Lemmy for example.
It can also be more safe depending on where the centralization happened.
Id argue that if decentralization is the goal, matrix is the right path forward.
They will probably just show message to Swedish ip addresses and state that they cannt provide you with the binary as you are using a Swedish ip.
Something very clear to say use a VPN 😉
Why swedes, why?
The current government promised they would be “tough on crime” but have been largely unsuccessful in reducing gang related criminality. Now they are trying to find new tools to get to the leaders of those gangs. Sadly, they don’t understand technology.
I did not expect this from Sweden.
They can’t deal with the influx of criminals due to mass immigration so they think this is the answer.
It seems like better immigration control would be a more direct solution to that…
The damage is already done. AFAIK they stopped the flood of immigrants. The only solution would be mass deportation of legal immigrants (with citizenship) that commit crimes.
Sweden is bizarre sometimes.
I most definitely did.
I’m sure there’s some exterior influence.
You can still download the APK from their repository, install it, and use signals built in censoring-evasion setting as far as I know.
They are even working on self updating app feature IIRC.
This is why I donate to signal. I know there are decentralized alternatives but I can barely get my family and friends to use Signal.
I can barely get my family and friends to use Signal.
Years of lobbying ✊
Yup and months of premium instant 24/7 tech support to ensure the slightest thing doesn’t return them to default apps in the beginning !
At least you all can get your family to use it.
I can’t even get my spouse to use it unless she thinks what we are talking about might be illegal where we are (it usually isn’t)
I’ve tried convincing family to use it, but all that happens is I just never hear from them until I see them in person or they call me.
They don’t even feel the need to back up their Amazon Kindle collection before they get cutoff from it… Thousands of dollars wasted if they ever lose access to the account.
Really? I got my family to use it with a simple explanation of why, and why they shouldn’t use other things. None of them are very tech-literate. And also simply saying it’s where they can reach me.
I feel like this is a you problem, you don’t explain it well to them and make them understand why they should use it.
I’m not going to say it’s not a me-problem, but disregarding the fact that if it was that simple it would be more widespread amongst people is making it seem as if we don’t try seriously and downplays the effort many like myself put in.
I care about privacy and about my close ones (as many here do) and I explain the issue to them in a nice way so to not come across as a pushy salesman, and they readily admit that they don’t want to put the effort in (effort as in learning something new, upkeeping with multiple apps, etc).
It’s not that I don’t know why they don’t switch immidiately - I know why. It’s simply that they don’t. It’s okay not to switch as long as you know the risks and I’ve explained the risks and they seem to understand it, but it’s not enough to get everyone to switch.
If life was that simple with everyone (I know some switch without hesitation) the world would be completely different.
You can explain to a decent normal person the imminent doom we are facing with climate change and they may understand it very well, but they still wont give up on using their car and switch to public transport immidiately, because it is an inconvenience.
I highly recommend Obtainium to anyone who wants to keep their apps updated without needing a central report (save for the APKs that only publish on f-droid etc)
I have gotten a few family members and friends to use signal as I stated to them that this is the only way to get ahold of me. Other than this, you won’t. And because of me, they decided to do so :P some haven’t, but its up to them to decide.
100% agree with you and I do the same.
I have gotten a few family members and friends to use signal as I stated to them that this is the only way to get ahold of me.
Same. It’s the default app for everyone I’m close to.
Signal has done a very good job of making it easy to get started with the app. The alternatives (Matrix, Simplex, Briar etc.) are all more awkward.
i would recommend molly instead. its a zero google vode fork of signal, and also available through fdroid.
Wherever a service with encryption exists any government in the world thinks they need to be the special child with the access to the contents.
E2E with privately generated and held keys, have you published your PGP public key yet?
E2E with privately generated and held keys, have you published your PGP public key yet?
Exactly. You can’t stop secure encryption.
I remember in the very old days of the internet when only the US had strong encryption and thought it was some gotcha. They labeled it a weapon to prevent overseas export. Phil Zimmerman created PGP, lobbed the source into a book (protected under 1st amendment) then shipped it overseas.
If strong encryption exists and people want to use it, you’re just not going to be able to stop them.
Reminds me of the story of immigrants who tatooed the algorithm on their back. It was illegal to send them back.
I wish PGP was easier to use. The barrier to entry is way too high for everyday use.
There’s a function built into Thunderbird to create keys, and I think publish the public cert directly to the MIT repo.
While I appreciate they have it, this is still rocket science when you describe it to an average user of mail. This stuff needs to be almost automatic and happen in the background for it to really be used by the masses. :-(
Before any politician asks for a backdoor into an encrypted service they should be required to explain Project Rubicon
But the Rubicon was crossed so… ¯_(ツ)_/¯
deleted by creator
Project Rubicon
You’re talking about this project?
Yes. The Wikipedia page is also a long list of wtf.
Briar has entered the chat
(No central servers and everything goes through Tor, try blocking that!)
This is where Signal’s biggest problem shows. It’s centralized. Matrix is the better choice since it will be up to you if you decide to break the law if it’s banned, since there will still be plenty of servers you can reach.
yes. but transition takes time and my mom just installed signal last year. we will get there for sure.
I moved my whole family over to Signal specifically because it was so easy. SimpleX is easier than Matrix, imo, but when Matrix is equally as easy to set up as Signal, then we’ll see where things are.
The only big issue I’ve heard with Matrix is the current implementation doesn’t scale well, due to how servers are required to clone data (or something). I think they’re working on a fix, but it’s still not ready for prime time, I think.
SimpleX is not easy to setup either. There are two flaws I pointed out on GitHub over a year ago which have been ignored:
FLAW #1
Scanning a QR code invite with your camera app does not work. It has to be scanned AFTER you install SimpleX using the camera function of SimpleX.FLAW #2
Clicking on an invite received in Messenger confuses Signal because Messenger appends a question mark and some tracking code rubbish. SimpleX could easily strip the rubbish but it doesn’t. It simply fails.Simple ❌
The first one is pretty standard stuff, and it makes sense why you need to do it from the primary app and not from a third party one (like the camera). You would not want that other app digesting and sending off that invite link to the bowels of Google or whatever, which defeats the purpose of limited invites.
The second one seems pretty easy to workaround. I agree that perhaps their (Facebook?) Messenger implementation should account for the tracking data they tack on, but I’d hardly consider that a deal breaker when you can copy the invite link by hand.
I work in QA, and if I was a PM, I would flatly reject the first “flaw” as introducing weaknesses into the design and assign a low priority to the second due to an easy workaround and only affecting a single app.
Good point re first one.
Second one is a problem for most people. They just click on a link and expect it to work. They would have to figure out themselves what the workaround is because SimpleX says something like “bad invite” or “bad link”.
And even if I told them what to do, they don’t even know it is possible to copy, paste, edit, hit return.
I have about 30 activists using Signal whom I would like to migrate to SimpleX. I didn’t want to handhold each of them. I think you are overestimating general computer literacy out there.
Similarly I would like to migrate over 600 of them from Facebook into our own group in Lemmy however they are older people and a third of them have enough problems signing up to and navigating Facebook.
Adding to my frustration is their English illiteracy. “more than half of Americans between the ages of 16 and 74 (54%) read below the equivalent of a sixth- grade level.”
You know, now you’ve got me wanting to try my hand at submitting a fix for your second issue.
So to summarize:
- You copy or share a one-time contact link via SimpleX.
- The sender sends it.
- The receiver gets it.
- The receiver clicks on the link, and Meta adds a bunch of extra tracking nonsense onto the link.
- SimpleX throws an exception (“invalid link” or something, right?)
Is that how it goes, in your experience?
Exactly. You want my original github submission URL or is it best to send afresh?
People host signal proxy for countries where it is banned already. The primary impact of this law is on non technical people and new users thinking to switch to.
The real danger is people downloading random apks that could be compromised.
Or even backdoored by state actors.
Oh that irony would be painful.
Here’s the repo in case anyone is interested in hosting an instance: https://github.com/signalapp/Signal-TLS-Proxy
don’t kink shame
How does this even make sense? The criminals would just move to another platform like SimpleX or use a VPN.
Whole article in English:
The encrypted messaging app Signal is growing - now even the Swedish Armed Forces use it.
But the government wants to force the company to introduce a technical backdoor for the police and Säpo.
- “If this becomes a reality, we will leave Sweden,” says Signal’s CEO Meredith Whittaker, in an exclusive interview with SVT.
If the government gets its way, the bill will be passed in the Riksdag as early as March next year.
The bill states that companies such as Signal and Whatsapp will be forced to store all messages sent using the apps. Leaving Sweden
Signal - which is run by a non-profit foundation - has now told SVT Nyheter that the company will leave Sweden if the bill becomes reality.
- “In practice, this means that we are being asked to break the encryption that is the basis of our entire business. Asking us to store data would undermine our entire architecture and we would never do that. We would rather leave the Swedish market completely,” says Signal’s CEO Meredith Whittaker.
She says the bill would require Signal to install so-called backdoors in its software.
- “If you create a vulnerability based on Swedish wishes, it would create a path to undermine our entire network. Therefore, we would never introduce these backdoors.
But don’t you have a responsibility as a supplier to support anti-crime efforts?
- Our responsibility is to provide technology that upholds human rights in an era where those rights are being violated in more and more places. In today’s digital world, there are very few places where we can communicate privately or whistleblow. Armed forces critical
Whittaker cites the 2024 attack by the Chinese state actor Salt Typhoon on several internet service providers in the US, where text messages and phone calls were leaked. She argues that a Swedish backdoor would open up for the same thing.
- “There are no backdoors that only the good guys have access to.”
The aim of the bill is to allow the Security Service and the police to request the message history of criminal suspects after the fact. Both authorities were positive in the consultation.
- “The ability of law enforcement authorities to effectively access electronic communications is crucial,” said Minister of Justice Gunnar Strömmer (M) earlier at a press conference.
But the Swedish Armed Forces are opposed and recently urged their personnel to start using Signal to reduce the risk of interception.
In a letter to the government, the Swedish Armed Forces wrote that the bill could not be implemented “without introducing vulnerabilities and backdoors that could be exploited by third parties”.
How does this even make sense? The criminals would just move to another platform like SimpleX or use a VPN.
Next move (and not just from Sweden): make the use of a VPN (and any fully encrypted service) illegal for the average citizen—who needs a backdoor when the law makes it a crime to simply use full E2EE? Let those be used with trust by the army, the press, organizations and people like that just not by common people that should have no privacy at all.
Politician incompetency and dishonesty will finish to ruin what little of Europe remains and what the word democracy was supposed to mean (which is not to consider your citizen like clueless children that can’t understand shit and that can’t be trusted).
But in exchange of ruining that they will get some more power and/or money, so that’s fine I suppose.
Sweden… more like snitchden… amirite?
As a sweed, I get really irritated at my country. We were also the ones who introduced chat control into the EU… I fear we’re turning into the USA…
Nah. You guys make more weapons per capita than us. We could never catch up to your weapons industry.
Who do you sell to, btw?
don’t worry about it
Definitely don’t tell trump.
Most people willing to buy, I’d imagine
Russia? Israel? Rwanda?
Idk if they’ve approached Sweden about buying their weapons. I found that the top 10 is
The top 10 destinations for Swedish arms exports are the United States, Brazil, Pakistan, the United Kingdom, Germany, India, Norway, France and the Czech Republic.
Not only USA, but Chains and “Great” Britain as well. You saw how they magaged to get access to all encrypted data stored on Apple’s servers within UK.
The politicians in power in Sweden, currently, explicitly said no to chat control 2.0 during the election process. They get voted… And now they pushed it into the EU and are supporting it. Terrible.
Yeah, I kind of want to get in to politics more… when I get my life in order…
It’s not stopping the far-right, don’t let it stop you!
https://runforsomething.net/ (American-centric site, but I think the resources and advice within are still useful)
Thanks, I’ll read through it.
Ooo that’s awesome site
Also Spain has been full force behind chat control. Something something no independence for Catalan?
