EU to censor end-to-end encryption - Our privacy beyond bitcoin in danger

[BlackHatCoiner]

This might not be directly related with Bitcoin, but it should absolutely concern the community.

So, Europeans in this board must have already been familiar with the on-going process of the EU enforcing the adoption of European electronic identities (eID)[1]. While the modernization of our identities isn't evil per se, it appears to be the case. Recently, there have been new legislative articles in closed-door meetings that virtually threaten the Internet's security by granting EU state members the permission to approve and disapprove which organizations can issue cryptographic certificates (like the one you and I use to read and write this privately right now). In other words, it gives them authority to surveil on their citizens.

Movement began from cybersecurity experts[2] which describes in even more detail what's going on. Read it. This is truly important to protest. A variety of scientists all over the EU have begun writing this open letter which opposes the position of EU parliament[3]. This is probably one of the worst things that can happen to everyone's privacy in the EU right now.

[1] https://www.consilium.europa.eu/en/press/press-releases/2023/06/29/council-and-parliament-strike-a-deal-on-a-european-digital-identity-eid/
[2] https://last-chance-for-eidas.org/
[3] https://eidas-open-letter.org/

(self-moderated, what I consider to be spam will be deleted)

[1714583127]

1714583127

[franky1]

firstly its not banning any/all cryptography unless government issued.

its about issuance of birth certificates, passports, driving licences, social security number and death certificates only being electronically certified using cryptographic issued ID being done only by the government departments that handle such ID.. this is to ensure average joe cant create fake ID's
its no about cryptography law as a whole

it has nothing to do with limiting EU websites to only display webcontent to people sending them an government issued ID. thus its not about being able to track everyones web use

it does have to do with. for instance, when going to an EU government website to look up your tax assessment you will need a electronic government ID to prove your access to that data.. or for instance your EU bank account..

[Don Pedro Dinero]

Wouldn't it be better to have used the title that Europe wants to impose digital identities? You put ETEE in the title but then you don't explain what it means.

The fact is that we are heading towards a big brother where they are going to control everything, and the majority of sheep will gladly accept it. Your digital identity on your mobile, linked to your CBDCs wallet, and as much as they try to sell it as respecting privacy (which if it weren't for how tragic it is, would be laughable) the states and whoever they want will know everything about you. Everything you spend, your medical data and even how many times a day you shit and what paper you wipe yourself with.

[BlackHatCoiner]

firstly its not banning any/all cryptography unless government issued.

It is. This is the parliament's proposal amending regulation as regards to establishing a framework for the European digital identity: https://eur-lex.europa.eu/resource.html?uri=cellar:5d88943a-c458-11eb-a925-01aa75ed71a1.0001.02/DOC_1&format=PDF.

In order to ensure that users can identify who is behind a website, Article 45 is amended to require providers of web browsers to facilitate the use of qualified certificates for website authentication.

Providers of web browsers (like Mozilla) will be mandated to facilitate the use of public key certificates with governmental-issued qualifications.

Here's another:

To that end, web-browsers should ensure support and interoperability with Qualified certificates for website authentication pursuant to Regulation (EU) No 910/2014. They should recognise and display Qualified certificates for website authentication to provide a high level of assurance, allowing website owners to assert their identity as owners of a website and users to identify the website owners with a high degree of certainty.

Sounds like the users must be able to identify website owners, otherwise website owners will not get approved for a certificate.

This is a bureaucratic nightmare.

Wouldn't it be better to have used the title that Europe wants to impose digital identities?

That isn't what I want to emphasize. Digital identities are where we're heading towards, everybody knows that already. But, this law is insane and it appears to be the case that they're voting for it in secret.

You put ETEE in the title but then you don't explain what it means.

It means end-to-end encryption.

[HideYourKeys]

this law is totally non-sense, implementing backdoors on these protocols make no sense, and they will not work... I dont think they will succeed with this type lf regulations. This kind of regulations are made by people who have absolutely no idea about what they are dealing with

[franky1]

blackhatcoiner

its not about banning crypto unless government used!!!!!!

it is NOT about all websites need to ask for citizen ID..

read the stuff properly.. and no not some summary some blog-momma/forum-bro told you

its that browsers should have as part of their "wallet" "addressbook" "autocomplete" widgets a facility to recognise certified websites(governmental funded PUBLIC SERVICES) so that people can log in to government public services using their credentials without manually typing them.
its not about access to only government services. its not about banning non government websites.. its jsut about if someone goes to a government service the broswer widget recognises the government page and logs in using the widget wallet credentials

its a request to have a wallet widget added to browsers..much like how your browser right now says "do you want to save your login details", its widgets/extensions like that

its not about requiring all websites to comply
nor about all EU citizens to log into every website.

its about interoperability of browsers with government department websites and official websites that use government ID

absolutely no where in your links or links with in those links that link to the actual government policies does it ever say anything close to banning end to end encryption

[BlackHatCoiner]

this law is totally non-sense, implementing backdoors on these protocols make no sense

It isn't about implementing backdoors on browser software. It's about enforcing the browser providers to facilitate government-approved certificates for encrypting sensitive in-site content. Even Google published a post demonstrating how bad idea that is: https://security.googleblog.com/2023/11/qualified-certificates-with-qualified.html.

The bill is essentially discriminating anyone from being a certificate authority unless they are approved by the government.

read the stuff properly.. and no not some summary some blog-momma/forum-bro told you

I literally quoted parts of the original Article.

its about interoperability of browsers with government department websites and official websites that use government ID

Can you point me to the part where it says that? According to the article and to statements of companies and organizations (from last-chance-for-eidas.org) it explicitly discusses the inclusion of all websites.

[coolcoinz]

The bill is essentially discriminating anyone from being a certificate authority unless they are approved by the government.

This is basically the whole EU in a nutshell.
You're not going to be allowed to do anything, unless we approve it, but we'll go about it slow.
In the words of Klauss Schwab "you'll own nothing and be happy."

The aim has long ago been to create one big happy centralized country in Europe where you don't get to travel, unless you pay tax for your carbon footprint and carbon tax is added to every carbon producing activity. You own a pet - tax. You collect rainwater - rainwater tax. You drive a car - emission tax. You live in a house that isn't up to their standards - tax. You travel too much - tax. You cut a tree in your yard - tax, and don't forget to ask for permission, otherwise it's a fine.
They started with their new crypto guidelines last year and told everyone that these are good because they're pioneers in regulating cryptocurrencies. You'll see how that goes in a few years.

And for those who didn't know, all EU laws are above the local laws of member countries, unless you're German because they outvoted it and are now the only country in the EU where it's the other way round.

[franky1]

The bill is essentially discriminating anyone from being a certificate authority unless they are approved by the government.

read the stuff properly.. and no not some summary some blog-momma/forum-bro told you

I literally quoted parts of the original Article.

its about interoperability of browsers with government department websites and official websites that use government ID

Can you point me to the part where it says that? According to the article and to statements of companies and organizations (from last-chance-for-eidas.org) it explicitly discusses the inclusion of all websites.

you asked me to point you.. i replied with the link
you deleted my post


so again
read your own link

 https://eur-lex.europa.eu/resource.html?uri=cellar:5d88943a-c458-11eb-a925-01aa75ed71a1.0001.02/DOC_1&format=PDF.

look at "framework of the proposal"
READ IT IN FULL it will enlighten you

it tells you exactly what the thing is about.
READ IT
dont read some third part blog momma (las chance) trying to start some BS campaign to go viral so they can then do a go fund my pretending the money will go towards lobbying their BS

instead read the actual details of the actual proposal DONT QUOTE THE BS FROM THE OPEN LETTER BLOG-MOMMA

and no im not going to quote the "last chance" drivel i prefer to red the source information not some BS summary idiots write
you are as bad as oeleo when it comes to ignoring what the regulation proposals actually say but then blindly get indocrinated into some BS script that doesnt campaign for what regulatons actually say, but instead their warped opinion


ill give you a hint.
a. its not about all EU websites needing to get, give, gather or deliver customer ID data to government
b. its not about all EU websites needing to get, use special government certification
c. its not about government getting backdoor access to all browsers
d. its not about banning end to end encryption

...
if you read the "last chance BS"
what THEY are actually saying is certain devs are in uproar that the government had a closed door security meeting. and then want to create a wallet add-on/widget/extension browsers should use that was developed closed source and not independently reviewed..
then they spun it into tin foil hat worries of it might be used for back door surveillance because browser devs cant read the code

it never says anything about revelations of what the code does do. nor evidence of regulations that say ban end to end encryption.. its just a blog rant about war scenarios of cybercrime maybes

i think you have not read any of the things you linked and instead had someone point you to certain snippets that fill a hole in some narrative

[alani123]

I wonder how this is going to be enforceable though.

this law is totally non-sense, implementing backdoors on these protocols make no sense

It isn't about implementing backdoors on browser software. It's about enforcing the browser providers to facilitate government-approved certificates for encrypting sensitive in-site content.

So if I don't download the EU version of Firefox and keep the free as in freedom "illegal" open source version, what are they going to do then?
Force me to use an EU approved version of windows that will detect what browser I'm running and report back home to Brussels?
Maybe if I switch to a free OS too they'll go as far as looking into if my hardware is capable of encryption without notifying them and force me to change hardware too!?

EU has some dumb ideas sometimes.

[franky1]

I wonder how this is going to be enforceable though.

this law is totally non-sense, implementing backdoors on these protocols make no sense

It isn't about implementing backdoors on browser software. It's about enforcing the browser providers to facilitate government-approved certificates for encrypting sensitive in-site content.

So if I don't download the EU version of Firefox and keep the free as in freedom "illegal" open source version, what are they going to do then?
Force me to use an EU approved version of windows that will detect what browser I'm running and report back home to Brussels?
Maybe if I switch to a free OS too they'll go as far as looking into if my hardware is capable of encryption without notifying them and force me to change hardware too!?

EU has some dumb ideas sometimes.

EU hasnt even proposed the idea this topic misrepresent..
some blog posting cry babies are tin foil hatting their own paranoia fears

but you are right about the lack of enforcement because its got nothing to do with regular websites.. its just a login tool for governmental websites and departments where they want a browser extension wallet to make logging in user-friendly.. where paranoia people fear back doors due to the security of the extension being developed closed source

[Casdinyard]

No way they'd be banning end to end encryption for cryptocurrencies, all because of the MiCA agreement. They've already established a common regulatory ground where they allow themselves to safely regulate cryptocurrencies and projects at the same time, while allowing the industry to flourish within the region. To ban end-to-end encryption even for cryptocurrency is a clear violation of this agreement and will become one of the biggest players in the state of crypto within the European Region. Pretty sure they're just banning ETEE to some degree so as to not cause hackers and other falsifiers to use it for their personal gain, which is a good thing. Also read the articles and it doesn't say there that they would explicitly ban cryptocurrency-based cryptography, only those that are used for identification purposes, I think you're contextualizing this too much?

[cryptosize]

I remember telling people since 2020 that EU's Digital ID initiative is going to have some serious repercussions in the society, but few people believed me back then... they were too focused on the COVID plandemic.

Average Joe/Current Thing NPC: "Hey, this is good for my convenience, no more paperwork! hurr durr"

Skepticist: "Sounds too good to be true... where's the catch?"

And you haven't even seen what's coming next with CBDC (social credit score, carbon credits), which will be tied to eID...

People are going to rationalize everything to feel "comfortable" (psychological coping mechanism) -> "What's the big deal with social credit score? Ebay already has had ratings for many, many years! Are you a criminal or what? What are you afraid of?"

"What's wrong with carbon credits? Are you a climate change denier? Why not eat ze bugs and save the planet by reducing your carbon footprint to zero?"

Oh well... if people want a China-style sci-fi Panopticon dystopia, who am I to argue with them?

The bill is essentially discriminating anyone from being a certificate authority unless they are approved by the government.

This is basically the whole EU in a nutshell.
You're not going to be allowed to do anything, unless we approve it, but we'll go about it slow.
In the words of Klauss Schwab "you'll own nothing and be happy."

The aim has long ago been to create one big happy centralized country in Europe where you don't get to travel, unless you pay tax for your carbon footprint and carbon tax is added to every carbon producing activity. You own a pet - tax. You collect rainwater - rainwater tax. You drive a car - emission tax. You live in a house that isn't up to their standards - tax. You travel too much - tax. You cut a tree in your yard - tax, and don't forget to ask for permission, otherwise it's a fine.
They started with their new crypto guidelines last year and told everyone that these are good because they're pioneers in regulating cryptocurrencies. You'll see how that goes in a few years.

And for those who didn't know, all EU laws are above the local laws of member countries, unless you're German because they outvoted it and are now the only country in the EU where it's the other way round.

Please sir, you sound like a deluded conspiracy theorist!

Don't tell me you don't like cameras watching you everywhere you go and video feed inscribed directly into the BSV blockchain!

Some people around here don't like hearing the cold, harsh truth...

[serveria.com]

This might not be directly related with Bitcoin, but it should absolutely concern the community.

So, Europeans in this board must have already been familiar with the on-going process of the EU enforcing the adoption of European electronic identities (eID)[1]. While the modernization of our identities isn't evil per se, it appears to be the case. Recently, there have been new legislative articles in closed-door meetings that virtually threaten the Internet's security by granting EU state members the permission to approve and disapprove which organizations can issue cryptographic certificates (like the one you and I use to read and write this privately right now). In other words, it gives them authority to surveil on their citizens.

Movement began from cybersecurity experts[2] which describes in even more detail what's going on. Read it. This is truly important to protest. A variety of scientists all over the EU have begun writing this open letter which opposes the position of EU parliament[3]. This is probably one of the worst things that can happen to everyone's privacy in the EU right now.

[1] https://www.consilium.europa.eu/en/press/press-releases/2023/06/29/council-and-parliament-strike-a-deal-on-a-european-digital-identity-eid/
[2] https://last-chance-for-eidas.org/
[3] https://eidas-open-letter.org/

(self-moderated, what I consider to be spam will be deleted)

This is very alarming if true. Europe is desperate for money now and they're ready to do anything to fight tax evasion and similar financial crimes. So I wouldn't be surprised if that would be really a fact. Some EU countries are on the verge of banning cash money completely for the same reason. This is pathetic and violates basic human rights. It should be stopped.

[BlackHatCoiner]

it never says anything about revelations of what the code does do. nor evidence of regulations that say ban end to end encryption..

I'd argue that enforcing browsers to adopt closed-source software is partly censorship. This is the same as claiming that closed-source wallet software is non-custodial. Sure I can't disprove your claim, but it is partly custodial as you can't disprove my claim that someone else has custody either.

I'm going to ignore the rest of your post as I completely disregard your claim that I read third-party blog posts instead of reading the actual article. I've replied to you with parts of the original article before you started whining about "rEaD tHE ArTIcLE".

Also, I have replaced "ban" with "censorship" instead. Seems more accurate adjective.

Edit:

some blog posting cry babies are tin foil hatting their own paranoia fears

Yeah, sure. Only over 500 scientists!  

[franky1]

your mindset is not based on reading the EU proposal word for word. its not even based on an interpretation from the "last chance" and "open letter" which is FEARING things it has not proved.
the details of the open letter and "last chance" site say mostly about the closed source/closed door nature of the extension widgets browsers are suppose to include.. with unproven fears of back doors possibility..
yes the 500 IT guys that call themselves "scientists" (much like how gavin and gmax call themselves "scientists") have an unproven fear that the closed source extension wallet may include other things..


but YOUR topic here has a title thats that is not even about that.. you have doubled down on a misinterpretation of a misinterpretation that is not even about the word for word EU proposal.. so you got an even more warped mindset from some other source that took a warped mindset of the actual EU proposal and double warped it.

...

if you understand security. no one wants a service to be open source, because hackers could find exploits.
EG customers of CEX dont want their service hacked

bitcoin succeeds in open source due to decentralisation removing central points of failure for most parts.. but certain services cant operate openly

EG
imagine that this was your ID
7ec97ec1d843369e34b97035a97f1e1e68f29725e20f5b6c1ae9e1c3a24287e8

now looking at that its not obvious how thats provably you.. and i have no way for me to know how to forge the ID

now imagine the ID creation method was revealed.. wherebyt YOUR EU gov id was for instance sha256 hashing this:
[name][birth country][colour of your internal house walls]
by hiding how they form the ID is good security as it stops me from forging your ID
but now i know how.. i too can forge your ID

[angelo][greece][ blue]
7ec97ec1d843369e34b97035a97f1e1e68f29725e20f5b6c1ae9e1c3a24287e8

yes i understand closed source is bad for other reasons.. causing many POSSIBLE fears..  but you have to understand the reasons why closed source is used..
possible fears is different than finding actual skilled reviewers actually finding actual exploits

the actual EU proposal says they have their own vetted devs that review the code and ensure its clean (much like how core prefer their own devs to review code and 'ACK' it, but dont like outsiders scrutinising, reviewing and commenting on the code)


now with all that said no where in the EU proposal does it say about banning end-to-end encryption

[BlackHatCoiner]

if you understand security. no one wants a service to be open source, because hackers could find exploits

Lol. This is one of the most well-known fallacies in security. "Security through obscurity" principle -- AKA "closed-source software being more secure than open-source" -- is entirely debunked. As I have already said before, believing that this provides security, besides false, is a sign of utter arrogance. Believing that you'll obscure the source in such a way that it will be impossible for third parties to discover your obscurity is just plain dumb; and once they do, your system will be vulnerable.

Most exploits aren't found by using the source code in the first place. Quoting my past self:

Closed-source software is nowhere close to better than reputable open-source software in terms of security. Being open-source doesn't mean more vulnerable than closed-source. Most attacks, from dynamic which work as a black-box (push inputs, observe outputs) to static which use pattern matches against binaries require no source code. Even if source code is necessary for an attacker, they can use disassemblers to reverse engineer part of the source code they want.

Now please don't derail this, or I'll have to use the Delete.

[coolcoinz]

The bill is essentially discriminating anyone from being a certificate authority unless they are approved by the government.

This is basically the whole EU in a nutshell.
You're not going to be allowed to do anything, unless we approve it, but we'll go about it slow.
In the words of Klauss Schwab "you'll own nothing and be happy."

The aim has long ago been to create one big happy centralized country in Europe where you don't get to travel, unless you pay tax for your carbon footprint and carbon tax is added to every carbon producing activity. You own a pet - tax. You collect rainwater - rainwater tax. You drive a car - emission tax. You live in a house that isn't up to their standards - tax. You travel too much - tax. You cut a tree in your yard - tax, and don't forget to ask for permission, otherwise it's a fine.
They started with their new crypto guidelines last year and told everyone that these are good because they're pioneers in regulating cryptocurrencies. You'll see how that goes in a few years.

And for those who didn't know, all EU laws are above the local laws of member countries, unless you're German because they outvoted it and are now the only country in the EU where it's the other way round.

Please sir, you sound like a deluded conspiracy theorist!

Don't tell me you don't like cameras watching you everywhere you go and video feed inscribed directly into the BSV blockchain!

Some people around here don't like hearing the cold, harsh truth...

So I guess you don't believe there's a conspiracy at all. It just doesn't exist. There's no need to extradite Snowden and these guys at WEF talk about sharing their wealth with everyone, unicorns and rainbows.
If you want to contradict me, please prove that I'm wrong. I haven't noticed any questions or contradictions in your post that I could address.

[cryptosize]

The bill is essentially discriminating anyone from being a certificate authority unless they are approved by the government.

This is basically the whole EU in a nutshell.
You're not going to be allowed to do anything, unless we approve it, but we'll go about it slow.
In the words of Klauss Schwab "you'll own nothing and be happy."

The aim has long ago been to create one big happy centralized country in Europe where you don't get to travel, unless you pay tax for your carbon footprint and carbon tax is added to every carbon producing activity. You own a pet - tax. You collect rainwater - rainwater tax. You drive a car - emission tax. You live in a house that isn't up to their standards - tax. You travel too much - tax. You cut a tree in your yard - tax, and don't forget to ask for permission, otherwise it's a fine.
They started with their new crypto guidelines last year and told everyone that these are good because they're pioneers in regulating cryptocurrencies. You'll see how that goes in a few years.

And for those who didn't know, all EU laws are above the local laws of member countries, unless you're German because they outvoted it and are now the only country in the EU where it's the other way round.

Please sir, you sound like a deluded conspiracy theorist!

Don't tell me you don't like cameras watching you everywhere you go and video feed inscribed directly into the BSV blockchain!

Some people around here don't like hearing the cold, harsh truth...

So I guess you don't believe there's a conspiracy at all. It just doesn't exist. There's no need to extradite Snowden and these guys at WEF talk about sharing their wealth with everyone, unicorns and rainbows.
If you want to contradict me, please prove that I'm wrong. I haven't noticed any questions or contradictions in your post that I could address.

Did you read my entire post? Read it again, from top to bottom:

I remember telling people since 2020 that EU's Digital ID initiative is going to have some serious repercussions in the society, but few people believed me back then... they were too focused on the COVID plandemic.

Average Joe/Current Thing NPC: "Hey, this is good for my convenience, no more paperwork! hurr durr"

Skepticist: "Sounds too good to be true... where's the catch?"

And you haven't even seen what's coming next with CBDC (social credit score, carbon credits), which will be tied to eID...

People are going to rationalize everything to feel "comfortable" (psychological coping mechanism) -> "What's the big deal with social credit score? Ebay already has had ratings for many, many years! Are you a criminal or what? What are you afraid of?"

"What's wrong with carbon credits? Are you a climate change denier? Why not eat ze bugs and save the planet by reducing your carbon footprint to zero?"

Oh well... if people want a China-style sci-fi Panopticon dystopia, who am I to argue with them?