logoalt Hacker News

arjieyesterday at 7:19 PM7 repliesview on HN

I don't understand. How does it affect encrypted messages? It seems like either you need:

1. allow MITM decryption by a privileged authority

2. require all devices doing E2EE have a non-user-modifiable piece of functionality to scan on-device

The second is the Apple style on-device CSAM scanner? I have to say that I do sometimes think about it while taking a photo of my baby playing in the bathtub - photos like my parents have of me which have been kind of nice to see later. It would be a pity if I had to have a separate analog camera just for baby photos because then I'd need to learn the whole developing film stuff.


Replies

pqtywyesterday at 8:23 PM

Apple's proposal was only for photos being uploaded to iCloud and not local ones.

IIRC weren't there some thoughts that they'd switch iCloud to E2E but add local scanning on upload (compare to what it currently when Apple, Google, etc. freely scan all your cloud photos anyway). That didn't seem like a terrible deal on paper.

petcatyesterday at 7:23 PM

> It would be a pity if I had to have a separate analog camera just for baby photos because then I'd need to learn the whole developing film stuff.

Polaroid coming back in business! I would not complain at all if we started reverting some of our lifestyle behaviors back to analog.

show 1 reply
grg0yesterday at 7:45 PM

I am not fully acquainted with the details, but I would not discard (3) make e2ee illegal, at least for platforms of certain size etc. That is what the proponents ultimately want anyway. If they settle for anything else, it's because of the resistance.

ExpertAdvisor01yesterday at 7:39 PM

Platforms will stop offering E2EE . Didn't Instagram abandon E2EE ?

show 1 reply
nicceyesterday at 7:46 PM

> The second is the Apple style on-device CSAM scanner?

This is exactly what has been proposed. E.g. WhatsApp has a piece of code that scans images and texts before sending. After that, they are "encrypted".

show 1 reply
vaylianyesterday at 8:42 PM

You are correct in that both option 1 and 2 are possible. For end-to-end encrypted messages only option 2 is possible. The content will be scanned directly on your own device and the data will be sent to the authorities without your knowledge, if the software detects something suspicious. This is called client-side-scanning.

cortesoftyesterday at 7:49 PM

[dead]