• ByteWelder@lemmy.ml
    link
    fedilink
    arrow-up
    49
    ·
    edit-2
    5 months ago

    It’s literally in the article: They want to use client-side scanning. The client already has the data decrypted. This is much like what Apple wanted to introduce with CSAM scanning a while back. It’s a backdoor in each client and it’s a matter of time until it will be abused by malicious entities.

    • EngineerGaming@feddit.nl
      link
      fedilink
      arrow-up
      12
      ·
      5 months ago

      Yea, it is clear if there is just one closed-source app. But if we’re talking XMPP/Matrix - they have multiple open-source clients, even if some of them does introduce scanning, no way it wouldn’t be forked to remove it.

      • ByteWelder@lemmy.ml
        link
        fedilink
        arrow-up
        7
        ·
        5 months ago

        If a messaging service is non-compliant, the government could theoretically take action with court orders against domain owners, server owners or pursue anyone hosting a node in case of a distributed setup. In a worse case scenario, they might instruct ISPs via court orders to block these services (e.g. The Pirate Bay in some countries)

          • kbotc@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            ·
            5 months ago

            They literally will do that. GDPR shows that they will go after big American companies (That’s the point, a huge chunk of this is protectionism to build a tech industry in the EU that they control)

        • EngineerGaming@feddit.nl
          link
          fedilink
          arrow-up
          2
          ·
          5 months ago

          Where I live, a lot of popular services, including major foreign social media and torrents everyone uses, are blocked - yet they still have a massive userbase.

          And since the scanning is supposed to be client-side, how would a server check if the scanning was really performed? What if the server does receive and log the needed responses, just to be safe, but the client actually just sends them automatically while lacking such functionality?