[French media] said the investigation was focused on a lack of moderators on Telegram, and that police considered that this situation allowed criminal activity to go on undeterred on the messaging app.
Europe defending its citizens against the tech giants, I'm sure.
There's a lot of really really dark shit on telegram that's for sure, and it's not like signal where they are just a provider. They do have control the content
Safe harbour equivalent rules should apply, no? That is, the platforms should not be held liable as long as the platform does not permit for illegal activities on the platform, offer proper reporting mechanism, and documented workflows to investigate + act against reported activity.
It feels like a slippery slope to arrest people on grounds of suspicion (until proven otherwise) of lack of moderation.
Telegram does moderation of political content they don't like.
Also Telegram does have means to control whatever they want.
And sometimes they also hide certain content from select regions.
Thus - if they make such decisions, then apparently CP and such are in their interest. Maybe to collect information for blackmail by some special services (Durov went to France from Baku, and Azerbaijan is friendly with Israel, and Mossad is even suspected of being connected to Epstein operation), maybe just for profit.
Why arrest him? Why not threaten to block the app in France or something like that?
And why only arrest him? Should the discord creators also be arrested for some shady channels? Should Elon Musk be arrested because twitter is the equivalent of fhe fifth circle of hell?
So they can make a very convincing case for a backdoor, in exchange for his release. And maybe some compensation for continued cooperation. Both come out winning and they get to claim nothing happened.
Government cyber security dealings as usual. or not. who knows?
It's one of the most popular social media apps in Russia that is not banned or blocked. I would bet they already have a backdoor for the Russian police and intelligence agency...
The government almost certainly doesn't need a backdoor as telegram is almost completely unencrypted (only one-to-one channels can be but aren't by default). The real (but more boring) conspiracy theory is that governments generally don't mind Telegram because its willfully terrible security model allows them to keep an eye on terrorists and activists' communications (I have a hard time believing that the NSA or even DGSE don't have their own backdoors already).
However the EU does have laws mandating the moderation of said unencrypted messages, especially when it comes to CSAM, which Telegram is notoriously poorly moderated. It's certainly reason enough to arrest and question this guy, at least until formal charges are brought or he walks free. Maybe there are additional political considerations, but there doesn't have to be.
Also how would arresting this guy help with backdooring. He doesn't have access to the source code. Whoever he calls to get that done is out of reach of the French police. He has no reason not to disable that backdoor as soon as he gets out of the EU. If he can be bought off he already has been (Crypto AG style except way lamer because no-one clever&important trusts Telegram), you don't need to arrest someone to pay them. I'm no DSGSE bigwig but pressuring lower level engineers to backdoor their code seems like a 1000% more effective approach.
people who act more in the interest of society and less in the interest of those in power get arrested
people who help those in power tighten the leash on society (fuckerberg, muskrat, etc) get courted and don't ever face consequences
In other words: A high profile person in tech being threatened with arrest / being arrested by western countries is a pretty good sign that they were not cooperating with our totalitarian overlords & providing us with ways to preserve our privacy.
And why only arrest him? Should the discord creators also be arrested for some shady channels? Should Elon Musk be arrested because twitter is the equivalent of fhe fifth circle of hell?
TF1 and BFM both said the investigation was focused on a lack of moderators on Telegram
I would vaguely imagine that they aren't going to be very happy about the Threadiverse when they discover us. There's no global moderator team to make moderate things.
I don't think much of the fediverse is compliant with the DSA, including the rules on content moderation. I really doubt that any lemmy instance is. Can we really assume that no one will ever complain?
Unless you dox yourself what kind of personal information are instances sharing? On top of that stuff that isn't due to the normal functioning of the site as a public message board?
What's questionable is embedding images, lemm.ee mitigates that with proxying, but ultimately the web is the web and you can't proxy the whole web. Clicking a link will still lead you somewhere else and if your browser pre-loads links then that's up to you.
It certainly is against the GDPR to federate with US instances.
considers
I don't think that it is, even for EU instances, in that the GDPR regulates businesses, so it's out-of-scope for the GDPR.
In theory, I suppose that GDPR implications might come up if someone starts selling commercial Threadiverse access at some point, though.
There might be some interesting questions providing Usenet or maybe XMPP, though, as there are commercial providers of those services, and they are federated and transfer data all over the world.
kagis
Hmm. This has some people talking about it for XMPP. At least this guy's first pass is that it might apply:
Under UK GDPR (not sure about the EU one) the only grounds for
exemption is "Residential use" (other than police and national
security, which are also exempt), quoting from the ICO:
"Domestic purposes – personal data processed in the course of a purely
personal or household activity, with no connection to a professional or
commercial activity, is outside the UK GDPR’s scope. This means that if
you only use personal data for such things as writing to friends and
family or taking pictures for your own enjoyment, you are not subject
to the UK GDPR." [1]
(For those who don't know who the ICO is, they are the British data
protection authority, see [2])
At first, at least in my case, this seems pretty easy. The data is
stored domestically, it is used with me and my friends for
communication, there shouldn't be any more to it... right?
But there is. I regularly connect and talk in many MUCs for open source
projects, such as Ignite Realtime (which this was initially discussed
until Guus suggested moving it to operators, thanks Guus :) ).
IP addresses, are considered identifiable information, logs will store
said information, this therefore means my server is storing
identifiable information on other servers, in this case, servers which
could be considered for commercial purposes.
It needs to be noticed commercial purposes doesn't necessarily mean
paid services, charities and non-profits are included within the
definition. Open source projects COULD be considered commercial
purposes because, although contributions are provided free of charge,
it is still a "donation" of sorts in the way of code.
The definition of "professional" does not seem to be clarified anywhere
on the ICO page, nor in their legal definitions [3]. It doesn't seem to
be within the UK GDPR legislation [4] (I will admit I did not read all
of this, I tried searching for keywords and found nothing, if someone
read it all and knows where this exception is clarified, please let me
know). Professional could mean a lot, but I will assume it is to do
with some sort of "work", which therefore would include open source
contributions.
This therefore could break the "no connection to professional or
commercial activity", to be honest the easiest thing to draw from this
is if it involves someone who is not family or friend (or yourself),
you are very likely to not be exempt.
For those who will suggest a zero storage solution, where the XMPP
server doesn't store any data, it still comes under GDPR due to
PROCESSING of data, simply processing it, even if you don't store it,
will have GDPR requirements.
Failure to pay when you are required to results in fines.
This is really cracking open a huge can of worms, it isn't so much of
"ah £45/yr is no big deal", once you are exempt you must follow all the
legal requirements of GDPR, and for a hobby? Is it worth it?
I am 100% sure, an XMPP server which does not federate, which is used
to communicate with friends would be exempt. But I have my doubts
whether a federated server can still use the same exemption clause.
I don't really know much about this topic even after reading the article. It does bother me however that there's so many channels/server on Telegram full of spammers that seem to offer drugs and prostitution. It's almost like those were the only things that exist in this world. Which is such a huge waste of a chat program.
Also who the hell listens to any of the nonsense influencers/politicians write in their heavily biased channels, seriously, I can't find a sane reason to join those, yet strangely that seems to be the only reason the masses use this tool. It's all just confusing.
Hell yeah. I always hated Telegram, because of its countless false promises, misleading claims, bad encryption (which isn't even enabled by default) and shady background.
That bad encryption was not cracked for now. The other one, that is used to process chats between 2 users in end to end mode, can't be enabled by default because it assumes no history is kept and no support for group chats.
Also, the arrest doesn't seem to be related to any of the things you mentioned. If anything it shows there are no ways for (certain) governments to affect the messenger, for now.
There is no encryption by default if you haven't noticed. There only the pseudo-E2EE which has been proven to have critical weaknesses: https://eprint.iacr.org/2015/1177.pdf
can't be enabled by default
Yes it can, every proper E2EE messenger works like that. Signal, Threema, hell even WhatsApp uses E2EE by default.
no support for group chats
Signal has had group chats for many years now. WhatsApp uses the same encryption protocol and it also works just fine. Stop spreading misinformation, and use Signal if you want an actual secure, end-to-end encrypted, open and transparent messenger.