An anonymous reader quotes a report from The Register: Royal assent was granted to two right to repair bills last week that amend Canada's Copyright Act to allow the circumvention of technological protection measures (TPMs) if this is done for the purposes of "maintaining or repairing a product, including any related diagnosing," and "to make the program or a device in which it is embedded interoperable with any other computer program, device or component." The pair of bills allow device owners to not only repair their own stuff regardless of how a program is written to prevent such non-OEM measures, but said owners can also make their devices work with third-party components without needing to go through the manufacturer to do so.

Bills C-244 (repairability) and C-294 (interoperability) go a long way toward advancing the right to repair in Canada and, as iFixit pointed out, are the first federal laws anywhere that address how TPMs restrict the right to repair -- but they're hardly final. TPMs can take a number of forms, from simple administrative passwords to encryption, registration keys, or even the need for a physical object like a USB dongle to unlock access to copyrighted components of a device's software. Most commercially manufactured devices with proprietary embedded software include some form of TPM, and neither C-244 nor C-294 place any restrictions on the use of such measures by manufacturers. As iFixit points out, neither Copyright Act amendments do anything to expand access to the tools needed to circumvent TPMs. That puts Canadians in a similar position to US repair advocates, who in 2021 saw the US Copyright Office loosen DMCA restrictions to allow limited repairs of some devices despite TPMs, but without allowing access to the tools needed to do so. [...]

Canadian Repair Coalition co-founder Anthony Rosborough said last week that the new repairability and interoperability rules represent considerable progress, but like similar changes in the US, don't actually amount to much without the right to distribute tools. "New regulations are needed that require manufacturers and vendors to ensure that products and devices are designed with accessibility of repairs in mind," Rosborough wrote in an op-ed last week. "Businesses need to be able to carry out their work without the fear of infringing various intellectual property rights."

SC World reports: Several major end-to-end encrypted cloud storage services contain cryptographic flaws that could lead to loss of confidentiality, file tampering, file injection and more, researchers from ETH Zurich said in a paper published this month.

The five cloud services studied offer end-to-end encryption (E2EE), intended to ensure files can not be read or edited by anyone other than the uploader, meaning not even the cloud storage provider can access the files. However, ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong, who presented their findings at the ACM Conference on Computer and Communications Security (CCS) last week, found serious flaws in four out of the five services that could effectively bypass the security benefits provided by E2EE by enabling an attacker who managed to compromise a cloud server to access, tamper with or inject files.

The E2EE cloud storage services studied were Sync, pCloud, Seafile, Icedrive and Tresorit, which have a collective total of about 22 million users. Tresorit had the fewest vulnerabilities, which could enable some metadata tampering and use of non-authentic keys when sharing files. The other four services were found to have more severe flaws posing a greater risk to file confidentiality and integrity.
BleepingComputer reports that Sync is "fast-tracking fixes," while Seafile "promised to patch the protocol downgrade problem on a future upgrade." And SC World does note that all 10 of the tested exploits "would require the attacker to have already gained control of a server with the ability to read, modify and inject data.

"The authors wrote that they consider this to be a realistic threat model for E2EE services, as these services are meant to protect files even if such a compromise was to occur."

Thanks to Slashdot reader spatwei for sharing the article.

Session, a small but increasingly popular encrypted messaging app, is moving its operations outside of Australia after the country's federal law enforcement agency visited an employee's residence and asked them questions about the app and a particular user. 404 Media reports: Now Session will be maintained by an entity in Switzerland. The move signals the increasing pressure on maintainers of encrypted messaging apps, both when it comes to governments seeking more data on app users, as well as targeting messaging app companies themselves, like the arrest of Telegram's CEO in August. "Ultimately, we were given the choice between remaining in Australia or relocating to a more privacy-friendly jurisdiction, such as Switzerland. For the project to continue, it could not be centred in Australia," Alex Linton, president of the newly formed Session Technology Foundation (STF) which will publish the Session app, told 404 Media in a statement. The app will still function in Australia, Linton added. Linton said that last year the Australian Federal Police (AFP) visited a Session employee at their home in the country. "There was no warrant used or meeting organised, they just went into their apartment complex and knocked on their front door," Linton said.

The AFP asked about the Session app and company, and the employee's history on the project, Linton added. The officers also asked about an ongoing investigation related to a specific Session user, he added. Linton showed 404 Media an email sent by Session's legal representatives to the AFP which reflected that series of events. Part of Session's frustration around the incident came from the AFP deciding to "visit an employee at home rather than arranging a meeting through our proper (publicly available) channels," Linton said.

An anonymous reader shared this report from Forbes: Recent headlines have proclaimed that Chinese scientists have hacked "military-grade encryption" using quantum computers, sparking concern and speculation about the future of cybersecurity. The claims, largely stemming from a recent South China Morning Post article about a Chinese academic paper published in May, was picked up by many more serious publications.

However, a closer examination reveals that while Chinese researchers have made incremental advances in quantum computing, the news reports are a huge overstatement. "Factoring a 50-bit number using a hybrid quantum-classical approach is a far cry from breaking 'military-grade encryption'," said Dr. Erik Garcell, Head of Technical Marketing at Classiq, a quantum algorithm design company. While advancements have indeed been made, the progress represents incremental steps rather than a paradigm-shifting breakthrough that renders current cryptographic systems obsolete. "This kind of overstatement does more harm than good," Dr. Garcell said. "Misrepresenting current capabilities as 'breaking military-grade encryption' is not just inaccurate — it's potentially damaging to the field's credibility...."

In fact, the Chinese paper in question, titled Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage, does not mention military-grade encryption, which typically involves algorithms like the Advanced Encryption Standard (AES). Instead, the paper is about attacking RSA encryption (RSA stands for Rivest-Shamir-Adleman, named after its creators)... While factoring a 50-bit integer is an impressive technical achievement, it's important to note that RSA encryption commonly uses key sizes of 2048 bits or higher. The difficulty of factoring increases exponentially with the size of the number, meaning that the gap between 50-bit and 2048-bit integers is astronomically large.

Moreover, the methods used involve a hybrid approach that combines quantum annealing with classical computation. This means that the quantum annealer handles part of the problem, but significant processing is still performed by classical algorithms. The advances do not equate to a scalable method for breaking RSA encryption as it is used in practical applications today.
Duncan Jones, Head of Cybersecurity at Quantinuum, tells Forbes that if China had actually broken AES — they'd be keeping it secret (rather than publicizing it in newspapers).

UPDATE: Forbes writes that China hasn't broken military encryption. While factoring a 50-bit integer is an impressive technical achievement, it's important to note that RSA encryption commonly uses key sizes of 2048 bits or higher. The difficulty of factoring increases exponentially with the size of the number, meaning that the gap between 50-bit and 2048-bit integers is astronomically large...

The advances do not equate to a scalable method for breaking RSA encryption as it is used in practical applications today."
Long-time Slashdot schwit1 originally wrote: Chinese scientists have mounted what they say is the world's first effective attack on a widely used encryption method using a quantum computer. The breakthrough poses a "real and substantial threat" to the long-standing password-protection mechanism employed across critical sectors, including banking and the military, according to the researchers.

Despite the slow progress in general-purpose quantum computing, which currently poses no threat to modern cryptography, scientists have been exploring various attack approaches on specialised quantum computers. In the latest work led by Wang Chao, of Shanghai University, the team said it used a quantum computer produced by Canada's D-Wave Systems to successfully breach cryptographic algorithms.

Using the D-Wave Advantage, they successfully attacked the Present, Gift-64 and Rectangle algorithms -- all representative of the SPN (Substitution-Permutation Network) structure, which forms part of the foundation for advanced encryption standard (AES) widely used in the military and finance. AES-256, for instance, is considered the best encryption available and often referred to as military-grade encryption. While the exact passcode is not immediately available yet, it is closer than ever before, according to the study. "This is the first time that a real quantum computer has posed a real and substantial threat to multiple full-scale SPN structured algorithms in use today," they said in the peer-reviewed paper.

An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. From a report: According to an ESET report, this happened at least two times, one against the embassy of a South Asian country in Belarus in September 2019 and again in July 2021, and another against a European government organization between May 2022 and March 2024. In May 2023, Kaspersky warned about GoldenJackal's activities, noting that the threat actors focus on government and diplomatic entities for purposes of espionage. Although their use of custom tools spread over USB pen drives, like the 'JackalWorm,' was known, cases of a successful compromise of air-gapped systems were not previously confirmed.

Alypius shares a report from 9to5Mac: It was revealed this weekend that Chinese hackers managed to access systems run by three of the largest internet service providers (ISPs) in the US. What's notable about the attack is that it compromised security backdoors deliberately created to allow for wiretaps by US law enforcement. [...] Apple famously refused the FBI's request to create a backdoor into iPhones to help access devices used by shooters in San Bernardino and Pensacola. The FBI was subsequently successful in accessing all the iPhones concerned without the assistance it sought.

Our arguments against such backdoors predate both cases, when Apple spoke out on the issue in the wake of terrorist attacks in Paris more than a decade ago: "Apple is absolutely right to say that the moment you build in a backdoor for use by governments, it will only be a matter of time before hackers figure it out. You cannot have an encryption system which is only a little bit insecure any more than you can be a little bit pregnant. Encryption systems are either secure or they're not -- and if they're not then it's a question of when, rather than if, others are able to exploit the vulnerability."

This latest case perfectly illustrates the point. The law required ISPs to create backdoors that could be used for wiretaps by US law enforcement, and hackers have now found and accessed them. Exactly the same would be true if Apple created backdoors into iPhones.

The Washington Post interviewed Lebanese officials, people close to Hezbollah, and Israeli, Arab and U.S. security officials and politicians about a years-long plan (originated at Mossad headquarters) that ultimately killed or maimed "as many as 3,000 Hezbollah officers and members — most of them rear-echelon figures... along with an unknown number of civilians... when Israel's Mossad intelligence service triggered the devices remotely on September 17." In the initial sales pitch to Hezbollah two years ago, the new line of Apollo pagers seemed precisely suited to the needs of a militia group with a sprawling network of fighters and a hard-earned reputation for paranoia... Best of all, there was no risk that the pagers could ever be tracked by Israel's intelligence services. Hezbollah's leaders were so impressed they bought 5,000 of them and began handing them out to mid-level fighters and support personnel in February. None of the users suspected they were wearing an ingeniously crafted Israeli bomb...

Israeli officials had watched with increasing anxiety as the Lebanese group added new weapons to an arsenal already capable of striking Israeli cities with tens of thousands of precision-guided missiles. Mossad, the Israeli intelligence service responsible for combating foreign threats to the Jewish state, had worked for years to penetrate the group with electronic monitoring and human informants. Over time, Hezbollah leaders learned to worry about the group's vulnerability to Israeli surveillance and hacking, fearing that even ordinary cellphones could be turned into Israeli-controlled eavesdropping and tracking devices. Thus was born the idea of creating a kind of communications Trojan horse, the officials said. Hezbollah was looking for hack-proof electronic networks for relaying messages, and Mossad came up with a pair of ruses that would lead the militia group to purchase devices that seemed perfect for the job — equipment that Mossad designed and had assembled in Israel.

The first part of the plan, booby-trapped walkie-talkies, began being inserted into Lebanon by Mossad nearly a decade ago, in 2015. The mobile two-way radios contained oversized battery packs, a hidden explosive and a transmission system that gave Israel complete access to Hezbollah communications. For nine years, the Israelis contented themselves with eavesdropping on Hezbollah, the officials said, while reserving the option to turn the walkie-talkies into bombs in a future crisis. But then came a new opportunity and a glitzy new product: a small pager equipped with a powerful explosive. In an irony that would not become clear for many months, Hezbollah would end up indirectly paying the Israelis for the tiny bombs that would kill or wound many of its operatives.

Because Hezbollah leaders were alert to possible sabotage, the pagers could not originate in Israel, the United States or any other Israeli ally. So, in 2023, the group began receiving solicitations for the bulk purchase of Taiwanese-branded Apollo pagers, a well-recognized trademark and product line with a worldwide distribution and no discernible links to Israeli or Jewish interests. The Taiwanese company had no knowledge of the plan, officials said... The marketing official had no knowledge of the operation and was unaware that the pagers were physically assembled in Israel under Mossad oversight, officials said... In a feat of engineering, the bomb component was so carefully hidden as to be virtually undetectable, even if the device was taken apart, the officials said. Israeli officials believe that Hezbollah did disassemble some of the pagers and may have even X-rayed them.
"Thousands of Apollo-branded pagers rang or vibrated at once, all across Lebanon and Syria," according to the article, with a short sentence in Arabic that said "You received an encrypted message." The two-button de-encryption procedure "ensured most users would be holding the pager with both hands when it detonated," according to the article, although "Less than a minute later, thousands of other pagers exploded by remote command, regardless of whether the user ever touched his device. The following day, on September 18, hundreds of walkie-talkies blew up in the same way, killing and maiming users and bystanders..."

"As Hezbollah reeled, Israel struck again, pounding the group's headquarters, arsenals and logistic centers with 2,000-pound bombs," the article concludes. And the strike "convinced the country's political leaders that Hezbollah could be put on the ropes, susceptible to a systematic dismantling using airstrikes and, eventually a ground invasion..."

The Verge's Gaby Del Valle reports: New York City Mayor Eric Adams, who was indicted last week on charges including fraud, bribery, and soliciting donations from foreign nationals, told federal investigators he forgot his phone password before handing it over, according to charging documents. That was almost a year ago, and investigators still can't get into the phone, prosecutors said Wednesday.

During a federal court hearing, prosecutor Hagan Scotten said the FBI's inability to get into Adams' phone is a "significant wild card," according to a report from the New York Post. The FBI issued a search warrant for Adams' devices in November 2023. Adams initially handed over two phones but didn't have his personal device on him. The indictment does not mention what type of device Adams uses. When Adams turned in his personal cellphone the following day, charging documents say, he said he had changed the password a day prior -- after learning about the investigation -- and couldn't remember it. Adams told investigators he changed the password "to prevent members of his staff from inadvertently or intentionally deleting the contents of his phone," the indictment alleges. The FBI just needs the right tools. When investigators failed to break into the Trump rally shooter's phone in July, they sent the device to the FBI lab in Quantico, Virginia, where agents used an unreleased tool from the Israeli company Cellebrite to crack it in less than an hour.

wiredmikey writes: Three months after pulling previews of the controversial Windows Recall feature due to public backlash, Microsoft says it has completely overhauled the security architecture with proof-of-presence encryption, anti-tampering and DLP checks, and screenshot data managed in secure enclaves outside the main operating system.

In an interview with SecurityWeek, Microsoft vice president David Weston said the company's engineers rewrote the security model of Windows Recall to reduce attack surface on Copilot+ PCs and minimize the risk of malware attackers targeting the screenshot data store.

International police forces have taken down an encrypted communication platform and arrested 51 people, marking a success for co-ordinated efforts to crack down on anonymous messaging services used by criminal groups. FT: Europol and law enforcement agencies from nine countries dismantled Ghost [non-paywalled source], an online platform which used three different encryption standards and allowed users to destroy all messages by sending a specific code, Europol announced on Wednesday. The crackdown is the latest operation by international agencies to decode encrypted messaging services used by criminals to manage their international operations, following the takedown of platforms such as EncroChat and Sky ECC in recent years.

[...] McLean said Ghost was administered by a 32-year-old man from Australia, one of the operation's principal targets. As a result of the decryption operation, where officers broke the app's code so they could read users' messages, the death or injury of as many as 50 people could have been prevented, McLean said.

Google is updating the post-quantum cryptography in Chrome, replacing the experimental Kyber with the fully standardized Module Lattice Key Encapsulation Mechanism (ML-KEM) to enhance protection against quantum computing attacks. BleepingComputer reports: This change comes roughly five months after Google rolled out the post-quantum secure TLS key encapsulation system on Chrome stable for all users, which also caused some problems with TLS exchanges. The move from Kyber to ML-KEM though is not related to those early problems, that got resolved soon after manifesting. Rather, its a strategic choice to abandon an experimental system for a NIST-approved and fully standardized mechanism.

ML-KEM was fully endorsed by the U.S. National Institute of Standards and Technology (NIST) in mid-August, with the agency publishing the complete technical specifications of the final version at the time. Google explains that despite the technical changes from Kyber to ML-KEM being minor, the two are essentially incompatible, so a switch had to be made. "The changes to the final version of ML-KEM make it incompatible with the previously deployed version of Kyber," explains Google. "As a result, the codepoint in TLS for hybrid post-quantum key exchange is changing from 0x6399 for Kyber768+X25519, to 0x11EC for ML-KEM768+X25519."

Apple today is rolling out iOS 18, introducing support for Rich Communications Services (RCS) to enhance messaging between iPhone and Android devices with features like typing indicators, read receipts, and higher resolution media. "However, there continues to be no end-to-end encryption (E2EE), with work towards that between Android and iOS continuing," notes 9to5Google. The feature will be enabled by default on iPhones with major U.S. carriers supported, but smaller MVNOs are not yet included.

Linux creator Linus Torvalds has released version 6.11 of the open-source operating system kernel. The new release, while not considered major by Torvalds, introduces several notable improvements for AMD hardware users and Arch Linux developers. ZDNet: This latest version introduces several enhancements, particularly for AMD hardware users, while offering broader system improvements and new capabilities. These include:
RDNA4 Graphics Support: The kernel now includes baseline support for AMD's upcoming RDNA4 graphics architecture. This early integration bodes well for future AMD GPU releases, ensuring Linux users have day-one support.
Core Performance Boost: The AMD P-State driver now includes handling for AMD Core Performance Boost. This driver gives AMD Core users more granular control over turbo and boost frequency ranges.
Fast Collaborative Processor Performance Control (CPPC) Support: Overclockers who want the most power possible from their computers will be happy with this improvement to the AMD P-State driver. This feature enhances power efficiency on recent Ryzen (Zen 4) mobile processors. This can improve performance by 2-6% without increasing power consumption.
AES-GCM Crypto Performance: AMD and Intel CPUs benefit from significantly faster AES-GCM encryption and decryption processing, up to 160% faster than previous versions.

An anonymous reader quotes a report from Ars Technica: Microsoft has updated a key cryptographic library with two new encryption algorithms designed to withstand attacks from quantum computers. The updates were made last week to SymCrypt, a core cryptographic code library for handing cryptographic functions in Windows and Linux. The library, started in 2006, provides operations and algorithms developers can use to safely implement secure encryption, decryption, signing, verification, hashing, and key exchange in the apps they create. The library supports federal certification requirements for cryptographic modules used in some governmental environments. Despite the name, SymCrypt supports both symmetric and asymmetric algorithms. It's the main cryptographic library Microsoft uses in products and services including Azure, Microsoft 365, all supported versions of Windows, Azure Stack HCI, and Azure Linux. The library provides cryptographic security used in email security, cloud storage, web browsing, remote access, and device management. Microsoft documented the update in a post on Monday. The updates are the first steps in implementing a massive overhaul of encryption protocols that incorporate a new set of algorithms that aren't vulnerable to attacks from quantum computers. [...]

The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST). The KEM in the new name is short for key encapsulation. KEMs can be used by two parties to negotiate a shared secret over a public channel. Shared secrets generated by a KEM can then be used with symmetric-key cryptographic operations, which aren't vulnerable to Shor's algorithm when the keys are of a sufficient size. [...] The other algorithm added to SymCrypt is the NIST-recommended XMSS. Short for eXtended Merkle Signature Scheme, it's based on "stateful hash-based signature schemes." These algorithms are useful in very specific contexts such as firmware signing, but are not suitable for more general uses. Monday's post said Microsoft will add additional post-quantum algorithms to SymCrypt in the coming months. They are ML-DSA, a lattice-based digital signature scheme, previously called Dilithium, and SLH-DSA, a stateless hash-based signature scheme previously called SPHINCS+. Both became NIST standards last month and are formally referred to as FIPS 204 and FIPS 205. In Monday's post, Microsoft Principal Product Manager Lead Aabha Thipsay wrote: "PQC algorithms offer a promising solution for the future of cryptography, but they also come with some trade-offs. For example, these typically require larger key sizes, longer computation times, and more bandwidth than classical algorithms. Therefore, implementing PQC in real-world applications requires careful optimization and integration with existing systems and standards."

Steven Levy, writing for Wired: My first story for WIRED -- yep, 31 years ago -- looked at a group of "crypto rebels" who were trying to pry strong encryption technology from the government-classified world and send it into the mainstream. Naturally I attempted to speak to someone at the National Security Agency for comment and ideally get a window into its thinking. Unsurprisingly, that was a no-go, because the NSA was famous for its reticence. Eventually we agreed that I could fax (!) a list of questions. In return I got an unsigned response in unhelpful bureaucratese that didn't address my queries. Even that represented a loosening of what once was total blackout on anything having to do with this ultra-secretive intelligence agency. For decades after its post-World War II founding, the government revealed nothing, not even the name, of this agency and its activities. Those in the know referred to it as "No Such Agency."

In recent years, the widespread adoption of encryption technology and the vital need for cybersecurity has led to more openness. Its directors began to speak in public; in 2012, NSA director Keith Alexander actually keynoted Defcon. I'd spent the entire 1990s lobbying to visit the agency for my book Crypto; in 2013, I finally crossed the threshold of its iconic Fort Meade Headquarters for an on-the-record conversation with officials, including Alexander. NSA now has social media accounts on Twitter, Instagram, Facebook. And there is a form on the agency website for podcasters to request guest appearances by an actual NSA-ite.

So it shouldn't be a total shock that NSA is now doing its own podcast. You don't need to be an intelligence agency to know that pods are a unique way to tell stories and hold people's attention. The first two episodes of the seven-part season dropped this week. It's called No Such Podcast, earning some self-irony points from the get-go. In keeping with the openness vibe, the NSA granted me an interview with an official in charge of the project -- one of the de facto podcast producers, a title that apparently is still not an official NSA job posting. Since NSA still gotta NSA, I can't use this person's name. But my source did point out that in the podcast itself, both the hosts and the guests -- who are past and present agency officials -- speak under their actual identities.

Slashdot reader echo123 shared a new article from Wired titled "Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It's Out to Prove Surveillance Capitalism Wrong." ("On its 10th anniversary, Signal's president wants to remind you that the world's most secure communications platform is a nonprofit. It's free. It doesn't track you or serve you ads. It pays its engineers very well. And it's a go-to app for hundreds of millions of people.") Ten years ago, WIRED published a news story about how two little-known, slightly ramshackle encryption apps called RedPhone and TextSecure were merging to form something called Signal. Since that July in 2014, Signal has transformed from a cypherpunk curiosity — created by an anarchist coder, run by a scrappy team working in a single room in San Francisco, spread word-of-mouth by hackers competing for paranoia points — into a full-blown, mainstream, encrypted communications phenomenon... Billions more use Signal's encryption protocols integrated into platforms like WhatsApp...

But Signal is, in many ways, the exact opposite of the Silicon Valley model. It's a nonprofit funded by donations. It has never taken investment, makes its product available for free, has no advertisements, and collects virtually no information on its users — while competing with tech giants and winning... Signal stands as a counterfactual: evidence that venture capitalism and surveillance capitalism — hell, capitalism, period — are not the only paths forward for the future of technology.

Over its past decade, no leader of Signal has embodied that iconoclasm as visibly as Meredith Whittaker. Signal's president since 2022 is one of the world's most prominent tech critics: When she worked at Google, she led walkouts to protest its discriminatory practices and spoke out against its military contracts. She cofounded the AI Now Institute to address ethical implications of artificial intelligence and has become a leading voice for the notion that AI and surveillance are inherently intertwined. Since she took on the presidency at the Signal Foundation, she has come to see her central task as working to find a long-term taproot of funding to keep Signal alive for decades to come — with zero compromises or corporate entanglements — so it can serve as a model for an entirely new kind of tech ecosystem...

Meredith Whittaker: "The Signal model is going to keep growing, and thriving and providing, if we're successful. We're already seeing Proton [a startup that offers end-to-end encrypted email, calendars, note-taking apps, and the like] becoming a nonprofit. It's the paradigm shift that's going to involve a lot of different forces pointing in a similar direction."
Key quotes from the interview:

• "Given that governments in the U.S. and elsewhere have not always been uncritical of encryption, a future where we have jurisdictional flexibility is something we're looking at."

• "It's not by accident that WhatsApp and Apple are spending billions of dollars defining themselves as private. Because privacy is incredibly valuable. And who's the gold standard for privacy? It's Signal."

• "We also see growth in response to things like what we call a Big Tech Fuckup, like when WhatsApp changed its terms of service. We saw a boost in desktop after Zoom announced that they were going to scan everyone's calls for AI. And we anticipate more of those."

• "AI is a product of the mass surveillance business model in its current form. It is not a separate technological phenomenon."

• "...alternative models have not received the capital they need, the support they need. And they've been swimming upstream against a business model that opposes their success. It's not for lack of ideas or possibilities. It's that we actually have to start taking seriously the shifts that are going to be required to do this thing — to build tech that rejects surveillance and centralized control — whose necessity is now obvious to everyone."

Casey Newton, former senior editor at the Verge, weighs in on Platformer about the arrest of Telegram CEO Pavel Durov.

"Fending off onerous speech regulations and overzealous prosecutors requires that platform builders act responsibly. Telegram never even pretended to." Officially, Telegram's terms of service prohibit users from posting illegal pornographic content or promotions of violence on public channels. But as the Stanford Internet Observatory noted last year in an analysis of how CSAM spreads online, these terms implicitly permit users who share CSAM in private channels as much as they want to. "There's illegal content on Telegram. How do I take it down?" asks a question on Telegram's FAQ page. The company declares that it will not intervene in any circumstances: "All Telegram chats and group chats are private amongst their participants," it states. "We do not process any requests related to them...."

Telegram can look at the contents of private messages, making it vulnerable to law enforcement requests for that data. Anticipating these requests, Telegram created a kind of jurisdictional obstacle course for law enforcement that (it says) none of them have successfully navigated so far. From the FAQ again:

To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data. [...] To this day, we have disclosed 0 bytes of user data to third parties, including governments.

As a result, investigation after investigation finds that Telegram is a significant vector for the spread of CSAM.... The company's refusal to answer almost any law enforcement request, no matter how dire, has enabled some truly vile behavior. "Telegram is another level," Brian Fishman, Meta's former anti-terrorism chief, wrote in a post on Threads. "It has been the key hub for ISIS for a decade. It tolerates CSAM. Its ignored reasonable [law enforcement] engagement for YEARS. It's not 'light' content moderation; it's a different approach entirely.
The article asks whether France's action "will embolden countries around the world to prosecute platform CEOs criminally for failing to turn over user data." On the other hand, Telegram really does seem to be actively enabling a staggering amount of abuse. And while it's disturbing to see state power used indiscriminately to snoop on private conversations, it's equally disturbing to see a private company declare itself to be above the law.

Given its behavior, a legal intervention into Telegram's business practices was inevitable. But the end of private conversation, and end-to-end encryption, need not be.

The Washington Post writes that Telegram's "anything-goes approach" to its 950 million users "has also made it one of the internet's largest havens for child predators, experts say...."

"Durov's critics say his public idealism masks an opportunistic business model that allows Telegram to profit from the worst the internet has to offer, including child sexual abuse material, or CSAM... " [Telegram is] an app of choice for political organizing, including by dissidents under repressive regimes. But it is equally appealing for terrorist groups, criminal organizations and sexual predators, who use it as a hub to share and consume nonconsensual pornography, AI "deepfake" nudes, and illegal sexual images and videos of exploited minors, said Alex Stamos, chief information security officer at the cybersecurity firm SentinelOne. "Due to their advertised policy of not cooperating with law enforcement, and the fact that they are known not to scan for CSAM, Telegram has attracted large groups of pedophiles trading and selling child abuse materials," Stamos said.

That reach comes even though many Telegram exchanges don't actually use the strong forms of encryption available on true private messaging apps, he added. Telegram is used for private messaging, public posts and group chats. Only one-to-one conversations can be encrypted in a way that even Telegram can't access them. And that occurs only if users choose the option, meaning the company could turn over everything else to governments if it wanted to... French prosecutors argue that Durov is in fact responsible for Telegram's emergence as a global haven for illegal content, including CSAM, because of his reluctance to moderate it and his refusal to help authorities police it, among other allegations...

David Kaye, a professor at University of California, Irvine School of Law and former U.N. special rapporteur on freedom of expression... said that while Telegram has at times banned groups and taken down [CSAM] content in response to law enforcement, its refusal to share data with investigators sets it apart from most other major tech companies. Unlike U.S.-based platforms, Telegram is not required by U.S. law to report instances of CSAM to the National Center for Missing and Exploited Children, or NCMEC. Many online platforms based overseas do so anyway — but not Telegram. "NCMEC has tried to get them to report, but they have no interest and are known for not wanting to work with [law enforcement agencies] or anyone in this space," a NCMEC spokesperson said.
The Post also writes that Telegram "has repeatedly been revealed to serve as a tool to store, distribute and share child sexual imagery." (They cite several examples, including two different men convicted to minimum sentences of at least 10 years for using the service to purchase CSAM and solicit explicit photos from minors.)

An anonymous reader shares a report: When French prosecutors charged Pavel Durov, the chief executive of the messaging app Telegram, with a litany of criminal offenses on Wednesday, one accusation stood out to Silicon Valley companies. Telegram, French authorities said in a statement, had provided cryptology services aimed at ensuring confidentiality without a license. In other words, the topic of encryption was being thrust into the spotlight.

The cryptology charge raised eyebrows at U.S. tech companies including Signal, Apple and Meta's WhatsApp, according to three people with knowledge of the companies. These companies provide end-to-end encrypted messaging services and often stand together when governments challenge their use of the technology, which keeps online conversations between users private and secure from outsiders.

But while Telegram is also often described as an encrypted messaging app, it tackles encryption differently than WhatsApp, Signal and others. So if Mr. Durov's indictment turned Telegram into a public exemplar of the technology, some Silicon Valley companies believe that could damage the credibility of encrypted messaging apps writ large, according to the people, putting them in a tricky position of whether to rally around their rival.

Encryption has been a long-running point of friction between governments and tech companies around the world. For years, tech companies have argued that encrypted messaging is crucial to maintain people's digital privacy, while law enforcement and governments have said that the technology enables illicit behaviors by hiding illegal activity. The debate has grown more heated as encrypted messaging apps have become mainstream. Signal has grown by tens of millions of users since its founding in 2018. Apple's iMessage is installed on the hundreds of millions of iPhones that the company sells each year. WhatsApp is used by more than two billion people globally.