The article is a lot more nuanced than the title or what most folks are discussing in comments. France has politicians voting in both directions and thus far the "keep encryption and enshrine it in law" side is ahead slightly.
> Senator Olivier Cadic, of the Centrist Union, secured an amendment to a separate bill on critical infrastructure resilience and cybersecurity that would do the opposite, writing encryption protection into French law and prohibiting any obligation on messaging services to install backdoors. The Senate adopted it in March 2025.
This article incorrectly implies that Telegram is end-to-end encrypted, by putting it in the same line as WhatsApp and Signal.
Telegram doesn't even try to be end-to-end-encrypted by default. WhatsApp claims to be end-to-end-encrypted, but it's not open-source, Signal is end-to-end-encrypted.
Open source would not help without the reproducible builds of Signal (I wonder who check them on each release?). And only builds like Molly include no binary blobs of Google [1], which could IMHO at least be used to extract some metadata. Leaving the OS still as a risk, even for Molly or Matrix clients. Even with transparency around linked devices, I would believe that few people would notice silently linked devices. Simplest thing is I guess social engineering which happened in a coordinated attack on Signal messagers of German politicians recently (I guess there should be an official signal app version not supporting linked devices for such people) [2].
Politicians should probably not use Signal but something that is controlled by the government and for example doesn’t allow „accidentally“ deleting incriminating messages.
If politicians would be effectively controlled by the government and not by some independent party those mysterious, oops, accidentally deleted it problems would increase.
> I can't think of a lot of crimes whose metadata warrants being killed for personally
You're (literally) missing links then. If A is a high-value target that we look at closely (because they're a high-value target), what if B frequently contacts A? If C, D, and E always recieve messages from B immediately following A messaging B?
What about times? Is B messaging F at a consistant time, and never outside of that? Is A only messaging G, at a set time, with G's phone immediately being put into (ineffective) airplane mode immediately before and after?
Facebook built their business on the social graph, but the CIA's been at this for decades
Thanks for explaining. I guess we are talking about espionage or something like that. I've been so focused on the rise of domestic surveillance lately that I forgot about the noncitizen aspects. Which is ridiculous but at the same time, it does seem like a trillion dollar focus lately.
My examples are all based on the CIA and NSA playbook though, as it was the NSA director that said the quiet part out loud, explicitly, in front of Congress. The NSA is effectively America's red team, an offensive arm, meaning they (should be) focused on threats (percieved or otherwise) outside the country
The FBI has been much quieter about this though - there has yet to be a Snowden-for-the-FBI, though they would be one of the agencies I would fully expect to be doing similar work domestically.
As this becomes more well-known, I would expect state and county police to start looking into data and metadata as well. In some cases, they already are [0] - even if some aspects of that case are less relevant today (Google Maps no longer uploads location history, though cell tower trilateration is getting more accurate, not less).
It's far more prevalent than most people realize, though I invite you to consider which you'd rather have when building a second-by-second profile of a person's life: the message contents, or the metadata?
Isn't this already happening? It's why the war department uses ChatGPT and Claude to target drone strikes. It's why Anthropic had to make a public scene to pretend that wasn't happening.
In the dystopian novel Nineteen Eighty-Four, thoughtcrime, also known as crimethink in the official language of Newspeak, is the offense of thinking in ways not approved by the ruling Ingsoc party. It describes the intellectual actions of a person who entertains and holds politically unacceptable thoughts; thus the government of The Party controls the speech, actions, and thoughts of the citizens of Oceania.
Maybe just search for it and pick a source you trust. Take the search term "kill people based on metadata" and no noise comes up, just tons of articles about General Hayden's interview and related
telegram may not be end-to-end encrypted by default but it does support end-to-end encryption. the generous reading is that this encryption, if used, should be broken.
so as i read it the article doesn't suggest that all of telegram is end-to-end encrypted only that it has support for it.
Yes and the secret chats in telegram are super clumsy. Both parties need to be online at the same time for the key exchange, it only works on one device at each side. Nobody I know uses them.
I sent some people a password reset through them but half of them couldn't get their head around it.
So yeah while it has secret chats, they aren't very useful at all.
Seems to me we're going to have to let the anti-encryption mob have their way until things go wrong—bigtime. No amount of expert advice will convince them until they witness firsthand the negative consequences of weakening encryption.
It's only afterwards and as a consequence some highly
newsworthy disasters occur such as a child abduction or political sex scandal involving a high profile politician come to light that the lay public will get the message that weak encryption is effectively no encryption.
In the meantime criminals will be early adopters of more sophisticated messaging such as steganography.
Would be nice, but you know they'll carve out exceptions for themselves or use "unauthorized" messaging channels regardless with no consequences. It is _always_ "rules for thee, not for me" with politicians.
I think there’s no turning back in this kind of laws. What has been lost is lost. In France a lot of public databases were leaked recently. It cannot be undone
> until they witness firsthand the negative consequences of weakening encryption.
They won't be affected.
The hitherto invisible but very real wall between social classes is just going to become more visible for "First World" civilians the way it's been in "lesser" countries for decades already.
Actual "criminals" have always been able to get around all the restrictions ever put in place since the dawn of civilization, it's just the common folk that get trodded on and kept in their place.
In most cases I think the revelation of a scandal involving a high-profile politician would be a good thing. (That is, better than it remaining secret.)
To be fair, the EU governments led the way to an unencrypted future with TETRA and the broken TEA1 encryption scheme. They're just giving back freedom and openness to the people now. /s
"Security researcher Ross Anderson reported in 1994 that "there was a terrific row between the NATO signal intelligence agencies in the mid-1980s over whether GSM encryption should be strong or not. The Germans said it should be, as they shared a long border with the Warsaw Pact; but the other countries didn't feel this way, and the algorithm as now fielded is a French design."
So in France you will not be able to send your friend gibberish text that only you and your friend understand. Will they also ban the ability to make new languages that only you and your friends understand. Will they also ban whispering?
Or will they ban you from using something like https://github.com/filosottile/age to encrypt and armor text encode things you send inside of the non-encrypted chat?
echo "Am I doing something illegal, France?" | age -e -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p -a -
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjTVQ5VTdMaTlnRkEyT1BY
MHZPc0lncHFvbS9FMTlDa2FkK3JQZy9sQnprClRFN3lNQUtnNzJWK0RxQVlYNE1q
NCtlNFJTUWpwZExJSDMvSGlRL2VHc1EKLS0tIC95bEErRU9NNERJRVVuYlMwUFg4
WUx1R0IyTHd1d2dxQTdqU0NJWlF0MXMKL1x9fz+ZVObYrn3bY/IdVBsd4KYxn78P
aWePVjaRUityGTkndNSy6gg1meVky22iv4rxd9MZ4XYnsGJDfRUmkVZhQcCxag==
-----END AGE ENCRYPTED FILE-----
I have talked about it with a high-ranking french policeman. That person is mostly active in fighting sex-crimes on children, which is the angle I will mostly be referring to. From what I understood, it is very clear to them that even if these laws comes to pass, a good amount of criminal activities will move to other safer options.
However, the general criminal is not technically competent. Currently, with WhatsApp providing end-to-end by default, access to pedophilic content is extremely simple. By suppressing these simple means of end to end encryption, the goal is to reduce the amount of people accessing them due to a higher entry bar.
What's concerning to me is that it renders anyone using encryption suspect, which includes pedophiles and narcotrafficants, but also activists.
Also, if we're only targetting pedophile networks, one option that comes to mind to me is the following :
Most of those images are known and have been circulating for a while. By hashing any sent images and comparing them to the checksum of known ones, one could easily flag suspicions senders and proceed to access the phones of those users. Does that seem feasible to you or am I missing something?
Well, if it is some gibberish between you and friends the state doesn't understand, they will have you silently and continually investigated by a pre-crime unit. You and your friends could be committing "thought-crime".
I have talked about it with a high-ranking french policeman. That person is mostly active in fighting sex-crimes on children, which is the angle I will mostly be referring to. From what I understood, it is very clear to them that even if these laws comes to pass, a good amount of criminal activities will move to other safer options. However, the general criminal is not technically competent. Currently, with WhatsApp providing end-to-end by default, access to pedophilic content is extremely simple. By suppressing these simple means of end to end encryption, the goal is to reduce the amount of people accessing these networks due to a higher entry bar.
What's of course concerning is that it renders anyone using encryption suspect, which includes pedophiles and narcotrafficants, but also activists and co.
Also, if we're only targetting pedophile networks, one option that comes to mind to me is the following : Most of those images are known and have been circulating for a while. By hashing any sent images and comparing them to the checksum of known ones, one could easily flag suspicions senders and proceed to access the phones of those users. Does that seem feasible to you or am I missing something?
It seems so, yes. While I do trust eff, it seems to me that their article barely skims over the explanation of why this is a problem, although the second one does mention the ability to arbitrarily decide what triggers the filters.
I would however like to point out that in France, the police cannot arbitrarily arrest people for more than 24 hours, after which they need an investigating judge's approval to prolongate detention. They also need those judges' permission to access a device. Free access to any channels of communication has never been on the table, but extrapolation of that technology to other kinds of governments with more liberal law-enforcement remains the obvious issue.
Still, I kind of fail to see how full privacy as a default is a necessity, if and only if it remains a possibility.
Furthermore, by using non open source messengers such as WhatsApp, we are blindly trusting Zuckerberg, a random dude who got lucky and rich and wishes to remain on good terms with Trump, to keep our data as safe and as unreachable as he pretends.
First, the French state has zero interest in access to these messages to help children. The proof: NEITHER the French police NOR the secret service investigate child abuse cases. The police only investigates them if they absolutely can't avoid it, because mostly people with access to children commit child abuse. You will find child abuse requires a child. In other words, who does that? Teachers, sports teachers and coaches and child welfare workers (sports clubs are almost exclusively government funded in France). The large majority of the perpetrators, of course, are government employees. Child services investigates child abuse cases, and WILL NOT get access to these messages. So there is zero intention to give access to messages in child abuse cases.
I mean how ridiculous is this argument. They want access to such messages to investigate child abuse cases, so they demand French spies, and tax investigators get access to everyone's messages ... Child abuse investigators are not even mentioned.
And it's not just that.
Next, France is famous in Western Europe for being one of the only EU countries where access to, uh, hentai comics, is legal and they're sold in newspaper stands.
If the French state cared about fighting sex-crimes on children they would fund taking care of the children they do "help", rather than catching criminals. Instead, this is what they do:
(at the very least they let it happen, but in practice they also hire people that will do this job at a very cheap wage because it provides access to vulnerable children)
Without fixing this FIRST, the only thing catching criminals will do, obviously, is make the situation of children worse. The French state fails this test.
The situation with French schools, both the immigrant situation AND the constant decline in teacher quality (for at least 3 decades now) show how much the state cares about children's future in general. Again, the state fails the test completely.
And I haven't even mentioned the refugee situation in Paris. Obviously that situation is producing a flood of child prostitution. Again, the state is showing itself unwilling to help children. Again, the French state is exposed as not doing shit to help children, or at the very least, they're totally ineffective.
So no, and sorry to state the obvious, but your suggestion is completely beside the point.
I would love to take the time to inspect your answer more thoroughly as soon as I have the time, but your premise is wrong. Most CSAM creators are neither teachers nor coaches, but parents i). The French state is not some cynical entre-soi that protects child abusers who are on their payroll. In my personal experience, which, while it isn't generalizable does prove the existence of consequences, I've come across three teachers accused of incorrect behavior with children ii). All three disappeared from the schools within months.
i)> Research suggests that a significant proportion of child sexual abuse material (CSAM) is produced and distributed by parents who victimise their children. An online convenience sample of 150 adult survivors of CSAM found that, of those abused by a single perpetrator, 42% identified their biological or adoptive father or stepfather as the offender; and of those abused by multiple perpetrators, 67% identified their biological or adoptive parents or step-parents as the primary perpetrators (Canadian Centre for Child Protection (CCCP), 2017). https://bravehearts.org.au/research-lobbying/stats-facts/onl...
ii) the first one had us do sexual education at age 9 and was gone five weeks after he began, the second had been on the radar for racism and was gone two months after complaints of staring at girls skirts, the third, a sport teacher, disappeared at the end of the semester for systematically correcting girl's stances while squatting and such. In the two last cases, the schools were relatively big and rumors of worse offenses were around, but I don't know if those were true.
It doesn't even need to be random. What if you send an instance of a proprietary file format? Is the company required to share the spec and toolchain so that the govt can verify it (probably) isn't an encrypted message?
Exactly - or encrypted payloads hiding inside standard image file formats. Basically steganography. If all you want to send is a small encrypted text message, it should be possible to hide that in a large image (encoding in the LSB or whatever) in just a small percentage of pixels so that it doesn't fail statistical tests and is indistinguishable from real noise.
In my home directory is a 4GB random file. I suggest you should do this too. Vary the filename to taste. Some suggestions: the name of any active drug market or cyber threat actor.
I came about a Google subscription which includes 2TB of storage. I filled it with crypto noise (ok, Gemini did it for me). I couldn't let it be unused. Will have to delete it when the subscriptions runs out.
I still don't understand the note that the companies can't decrypt the messages with e2e encryption. Isn't it as simple as a software update that says:
"If user = foo, then send the on device keys elsewhere"?
Or if those keys are part of a TPM, then a software update that just asks it to send in the decrypted messages?
Can judges not order this now, but can order decryption if the keys are stored centrally?
I wonder if for closed-source apps if governments can not just force the key collection the same way they would force decryption with centralized keys.
I remember a joke where a guy sent a joke to another via private message, and Xi Jinping laughed. It seems the government's mindset is the same everywhere.
Some people do not take no for an answer. This is bordering on absurd.
But on the other side what I miss is some explanation if forensic analysis helps here? Presumably the messages stay on a phone and you can recover them. If that is the case then it should be enough to fight the crime, i.e if you get a warrant to access the device then you can access messages, which I believe many would agree is fine.
Most EU politicians are aware of needing to lead from positions of deep unpopularity for the next 10-20 years, they're just setting the stage to have the tools to suppress dissent at their disposal. After encryption, my bet is on reduced rights to protest (see UK wanting to ban protests that repeatedly "cause disruption").
Yes, all the Mertz, Macron, Starmer and unelected Brussels ones have officially about 10-20% approval rating.
This is in fact mind boggling and I am still wondering how it is even possible.
My guess is most of those positive approval are boomers who watch TV and are less impacted by their policies because they own their house and receive their retirements, they are highly incentivised to keep the train going. Or people who directly benefit from their policies.
What I still can't explain is Trump can still maintain a much higher approval ratings with in a country with similar demographic profile, even after literally doing the exact opposite than he promised.
So my guess is the support for the current system and the people running it in Europe is probably less than 5% among the population who will still be around in 10-20 years.
So the current political system is literally levitating on a cloud of old people which is disappearing at a rate of about 10% per year.
So one way or another this is gonna get ugly.
Hello, I am French and, with many others, fighting this. It is still a fight - no law is enacted yet - and it is not the first time we have to fight this.
To state how utterly ridiculous these politicians are, ANSSI itself - the national cybersecurity agency- published a paper in 2016 clearly explaining why backdooring encryption in messaging apps is both dangerous and useless (https://www.developpez.com/actu/102152/France-l-ANSSI-se-dit...)
This position has been clearly restated in 2025 by Guillaume Poupard, a former highly acclaimed ANSSI boss and a cryptographer.
It's not clear that this would be a legal workaround. Even texting in rare languages, like those in Egyptian hieroglyphs, or perhaps Klingon, might warrant a knock on your door.
"The excessive increase of anything often causes a reaction in the opposite direction; and this is the case with freedom, which in a democracy often descends into anarchy... The excessive liberty of the individual in a democracy eventually leads to a desire for authoritarian rule, and out of that desire, the tyrant arises." - Plato's Republic
> Mass surveillance, of course, isn’t what the delegation is proposing. The fear isn’t that a French investigator will read every WhatsApp message.
French investigators won't care about every WhatsApp message. But they definitely will slurp them all up, process them all with AI, and read them whenever they have an interest. And they will deny they are doing this as they do this.
It'd be interesting (horrifying?) to see something that was once assumed secret go public. Imagine if all chats and payments eventually went public at some point... the Transparity, when nothing can be encrypted anymore so no one tries. Mankind becomes a unit - or it devolves?
With TON, perhaps altcoins will give way to micro coins - tailored especially for apps and their users/founders? ..for micropayments and running on AI infrastructure. Blockchain and AI infrastructure are already interchangeable in large part. So if transaction histories are exposed, the damage is limited. Startups won't look to IPO, they'll look to float a coin to make serious money. Binance did it. Polymarket next? Poly is dominated by Bitcoin as it stands.
I'm not sure if Ethereum tokens would be the same thing.
Lets pretend this happens, I am curious how it would work.
So a person in Canada messages someone in France who's WhatsApp is not encrypted. But the message from Canada is encrypted. Will the person in Canada's message have to be sent unencrypted ? Or will WhatsApp Canada need to allow France to break Canada's encryption ?
Personally I think it would be easier for these apps to ban people in France from using their service.
> "Perrin now offers a different framing. “Article 8 ter, which I had adopted, was not at all aimed at obtaining encryption keys but at introducing a ghost participant into a conversation before encryption,” he says. The “ghost participant” approach, sometimes called a ghost user proposal, was floated by GCHQ in 2018 and rejected by every major privacy organization, civil liberties group, and security researcher who looked at it. The idea is that the platform silently adds a third recipient, an invisible intelligence agent, to a supposedly two-person conversation. Users never see them. The encryption technically still works, except that one of the parties is the state."
And by the way, this article mentions other things already in place, such as being able to commandeer your device and spy on it without breaking encryption:
I find it fascinating that a country with citizens that are typically willing to protest in the streets at the drop of a hat don't seem to care. Is it that they aren't technically literate?
These sorts of laws have repeatedly failed to pass in Europe due to people protesting. The government just keeps coming back and trying again it seems.
I do think they care but you hit on a point. Governments just keep trying to force this and eventually wear down the resistance to it. They can try repeatedly as it only has to work once.
Yeah, this feels like an exploit used by many governments these days. You see the same thing in the US where the Republicans just keep filing appeals or lawsuits until they eventually get what they want. Over and over and over and over.
Governments should probably adopt some sort of "retry" limit for these things. Good luck getting that passed though I suppose.
That would just be abused by people who want to permanently enshrine a bad status quo. They'll file X really shitty, bad faith challenges, and when they all fail, everyone will be permanently stuck with a bad thing.
Imagine if women's suffrage failed 5 times, and hey, guess we'll never get it, 5 times is the limit.
It's because it doesn't break the political and financial careers of the people who do in the civil service and the politicians. Once it does, you'll see it is not repeated.
Prop 13 in California is an amazing example of this, known as a third rail political issue because it "kills" the politicians who attack it directly. It doesn't even approach even getting put up as a proposition or bill directly. It has a tight feedback loop because the most mobilized voting class, the olds, feel it immediately and the Howard Jarvis Taxpayers Association mobilizes immediately also. So they go for it on the sides, for things like commercial property, or complicated to understand inheritance and so on.
So if you really want to fight back and be effective, you have to (politically) destroy the careers of those who do.
Which are also known as right and left, respectively.
What, did you think right and left were arbitrary? The words are arbitrary, but the meanings are not. They correlate quite strongly with the material interests of the up and down.
... okay? I thought they were dead. What about the entire rest of the world that is left or right. We're not stuck between a choice of Staln (left), and Htler (right) - there are more reasonable people in the world, even more reasonable politicians.
That makes little sense if you know some basic political science, the EU is comprised of different political interest groups just like your country is.
Unless you literally belive everyone in the EU belive the exact same thing and there's zero disagreements what do ever.
Kind of, at least in France? Our privacy-nefarious laws have been passed by both left- and right-leaning governments. It seems that if there is something the elite agrees upon, it is that the plebeians should be kept in check.
It is true that "far-right politicians" had the most chance to be elected in the EU parliament but this is in fact insignificant.
How individual country influence the EU is there is an invisible battle on putting their people anywhere under the commissioners. There are a lot of career people you will never hear about yielding immense power there and from what I know they do not have a political affiliation how we understand it (left, right, etc.)
If you are a corporation or foreign actor and you need something from the EU you cannot care less about the people elected in the fake parliament. If your chance of influencing or blocking something is in the parliament, you already lost.
Most people have a hard time wrapping their head around this because we actually have a better understanding how the US political system works, individual EU countries or even the CCP.
The article is a lot more nuanced than the title or what most folks are discussing in comments. France has politicians voting in both directions and thus far the "keep encryption and enshrine it in law" side is ahead slightly.
> Senator Olivier Cadic, of the Centrist Union, secured an amendment to a separate bill on critical infrastructure resilience and cybersecurity that would do the opposite, writing encryption protection into French law and prohibiting any obligation on messaging services to install backdoors. The Senate adopted it in March 2025.
> His bill was examined in committee at the National Assembly in September and has been stalled since.
This article incorrectly implies that Telegram is end-to-end encrypted, by putting it in the same line as WhatsApp and Signal.
Telegram doesn't even try to be end-to-end-encrypted by default. WhatsApp claims to be end-to-end-encrypted, but it's not open-source, Signal is end-to-end-encrypted.
Open source would not help without the reproducible builds of Signal (I wonder who check them on each release?). And only builds like Molly include no binary blobs of Google [1], which could IMHO at least be used to extract some metadata. Leaving the OS still as a risk, even for Molly or Matrix clients. Even with transparency around linked devices, I would believe that few people would notice silently linked devices. Simplest thing is I guess social engineering which happened in a coordinated attack on Signal messagers of German politicians recently (I guess there should be an official signal app version not supporting linked devices for such people) [2].
[1] https://news.ycombinator.com/item?id=46081855 [2] https://www.politico.eu/article/hackers-attack-phone-of-germ...
Politicians should probably not use Signal but something that is controlled by the government and for example doesn’t allow „accidentally“ deleting incriminating messages.
If politicians would be effectively controlled by the government and not by some independent party those mysterious, oops, accidentally deleted it problems would increase.
> WhatsApp claims to be end-to-end-encrypted, but it's not open-source
And explicitly does not encrypt metadata.
Meanwhile NSA top brass publicly stated, "We kill people based on metadata."
I imagine in 2027 people will be getting killed over vibes.
Does make you wonder what kind of people they kill or how many. I can't think of a lot of crimes whose metadata warrants being killed for personally.
> I can't think of a lot of crimes whose metadata warrants being killed for personally
You're (literally) missing links then. If A is a high-value target that we look at closely (because they're a high-value target), what if B frequently contacts A? If C, D, and E always recieve messages from B immediately following A messaging B?
What about times? Is B messaging F at a consistant time, and never outside of that? Is A only messaging G, at a set time, with G's phone immediately being put into (ineffective) airplane mode immediately before and after?
Facebook built their business on the social graph, but the CIA's been at this for decades
Thanks for explaining. I guess we are talking about espionage or something like that. I've been so focused on the rise of domestic surveillance lately that I forgot about the noncitizen aspects. Which is ridiculous but at the same time, it does seem like a trillion dollar focus lately.
My examples are all based on the CIA and NSA playbook though, as it was the NSA director that said the quiet part out loud, explicitly, in front of Congress. The NSA is effectively America's red team, an offensive arm, meaning they (should be) focused on threats (percieved or otherwise) outside the country
The FBI has been much quieter about this though - there has yet to be a Snowden-for-the-FBI, though they would be one of the agencies I would fully expect to be doing similar work domestically.
As this becomes more well-known, I would expect state and county police to start looking into data and metadata as well. In some cases, they already are [0] - even if some aspects of that case are less relevant today (Google Maps no longer uploads location history, though cell tower trilateration is getting more accurate, not less).
It's far more prevalent than most people realize, though I invite you to consider which you'd rather have when building a second-by-second profile of a person's life: the message contents, or the metadata?
[0] https://www.wired.com/story/find-my-iphone-arson-case/
Metadata would be more powerful in 9 out of 10 cases. Message contents could be invaluable in some cases too. Interesting to think about
Isn't this already happening? It's why the war department uses ChatGPT and Claude to target drone strikes. It's why Anthropic had to make a public scene to pretend that wasn't happening.
In the dystopian novel Nineteen Eighty-Four, thoughtcrime, also known as crimethink in the official language of Newspeak, is the offense of thinking in ways not approved by the ruling Ingsoc party. It describes the intellectual actions of a person who entertains and holds politically unacceptable thoughts; thus the government of The Party controls the speech, actions, and thoughts of the citizens of Oceania.
https://en.wikipedia.org/wiki/Thoughtcrime
It's a great book! It does make you wonder what s future with neural link and data centers in every city looks like under a fascist regime.
> Meanwhile NSA top brass publicly stated, "We kill people based on metadata.
Can someone post a link to that?
Maybe just search for it and pick a source you trust. Take the search term "kill people based on metadata" and no noise comes up, just tons of articles about General Hayden's interview and related
Since you're too lazy to do even a precursory search:
https://youtube.com/watch?v=NSaGl2uO5w
telegram may not be end-to-end encrypted by default but it does support end-to-end encryption. the generous reading is that this encryption, if used, should be broken.
so as i read it the article doesn't suggest that all of telegram is end-to-end encrypted only that it has support for it.
Yes and the secret chats in telegram are super clumsy. Both parties need to be online at the same time for the key exchange, it only works on one device at each side. Nobody I know uses them.
I sent some people a password reset through them but half of them couldn't get their head around it.
So yeah while it has secret chats, they aren't very useful at all.
Seems to me we're going to have to let the anti-encryption mob have their way until things go wrong—bigtime. No amount of expert advice will convince them until they witness firsthand the negative consequences of weakening encryption.
It's only afterwards and as a consequence some highly newsworthy disasters occur such as a child abduction or political sex scandal involving a high profile politician come to light that the lay public will get the message that weak encryption is effectively no encryption.
In the meantime criminals will be early adopters of more sophisticated messaging such as steganography.
Would be nice, but you know they'll carve out exceptions for themselves or use "unauthorized" messaging channels regardless with no consequences. It is _always_ "rules for thee, not for me" with politicians.
I don't think I've ever seen a consequence (from a legislator's POV.)
If someone does a high-profile enough hack, that can only mean more laws and increased police power to target it.
This is generally my opinion on accelerationism as a solution to concerning trends:
https://thebad.website/comic/accelerationism
Yep, that's exactly right.
I think there’s no turning back in this kind of laws. What has been lost is lost. In France a lot of public databases were leaked recently. It cannot be undone
> until they witness firsthand the negative consequences of weakening encryption.
They won't be affected.
The hitherto invisible but very real wall between social classes is just going to become more visible for "First World" civilians the way it's been in "lesser" countries for decades already.
Actual "criminals" have always been able to get around all the restrictions ever put in place since the dawn of civilization, it's just the common folk that get trodded on and kept in their place.
> Seems to me we're going to have to let the anti-encryption mob have their way until things go wrong—bigtime.
Been there, seen that. That's how Pakistan got nuclear bomb. France was just making friends.
England gave Pakistan the nuclear bomb. Churchill's "greatest" idea
In most cases I think the revelation of a scandal involving a high-profile politician would be a good thing. (That is, better than it remaining secret.)
To be fair, the EU governments led the way to an unencrypted future with TETRA and the broken TEA1 encryption scheme. They're just giving back freedom and openness to the people now. /s
Weakening of encryption standards is much older than that.
Weakening of the DES encryption by US goverment in 1970s
https://en.wikipedia.org/wiki/Data_Encryption_Standard
The GSM encryption from 1990s
"Security researcher Ross Anderson reported in 1994 that "there was a terrific row between the NATO signal intelligence agencies in the mid-1980s over whether GSM encryption should be strong or not. The Germans said it should be, as they shared a long border with the Warsaw Pact; but the other countries didn't feel this way, and the algorithm as now fielded is a French design."
https://en.wikipedia.org/wiki/A5/1
So in France you will not be able to send your friend gibberish text that only you and your friend understand. Will they also ban the ability to make new languages that only you and your friends understand. Will they also ban whispering?
Or will they ban you from using something like https://github.com/filosottile/age to encrypt and armor text encode things you send inside of the non-encrypted chat?
echo "Am I doing something illegal, France?" | age -e -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p -a -
I have talked about it with a high-ranking french policeman. That person is mostly active in fighting sex-crimes on children, which is the angle I will mostly be referring to. From what I understood, it is very clear to them that even if these laws comes to pass, a good amount of criminal activities will move to other safer options. However, the general criminal is not technically competent. Currently, with WhatsApp providing end-to-end by default, access to pedophilic content is extremely simple. By suppressing these simple means of end to end encryption, the goal is to reduce the amount of people accessing them due to a higher entry bar. What's concerning to me is that it renders anyone using encryption suspect, which includes pedophiles and narcotrafficants, but also activists.
Also, if we're only targetting pedophile networks, one option that comes to mind to me is the following : Most of those images are known and have been circulating for a while. By hashing any sent images and comparing them to the checksum of known ones, one could easily flag suspicions senders and proceed to access the phones of those users. Does that seem feasible to you or am I missing something?
Yes, to protect the children ofcourse.
Well, if it is some gibberish between you and friends the state doesn't understand, they will have you silently and continually investigated by a pre-crime unit. You and your friends could be committing "thought-crime".
But I thought crime---
- He said thought crime! bots start firing the machine guns
When Loglan & Lojban are outlawed, only outlaws will use Loglan & Lojban. And Klingon.
But how can they be SURE that you are not a terrorist? Neuralink is the only option!
Unknown associations and free speech are too scary. Neuralink and continual surveillance for the win. Pre-crime units at the ready.
They've already banned religious and cultural freedom so why not?
I have talked about it with a high-ranking french policeman. That person is mostly active in fighting sex-crimes on children, which is the angle I will mostly be referring to. From what I understood, it is very clear to them that even if these laws comes to pass, a good amount of criminal activities will move to other safer options. However, the general criminal is not technically competent. Currently, with WhatsApp providing end-to-end by default, access to pedophilic content is extremely simple. By suppressing these simple means of end to end encryption, the goal is to reduce the amount of people accessing these networks due to a higher entry bar.
What's of course concerning is that it renders anyone using encryption suspect, which includes pedophiles and narcotrafficants, but also activists and co.
Also, if we're only targetting pedophile networks, one option that comes to mind to me is the following : Most of those images are known and have been circulating for a while. By hashing any sent images and comparing them to the checksum of known ones, one could easily flag suspicions senders and proceed to access the phones of those users. Does that seem feasible to you or am I missing something?
Aren't you just describing chat control in its original form, as proposed by the EU?
https://www.eff.org/deeplinks/2025/09/chat-control-back-menu...
https://csa-scientist-open-letter.org/FAQ
It seems so, yes. While I do trust eff, it seems to me that their article barely skims over the explanation of why this is a problem, although the second one does mention the ability to arbitrarily decide what triggers the filters. I would however like to point out that in France, the police cannot arbitrarily arrest people for more than 24 hours, after which they need an investigating judge's approval to prolongate detention. They also need those judges' permission to access a device. Free access to any channels of communication has never been on the table, but extrapolation of that technology to other kinds of governments with more liberal law-enforcement remains the obvious issue.
Still, I kind of fail to see how full privacy as a default is a necessity, if and only if it remains a possibility. Furthermore, by using non open source messengers such as WhatsApp, we are blindly trusting Zuckerberg, a random dude who got lucky and rich and wishes to remain on good terms with Trump, to keep our data as safe and as unreachable as he pretends.
First, the French state has zero interest in access to these messages to help children. The proof: NEITHER the French police NOR the secret service investigate child abuse cases. The police only investigates them if they absolutely can't avoid it, because mostly people with access to children commit child abuse. You will find child abuse requires a child. In other words, who does that? Teachers, sports teachers and coaches and child welfare workers (sports clubs are almost exclusively government funded in France). The large majority of the perpetrators, of course, are government employees. Child services investigates child abuse cases, and WILL NOT get access to these messages. So there is zero intention to give access to messages in child abuse cases.
I mean how ridiculous is this argument. They want access to such messages to investigate child abuse cases, so they demand French spies, and tax investigators get access to everyone's messages ... Child abuse investigators are not even mentioned.
And it's not just that.
Next, France is famous in Western Europe for being one of the only EU countries where access to, uh, hentai comics, is legal and they're sold in newspaper stands.
If the French state cared about fighting sex-crimes on children they would fund taking care of the children they do "help", rather than catching criminals. Instead, this is what they do:
https://www.rfi.fr/en/france/20250502-french-child-welfare-s...
(at the very least they let it happen, but in practice they also hire people that will do this job at a very cheap wage because it provides access to vulnerable children)
Without fixing this FIRST, the only thing catching criminals will do, obviously, is make the situation of children worse. The French state fails this test.
The situation with French schools, both the immigrant situation AND the constant decline in teacher quality (for at least 3 decades now) show how much the state cares about children's future in general. Again, the state fails the test completely.
And I haven't even mentioned the refugee situation in Paris. Obviously that situation is producing a flood of child prostitution. Again, the state is showing itself unwilling to help children. Again, the French state is exposed as not doing shit to help children, or at the very least, they're totally ineffective.
So no, and sorry to state the obvious, but your suggestion is completely beside the point.
I would love to take the time to inspect your answer more thoroughly as soon as I have the time, but your premise is wrong. Most CSAM creators are neither teachers nor coaches, but parents i). The French state is not some cynical entre-soi that protects child abusers who are on their payroll. In my personal experience, which, while it isn't generalizable does prove the existence of consequences, I've come across three teachers accused of incorrect behavior with children ii). All three disappeared from the schools within months.
i)> Research suggests that a significant proportion of child sexual abuse material (CSAM) is produced and distributed by parents who victimise their children. An online convenience sample of 150 adult survivors of CSAM found that, of those abused by a single perpetrator, 42% identified their biological or adoptive father or stepfather as the offender; and of those abused by multiple perpetrators, 67% identified their biological or adoptive parents or step-parents as the primary perpetrators (Canadian Centre for Child Protection (CCCP), 2017). https://bravehearts.org.au/research-lobbying/stats-facts/onl...
ii) the first one had us do sexual education at age 9 and was gone five weeks after he began, the second had been on the radar for racism and was gone two months after complaints of staring at girls skirts, the third, a sport teacher, disappeared at the end of the semester for systematically correcting girl's stances while squatting and such. In the two last cases, the schools were relatively big and rumors of worse offenses were around, but I don't know if those were true.
I'm starting to think we need to make encryption a protected class, so that we can label speaking against it as hate speech.
Let's start putting some of these politicians in jail for being stupid.
How about let's not vote for stupid politicians?
How will they know what's encrypted? Maybe I just like sending random sequences of bytes across the wire
It doesn't even need to be random. What if you send an instance of a proprietary file format? Is the company required to share the spec and toolchain so that the govt can verify it (probably) isn't an encrypted message?
Exactly - or encrypted payloads hiding inside standard image file formats. Basically steganography. If all you want to send is a small encrypted text message, it should be possible to hide that in a large image (encoding in the LSB or whatever) in just a small percentage of pixels so that it doesn't fail statistical tests and is indistinguishable from real noise.
I'm sure the judge will love your explanation.
In my home directory is a 4GB random file. I suggest you should do this too. Vary the filename to taste. Some suggestions: the name of any active drug market or cyber threat actor.
I came about a Google subscription which includes 2TB of storage. I filled it with crypto noise (ok, Gemini did it for me). I couldn't let it be unused. Will have to delete it when the subscriptions runs out.
I still don't understand the note that the companies can't decrypt the messages with e2e encryption. Isn't it as simple as a software update that says:
"If user = foo, then send the on device keys elsewhere"?
Or if those keys are part of a TPM, then a software update that just asks it to send in the decrypted messages?
Can judges not order this now, but can order decryption if the keys are stored centrally?
of course, nothing magically prevents the app from sending keys or decrypted content to a third party.
That's why if you're really serious about e2ee you have to install the app from source.
Yeah, makes sense.
I wonder if for closed-source apps if governments can not just force the key collection the same way they would force decryption with centralized keys.
I like to co-opt the expression: not your keys, not your privacy.
I remember a joke where a guy sent a joke to another via private message, and Xi Jinping laughed. It seems the government's mindset is the same everywhere.
Some people do not take no for an answer. This is bordering on absurd.
But on the other side what I miss is some explanation if forensic analysis helps here? Presumably the messages stay on a phone and you can recover them. If that is the case then it should be enough to fight the crime, i.e if you get a warrant to access the device then you can access messages, which I believe many would agree is fine.
I'll repeat this over and over:
Most EU politicians are aware of needing to lead from positions of deep unpopularity for the next 10-20 years, they're just setting the stage to have the tools to suppress dissent at their disposal. After encryption, my bet is on reduced rights to protest (see UK wanting to ban protests that repeatedly "cause disruption").
EU politicians are still more popular than Russian politicians.
Yes, all the Mertz, Macron, Starmer and unelected Brussels ones have officially about 10-20% approval rating.
This is in fact mind boggling and I am still wondering how it is even possible.
My guess is most of those positive approval are boomers who watch TV and are less impacted by their policies because they own their house and receive their retirements, they are highly incentivised to keep the train going. Or people who directly benefit from their policies.
What I still can't explain is Trump can still maintain a much higher approval ratings with in a country with similar demographic profile, even after literally doing the exact opposite than he promised.
So my guess is the support for the current system and the people running it in Europe is probably less than 5% among the population who will still be around in 10-20 years.
So the current political system is literally levitating on a cloud of old people which is disappearing at a rate of about 10% per year. So one way or another this is gonna get ugly.
I wonder if they remove encryption how can they ensure who are the authors. Will they still apply all the certificates?
Hello, I am French and, with many others, fighting this. It is still a fight - no law is enacted yet - and it is not the first time we have to fight this. To state how utterly ridiculous these politicians are, ANSSI itself - the national cybersecurity agency- published a paper in 2016 clearly explaining why backdooring encryption in messaging apps is both dangerous and useless (https://www.developpez.com/actu/102152/France-l-ANSSI-se-dit...) This position has been clearly restated in 2025 by Guillaume Poupard, a former highly acclaimed ANSSI boss and a cryptographer.
Time to teach all your friends how to use a one-time pad. Could be a fun hobby for those with the right inclination.
It's not clear that this would be a legal workaround. Even texting in rare languages, like those in Egyptian hieroglyphs, or perhaps Klingon, might warrant a knock on your door.
"The excessive increase of anything often causes a reaction in the opposite direction; and this is the case with freedom, which in a democracy often descends into anarchy... The excessive liberty of the individual in a democracy eventually leads to a desire for authoritarian rule, and out of that desire, the tyrant arises." - Plato's Republic
No fair, we didn't even get the fun anarchy part before skipping right on to tyrrany!
> Mass surveillance, of course, isn’t what the delegation is proposing. The fear isn’t that a French investigator will read every WhatsApp message.
French investigators won't care about every WhatsApp message. But they definitely will slurp them all up, process them all with AI, and read them whenever they have an interest. And they will deny they are doing this as they do this.
It will become more important over time - Telegram and the TON coin are reintegrating. So messaging surveillance is financial surveillance too? Price is going up too. https://x.com/BSCNews/status/2053046567930937817 Upgraded a month ago: https://x.com/durov/status/2042247948147241072
It'd be interesting (horrifying?) to see something that was once assumed secret go public. Imagine if all chats and payments eventually went public at some point... the Transparity, when nothing can be encrypted anymore so no one tries. Mankind becomes a unit - or it devolves?
With TON, perhaps altcoins will give way to micro coins - tailored especially for apps and their users/founders? ..for micropayments and running on AI infrastructure. Blockchain and AI infrastructure are already interchangeable in large part. So if transaction histories are exposed, the damage is limited. Startups won't look to IPO, they'll look to float a coin to make serious money. Binance did it. Polymarket next? Poly is dominated by Bitcoin as it stands.
I'm not sure if Ethereum tokens would be the same thing.
> […] something that was once assumed secret go public. Imagine if all chats and […] went public
I strongly suspect instead that you would see Polymarket-style insider trading by the few powerful people who have access to the secrets.
Yeah, you would also have to trust Poly staff and media outlets.
But also messaging platforms whereby wiretapping has never been so lucrative.
So what's the CEO of ____ saying about an IPO?
https://kalshi.com/markets/kxipo/ipos/kxipo-26
Time to get friendly with the 'tappers or become one oneself, right?
This news story is so pertinent.
Doctor Evil's secret AI prompt >> Train on messaging and then tell me the most lucrative bets in the prediction markets.
But not for French politicians and military, am I right?
Encryption for me not for thee?
Let’s start with the smartphones of politicians.
They already excluded themselves in the chatcontrol proposals. Typical.
Chat Control refuses to die.
Lets pretend this happens, I am curious how it would work.
So a person in Canada messages someone in France who's WhatsApp is not encrypted. But the message from Canada is encrypted. Will the person in Canada's message have to be sent unencrypted ? Or will WhatsApp Canada need to allow France to break Canada's encryption ?
Personally I think it would be easier for these apps to ban people in France from using their service.
They would have used the "ghost user" strategy.
> "Perrin now offers a different framing. “Article 8 ter, which I had adopted, was not at all aimed at obtaining encryption keys but at introducing a ghost participant into a conversation before encryption,” he says. The “ghost participant” approach, sometimes called a ghost user proposal, was floated by GCHQ in 2018 and rejected by every major privacy organization, civil liberties group, and security researcher who looked at it. The idea is that the platform silently adds a third recipient, an invisible intelligence agent, to a supposedly two-person conversation. Users never see them. The encryption technically still works, except that one of the parties is the state."
One of many simultaneous attempts all around the world:
https://community.qbix.com/t/the-global-war-on-end-to-end-en...
And by the way, this article mentions other things already in place, such as being able to commandeer your device and spy on it without breaking encryption:
https://community.qbix.com/t/increasing-state-of-surveillanc...
I find it fascinating that a country with citizens that are typically willing to protest in the streets at the drop of a hat don't seem to care. Is it that they aren't technically literate?
These sorts of laws have repeatedly failed to pass in Europe due to people protesting. The government just keeps coming back and trying again it seems.
What makes you think French citizens don’t care?
I do think they care but you hit on a point. Governments just keep trying to force this and eventually wear down the resistance to it. They can try repeatedly as it only has to work once.
Yeah, this feels like an exploit used by many governments these days. You see the same thing in the US where the Republicans just keep filing appeals or lawsuits until they eventually get what they want. Over and over and over and over.
Governments should probably adopt some sort of "retry" limit for these things. Good luck getting that passed though I suppose.
That would just be abused by people who want to permanently enshrine a bad status quo. They'll file X really shitty, bad faith challenges, and when they all fail, everyone will be permanently stuck with a bad thing.
Imagine if women's suffrage failed 5 times, and hey, guess we'll never get it, 5 times is the limit.
It's because it doesn't break the political and financial careers of the people who do in the civil service and the politicians. Once it does, you'll see it is not repeated.
Prop 13 in California is an amazing example of this, known as a third rail political issue because it "kills" the politicians who attack it directly. It doesn't even approach even getting put up as a proposition or bill directly. It has a tight feedback loop because the most mobilized voting class, the olds, feel it immediately and the Howard Jarvis Taxpayers Association mobilizes immediately also. So they go for it on the sides, for things like commercial property, or complicated to understand inheritance and so on.
So if you really want to fight back and be effective, you have to (politically) destroy the careers of those who do.
Prop 13, for those who don't know...
https://en.wikipedia.org/wiki/1978_California_Proposition_13
Has anyone else noticed a tendency of American users to turn every conversation that isn't about America into one about America?
It would be super neat to not see this turn into yet another conversation about American tax policy.
Maybe it's time for France to reconsider its relationship with the EU.
The French people did consider that, in the referendum on Maastricht. The politicians ignored the results
The French people typically elect far-right politicians to represent them at the EU level, so...
It's not about left or right, but up and down.
Which are also known as right and left, respectively.
What, did you think right and left were arbitrary? The words are arbitrary, but the meanings are not. They correlate quite strongly with the material interests of the up and down.
No, I'm referring to authoritarianism (up) and libertarianism (down).
Right, can we agree on "extremists" then? Takes the far-left, far-right, far-authoritarian and far-libertarian altogether.
Stalin & Mao would like to have a word with you.
... okay? I thought they were dead. What about the entire rest of the world that is left or right. We're not stuck between a choice of Staln (left), and Htler (right) - there are more reasonable people in the world, even more reasonable politicians.
That makes little sense if you know some basic political science, the EU is comprised of different political interest groups just like your country is.
Unless you literally belive everyone in the EU belive the exact same thing and there's zero disagreements what do ever.
Kind of, at least in France? Our privacy-nefarious laws have been passed by both left- and right-leaning governments. It seems that if there is something the elite agrees upon, it is that the plebeians should be kept in check.
It is true that "far-right politicians" had the most chance to be elected in the EU parliament but this is in fact insignificant.
How individual country influence the EU is there is an invisible battle on putting their people anywhere under the commissioners. There are a lot of career people you will never hear about yielding immense power there and from what I know they do not have a political affiliation how we understand it (left, right, etc.)
If you are a corporation or foreign actor and you need something from the EU you cannot care less about the people elected in the fake parliament. If your chance of influencing or blocking something is in the parliament, you already lost.
Most people have a hard time wrapping their head around this because we actually have a better understanding how the US political system works, individual EU countries or even the CCP.
Well I disagree.
This is France pushing this onto themselves?
> Is it that they aren't technically literate?
Few are, that is a huge part of it. Most have far more pressing concerns.
Liberté, Égalité, Fraternité.. et Surveillance-té
A public ballot should be held for this.
Governments act as kings.
The nazi drop more and more the mask. Yet most still not wake up...
BTW France already have
- https://gizmodo.com/france-bill-allows-police-access-phones-...
- https://www.medias-presse.info/une-nouvelle-loi-de-programma... can't find one in English
Plus
- https://fr.wikipedia.org/wiki/Loi_renfor%C3%A7ant_la_s%C3%A9...
- https://fr.wikipedia.org/wiki/Projet_de_loi_visant_%C3%A0_s%...
- https://fr.wikipedia.org/wiki/Loi_tendant_%C3%A0_renforcer_l...
Essentially China is already here.
They have let millions and millions of dangerous migrants to enter the country and they have the GALL to blame encryption for crime!
With the first link, the chain is forged.
We're into way many links already.
Isn't this the country that beheaded their rulers?
The big problem here is that Veracrypt development is done there if I'm not mistaken. Probably time to get back to trusted old TrueCrypt.
The world needs frontiers or stuff like this is the natural state.
To make the link with another very successful article on HN today: who is Franced rule by yet? By cyber-libertarians right?