Signal to leave Sweden if backdoor law passes (opens in new tab)

In fact, they are negative because they say that this can't be done without opening up the service to vulnerabilities that could be used by others.

> I ett brev till regeringen skriver Försvarsmakten att lagförslaget inte kommer kunna förverkligas ”utan att införa sårbarheter och bakdörrar som kan komma att nyttjas av tredje part”.

> In a letter to the government, the Swedish Armed Forces writes that the legislative proposal will not be able to be implemented "without introducing vulnerabilities and backdoors that may be utilized by third parties."

Makes sense, the entire point of Signal is no backdoors. If you add one, you might as well make the app illegal.

The NRL originally developed onion routing and Tor. It was then open sourced, stewarded by the EFF for a few years, before becoming its own non-profit. The NRL still do a ton of work on Tor and its ecosystem, primarily through academic research and occasionally code, though the Tor Project is obviously now the biggest player in the space. The original motivation was to enable communicating with covert assets (intelligence services and the like) overseas, which requires lots of non-military cover traffic to be useful, hence the opening up. Its popularity as an anti-censorship tool has motivated a lot of the continued support from various US agencies, including the NRL. Really though, the NRL is a largely civilian institution, and while the people who work there do work for the military, they aren't typically enlisted, have limited security clearance if any, etc. It's sort of like the Navy's version of Microsoft Research, or Bell Labs.

Militaries need intelligence services to be their eyes and ears. That said, most people who are not in their country's armed forces, government, or intelligence service vastly overestimate how much another country's intelligence services actually care about them. Most people aren't that interesting and don't have any intelligence value for another country's government.

US Navy research labs developed onion routing and the core of Tor

arguably, one of the reasons it was released to the public was to get large amounts of traffic using onion routing. because if it's just 50 data steams that are entirely ONI or NSA then it's easy to hit them with timing attacks.

but 2+ million streams from all over makes it a lot easier to hide.

And SELinux was given to us by the NSA.

They're not using/advocating to use Signal for their military control/communication:

> This week, Brigadier General Mattias Hanson, the Swedish Armed Forces' CIO (Chief Information Officer), decided that calls and text messages that do not concern classified information should, as far as possible, be made using the Signal app. The decision aims to make it more difficult to intercept calls and messages sent via the telephone network.

https://www.forsvarsmakten.se/sv/aktuellt/2025/02/forsvarsma...

Seems people were using SMS for those messages they are now advocating to use Signal for.

Also, seems they've done a review (obviously) but unclear if they had access to something internal from Signal to do the review, feels like they had to:

> The Signal application has been deemed by the Swedish Armed Forces to have sufficient security to make it difficult to intercept calls and messages.

Any decent military will be using multiple forms of communication systems.

I was a communications specialist for the Swedish Armed forces 10+ years ago, including a tour in Afghanistan and a tour in Kosovo.

We used radio links for internet that I can tell you, were more adversarial than friendly.

The Swedish military is highly capable when it comes to network communications. A small nation will have to think differently.

You could potentially use an instant messaging system in control by someone else, if you are willing and capable of sharing encryption keys with whomever you are going to communicate with beforehand.

Is Signal hosted in just 1 country?

Yeah, the Social Democrats, whose member she is

They also have a social engineering attack using the Linked Devices features, which was on the front page of HN recently.

It will be waring factions within government (which is never unitary in any country) --- here these laws/proposals/etc. probably come from domestic spying agencies and police forces in most countries. I suspect that signals intelligence agencies and offensive forces have probably mostly moved to "encryption is good" stance given the number of foreign attacks upon domestic assets (gov, biz, etc.).

However, we shouldn't underestimate the desire for foreign intelligence agencies to bait one's own domestic agencies into "spying for them". So i imagine there's some pressure from, eg., the US sigint agencies to have the EU compromise EU citizens in ways that even those very agencies may today not wish to compromise their own.

At a complete guess, I wouldnt be supried if, eg., the NSA (, CIA, et al.) were goading EUROPOL which was demanding domestic anti-encryption laws.

As an empirical matter, encryption makes agencies like EUROPOL's jobs extremely difficult -- i imagine also because they probably struggle to get coop from domestic police forces, so cannot easily do "the physical police work necessary" to get device access.

In the end, I imagine we'll have china to thank for the end to this nonesense -- since any backdoor will immediately be a means of mass corp/gov espionage.

I think it's part ignorance, part exceptionalism. Backdoors sound simple, and if you're thinking about physical backdoors people are generally pretty good at protecting them. That this is largely because they have a lot of characteristics not shared by digital backdoors is easily lost on most people. These folks also tend to believe that THEY will be perfect stewards of backdoors, and anybody who loses control of them is just less competent.

as a general rule countries that succeed with a policy of neutrality do so by having their military strong enough that they're mot worth fucking with.

What's funny is that it's other EU laws from totally different parts of government which are, at the same time, pushing to allow for side loading of apps and alternate app stores on iOS and Android.

https://www.google.com/search?q=apple%20eu%20alternative%20a...

The end result of which, if done at large scale, means that an EU government couldn't ban signal, short of forcing all its domestic ISPs to be downstream of a China type great firewall, or simply null route all the IP space where signal's servers are located.

You don't need to get Signal from an app store (unless you're on iOS I guess)

There are only a few instances where institutional powers pass judgements that they cannot enforce. Generally doing so makes that institution look weak because it puts them in a position to have their rulings openly flouted. That's at the core of what jurisdiction means.

Sweden can fine Signal all they want but if they can't enforce the collection, they weaken their power and foster disrespect.

Not familiar with Swedish law, but in most of the world the courts have a concept of jurisdiction. Otherwise a small country could just fine Apple $1T and solve its budget woes, and probably build a giant waterslide.

I would be surprised if Swedish law allowed for prosecuting a foreign company with not one bit of operations in the country.

> I keep seeing this idea that because a company is headquartered in some place, means they don't have to follow the laws of the countries where they operate.

My friend's medium size regional ISP is headquartered in the US and as a hosting company certainly has customers who violate any number of censorship, blasphemy, etc laws in Iran, Russia, Myanmar, Pakistan, Bangladesh, just to name a few.

Signal doesn't "operate" in Sweden any more or any less than any other internet based service which has zero servers, offices, bank accounts or other physical presence in the country.

> they operate?

How are they operating? It might as well be viewed as citizens of Sweden interacting with a foreign service out of their own volition.

In general, laws are backed up by the threat of violence. To the extent that Sweden's police can't confiscate Signal's assets in the US, they do not have to comply with anything. The only leverage Sweden's government may have is ISP level censorship, which is likely to cause unintended disruptions. Signal is in turn free to attempt to circumvent the censorship.

Having to build local alternatives probably had a positive impact on China's software industry. We're at a point today that major Chinese software/tech companies are routinely talked about on nightly news.

Would you want to be reliant on American companies right now?

Let them. If you bend you reduce the options for people who do not want that.

i did not read the book but i did read the news when google gave up on serving censored search results in china

Well, only some claim to "remain committed to offering our users the highest level of security for their personal data" while turning off E2EE cloud storage for an entire country.

No, some of them don't even bother pretending they care about your privacy.

> Most of this is being done to address the increasing terrorism threat we now face on a daily basis. Freedoms really only work in societies where people broadly share the same values and cooperate, but European societies are fragmenting and increasingly becoming less safe and less tolerant. If we want to do something about this then restricting freedoms is probably going to be required to some extent.

Or you could undo the changes that have caused that decline in social cohesion. People don't share the same values because our governments have been non-stop importing people with radically different values. Values which see it as a positive to end the lives of those who don't agree.

> Another theory I have is that this could just be a symptom of an older and more female voter base.

That voter base does vote more for the established parties and their policies that have gotten us into this compared to the population at large, yes.

Glaring example supporting the first hypothesis is that Denmark reinstated blasphemy laws in 2023. https://en.wikipedia.org/wiki/Blasphemy_law#Denmark

Step 1: allow a million people from low trust societies to immigrate to a nation of 10 million in a short span of time.

Step 2: Sweden becomes the gun crime capital of Europe.

Step 3: Change your society to a low trust society, dismantling all the wonderful things social services and liberal institutions.

> European bureaucrats generally have little understanding of the technology they get paid to regulate

I'd agree with you if you just put "bureaucrats" instead of European bureaucrats, what country isn't currently led by a bunch of bureaucrats who don't seem to understand even the basics of the technology they legislate about?

I've yet to seen a country to lead the way, no wonder the rest of the countries don't seem to know what to do and just throwing stuff at the wall.

The politicians voting on it might not fully understand but the people pushing the regulation absolutely do. They want a popultion that hears and sees only what they want to.

Bullshit. Crime gangs had myriad of ways to hire youth before. There could be other ways to make sure there’s no huge pool of youth waiting to be hired. But that may be politically too hard.

In Russia Internet censorship went in ten years from "we need a legal framework to block websites with child porn on a court order, why are you against it, are you a pedophile" to blocking everything that doesn't speak complimentary of the government without leaving any paper trail at all.

The reasons mostly are "they are all owned by elites whose names you're not allowed to even know and who would like to keep the serfs docile and ignorant".

This made me immediately picture all of my 40 plus friends and colleagues and... Its completely accurate. Aging slippers-and-tea Brits in comfortable office jobs with very little mortgage stress and a lot of time to virtue signal on facebook are some of the most useless, autopilot zombies the human race has ever seen

Things would improve dramatically if everybody who lives off the state (including pensioners) couldn’t vote.

In some European countries public money has turned into a pretty transparent way of buying votes. These votes are used to make sure nothing ever changes.

> Matrix experimented with the concept of running a server on-device

https://arewep2pyet.com/

But it is not encryption if it can be broken. It's like guns, but they can remotely disable them with devices planted in each.

Actually, they are totally clueless many of them.

Also only possible because we use Signal as compiled by themselves and not by trusted third parties from a source kept clean of any future client-side backdoors. The client is open source, right? https://github.com/signalapp

(Reproducible builds is a cool technique.)

> to own an object means to subject it fully to your own will

Not by a long shot. Just a few counterexamples from the top of my head: Destroying currency, altering passports, reproducing copyrighted images.

I'm not saying I'm a fan of even more exceptions of that kind, but I don't think there are any particular inherent rights arising from property ownership beyond from what society agrees on there are (e.g. the first sale doctrine for physical media). That's what makes it even more important to codify these rights.

You don't need to run the server to backdoor the client. You just need access to push updates to the client. It doesn't matter who runs the server.

> You are hinting at something important here. Let me strengthen your point: to own an object means to subject it fully to your own will.

Let’s explore that.

If the law says I can’t ride my motorcycle the wrong way down the street, does that mean I don’t own it?

What about if we add traffic cameras that absolutely guarantee I will be prosecuted?

What about it if we add a black box that reports transgressions automatically to the authorities?

What about if the black box automatically cuts power to the engine?

I don’t think ownership is a binary using your criterion, or perhaps it’s simply that different people will put the dividing line in different places.

There’s no warrant protection in this bill. They want to keep a copy of everyone’s data so they can look back at old stuff after the fact.

Even if there was warrant protection, I’d still be against it. People have traditionally had the right to speak to each other without giving a transcript to the police. I think it’s unreasonable to make that illegal.

That is a significant hurdle. They have to do it for each individual target, show up in person and each case can be contested in court.

Scalable surveillance is different, just as scalable weapons are different.

Or, for that matter, analog correspondence or notes can absolutely be subpoened in many sorts of court proceedings, including civil.

Legal protections are great and everything, but if I had to choose between abstract legal protections or concrete protections based on physical properties, I'll choose the later every time. Obviously both is ideal, but I'd use encryption for most of my correspondence regardless of my levels of legal protection.

>The issue with Apple caving to UK demands regarding encryption

Apple "caving" would've looked different; in fact, we probably never would have known, given the insidious nature of the underlying statute in the UK.

Apple is making noise about the fact that they pulled the product, and the tech press is making it clear WHY even though Apple itself is legally prohibited from giving any additional context.

I feel like that was probably the best move available to them given the cards dealt. Fighting in secret courts is unlikely to be fruitful.

> It may be wrong, but it proves that technology can't beat politics and policy.

It very much can. In a battle between human force and physics, physics win every time. If I send an encrypted email to you, you have the choice to not give up the key, even if you'll be in jail. With physical letters, you don't have this option. Technology gives you the ironclad ability to keep a secret, only limited by the fortitude of your character.

> technology can't beat politics and policy.

It often only can't in a world of mandatory centralized app stores. That's not the only possible world.

> It may be wrong, but it proves that technology can't beat politics and policy.

There's definitely a strain of thought which perceives almost everything in society as being outcroppings of the progress of technology (however you define that), and especially in the 1990s imagined/expected everything to fall over under the mantle of "information wants to be free" etc.

I think you're right that this is an intellectual dead-end. Many of us lived through the 90s hype wave and into now, and have watched things take a complete circle. The Internet didn't transform society into utopia, the real-world dystopia transformed the Internet into a high definition image of itself.

Did Apple cave to UK's demands? I thought instead they removed their product from the market, like Signal.

We're talking about companies though, not technology. Something like Bitcoin or BitTorrent can be regulated, but not stopped.

The antidote to XKCD 538 can be steganography. They won't beat you with a $5 wrench if they don't suspect you of doing anything at all. End-to-end encryption can become illegal, but as long as you can run arbitrary code on your machine, you can hide and decode messages with steganography. JavaScript can do the job, so even locked down mobile devices will work if you go to CodePen, JSFiddle, JSBin, etc.

Steganography isn't some magic shield to avoid surveillance though. If authorities are already monitoring you for some other reason, then they can burn a zero-day exploit and see anything you do on your device. And if your entire city is covered in cameras with facial recognition, well... you can have your secret messages but I don't know what kind of resistance you're going to be putting up. So to some degree you're right that you can't fully ignore policy and politics.

Not sure how to get most of the public to care though. I get most people have more immediate concerns in there lives, and crime is a legitimate issue, but even a cursory knowledge of history will show the hell life can be under authoritarian governments. I think far too many people think "it can't happen here", which seems insane considering how often it has occurred even in liberal democracies (Spain, Portugal, Germany, Italy, Argentina, Chile, and many more.) In less liberal and less stable democracies, it has happened even more times. I'm not sure why people have some unfounded faith that their government could never become authoritarian and oppressive.

I'm not saying take down every CC camera and get rid of intelligence agencies -- they are important tools for fighting crime. But there's a difference between a few traffic cameras and CC cameras in places people would presumably commit a crime, and burning targeted exploits for surveillance of truly notorious criminals, and just mass surveillance through banning end-to-end encryption. With zero-day exploits, the government is inherently limited in the surveillance they can do, so it's a limiting factor on their potential for abuse, as the more they use it, the more likely they are to be discovered and patched. But with no end-to-end encryption, the potential for abuse is limitless.

Yes, because we largely don't have Free Software.

> If there is a free software license, it’s of no direct use to them.

It's of indirect use; they could use a modified version of the software that does what they want, created by someone else. This is why you generally don't see user-hostile features in Free Software; someone would just fork the project and edit them out.

I can speak for german law: If you buy something, it becomes your property, and you have full power of disposal ("Verfügungsgewalt") over it. If vendors deny you from exercising this right, they are violating their part of the purchase contract.

OP is not out of touch, OP is literally saying that this is happening and that it is a bad thing.

> Personally, I'd only trust a governmental agency to provide such services,

I can't see why you'd say that.

Governments (and private corporations) are not operated to faithfully serve the public, certainly not the public as a set of individuals and small groups of people. It's not that "government services are bad", but rather, than governments, even democratically-elected ones, are practically certain to wiggle out of the straightjacket of strict protection of individual needs and interests for legitimate or illegitimate "greater good"; specifically, they will not resist the desire and the interest to spy on you. And the potential for government abuse of private information is quite high.

A government run social anything would be the most milquetoast experience, wouldn't it?

I suppose if I needed to make sure there was a public immutable record of something it would be useful. Like "I made this thing no later than this post"

But who would use it?

"Personally, I'd only trust a governmental agency to provide such services" I understand where you're coming from, "the ultimate goal of a company is to profit and so we can not trust it to protect their users/consumers interests instead of their own" but... you know that it is always the government that will put you in prison, or send you to war right? That it is a blob of power, controlled by people right? This goverment = good that you see people believing these days is such a childish view of reality.