Orion Holmes
SignalOur position remains clear. We will not back down on providing private, safe communications. We join with other encrypted messengers pushing back on the UK's flawed Online Safety Bill.
Michael Downey 🧢@signalapp @ocrbot eng
OCRbot@downey
Image 1:
To anyone who cares about safety
and privacy on the internet.
As end—to—end—encrypted communication services, we urge the UK
Government to address the risks that the Online Safety Bill poses
to everyone's privacy and safety. It is not too late to ensure that
the Bill aligns with the Government's stated intention to protect
end—to-end encryption and respect the human right to privacy.
Around the world, businesses, individuals and governments
face persistent threats from online fraud, scams and data theft.
Malicious actors and hostile states routinely challenge the security
of our critical infrastructure. End—to—end encryption is one of the
strongest possible defenses against these threats, and as vital
institutions become ever more dependent on internet technologies
to conduct core operations, the stakes have never been higher.
As currently drafted, the Bill could break end—to—end encryption,
opening the door to routine, general and indiscriminate surveillance
of personal messages of friends, family members, employees,
executives, journalists, human rights activists and even politicians
themselves, which would fundamentally undermine everyone’s
ability to communicate securely.
The Bill provides no explicit protection for encryption, and if
implemented as written, could empower OFCOM to try to force the
proactive scanning of private messages on end—to—end encrypted
communication services - nullifying the purpose of end-to-end
encryption as a result and compromising the privacy of all users.
In short, the Bill poses an unprecedented threat to the privacy,
safety and security of every UK citizen and the people with whom
they communicate around the world, while emboldening hostile
governments who may seek to draft copy—cat laws.
Image 2:
Proponents say that they appreciate the importance of encryption
and privacy while also claiming that it's possible to surveil
everyone's messages without undermining end-to-end encryption.
The truth is that this is not possible.
We aren’t the only ones who share concerns about the UK
Bill. The United Nations has warned that the UK Government’s
efforts to impose backdoor requirements constitute "a paradigm
shift that raises a host of serious problems with potentially dire
consequences".
Even the UK Government itself has acknowledged the privacy risks
that the text of the Bill poses, but has said its "intention" isn't for
the Bill to be interpreted this way.
Global providers of end-to-end encrypted products and services
cannot weaken the security of their products and services to suit
individual governments. There cannot be a "British internet," or a
version of end—to-end encryption that is specific to the UK.
The UK Government must urgently rethink the Bill, revising it
to encourage companies to offer more privacy and security
to its residents, not less. Weakening encryption, undermining
privacy, and introducing the mass surveillance of people's private
communications is not the way forward.
Signed by those who care about keeping our conversations secure:
Matthew Hodgson, CEO, Element
Alex Linton, Director, OPTF/Session
Meredith Whittaker, President, Signal
Martin Blatter, CEO, Threema
Ofir Eyal, CEO, Viber
Will Cathcart, Head of WhatsApp at Meta
Alan Duric, CTO, Wire
Semmelstulle@Semmelstulle
Couldn't find any media.
Contact the admin () for assistance.
For further information, check https://github.com/Lynnesbian/OCRbot/blob/master/README.md#Errors
Couldn't find any media.
Contact the admin () for assistance.
For further information, check https://github.com/Lynnesbian/OCRbot/blob/master/README.md#Errors
laxsill@signalapp do you have a statement on the EU proposal Chat Control? sorry if I've missed it
Meredith Whittaker
Alex@signalapp thank you!
James Bilsbrough@signalapp do you have a PDF of this I could use to write to my MP?
j@jsbilsbrough @signalapp maybe you can "print" it from @threemaapp 's blog?
Sven (Der Cybär)@signalapp thank you so much 😃
Paul Wilde 
:dontpanic_nobg:@signalapp This whole situations is bonkers in the UK, yet another display of how the government (and media for that matter) hugely misunderstands technology.
Sure, ban E2EE on BigApps (no, seriously, don't do this) but are they really going to come after me for running an E2EE enable Matrix/XMPP server that I use to communicate with others who also run their own servers? I don't think so.
To BigApps like you, @signalapp , I say do as @Tutanota say they will and simply not comply.
https://tutanota.com/blog/posts/uk-undermine-encryption
Sure, ban E2EE on BigApps (no, seriously, don't do this) but are they really going to come after me for running an E2EE enable Matrix/XMPP server that I use to communicate with others who also run their own servers? I don't think so.
To BigApps like you, @signalapp , I say do as @Tutanota say they will and simply not comply.
https://tutanota.com/blog/posts/uk-undermine-encryption
Michael@paul @Tutanota @signalapp this is quite a noble stance, but doesn’t this put them in the spotlight for fines / prosecution? the way i understand it, it’s a criminal offense to not be able to provide cleartext data to the uk ofcom. no one said blocking is the first or only method that the government is planning to crack down on them
@mzhang @Tutanota @signalapp I agree, a fine may be threatened but I don't see any penalty being enforceable legally.
I was using blocking as an example, and to be honest I see this whole government debate going nowhere. Just a lot of noise for the sake of it.
is it really a criminal offense to not provide cleartext data to ofcom? OK, if the data is clear text already then OK. But are you saying a service provider has to decrypt encrypted data before sending it to ofcom if requested? Or is just sending the encrypted data acceptable?
I was using blocking as an example, and to be honest I see this whole government debate going nowhere. Just a lot of noise for the sake of it.
is it really a criminal offense to not provide cleartext data to ofcom? OK, if the data is clear text already then OK. But are you saying a service provider has to decrypt encrypted data before sending it to ofcom if requested? Or is just sending the encrypted data acceptable?
Mark Wieczorek@signalapp If signal didn't require a phone number to use, then the UK government wouldn't be able to enforce this law ! Will signal ever move away from requiring a phone number?
Pigmented Pixie@mrak @signalapp Phone numbers are the only way to make Signal user friendly and gain a 'network effect'. Without them Signal wouldn't have taken off. Also such metadata is encrypted along with messages (I think!)
always tired (moved to chaos)@pigment @mrak @signalapp Would also be possible if there were random ids as primary key and an _optional_ feature to network via phone numbers
Dima Pasechnik 🇺🇦 🇳🇱@pigment @mrak @signalapp
I don't think phone numbers are crucial - email is good enough for setting up everything needed.
I don't think phone numbers are crucial - email is good enough for setting up everything needed.
Doug Webb@signalapp Issue clause seems to be 98(4):
"(4) A person commits an offence if, in response to an information notice, the
person—
(a) provides information which is encrypted such that it is not possible for OFCOM to understand it, or produces a document which is encrypted such that it is not possible for OFCOM to understand the information it contains, and
(b) the person’s intention was to prevent OFCOM from understanding such information."
https://bills.parliament.uk/publications/49376/documents/2822
lenny_@douginamug soo if I send a pgp encrypted message via a messenger, the service provider would commit an offence because they didn’t decrypt it?:D
@lenny_ I guess that's where the concern comes from.
Perhaps the provider causes an offence by allowing encryption. Or perhaps you as a user get served the information notice, and you cause an offence by not decrypting!
Andreas M. Heitmann 
@signalapp @GambaJo Your service demands a phone number and therefore it is not secure at all...
Orca 🌻 | 🎀 | 🪁 | 🏴🏳️⚧️@Orca @GambaJo @signalapp Yeah but with the phone number authority has access to a LOT of data including movement profile. The fewer data you give, the better. In some countries, it can mean life or death. Or at least it can coat one's freedom...
Christian de Larrinaga@signalapp I fully support this commitment to keep users ability to secure their communications. It is dangerous to national security let alone to the safety of millions of citizens, especially the vulnerable including children to weaken online encryption.
Chris Gerhard 
@signalapp thank you
Rick Sanchad@signalapp Umm in Australia they have a very similar ridiculous law called the "assistance and access" bill where you as a communication provider upon request are "compelled" by Australian law to decrypt encrypted communications. Am I correct in this? But as an American company... Do you have to? Or will you hand over messages if compelled? Do you stand against that also and have you ever received a TCN/TAR or complied with them?
Jay Tea Moriarty@signalapp i trust you saw this @mori ? All praise Signal.
R(i)SK@signalapp
Thanks for standing up against this!
Thanks for standing up against this!
Ben Keith
joene 🏴@signalapp Make it possible to use Signal without a phone number. I think you promised that a long time ago, but maybe I'm wrong. Anyhow, just do it.
Wikinaut@signalapp please restart the quality of the voice notes
Paranoid Factoid@signalapp I'll take Element instead.
Ryan@signalapp thank you
shadow_absorber@signalapp so weird that so many countries and governments want to take actions that will most likely affect all of the citizens in the entire world not just their own without second thoughts from their own people
maiamaia@signalapp I believe child abuse should be trackable and free speech safe. I propose all text to be secret and all pictures to be open & available to police. Free speech needs text. Child abuse needs pictures & videos.
Adam Beer (old account)@maiamaia @signalapp Congratulations, now people will encode CSAM into Base64 and send it via text. Data is data.
@adambyte @signalapp most paedophiles won't manage that, like me they won't know what it is, and it'd therefore stop grooming & getting kids to send naked selfies etc, it'd also end revenge porn - well, you'd soon know who the suspect was!
WildCat (Archived. Moving)@signalapp Looks like the UK government does not like real freedom.
runarcn@signalapp You know shit is serious when even Meta joins in
[384992] Ellie Winters 
@signalapp best decision honestly
thank you for not listening to our government and continuing to keep ur end to end encryption
April@signalapp no alt text?
Crazy Pony@signalapp Hello Signal
Does this "Join" also mean interoperability, like i could message a user on Signal if i use myself XMPP for example?
Gareth Kitchen@signalapp Can I just wholeheartedly apologise about this. The UK is currently broken and citizens are working hard to resume normal service by Autumn 2024, latest.
Cabeceo_Queen@signalapp
I believe energy companies have already been heavily influenced by govt to penalise those using #VPN services. Some of the larger online retailers too.
I believe energy companies have already been heavily influenced by govt to penalise those using #VPN services. Some of the larger online retailers too.
forsgren@signalapp Are you doing the same regarding Chat Control in the EU?
INPC@signalapp Boom selecta