this post was submitted on 08 Jul 2026
617 points (98.7% liked)

Lemmy Shitpost

40751 readers
4226 users here now

Welcome to Lemmy Shitpost. Here you can shitpost to your hearts content.

Anything and everything goes. Memes, Jokes, Vents and Banter. Though we still have to comply with lemmy.world instance rules. So behave!


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means:

-No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...

If you see content that is a breach of the rules, please flag and report the comment and a moderator will take action where they can.


Also check out:

Partnered Communities:

1.Memes

2.Lemmy Review

3.Mildly Infuriating

4.Lemmy Be Wholesome

5.No Stupid Questions

6.You Should Know

7.Comedy Heaven

8.Credible Defense

9.Ten Forward

10.LinuxMemes (Linux themed memes)


Reach out to

All communities included on the sidebar are to be made in compliance with the instance rules. Striker

founded 3 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] TootSweet@lemmy.world 37 points 2 days ago (2 children)

Jesus. I'm not in the EU, but how is this the first I'm hearing about this?

Time to go back to email and GnuPG.

[–] gandalf_der_12te@feddit.org 7 points 2 days ago* (last edited 2 days ago) (1 children)

yeah i keep thinking, we're not getting around the law. we have to get around an effective implementation though by using 3rd party platforms, i.e. ones that don't conform to legal pressure.

[–] tux7350@lemmy.world 2 points 2 days ago (1 children)

But the central service for those keys is only sharing the public key. Only the recipient can decrypt the message.

The only information it would give out is "this IP downloaded this public key". Which can easily be covered up with multiple downloads from different IPs. You really only need to do this once per recipient too, once you have the public key you can just always keep a copy.

Shit, if your already using GnuPG, encrypt a file that's got all your friends public keys. When you need to send a message, decrypt your file and grab the key you need.

[–] TootSweet@lemmy.world 1 points 1 day ago (1 children)

It's true that the public keys aren't sensitive and nothing is compromised (in fact, it's recommended) if the public key is available from, say, a key server.

But MITM is always a concern. Public-key encryption is supposed to mitigate that by ensuring that any third-party listening in in the middle can only get the ciphertext and cannot derive the plaintext of the communication.

But, if a jurisdiction legally forces a rule like the "we get to snoop on everything" one in this law, it changes things. They could, for instance, force key servers to to only give out keys that are generated/controlled by the EU agency so that they can MITM to their heart's content. My guess at Aniki's thought process is that if there's a central distributor of keys, that can be legally strong-armed into bad things, but the people you've talked directly to are a different matter. "Web of trust" as it were.

I do think there are probably better ways to deal with that than what Aniki's getting at, though. If you have Alice's public key, you can verify signatures she generated, and you can be sure (hand-waves, rubber-hoses, caveat emptor, blah blah blah) that if you have a valid signature signing Bob's public key with Alice's private key, Alice vouches for that specific public key being authentically Bob's public key.

Now, if you only ever get public keys from a small set of (compromiseable) central key servers, then the very first public key you get could be compromised and any other signature generated from the associated private key could be forged by an adversarial party (like the EU.) And theoretically the EU could generate a whole counterfeit web of signatures. So there's benefit to having at least some of the public keys you trust come directly from the one who generated the key through a known-secure channel.

Before this law goes into effect, (maybe) we can trust at least some of the signatures in public key servers and use those as a basis for secure communication from which we can create a pool of known-uncompromised (qualifier, caveat, tin hats, etc) public keys, and based on those (maybe) detect forgeries and such.

(Mind you, I don't know the details of this law or whatever. It might be that the law as written will require, say, GnuPG to introduce backdoors. Not that I think they should, no matter what the law says, but it might be that the EU isn't really likely to engage in quite the lever of subterfuge that I've outlined above. It might be more of a blatant "fuck you, we're the government and you're going to comply" approach than a sneaky-sneaky trick-everybody-into-thinking-they've-got-security-they-don't approach.)

[–] locahosr443@lemmy.world 1 points 1 day ago

Yeah they could MITM to give false keys so they can decrypt before sending on again using the real key, but if that's what they want to do then it would be much more effective at monitoring people who are actively engaging in protecting their communication do just do that quietly rather than this circus.

This is probably more a combination of boomer levels of technical understanding and incrementally shifting the norm away from any expectation of privacy.

[–] Tryenjer@lemmy.world 19 points 2 days ago* (last edited 2 days ago) (1 children)

Because they're trying to suppress the public reaction.

You won't hear about this on prime-time TV news, and it’s even censored on some more popular parts of the internet, like Reddit.

[–] gandalf_der_12te@feddit.org 5 points 2 days ago (2 children)

nah i just think that lots of people are tired of hearing about it. since it's an issue year-over-year, they're just waiting until we're getting tired about it. then they'll sneak it in.

[–] Tryenjer@lemmy.world 4 points 1 day ago* (last edited 1 day ago)

It has been approved, it seems that democracy is dead in the EU.

[–] 0x0@lemmy.zip 4 points 1 day ago

They've waited for MPs to be on vacation too.