this post was submitted on 08 Jul 2026
618 points (98.7% liked)

Lemmy Shitpost

40751 readers
5117 users here now

Welcome to Lemmy Shitpost. Here you can shitpost to your hearts content.

Anything and everything goes. Memes, Jokes, Vents and Banter. Though we still have to comply with lemmy.world instance rules. So behave!


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means:

-No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...

If you see content that is a breach of the rules, please flag and report the comment and a moderator will take action where they can.


Also check out:

Partnered Communities:

1.Memes

2.Lemmy Review

3.Mildly Infuriating

4.Lemmy Be Wholesome

5.No Stupid Questions

6.You Should Know

7.Comedy Heaven

8.Credible Defense

9.Ten Forward

10.LinuxMemes (Linux themed memes)


Reach out to

All communities included on the sidebar are to be made in compliance with the instance rules. Striker

founded 3 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] TootSweet@lemmy.world 1 points 1 day ago (1 children)

It's true that the public keys aren't sensitive and nothing is compromised (in fact, it's recommended) if the public key is available from, say, a key server.

But MITM is always a concern. Public-key encryption is supposed to mitigate that by ensuring that any third-party listening in in the middle can only get the ciphertext and cannot derive the plaintext of the communication.

But, if a jurisdiction legally forces a rule like the "we get to snoop on everything" one in this law, it changes things. They could, for instance, force key servers to to only give out keys that are generated/controlled by the EU agency so that they can MITM to their heart's content. My guess at Aniki's thought process is that if there's a central distributor of keys, that can be legally strong-armed into bad things, but the people you've talked directly to are a different matter. "Web of trust" as it were.

I do think there are probably better ways to deal with that than what Aniki's getting at, though. If you have Alice's public key, you can verify signatures she generated, and you can be sure (hand-waves, rubber-hoses, caveat emptor, blah blah blah) that if you have a valid signature signing Bob's public key with Alice's private key, Alice vouches for that specific public key being authentically Bob's public key.

Now, if you only ever get public keys from a small set of (compromiseable) central key servers, then the very first public key you get could be compromised and any other signature generated from the associated private key could be forged by an adversarial party (like the EU.) And theoretically the EU could generate a whole counterfeit web of signatures. So there's benefit to having at least some of the public keys you trust come directly from the one who generated the key through a known-secure channel.

Before this law goes into effect, (maybe) we can trust at least some of the signatures in public key servers and use those as a basis for secure communication from which we can create a pool of known-uncompromised (qualifier, caveat, tin hats, etc) public keys, and based on those (maybe) detect forgeries and such.

(Mind you, I don't know the details of this law or whatever. It might be that the law as written will require, say, GnuPG to introduce backdoors. Not that I think they should, no matter what the law says, but it might be that the EU isn't really likely to engage in quite the lever of subterfuge that I've outlined above. It might be more of a blatant "fuck you, we're the government and you're going to comply" approach than a sneaky-sneaky trick-everybody-into-thinking-they've-got-security-they-don't approach.)

[โ€“] locahosr443@lemmy.world 1 points 1 day ago

Yeah they could MITM to give false keys so they can decrypt before sending on again using the real key, but if that's what they want to do then it would be much more effective at monitoring people who are actively engaging in protecting their communication do just do that quietly rather than this circus.

This is probably more a combination of boomer levels of technical understanding and incrementally shifting the norm away from any expectation of privacy.