Hi all, an Italian article which is important to read and possibly an urgent matter to address.
https://www.ilsoftware.it/articoli.asp?tag=La-legge-europea-sul-controllo-delle-chat-potrebbe-bloccare-il-funzionamento-dei-sistemi-operativi-open-source_25561 GOOGLE TRANSLATION The European chat control law could block the functioning of open source operating systems Mullvad, a well-known VPN service provider, focuses attention on one of the most unfortunate consequences of the proposed law that aims to force messaging apps to scan users' personal messages: open source software repositories and archives could become illegal. In May 2022, the European Commission put forward a bill that could force messaging apps to scan private messages exchanged between normal users. As can be learned by reading the text of the regulation of the European Parliament and of the Council, which is part of the broader framework of the Digital Markets Act (DMA), the aims are certainly noble and have the aim of preventing the solicitation of minors via chat. Prescriptions such as those contained in the European law proposal, however, would in fact mean saying goodbye to all the guarantees offered by end-to-end encryption mechanisms when the use of encryption is fundamental today and is now a tool to which users do not they should never give up. WhatsApp won't crack end-to-end encryption, and at this point, by CEO Will Cathcart's own admission, the only way instant messaging apps could go is by scanning users' messages and media locally, on their same devices. Apple had already tried to do something similar but the initiative aimed at scanning the content of iOS, macOS and iPadOS devices had been so strongly criticized that Apple gave up. Fierce, among others, the notes of EFF (Electronic Frontier Foundation) which spoke of an unacceptable interference in the private sphere of citizens. Because the European Commission's proposal can lead to the blocking of open source platforms and repositories used by operating systems Patrick Breyer, MEP of the Pirate Party, put black and white all the critical points of the European law proposal speaking of Chat Control 2.0: the result was a completely automated mass surveillance system that has no precedent in the Western world, the screening by third parties of the content of cloud storage services, the mandatory age verification with the consequent end of anonymous communication, censorship activities on online application stores and the exclusion of minors from the digital world. Reads the page set up by Breyer. "As an unintended consequence," Mullvad, a well-known Swedish company offering VPN services, writes today, "the proposed EU law on chat control will not only take totalitarian control of all private communications but will also ban operating systems open source". According to Mullvad, among the side effects of the regulation of which little or no discussion has been made to date, there would be a ban on all existing open source operating systems, including the main Android stores and third-party stores such as the historic F- Droids. Software repositories have been used almost universally by open source operating systems since the 1990s as the primary method of distributing applications and security updates. These online archives are often created and maintained by small businesses or volunteers; they are hosted by hundreds of organizations such as universities and internet service providers around the world. One of the main ones, the volunteer-run Debian Package Archive, currently contains over 170,000 software packages. These services are not built around the concept of an account and do not provide for the verification of the users' identity: the download of the software takes place directly to the client systems that request it, in a completely anonymous way. Here, the European law proposal would also oblige these repositories to no longer be managed anonymously, to verify the user's identity and to ascertain their age. To meet legal requirements, the open source world would be forced to completely redesign its software update procurement and distribution system, radical organizational restructuring with the consequent centralization and reconstruction of the package distribution infrastructure. Obviously we are only talking about a purely theoretical approach because the technical-practical issues would be insurmountable. “To comply with the law everything should be shut down globally as servers delivering software and security updates cannot distinguish between a web server, a Japanese software developer, a fridge and a teenager from the EU,” he notes Mullvad. "It may seem incredible that the authors of the legislation did not think about it, but it is not so surprising considering that this is just one of the many gigantic consequences of this poorly thought out and written law". Mullvad is one of the VPN managers that has already started migrating to diskless servers since 2022 to protect users' privacy and personal data even more effectively. Best regards, R-