Before I say anything else, I should mention that this is nothing ground-breaking, neither is it terribly difficult to implement. This is simply how I envision a simple solution.
Basically, the EU and the UK want the secret keys to your encrypted media/messages. Which essentially breaks encryption completely, ending E2EE usage.
The alternative is, then, for the user to utilise their own form of E2EE. How though? The answer, in my opinion, is personal exchange of keys utilising asymmetrical encryption. Exchanging public keys in plaintext is fine as long as they don’t have your private key. Which means unencrypted services like SMS could also be secured using this method (for example, have the public key of a user in their profile). I believe QKSMS employed encryption for SMSes for as long as it lasted, but no idea about the kind of encryption).
Technically, if everyone started to use p2p messengers with asymmetrical encryption, the EU would have very little they could do without compromising every mobile in the region and preventing people from downloading APKs somehow (sorry iOS users but you’re never going to have privacy anyway).
However, this is only possible with a FOSS project, because a company would have to fork over the keys anyway to stay alive. A FOSS project can simply be forked once the OG maintainer stops working on it due to government pressure. That is where the problem comes, since FOSS projects can’t really run their own servers to store media, making p2p the only viable option. But with some people behind CG-NAT, that becomes harder for non-technical users.
I don’t have a way to solve this other than the general population becoming tech-savvy enough to give a damn.
Tl:dr; FOSS projects are best suited for implementing personal E2EE between users, but that makes p2p the only viable option without a back-end, which makes it difficult for people behind CG-NAT.
Cheers
I highly doubt that it’ll ever happen, but if, I’ll just host my own matrix server and I’m good to go.
Whatever works really. I don’t care which app/system does it as long as the government doesn’t have private key
Why not just use an existing one? It requires a good bit of skill in server administration and security in order to run a matrix server, and I’m not sure what the benefit trade off is.
*In case the EU manages to force all providers to backdoor the services
I don’t think that’ll happen anyway. But you are right, the server doesn’t matter too much in the csse of e2e. The client is more important.
[This comment has been deleted by an automated system]
And of course this sort of thing happens every day in authoritarian countries.
This is not a technical problem at all, it’s a political and cultural one.