Germany Must Stand Firmly Against Client-Side Scanning in Chat Control [pdf]
Posted3 months agoActive3 months ago
signal.orgOtherstoryHigh profile
heatednegative
Debate
80/100
Chat ControlClient-Side ScanningPrivacySurveillance
Key topics
Chat Control
Client-Side Scanning
Privacy
Surveillance
The Signal team urges Germany to oppose the EU's Chat Control proposal, which would require mass scanning of messages and files on personal devices, sparking concerns about privacy and surveillance.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
19m
Peak period
112
0-6h
Avg / period
19.1
Comment distribution134 data points
Loading chart...
Based on 134 loaded comments
Key moments
- 01Story posted
Oct 3, 2025 at 12:44 PM EDT
3 months ago
Step 01 - 02First comment
Oct 3, 2025 at 1:02 PM EDT
19m after posting
Step 02 - 03Peak activity
112 comments in 0-6h
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 6, 2025 at 12:42 PM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45464921Type: storyLast synced: 11/22/2025, 11:47:55 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
The CDU is legendary known for its umpteenth attempt to introduce illegal data retention (condemned by Germany's highest court).
The SPD - which is also part of the ruling coalition - is a flag in the wind as it has proven since coming to power. They will do anything to stay in power.
Deep down, Client Side Scanning that's what both want.
Let's be absolutely real the CDU wants complete government access to all private communications on demand with essentially endless retention. They just aren't allowed yet.
Information does not seem to be the bottleneck at all! (Too) Many times, when we read about the person responsible for some sudden attack, everything needed to prevent that attack had already been known well before the attack. It's just that the authorities didn't do anything.
Sure, one may say there are too many people fitting the criteria and we cannot do anything with so many potential suspects, most of whom have not actually done anything. But more information won't help in these many cases at all.
Examples (German) - all reputable sources, mostly local public broadcasting (ARD) and one law publisher:
https://www.tagesschau.de/inland/festnahme-solingen-syrer-10...
https://www.swr.de/swraktuell/baden-wuerttemberg/faq-syrisch...
https://rsw.beck.de/aktuell/daily/meldung/detail/messerangri...
https://www.ndr.de/nachrichten/niedersachsen/braunschweig_ha...
https://www.ndr.de/nachrichten/mecklenburg-vorpommern/Tatver... (2nd to last paragraph, he had attacked people the month before already)
> "The Party seeks power entirely for its own sake. We are not interested in the good of others; we are interested solely in power. Not wealth or luxury or long life or happiness: only power, pure power"
First time I heard that, what bubble are you from?
Being incompetent and shortsighted is enough. Being blinded with the idea that Germans will keep electing them and choosing them for power feeds their incompetence. They want extreme powers now. They don't think the extreme powers they give to the various organizations will be used against democratic society. This is just the repeat of Weimar republic.
Meanwhile they are filling Germans with hate against minorities and benefactors of the social system which legitimizes AfD. They also keep doing nothing (which is their core-competence really). They fix no parts of the broken system. This legitimizes AfD even more.
Only thing the AFD has to to is to keep their feet still and wait. The ruling parties will do the rest.
People need convenient access to PGP. If their App Store removes all PGP apps then they might have to upload their privatekey to a PWA. And then no one's any better off.
If the everyman is forced to choose between being surveilled or using PGP, I reckon I know what he'd choose regardless.
Which makes this post ironic https://proton.me/blog/what-is-an-email-client
https://proton.me/mail/bridge
Edit: Missed the paid part in you message. Yeah, I have a paid account.
An air gap can solve that problem:
1. Create an illegal message on a machine with no internet.
2. Encrypt the message.
3. Copy the encrypted message over to a machine that does have internet.
4. Send it.
https://github.com/maqp/tfc
Of course, all new hardware will have hardcoded firmware scanning the DRM’d keyboard controller.
But the chat control proposal specifically involves forcing the makers of messaging apps to scan the contents of messages.
PGP remains very relevant under those current proposals.
In a way I am fatalistic about it now/see the good in the bad. If this really comes one day, it will be a great push for decentraliced anonymous communication networks again.
Info: https://netzpolitik.org/2025/eu-ueberwachungsplaene-die-chat... "Wichtige Stimmen wie Amnesty International, Reporter ohne Grenzen und der Chaos Computer Club appellieren eindringlich an die Bundesregierung, die Chatkontrolle zu verhindern. Sie warnen vor einem Angriff auf die Pressefreiheit, einem IT-Sicherheitsalptraum und einer Gefahr für die Demokratie."
poststelle@bmi.bund.de, poststelle@bmjv.bund.de, info@bmds.bund.de, baerbel.bas@bundestag.de, lars.klingbeil@bundestag.de, friedrich.merz@bundestag.de, landesleitung@csu-bayern.de, fraktion@cducsu.de, matthias.miersch@bundestag.de, sebastian.fiedler@bundestag.de, alexander.throm@bundestag.de, johannes.schaetzl@bundestag.de, ralph.brinkhaus@bundestag.de
Sehr geehrte Damen und Herren,
ich wende mich heute an Sie, um meine große Sorge über die geplante Einführung der sogenannten „Chatkontrolle“ auszudrücken.
Die flächendeckende Überwachung privater Kommunikation stellt einen massiven Eingriff in unsere Grundrechte dar. Sie gefährdet die Privatsphäre aller Bürgerinnen und Bürger und untergräbt zentrale Prinzipien eines demokratischen Rechtsstaates. Der Schutz der Vertraulichkeit von Kommunikation ist ein unverzichtbarer Bestandteil unserer freiheitlichen Gesellschaft.
Zudem zeigen zahlreiche Expertinnen und Experten auf, dass das flächendeckende Scannen privater Nachrichten zur Bekämpfung von Kindesmissbrauchsdarstellungen nicht wirksam ist. Stattdessen schwächt eine solche Maßnahme die Sicherheit digitaler Kommunikation insgesamt und schafft gefährliche Überwachungsinfrastrukturen, die leicht missbraucht werden können.
Ich bitte Sie daher eindringlich, sich bei der entsprechenden Abstimmung klar gegen die Einführung der Chatkontrolle auszusprechen und sich für den Schutz der Bürgerrechte und der Privatsphäre einzusetzen.
Mit freundlichen Grüßen
This is pretty terrifying, although not unexpected. Given Germany's aggressive crackdown on speech I wouldn't feel too optimistic. If the BKA is going to launch criminal investigations for calling overweight politicians fat, they're probably not going to protect any rights to private conversation.
The lack of free speech laws in Europe is becoming a serious issue
[0] And they brag about it on 60 minutes https://www.youtube.com/watch?v=-bMzFDpfDwc [1] https://curia.europa.eu/jcms/upload/docs/application/pdf/201...
I think that's exactly the same as in the US.
Surveillance of private communications obviously has a chilling effect on free speech as well, but freedom from surveillance does not imply a freedom to openly spread hate speech in public.
At the end of the day, if someone makes a racist joke with their friend in a one-on-one chat app I would say that's neither hate speech, nor the public distribution of said speech, but I don't think Chat Control makes this distinction.
Good luck with that
Communications that look encrypted can also be straightforwardly flagged and logged for a closer look, perhaps keeping a closer watch on any cleartext messages, metadata that invariably leaks, etc
It's mind-bending levels of absurdity. Surely nobody intends to (be able to) truly outlaw computers? That cat is out of the bag and people will build them or get their hands on them if they wish
The only possible outcome is that only honest citizens have their chats scanned and devices locked down. The latter has as side effect that Google, Apple, and Microsoft can do whatever the heck they want because open OSes are illegal now
https://soatok.blog/2024/08/14/security-issues-in-matrixs-ol...
https://web.archive.org/web/20240606031827/https://gist.gith...
What you describe is the same thing just not cryptographic.
This technique is called "chaffing and winnowing": https://en.wikipedia.org/wiki/Chaffing_and_winnowing
Installed as a signed app...?
[0] - https://dl.acm.org/doi/pdf/10.1145/2508859.2516657
This whole piece reeks „I'm an 1) outsider that 2) couldn't be bothered to get to know local culture so 3) probably has no stake in the affair” and as such is liable to get dismissed after only cursory glance. We know every single enumerated point above is false, but it doesn't matter. That every single word written on the page is right nd warranted, doesn't matter. @Meredith and anyone else writing papers aimed at EU, would you kindly please switch to A4 before exporting the PDF.
(https://commission.europa.eu/system/files/2023-11/styleguide...)
But anyway, if they truly wanted to address the letter to Germans, they should be providing a German-language version in the first place.
Around 1 in 30 people was secretly telling on their neighbors. After unification, it was presented as a dark chapter in German history that had finally come to an end. People would get to look into their own "file" to see what and how much had been written about their daily activities. I was a bit young at the time, but I do remember frequent discussions on TV about how to move on from this, and how to make sure it doesn't happen again.
And now we're talking about reading everyone's private messages on a scale that would be the Stasi's wet dream.
I wonder - if the Stasi had been presented as a legitimate way to fight CSAM - would that have been okay?
I'm not German but the German people I do know don't see them positively. But could be selection bias
[1] §86a StGB "Use of symbols of unconstitutional organizations" applies also to words, not just symbols in the strict sense. It is also enforced in broad coarse strokes for example on the usage of the swastika inside a red prohibition circle (the one with a diagonal bar).
EDIT: Looking back at my comment, I realize it might come across as too negative. If you think shaming politicians is the right way to protest this, go for it.
I just believe convincing politicians that the spirit they summon may easily slip from their control and turn against them is a more likely successful angle.
https://netzpolitik.org/2024/going-dark-eu-states-push-for-a...
Violence doesn’t have to leave blood. Psychological and coercive violence is recognised in domestic law (see coercive control offences) and by the WHO. It causes measurable harm to bodies and minds.
The aim is intimidation. The whole purpose is to make people too scared to speak freely. That is intimidation of a population, by design.
It is ideological. The ideology is mass control - keeping people compliant by stripping them of private spaces to think, talk, and dissent.
The only reason it’s not “terrorism” on paper is because states write definitions that exempt themselves. But in plain terms, the act is indistinguishable in effect from terrorism: deliberate fear, coercion, and the destruction of free will.
You can argue legality if you like, but the substance matches the textbook definition.
These people should be arrested.
Of course, violence is not always wrong. Violence is a tool, whether it's good or bad depends against whom you use it.
One man's terrorist of another man's freedom fighter.
The people in positions of power (both politicians and owners of large tech companies) have been waging a global war on violence and Chat Control is just one part of it.
‘One man’s terrorist is another man’s freedom fighter’ misses the point here: the methods define terrorism, not the branding. When the state uses psychological violence to intimidate citizens into silence, it is engaging in the very thing it condemns. Chat Control is just the polished, bureaucratic face of terror.
It's meant to express that our "democratic" governments use the same tools as dictatorships. For example, every time somebody in a position of power (not even just politicians) gets shot, other people in power say "ViOlEnCe DoEsN't BeLoNg In PoLiTiCs". Completely forgetting how many of today's democracies were created by widespread acts of violence against previous oppressive governments.
In fact, many countries celebrate their revolutions and their assassinations of dictators. So violence clearly does belong in politics, under some conditions. But instead of openly talking about those conditions, they are trying to brainwash the populace into docility.
---
(Tangent:
For example, reasonable people today agree today that by the end of the war, Hitler deserved to die, whether by assassination, execution, or suicide. But he was just a politician. In 1933, his party got 40%, he was a popular politician. So when was the line crossed from "violence does not belong in politics" to "Hitler is a dictator and mass murderer and must be shot"?
The reality is that once a person becomes dictator he immediately increases his own protection and surrounds himself with people just as bad or worse than him. So it's not just more difficult to kill him, it's also less practical. Reasonably people today say that Putin deserves to die but should not be killed because he purposefully made sure anybody in the line of succession would be even worse than him.)
---
Back on track, it's my belief that a government which is truly dedicated to remaining democratic and making sure the power comes from the people would make sure that the population is armed to a sufficient level that if a hostile takeover from within happened, the population would be able to successfully revolt and restore democracy.
And this is more true today than ever. Abusive governments used to have to employ people to spy on other people. They needed a certain ratio of sympathizers or the system would fall apart. Now much of it can be automated. The ratio of sympathizers a dictator needs is much lower than it used to be and potentially violent revolt can be detected much earlier and each invasion of privacy like Chat Control moves the needle towards resistance being harder and harder.
So those who believe violence does not belong in politics today should be very well aware than it might be necessary against the government tomorrow but it'll be impossible if nobody has guns and privacy to organize with other people who to use those guns. And yes, the price is some terrorist attacks. I am OK with that.
The level of surveillance which would stop a pressure cooker bomb at a public event or a lone gunman or a car ramming attack is completely unacceptable to me.
In fact, you will notice that most recent terrorist attacks would not be stopped by Chat Control. What would be stopped is organized resistance. That's a feature, not a bug.
(I do agree with your position; I just wanted to throw that out there.)
1. Have you ever texted someone from EU? You are now chat controlled too.
2. EU is pumping billions to foreign countries to promote EU values. How long until they condition this "help" with chat control?
I'd have to assume that Apple and WhatsApp are taking a more behind the scenes approach on this and that they too would leave the EU if it came to it. Both of their messenger brands are so fundamentally tied to E2EE that its hard to imagine them thinking its worth it to stay and break their encryption.
https://www.reuters.com/article/technology/apple-moves-to-st...
“But selected agencies and partners in certain unspecified countries can.”
We also need to be sure that signal / open whisper / matrix / telegram / everybody continues to make end-to-end encryption available regardless of what politicians say.
Math is bigger than human affairs. There is no shame in breaking laws that prohibit math.
But ultimately, the right to general purpose computing (ie, the right to run a program that doesn't snitch the plaintext) is the same as the right to engage in the underlying mathematics.
I think it's a distinction without a meaningful difference.
CSAM isn't likely to be text that can be plaintext, is it? surely it would be image and/or video?
But these terms are certainly used different in different situations by different people. But yeah, images and/or video can still be "the plaintext" in the parlance to which I'm accustomed.
Ideas like this shows that there's a power within EU structures that works against us, the citizens.
For the umpteenth time, this isn't an EU initiated agenda. This is certain groups from certain member states pushing this *hard*.
Focus your anger at the correct targets.
Don’t get me wrong, I am happy they are doing what they are doing. But for signal, selling out is not really an alternative.
Perhaps it would not be if users could write their own clients and run their oown servers
Perhaps the commercial third party intermediary model of "private" and "secure" communication over the internet (cf. the free, open source, peer-to-peer model) is fundamentally-flawed. This is the model where a third party like Meta or Signal controls the software and requires connections be made to its servers in order to communicate over the internet. It is not an internet service provider, it's just a middleman trying to attract internet subscribers to use its software and connect to its remote servers
Perhaps this proposed legislation is simply leveraging that fundamental flaw
Acording to the latest draft I have seen, "Chat Control" does not attempt to regulate peer-to-peer communication, it does aim to stop internet subscribers from encrypting messages and sending them across the internet. It aims to regulate third party intermediaries providing "messaging services" to the public
The proposed legislation leverages the "centralisation" or "intermediation" of "private" messaging (the opposite of peer-to-peer) in Silicon Valley companies
Great line Meredith!
It's obvious that "chat-control" cannot be effective in its official purpose: there are already and will be many ways to evade surveillance like CSS for those who really want to.
But it might achieve a devastating side-product, the dream of any authoritarian regime: the criminalization of privacy, which would lead to the end of freedom as we know it. "1984" was supposed to be a warning, not an instruction manual.