Notices by Meredith Whittaker (mer__edith@mastodon.world), page 2

@aral No! I'm saying that for Apple, brand is everything, whether the branding is "true" or not. And this shows them apparently willing to damage their global brand in a way I'm surprised by, given how much emphasis and investment they put into it.

This is great reporting.

In particular, it's shocking that a key pillar of Apple's brand--its commitment to security & its competence at such--was so blithely undermined by Apple's regional policy team, apparently in service of appeasing an angry Modi gov.

https://www.washingtonpost.com/world/2023/12/27/india-apple-iphone-hacking/

@ck @dalias @signalapp this is a very rude comment that misunderstands our choices and commitments. I, also, do not *want* to run corp software. But in a world where a few companies own and/or otherwise control most of the infra we all rely on, INCLUDING choosing which FOSS options receive support (via hiring their maintainers, funding via Linux Found etc), it's an unhelpful fantasy to paint operating in this ecosystem, shaped by these forces/actors, as a "choice" made out of obstinacy/stupidity

In Signal, push notifications simply act as a ping that tells the app to wake up. They don't reveal who sent the message or who is calling (not to Apple, Google, or anyone). Notifications are processed entirely on your device. This is different from many other apps. 2/

What's the background here? Currently, in order to enable push notifications on the dominant mobile operating systems (iOS and Android) those building and maintaining apps like Signal need to use services offered by Apple and Google. 3/

Apple simply doesn’t let you do it another way. And Google, well you could (and we've tried), but the cost to battery life is devastating for performance, rendering this a false option if you want to build a usable, practical, dependable app for people all over the world.* 4/

So, while we do not love Big Tech choke points and the control that a handful of companies wield over the tech ecosystem, we do everything we can to ensure that in spite of this dynamic, if you use Signal your privacy is preserved. 5/

*(Note, if you are among the small number of people that run alt Android-based operating systems that don't include Google libraries, we implement the battery-destroying push option, and hope you have ways to navigate.) 6/

@ck @dalias @signalapp There's also a reckoning to be had within the FOSS community IMO, which in the 1990s took its eye off market actors even as it remained vigilant about government surveillance/overreach. The acceptance of corporate tech (and implicitly its surveillance business model), led by folks like ESR via the break from Free software to "open source," did a lot to get us here.

PSA: We've received questions about push notifications. First: push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages or calls–not to Apple, not to Google, not to anyone but you & the people you're talking to. 1/

If I wanted court drama I'd read Stendhal, who understood how power works and spent hundreds of pages illuminating characters whose desire for it blinded them to this reality.

Or, it was Microsoft all along...

Where I speak some advantages Signal has over the bigger richer rest of tech:

“We don’t have to be full of shit. We’re not a surveillance company. I’m not trying to pretend Facebook is good. I don’t have to toe a party line that is divorced from reality”

https://restofworld.org/2023/signal-president-meredith-whittaker-messaing-privacy/

Confirming the EU law enforcement (& AI company) mass surveillance aspirations animating the EU push to scan everyone’s private messages. It’s critical that people understand what’s going on here.

https://balkaninsight.com/2023/09/29/europol-sought-unlimited-data-access-in-online-child-sexual-abuse-regulation/

SO good -- the best follow the money reporting on who's behind the global attack on digital privacy yet.

TLDR: it's law enforcement x AI companies posing as NGOs w a commercial interest in selling scammy mass scanning tech. Deeply cynical, deeply shady.

https://balkaninsight.com/2023/09/25/who-benefits-inside-the-eus-fight-over-scanning-for-child-sex-content/

I want all the free expression folks up in arms about this. An absolute disgrace.

(And an object lesson in the dangers of handing over the power to shape our perception to a handful of corporations, whether US or China-based.)

https://www.mediamatters.org/tiktok/tiktok-blocking-searches-wga-amid-ongoing-writers-strike

WOW. I'm so moved, a bit stunned, and more than anything sincerely grateful to those who came together to ensure sunlight on the dangerous OSB Spy Clause, and to those in the UK gov who synthesized the facts and acted on them.

I knew we had to fight. I didn't know we'd win ❤️🙏

https://www.ft.com/content/770e58b1-a299-4b7b-a129-bded8649a43b?shareType=nongift

Apple's statement is the death knell for the idea that it's possible to scan everyone's comms AND preserve privacy.

Apple has many of the best cryptographers + software eng on earth + infinite $.

If they can't, no one can. (They can't. No one can.)

https://www.wired.com/story/apple-csam-scanning-heat-initiative-letter/

Here, a sample of the magical thinking justifying the UK's anti-privacy crusade

AGAIN: IT'S NOT POSSIBLE TO DEVELOP TECH THAT BOTH SURVEILLS ALL EXPRESSION & MAINTAINS E2E ENCRYPTION, NOW OR EVER

Expert consensus doesn't bend to wishes or spell casting.

https://www.bbc.com/news/technology-66455616

The director of the research group selected by the government to conduct a technical evaluation of the “safety tech” that would likely be implemented via the Online Safety Bill spy clause states unequivocally that it's not fit for use:

https://www.bristol.ac.uk/news/2023/july/online-safety-bill.html

Over 450 cybersecurity experts from institutions around the globe call out the magical thinking at the heart of the EU's and UK's (and all) proposals to impose client side scanning and undermine strong encryption:

https://docs.google.com/document/d/13Aeex72MtFBjKhExRTooVMWN9TC-pbH-5LEaAbMF91Y/edit