Do these people really think they're hiding Directive 4 from us?

We are only a year out from the murder of a health-insurance executive, so the police are more on edge than usual.

Then we need to threaten such things much more often, so that the cops will eventually get used to it, and relax. ;-)

Debian never tried to kill me through my computer. I'd appreciate it if my car manufacturer made their car as safe as my computer.

Fuck it, I just want a Debian car. Then I won't need to extract bloody vengeance from beyond the grave, as my zombie revenant tracks down the CEO of Subaru, and the rotting flesh of my hands tightens around his throat as payment for the time a popup distracted me.

Some people are busting out "definitions" of "End to End Encryption" but people were already using that as in informal descriptive term long before your formalized technical jargon was made up. Nobody should be surprised if there are mismatches. Have faith in our faithlessness.

I personally view the term as an attempt to call semi-bullshit on SMTP and IMAP over SSL/TLS. In the "old" (though not very old) days, if you sent a plaintext email (no PGP!), some people would say "oh, it's encrypted anyway, because the connection is encrypted between your workstation and the SMTP server, the connection from there to some SMTP relay is encrypted, the connection from there to the final SMTP server is encrypted, and the recipient's connection to the IMAP server is encrypted."

To which plenty of people, like me, complained "But it's still plaintext at every stop where it's stored along the way! You should use PGP, because then, regardless of the connection security, or lack of security on all the connections, it is encrypted end to end. Never trust the network, baby!"

Keep in mind that even when I say that, this is without any regard for key security! When I say E2E encrypted, it is implied that the key exchange may have been done poorly/incorrectly, mainly because few people really get to be sure they're not being MitMed when they use PGP. You can exchange keys correctly, but it's enough of a PITA that, in the wild, you rarely get to. You usually just look up their key on some keyserver and hope for the best. Ahem. And I say "usually" as if even that happens often. [eyeroll]

Indeed, every time I hear about some new secure messaging app/protocol, the first thing I wonder is "how do they do key exchange?" and I'm generally mistrusting of it, by default. And sometimes, I'm unpleasantly unsurprised, err I mean, cynically confirmed.

But anyway, if my E2E definition matches yours, great! And if it doesn't, well, that's ok and it's why we descend into the dorky details, so that we can be sure we're both talking about the same thing.

How many hours of an Asian font designer'(s) time can you buy for $20k? It'd be funny, if it turns out that firing the font company pays off in less than a year.

There is zero value in some big scary climate risk number also being disclosed, because A that risk accounted for if you are studying the details anyway and does not help you make a rational decision, because it literally does not affect you beyond the places where it is already baked into the numbers.

If you don't care why the insurance is so expensive or unavailable (e.g. high risk of flooding) then maybe you also don't care about why the house's price is so high (e.g. nice location, good construction, etc). No need to even look at the house. Just treat the whole damn thing as an abstract exercise in numbers.

OTOH, some people might actually care about details. Maybe because they're considering living there?

Once again, Open Source is embarrassed and left behind.

mplayer and mpv still, after all these years, don't have a way to prevent things from working if the content origin happens to be Netflix. It just plays on, stupidly Just Working, instead of breaking the way that Netflix realized their users want it to break.

To be fair your link does say "designed to bypass internet filtering mechanisms or content restrictions", so it sounds like SSH, work VPNs, banking etc. don't count because they aren't designed to get around the porn filters.

You make sense, but there is nothing that is "designed to bypass internet filtering mechanisms or content restrictions" more than SSH and VPNs bypass internet filtering mechanisms or content restrictions, is there? Why would anyone ever design a tool to get around filtering and restrictions, when they can already do that with established mainstream tools such as SSH or VPNs?

I can't believe the bill is intended to never be applied to anything. If we do think it's written in such a way that it never applies, I don't think it'll be litigated that way. Once it's enacted, they're going to say it applies to something, and that something is going to be anything that is secure.

You didn't read the bill very closely.

I think I read it much more closely than you did.

Sec 2(a):

"Circumvention tools" means any software, hardware, or service designed to bypass internet filtering mechanisms or content restrictions including virtual private networks, proxy servers, and encrypted tunneling methods to evade content restrictions.

This is either intended to apply to something or never apply to anything. Do we agree that the text is intended to do something, to somehow cover some possible situation which might realistically come up? You don't think they just put this in there, but with the begrudging admission that it could not ever possibly apply, do you?

Assuming you're still with me there, please give an example of what kind of tool this defines as a circumvention tool. Surely you have something in mind.

The bill is about outlawing the distribution of p0rn, and a VPN is merely listed as an unlawful circumvention tool.

That might have possibly been the original intent several years of editing ago, but I do not see anything in the definition of "circumvention tools" which even tangentially relates to porn. Do you? I think porn is 100% irrelevant in this discussion.

What I'm getting at, is that there isn't a "porn version" of Wireguard or SSH or HTTPS. They're all the same, content-neutral. The bill either bans them all, or doesn't ban anything. If you take my above bolded challenge to name a circumvention tool that this bill does address, I'm going to take all of your arguments that you give for why the law does apply to your circumvention tool example, and I am going to successfully apply them to SSH and HTTPS. And I'll be exactly as correct as you.

The only way this bill doesn't restrict SSH and HTTPS, is if it doesn't restrict anything at all. Don't agree? Then name something it does restrict.

This isn't a partisan issue

Sorry, but no one can ever really say something like that these days, and be believable. While it's true there's no classical left/right split on this issue, our classical left/right days are long over.

If Trump decides he opposes this, then you're going to see 90% of Republicans suddenly oppose it, and it'll become partisan.

So, before you tell me this is non-partisan, please explain how regulating AI will help criminals steal, preferably from the US Treasury. Because if this does not aid crime, then Republicans will be against it. They might not be against it now, but they're going to be.

vlnl bhoyr-rapelcgrqqnl vfgunl barlnl.

Sorry, everyone. My mistake. An ISP which tolerates its users using ssh or https would be liable for $250,000 per day, not $125,000 per day. I realize that in the time since I posted, many of you made the determination "oh, it's not so bad" and bought houses in Michigan, now to be blindsided by that fact that I negligently underestimated the cost by a factor of two. I apologize for the error.

Michigan has a bill to ban VPNs where SSH is just another "circumvention tool" that must be blocked too. If SSH works, then your ISP is liable for $125,000 per day until they break it.

No more ports 22 or 443 in Michigan if this passes. No more e-commerce. No more banking. No more encrypted internet for anyone, of any age. Telnet and http-no-s are coming back! (Until someone tunnels through them; then ISPs will have to block those too.)

Just wondering if there's a correlation: did you take Apple's side in the "look and feel" lawsuit vs Microsoft?

Why do these people even bother to make up bullshit excuses for taking our money? Leave the "AI" part out and just announce that you're writing yourself a few checks at the taxpayers' expense.

Take what you want. Take it all! Just stop lying about it. It's not like you're fooling us anyway.

I'm doing my part! (Every time I see a window and a conveniently-nearby rock, I throw the rock at the window.)