Even though I trust Signal and the FBI has raided them multiple times without success. This is still a centralised service that goes through American servers therefore is automatically a threat to sovereignty.
But again I cannot recommend signal enough they have a brilliant track record. And with good opsec you have little to worry about.
Same same on both aspects.
Anyone wana give the tl:dr?
Why?
US American servers.
The decision was made according to the report after the Commission became aware of the group’s existence last month and deemed the risk of compromise too high. While there is no evidence yet that communication has actually been intercepted, the threat situation has escalated.
So… Not because “that’s a privacy tool, conducting public business there is antidemocratic”.
Instead because, “look at how those Americans use it wrongly, we don’t want to be like them.”
. . .
Huh. I have mixed feelings about this.
No not really. More a “its not the right tool for the job” signal is a messenger for private use, EU is working on / has a matrix based messenger that is more suited.
You still want encryption but also central user management etc. (Which hopefully also includes archiving…).
Sounds like a decentralized encrypted messaging platform is needed.
And when you need the highest trust, you just need to make sure you and the people you are talking to are all on trusted servers.
so governments would use their own gov.eu server or something, and only communicate sensitive info to others on that network so the info never leaves that server
Yes. Something they are working on based on Matrix ;)
Sounds great, I didn’t know about that
https://www.euractiv.com/news/commission-trials-european-open-source-communications-software/
I read this article earlier this year. Lets see, what comes out of it!
Sounds like a decentralized encrypted messaging platform is needed.
Decentralized probably isn’t desirable for this use case; self-hosted is. When designing something for that purpose based on a decentralized protocol like Matrix, it’s probably desirable to mandate that the most sensitive conversations take place using a server with decentralization disabled and a client restricted to using only that server.
Banning it at-home, is 1 thing, but banning it while abroad & in hostile-regimes, would be idiocy: at the home-end, record the whole interaction, & make that part of official-record.
But make it impossible for the hostile-regime to get anything from either the in-their-country device, or the encrypted stream which they can’t crack.
the fact that corruption wants nonaccountability is 1 valid concern.
but the fact that hostile-regimes exist, & we’re in economic-meshing with them, means that we need to be able to have officials in those countries.
Which makes the requirement for communications which the hostile-regime can’t crack real.
Oversimplificaiton is incompetent “management”.
Don’t solve the wrong problem, & pretend that you aren’t responsible for the authority you mis-wielded.
That they were having a non-accountable-within-the-EU group on Signal, that IS AN ACTUAL PROBLEM, but there are use-cases for Signal to be needed, if done properly.
_ /\ _
They did not ban encrypted communications in general. They just banned the use of Signal for official purposes, because it is not fit for the job.
The article talks about how there were a multitude of cyberattacks and phishing attempts on EU officials’ smartphones and Signal accounts. With Signal, you have full control over the whole Account if you control the device.
The EU has their own encrypted communication tools with security and accounts managed centrally by the IT department.
