The idea that Florida can “protect” minors by making them less safe is dangerous and dumb.
I assume this is less about protecting children as protecting the movement from children, as well as facilitating wrongdoing against children by members of the movement.
As a general rule there are no backdoors that are good guys only. In fact predators, foreign agents and industrial spies will know them sooner than their distribution to law enforcement.
it would require “social media platforms to provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena.”
Mmmhmm. Apparently the Threadiverse is about to become illegal in Florida.
First, let’s generate a strong public-private GPG keypair for myself and some hypothetical other Threadiverse user, anotheruser@lemmy.today:
$ gpg --quick-generate-key tal@lemmy.today $ gpg --quick-generate-key anotheruser@lemmy.todayAnd show the tal@lemmy.today public key:
long keyblock
$ gpg -a --export tal@lemmy.today -----BEGIN PGP PUBLIC KEY BLOCK----- mQGNBGf6kRMBDAD3qJIznSVVQZu092nTthUt8R8DNXS6eYNqgbpYHTY+6i+RSFMe YDDnOz0cL3drxnWpNC37l9HouJGohua/Cjx2Iju/zd4A5mZkXchIt4lfZ3bbXx2k p0eC1m9+B3Dc37lSLPgEpTnfPGtMfKJU4bNVBdwkFCyS9Mxc499uIrAUpjPQLmgP 1rQ2Wk1wzGfAh3VNCxg8xsHcOHWQZqSUzsLk/PeG1QtfGTVBG44tI6msGawwQct6 XVnVOk0DfEGmoru4dGuQDk+oZRVz/O4/wLOQzfAVCzsbv/RrCzywrcQM3WAoVBDI awe9UG++Y4N6Eof46UQ1KnzA2ndkHFt35KybidaqxlWM4Sslx/Is+wCgqt+FpJRN MPLsAet6Eg6vGB6ES3Fk/IXX5OEvtWMfKKrgSP88NwoP/VFr/BU7SsJW1Opo4Ccf DDPuWlgMCmsVE9xsPS1oFMzxiHbJYj8gWgH7AOtl24NgYXVi/QdetYA6SZqonU0T xnGmEw5JdcvWdmMAEQEAAbQPdGFsQGxlbW15LnRvZGF5iQHUBBMBCgA+FiEE7S76 Je3x/gWVtrNsdlwPXPfD8YIFAmf6kRMCGwMFCQWjmoAFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQdlwPXPfD8YJy+wv+JJ3MP+zZRy4pJZ+u7iiSOwVVwUboT8Pi kX7rxLl6TF9wGuLPjl/P8Cfy0WMsZQ2Ab0S/84cE2bIVbcISwqeqkMZ1Puk6y5Nn 8uHK3qHrYb1n89uOwjgeBIC3XopdJpSPtaKBWHZn/s0AYQ3suqJt/BoJo+hTv4oJ /8Rtcs2+YKnQtoLtM/0tKO3J4Qzvqrzi0F14R1Rv6kiFzePkEPQFSPN4uIR5CPJm t6HuYWYcWNKhfIkKJH08GAV0jP+qrbe/yacO0tKt8gnxKBdpXLRwLePx5sDV14ch Ay/3n1aVa7PbUGA4m51xOSl0Ro54s6K8uwJ2fz6z5fdjpOkbvDw51tPEdxQzW0JH myyaC31j4h5YwzOAfGaK6lp3pAHStDFhDJXZPLYsDlcMGSPvV+qBMAh86t8mqIqd tBPjNj60aIbps+mImBpRlO/xRvUWjjVsm1FKqxBq7QQR5SW0MLnkwvcnUMDCbOs/ wMN6ghyZp6RDhUXGgb9HJVSQhXLjaqf+uQGNBGf6kRMBDADFYNE00Rr2Ujm9+i7k LsHz49xqJUNtv3b7pHWTOZNhkSFf/OieayE45lkBMQl1ZkuY56QjmcgYZWsOf7+y kbrsQjdNE5lHl/hRAqGV13LUscTKPUCvTXnfFX+/p64Kgv1f74fAdfkQu663sGOM xbFP9/3jOQLF9dI2M8H14TPF/JDhjXDZvvoMrMBxwFlRctvwbeS6Yar+XKxKZQvh I63Ad2OyFc0p+pnJOnrWN3Q6iEqnAq0SA/EdsjVx3MWpqZW15YDyU0lIWrHAn/yD PfMaAqcgXj2LLBDziYdfm1ACBceS+WAu6w7i07xMAbdypKOsPB2cL1PlX//WEiwW 55iBTJ7oRAW7Q0LRsk2k40mq61xfOLyOBT8gHJfEb7ked9KuSXQdBn9K2hT2SH+U OT2E63ShPHL9F2F1yQSbjFbHJve2klIuqrMeJ21QtDWgz+Auzp7PPWZ59SN+XCVj qzrueXIvzsK3Shfqf636/Buj1g5heIY3nBd3dtbq4gUBO90AEQEAAYkBtgQYAQoA IBYhBO0u+iXt8f4FlbazbHZcD1z3w/GCBQJn+pETAhsMAAoJEHZcD1z3w/GCzXkL /i1k5ra/YZPpiJgCOO61x6Iog5/hyL/APhHT/CMg1ZAYObfqCD0QT0f+n0qdZXhH ALGXzCMsbFqr0oxqOFFccLGQzUxv9AkyrO94HLoL726fxi3gkF+UekHjWgcxkcXQ PHZCOdHczxyCIGRB+mKn+tGweXpCwMNkymagdoyzOs+t+5cGUTv18ceun72Mqf1H 4vCZ4LLb94NLkSJqGKeQuzjVhopDVCJ8t/exRuk2ra2SkeChKPCpq5zJP+OpzAx3 hPNSL9v8xRD6D/NKQP/zYXvry1dfQaaOYUbw+GMgSxtVNsTyGMtDg2kE8ZSuvVKq ZIoODdjZRZvTB90+UKFRF3st1MeBXGNskvcZJhit7K1eMGhUbjykNWrq0A8aoRAN P0DBRg09Uumub1GNnJlHFNxAS5e0A686YHzA6AOify+lhscdrFKiv8GRFBZGK39W vY5YDDdpY632O6w1Te1UFIhS7pIWXsm5AfffFPDc/UJd6ZaBOcnKH45R4y2qObS2 eA== =ommg -----END PGP PUBLIC KEY BLOCK-----And then show an example of someone else importing it, pretending that they’re anotheruser@lemmy.today (though in my case, I’ve already got the tal@lemmy.today public key in my keyring):
another long keyblock
$ gpg -a --import <<EOF -----BEGIN PGP PUBLIC KEY BLOCK----- mQGNBGf6kRMBDAD3qJIznSVVQZu092nTthUt8R8DNXS6eYNqgbpYHTY+6i+RSFMe YDDnOz0cL3drxnWpNC37l9HouJGohua/Cjx2Iju/zd4A5mZkXchIt4lfZ3bbXx2k p0eC1m9+B3Dc37lSLPgEpTnfPGtMfKJU4bNVBdwkFCyS9Mxc499uIrAUpjPQLmgP 1rQ2Wk1wzGfAh3VNCxg8xsHcOHWQZqSUzsLk/PeG1QtfGTVBG44tI6msGawwQct6 XVnVOk0DfEGmoru4dGuQDk+oZRVz/O4/wLOQzfAVCzsbv/RrCzywrcQM3WAoVBDI awe9UG++Y4N6Eof46UQ1KnzA2ndkHFt35KybidaqxlWM4Sslx/Is+wCgqt+FpJRN MPLsAet6Eg6vGB6ES3Fk/IXX5OEvtWMfKKrgSP88NwoP/VFr/BU7SsJW1Opo4Ccf DDPuWlgMCmsVE9xsPS1oFMzxiHbJYj8gWgH7AOtl24NgYXVi/QdetYA6SZqonU0T xnGmEw5JdcvWdmMAEQEAAbQPdGFsQGxlbW15LnRvZGF5iQHUBBMBCgA+FiEE7S76 Je3x/gWVtrNsdlwPXPfD8YIFAmf6kRMCGwMFCQWjmoAFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQdlwPXPfD8YJy+wv+JJ3MP+zZRy4pJZ+u7iiSOwVVwUboT8Pi kX7rxLl6TF9wGuLPjl/P8Cfy0WMsZQ2Ab0S/84cE2bIVbcISwqeqkMZ1Puk6y5Nn 8uHK3qHrYb1n89uOwjgeBIC3XopdJpSPtaKBWHZn/s0AYQ3suqJt/BoJo+hTv4oJ /8Rtcs2+YKnQtoLtM/0tKO3J4Qzvqrzi0F14R1Rv6kiFzePkEPQFSPN4uIR5CPJm t6HuYWYcWNKhfIkKJH08GAV0jP+qrbe/yacO0tKt8gnxKBdpXLRwLePx5sDV14ch Ay/3n1aVa7PbUGA4m51xOSl0Ro54s6K8uwJ2fz6z5fdjpOkbvDw51tPEdxQzW0JH myyaC31j4h5YwzOAfGaK6lp3pAHStDFhDJXZPLYsDlcMGSPvV+qBMAh86t8mqIqd tBPjNj60aIbps+mImBpRlO/xRvUWjjVsm1FKqxBq7QQR5SW0MLnkwvcnUMDCbOs/ wMN6ghyZp6RDhUXGgb9HJVSQhXLjaqf+uQGNBGf6kRMBDADFYNE00Rr2Ujm9+i7k LsHz49xqJUNtv3b7pHWTOZNhkSFf/OieayE45lkBMQl1ZkuY56QjmcgYZWsOf7+y kbrsQjdNE5lHl/hRAqGV13LUscTKPUCvTXnfFX+/p64Kgv1f74fAdfkQu663sGOM xbFP9/3jOQLF9dI2M8H14TPF/JDhjXDZvvoMrMBxwFlRctvwbeS6Yar+XKxKZQvh I63Ad2OyFc0p+pnJOnrWN3Q6iEqnAq0SA/EdsjVx3MWpqZW15YDyU0lIWrHAn/yD PfMaAqcgXj2LLBDziYdfm1ACBceS+WAu6w7i07xMAbdypKOsPB2cL1PlX//WEiwW 55iBTJ7oRAW7Q0LRsk2k40mq61xfOLyOBT8gHJfEb7ked9KuSXQdBn9K2hT2SH+U OT2E63ShPHL9F2F1yQSbjFbHJve2klIuqrMeJ21QtDWgz+Auzp7PPWZ59SN+XCVj qzrueXIvzsK3Shfqf636/Buj1g5heIY3nBd3dtbq4gUBO90AEQEAAYkBtgQYAQoA IBYhBO0u+iXt8f4FlbazbHZcD1z3w/GCBQJn+pETAhsMAAoJEHZcD1z3w/GCzXkL /i1k5ra/YZPpiJgCOO61x6Iog5/hyL/APhHT/CMg1ZAYObfqCD0QT0f+n0qdZXhH ALGXzCMsbFqr0oxqOFFccLGQzUxv9AkyrO94HLoL726fxi3gkF+UekHjWgcxkcXQ PHZCOdHczxyCIGRB+mKn+tGweXpCwMNkymagdoyzOs+t+5cGUTv18ceun72Mqf1H 4vCZ4LLb94NLkSJqGKeQuzjVhopDVCJ8t/exRuk2ra2SkeChKPCpq5zJP+OpzAx3 hPNSL9v8xRD6D/NKQP/zYXvry1dfQaaOYUbw+GMgSxtVNsTyGMtDg2kE8ZSuvVKq ZIoODdjZRZvTB90+UKFRF3st1MeBXGNskvcZJhit7K1eMGhUbjykNWrq0A8aoRAN P0DBRg09Uumub1GNnJlHFNxAS5e0A686YHzA6AOify+lhscdrFKiv8GRFBZGK39W vY5YDDdpY632O6w1Te1UFIhS7pIWXsm5AfffFPDc/UJd6ZaBOcnKH45R4y2qObS2 eA== =ommg -----END PGP PUBLIC KEY BLOCK----- EOFAnd now let’s pretend we’re anotheruser@lemmy.today and use end-to-end encryption that doesn’t have a back door, using
sedto prefix each line with four spaces so that we get nice blockquoted Markdown that we can paste into a Threadiverse comment or direct message to tal@lemmy.today:encrypting message with end-to-end encryption
$ gpg -a -e -u anotheruser@lemmy.today -r tal@lemmy.today <<EOF |sed "s/^/ /" Hello there, tal@lemmy.today! This is anotheruser@lemmy.today. I just wanted to send you a message. * Florida Man cannot read this. * Even instance admins cannot read this. EOF -----BEGIN PGP MESSAGE----- hQGMAwk4edDpeyVkAQv+Mu6kJj1KkKs8i72YixAbAMuO+uNJDq0Vu9sz9mGUv3nG DibQTkFFz0h+IcK7/2xVrfBcf//6MDqYmlVnTlmpPcNOel4B1YbU4KpHus6ZELcy 7t0WP2IX03FWTooIBdfX7jIdH9us7PPyG2s4edTX7yD69H7oRdVJiNN6qJUbtObU sHWfmq0oQlHoevw47FuWGjAaIbA9volFV3IotEAhmTQ8cCJs2SG8bQjiJmpGE5pO xBSNtqo9X49FhQ0xoouwWil/9c76nNw7MtF/4WjU2HlzzRdFIXKeReq0ZzJ8fdkU YENYV+7lcp3jmGm91nC+E7HYTCjwy6XmMx+6wrzpCtNnLOaOL9caC7Div6ZvBtBi RVTiT1Kewth+QQvLHh2ErN0XKDzFrfFqfrZq4tX3TTn3rQkM/v0UrlR+3rr+iePX iKPmtsQBxNa81GVNxx0IR/1r+by8ELenCCRjaq2OpzfUhckqHkn1M6ycBPrwX8yR uBuIf7E65Pi2QfSoDeOH0rsBR/yGwU/h8HeEp6ChYEEEs1v+INI2dQ+zxhqaimKz vg7gTlVNplI9rpb/VLhlk8tzjCMQ4+Dqe4KeYqtvCLLJtgPFNlujMrgOEmbDL46X kQ8xQTForYFqPvODnPDUo+dbmt2UlXJGw3dyztEhQRUEqoCvUan9ERcY1gJS4mT6 WmAJKfVHfLos+UiibRZBhRzAsFCvyEPF1lOEJNVD0cz9tya2CfszNsqz+ITeHWfm HchPmmEq4pqHr1/a =PQN2 -----END PGP MESSAGE-----And let’s have tal@lemmy.today decrypt it:
decrypting message
$ gpg -a -d <<EOF -----BEGIN PGP MESSAGE----- hQGMAwk4edDpeyVkAQv+Mu6kJj1KkKs8i72YixAbAMuO+uNJDq0Vu9sz9mGUv3nG DibQTkFFz0h+IcK7/2xVrfBcf//6MDqYmlVnTlmpPcNOel4B1YbU4KpHus6ZELcy 7t0WP2IX03FWTooIBdfX7jIdH9us7PPyG2s4edTX7yD69H7oRdVJiNN6qJUbtObU sHWfmq0oQlHoevw47FuWGjAaIbA9volFV3IotEAhmTQ8cCJs2SG8bQjiJmpGE5pO xBSNtqo9X49FhQ0xoouwWil/9c76nNw7MtF/4WjU2HlzzRdFIXKeReq0ZzJ8fdkU YENYV+7lcp3jmGm91nC+E7HYTCjwy6XmMx+6wrzpCtNnLOaOL9caC7Div6ZvBtBi RVTiT1Kewth+QQvLHh2ErN0XKDzFrfFqfrZq4tX3TTn3rQkM/v0UrlR+3rr+iePX iKPmtsQBxNa81GVNxx0IR/1r+by8ELenCCRjaq2OpzfUhckqHkn1M6ycBPrwX8yR uBuIf7E65Pi2QfSoDeOH0rsBR/yGwU/h8HeEp6ChYEEEs1v+INI2dQ+zxhqaimKz vg7gTlVNplI9rpb/VLhlk8tzjCMQ4+Dqe4KeYqtvCLLJtgPFNlujMrgOEmbDL46X kQ8xQTForYFqPvODnPDUo+dbmt2UlXJGw3dyztEhQRUEqoCvUan9ERcY1gJS4mT6 WmAJKfVHfLos+UiibRZBhRzAsFCvyEPF1lOEJNVD0cz9tya2CfszNsqz+ITeHWfm HchPmmEq4pqHr1/a =PQN2 -----END PGP MESSAGE----- EOF gpg: encrypted with 3072-bit RSA key, ID 093879D0E97B2564, created 2025-04-12 "tal@lemmy.today" Hello there, tal@lemmy.today! This is anotheruser@lemmy.today. I just wanted to send you a message. * Florida Man cannot read this. * Even instance admins cannot read this.I guess the only option will be to lock up instance admins for violating Florida law, as they’re operating a social media platform with end-to-end encrypted communications with no backdoor.
EDIT: It’d also probably be nice to have browser and client support to make this more-convenient, no copy-pasting. I haven’t used it, so I can’t vouch for its functionality, but for users using Firefox, this Firefox extension claims it can automatically detect and decrypt GPG content in a webpage; if it can pick up on encrypted, ASCII-armored blockquoted text in a Threadiverse comment, that would hopefully let one simply read encrypted messages in Lemmy or whatever without any additional copy-pasting effort (though sending an encrypted message would still require copy-pasting some text):
https://addons.mozilla.org/en-US/firefox/addon/gnupg_decryptor/
Not that I disagree with your point, but Florida law is only relevant within Florida and, to a limited extent, the United States. Admins of US-based instances could likely be subpoenaed and then held in contempt if they refused, assuming they don’t pull a PornHub and just block all of Florida.
That said, this is very worrying since subpoenas have a MUCH lower threshold of legal bearing than warrants. I suspect that Apple will likely challenge this in court or they stop selling iPhones there.
What’s the point of encryption then? lol
People disclose more when they think they are safe. Your typical Windows user from year 2009 with their collection of porn banners and botnet nodes would have their private info safer than a new Linux user of the same time. Because the Linux guy would believe he’s free now.
I remember those manuals how to run Skype and every proprietary program from a separate user, while every client in X11 can capture the whole display and see all keystrokes. Or every schoolboy using “but I’ll be able to examine the code” in arguments. Or “but the sources are open” on the subject of OS security even by literate people, while how many people have looked at those sources? If just 3-4 times that amount of people look at Windows components’ disassembly with the same effort, they’ll probably have the same effect on security, one can conceal backdoors in source code well enough. There are so many things one can remember, but those were nice times.
Same with “security” in the Internet. We were using ICQ and everyone knew one can spy on those messages, we were using HTTP and POP and IMAP without encryption and everyone knew one can spy on these too, but we were fine - we adjusted our behavior for that knowledge and used the Web as it should be used.
And what’s the funniest, this “insecure” Internet was more secure, because people acted on the right premises and formed behaviors that made it secure. When you know something is unprotected and can’t be protected, you are not completely taken by surprise if it’s lost.
Now teenage girls use centralized services as they would use private diaries, where an unclearly defined group of people can see the content of those. Many of them think it’s safe because that’s called “private messages” and they “didn’t give access” on some webpage of that service, or even just because there’s a lock sign in the browser address line.
People think they have been given magic that obeys them, magic is different from tech in not requiring understanding to obey. There’s, obviously, no magic, only things fully understood obey their owners, and almost nobody fully understands even door locks.
So - I think the new important kind of social advertising is teaching people to not trust security. Security is like a war victory, it’s not guaranteed and never certain enough to rely upon it. No system based on implication of functional security must be used.
We must use only openly unreliable systems.
That also applies to home appliances (intended) and all kinds of complex devices. When those came with schematics and detailed maintenance manuals, people dreamed of something not requiring these, and as we can see, that something is not better and doesn’t take less effort when breaks.
Unreliability is freedom, and reliance is slavery. But at the same time unreliable systems are better than no systems. Unreliable systems are the compromise between luddism and degenerate civilization.
Are you kidding? It’s a wonderful trap still.
“None are more hopelessly enslaved than those who falsely believe they are free,”
Definitely don’t use open source software like Signal to communicate. Use a trillion dollar corporations promise of privacy like WhatsApp instead.
It’s pretty clear that young people are an oppressed class and oppression of them is being used as a wedged to hurt everyone else by extension. We have to fight for the rights of everyone including the young or we’ll lose everything
Is it really becoming time we encrypt the messages we send ourselves? 🫠
Every time I hear “backdoor”. Shit fucking enrages me. Do you want a “backdoor” for anything secure? You want a little backdoor anybody can walk in through in your state of the art safe?
If you have a backdoor it aint secure anymore. Piece of shit motherfuckers
I’m sorry, but if backdoor laws start getting passed, I’m going to just fucking break the law, and they can come and fucking arrest me if they want. But I’m not putting up with that shit.
I mean, you aren’t the one breaking the law unless you’re running a social media platform. The obligation is on the operators, not on the users.
