The European Union Council is once again debating its controversial message scanning proposal, aka “Chat Control,” that would lead to the scanning of private conversations of billions of people.

Chat Control, which EFF has strongly opposed since it was first introduced in 2022, keeps being mildly tweaked and pushed by one Council presidency after another.

Chat Control is a dangerous legislative proposal that would make it mandatory for service providers, including end-to-end encrypted communication and storage services, to scan all communications and files to detect “abusive material.” This would happen through a method called client-side scanning, which scans for specific content on a device before it’s sent. In practice, Chat Control is chat surveillance and functions by having access to everything on a device with indiscriminate monitoring of everything. In a memo, the Danish Presidency claimed this does not break end-to-end encryption.

This is absurd.

We have written extensively that client-side scanning fundamentally undermines end-to-end encryption, and obliterates our right to private spaces. If the government has access to one of the “ends” of an end-to-end encrypted communication, that communication is no longer safe and secure. Pursuing this approach is dangerous for everyone, but is especially perilous for journalists, whistleblowers, activists, lawyers, and human rights workers.

If passed, Chat Control would undermine the privacy promises of end-to-end encrypted communication tools, like Signal and WhatsApp. The proposal is so dangerous that Signal has stated it would pull its app out of the EU if Chat Control is passed. Proponents even seem to realize how dangerous this is, because state communications are exempt from this scanning in the latest compromise proposal.

This doesn’t just affect people in the EU, it affects everyone around the world, including in the United States. If platforms decide to stay in the EU, they would be forced to scan the conversation of everyone in the EU. If you’re not in the EU, but you chat with someone who is, then your privacy is compromised too. Passing this proposal would pave the way for authoritarian and tyrannical governments around the world to follow suit with their own demands for access to encrypted communication apps.

Even if you take it in good faith that the government would never do anything wrong with this power, events like Salt Typhoon show there’s no such thing as a system that’s only for the “good guys.”

Despite strong opposition, Denmark is pushing forward and taking its current proposal to the Justice and Home Affairs Council meeting on October 14th.

We urge the Danish Presidency to drop its push for scanning our private communication and consider fundamental rights concerns. Any draft that compromises end-to-end encryption and permits scanning of our private communication should be blocked or voted down.

Phones and laptops must work for the users who own them, not act as “bugs in our pockets” in the service of governments, foreign or domestic. The mass scanning of everything on our devices is invasive, untenable, and must be rejected.

Republished from the EFF’s Deeplinks blog.

Source: Chat Control Is Back On The Menu In The EU. It Still Must Be Stopped | Techdirt

Microsoft is closing a popular loophole that allowed users to install Windows 11 without a Microsoft account.

The change has appeared in recent Insider builds of Windows 11, indicating it is likely to be included in the production version soon.

Microsoft refers to these loopholes as “known mechanisms” and is talking about local commands in this instance. You can learn all about these in our piece for getting Windows 11 installed with a local account, but suffice to say start ms-cxh:localonly is no more.

“While these mechanisms were often used to bypass Microsoft account setup, they also inadvertently skip critical setup screens, potentially causing users to exit OOBE with a device that is not fully configured for use,” Microsoft said.

“Users will need to complete OOBE with internet and a Microsoft account, to ensure [the] device is set up correctly.”

As far as Redmond is concerned, this is all for the user’s own good. It is also important to note that managed devices are not directly affected, just hardware that users want to get running with Windows 11 without having to deal with a Microsoft Account during setup.

The change is part of Microsoft’s ongoing game of Whac-A-Mole with users trying to find ways of avoiding its online services. In March, it removed the bypassnro.cmd script that allowed users to get through the Windows 11 setup without needing an internet connection. That time, Microsoft said the change was to “enhance security and user experience of Windows 11.”

There remain a number of ways to avoid the Microsoft account requirement during setup, including setting up an unattended installation, but these are more complicated. It is also clear that Microsoft is determined to continue closing loopholes where it can.

It is getting increasingly difficult to use Windows 11 on an unmanaged device without a Microsoft account. Users who don’t want to sign up should perhaps consider whether it’s time to look at an alternative operating system instead.

Source: No account? No Windows 11 for you, says Microsoft • The Register