It’s also important to understand that no one technology can be a panacea. ECH works alongside other security and privacy features in Firefox, including DNS-over-HTTPS (DoH). DoH encrypts DNS queries to protect the translation of website names to IP addresses, which ensures that website names aren’t visible to the network in DNS traffic and is essential for ECH to be effective.
DoH alone should prevent DNS blockages, ECH would also prevent packet inspection revealing the domain.
This means that whenever a user visits a website on Cloudflare that has ECH enabled, no one except for the user, Cloudflare, and the website owner will be able to determine which website was visited.
“Count Dracula rises but once every century, and my role is over. But if I were to resurrect him, the battle would last for eternity!” - some asshole named Richter Belmont
Some asshole is going to use this to protect a website hosting CSAM. So the governments will use that as an excuse to use more invasive filters.
Newer, stricter, powerful filter is approved unanimously by the parliament.
Once the more invasive filters are set up, they can use them to block piracy websites, soccer streams, online gambling sites (but only if they didn’t pay the taxes), online trading sites, then they will think “hey this website has a lot of fake news”
, let’s block that too", then “you know what? We should block porn too”, then “this block is really effective, we should block violent websites”, then “that page on Wikipedia is smearing the government, block that”, and go on
The blocking well just be pushed to cloudflare and other DNS providers. Sure there well be ways around it but for the vast majority of people just use defaults.
The fun thing is, that those filters cannot work.
The request begins with a normal looking https request to a non illegal (DNS) server. Then comes the secure handshake with one of the many cloudflare IPs and then the connection goes on like that.
The only way of stopping or recognizing this traffic at this point is via the IP. So they would have to ban all cloudflare IPs to block that and no western politician will survive that.
Those filters would only work on small sites that don’t use cloudflare, since then you might have a small number of static IPs.
And they way to report illegal sites is there. You just write cloudflare and they will most certainly deal with the CSAM.
Just make a law that states, in order to protect the citizenship from the dangers of CSAM, it’s illegal to use protocols like this or can’t operate in the country. Make a smear campaign to appease public opinion to say that cloudflare is helping hide CSAM sites.
Once this first step is done, the road to stricter filters for any other use is paved
All the filters that are used in Europe to block illegal soccer streams within 30 minutes or to block those dangerous gambling sites (just because they don’t pay taxes, not because of actual concern) are all coming from a “we need to find a way to block CSAM”, then “we already have the tech, we should apply them also to other stuff”
They can’t block or filter it because they can’t discern between https requests that do or don’t use ECH. Sure they can make it illegal but it would be completely unenforceable.
tl;dr europol people said they might want to get the scanned (chat) data (proposed in a new set of laws to prevent csa and grooming and find csam) without any limitations on the data and no restrictions on how they can use it
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !piracy@lemmy.dbzer0.com
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
How does this work against DNS blocks? I assume if you use your ISPs DNS server and they block that domain ECH won’t help
ECH is supposed to be used alongside DoH.
https://blog.mozilla.org/en/products/firefox/encrypted-hello/
DoH alone should prevent DNS blockages, ECH would also prevent packet inspection revealing the domain.
In that case use some other DNS server.
yo have to use cloudflare dns for it to work, not sure, but maybe you can use an external DoH DNS server, haven’t tried that
It hurts itself in confusion
I assume they meant to write privacy there because I can’t imagine enhanced piracy was intended
Lmao
Corporate: there just aren’t enough pirates anymore!
Can’t blame quarterly losses on pirates if there aren’t any….
“Count Dracula rises but once every century, and my role is over. But if I were to resurrect him, the battle would last for eternity!” - some asshole named Richter Belmont
Some asshole is going to use this to protect a website hosting CSAM. So the governments will use that as an excuse to use more invasive filters.
Newer, stricter, powerful filter is approved unanimously by the parliament.
Once the more invasive filters are set up, they can use them to block piracy websites, soccer streams, online gambling sites (but only if they didn’t pay the taxes), online trading sites, then they will think “hey this website has a lot of fake news” , let’s block that too", then “you know what? We should block porn too”, then “this block is really effective, we should block violent websites”, then “that page on Wikipedia is smearing the government, block that”, and go on
The blocking well just be pushed to cloudflare and other DNS providers. Sure there well be ways around it but for the vast majority of people just use defaults.
The fun thing is, that those filters cannot work.
The request begins with a normal looking https request to a non illegal (DNS) server. Then comes the secure handshake with one of the many cloudflare IPs and then the connection goes on like that.
The only way of stopping or recognizing this traffic at this point is via the IP. So they would have to ban all cloudflare IPs to block that and no western politician will survive that.
Those filters would only work on small sites that don’t use cloudflare, since then you might have a small number of static IPs.
And they way to report illegal sites is there. You just write cloudflare and they will most certainly deal with the CSAM.
Just make a law that states, in order to protect the citizenship from the dangers of CSAM, it’s illegal to use protocols like this or can’t operate in the country. Make a smear campaign to appease public opinion to say that cloudflare is helping hide CSAM sites.
Once this first step is done, the road to stricter filters for any other use is paved
All the filters that are used in Europe to block illegal soccer streams within 30 minutes or to block those dangerous gambling sites (just because they don’t pay taxes, not because of actual concern) are all coming from a “we need to find a way to block CSAM”, then “we already have the tech, we should apply them also to other stuff”
They can’t block or filter it because they can’t discern between https requests that do or don’t use ECH. Sure they can make it illegal but it would be completely unenforceable.
Already happening: (german article) https://netzpolitik.org/2023/interne-dokumente-europol-will-chatkontrolle-daten-unbegrenzt-sammeln/
tl;dr europol people said they might want to get the scanned (chat) data (proposed in a new set of laws to prevent csa and grooming and find csam) without any limitations on the data and no restrictions on how they can use it
100% it would then change “we should also use this for other crimes”
… that is basically what they said
yes, it’s because i agreed with that
Cloudfare is very seriou about CSAM so I dont think that will happen.
The actual title: “Encrypted Client Hello (ECH) Effectively Defeats Pirate Site Blocking”