Indeed! Meanwhile our government (the Netherlands) tells their employees to use Signal. Good luck telling your forces in the Middle East: "Please use this app that has breakable encryption, but it's not breakable by the bad guys, at least, we are 98% certain they can't break it. Also, we're pretty sure the master key never leaked. Yeah we know how that went for the New York subway but we are better. It's fine, don't whine, even if they break the encryption, they don't understand your Dutch conversations with your loved ones anyway. I mean, what have we got to hide anyway."
To be honest, I much prefer the French government's way, where they are transitioning to Matrix and running their own server.
That way they aren't beholden to any organization other than themselves.
In general I think it would be great if the EU made it a directive* to national governments to prefer open source.
Imagine, a world where the entire EU runs on an EU-customized version of Ubuntu/Fedora, office work being done in Libreoffice, messaging done in Matrix. The support contracts would run in the hundreds of millions and be a huge boost to the improvement of said software. Not to mention some internal IT teams would probably be contributing patches for their specific use cases and bugs.
* I am aware the EU has relatively little power to enforce such a thing.
I would highly prefer that as well, in fact it would make me very happy! It gives a lot of credence to a project if a government starts to use it. It would be good if they performed transparent security audits as well. Like the Dutch the French have also rejected back-doors [0] in the past but like the Dutch, the French also sometimes say dangerous things [1].
Encryption used to be classed as a military munitions, and as such was illegal to export.
It will probably revert to that status if this kind of law is put into effect, and used for governments/military with impunity but disallowed for civilians.
Here in the US, I think we seriously need to capitalize on the 2A crowd. Encryption is a purely defensive weapon, like a shield. It can't actively damage or harm anyone else, but it is a critical means of protection in the modern world. We need the 2A people to understand that it both protects the privacy and security of our digital homes and lives, as well as serving as a check on the power of abusive governments, which are both of the purposes that traditional weapons under the 2A protect.
They are probably thinking of the MBTA CharlieCard[0][1], which was cracked by MIT students. The MBTA sued them to try to keep them from presenting their research at DEFCON.
That does actually make more sense, given the OP’s comment about master keys leaking. I remembered the CharlieCard thing because it was a pretty big deal at the time, and I couldn’t find anything relevant about MTA when I searched, so assumed it was a misremembering since this all happened over a decade ago. Thanks for the link! (I wonder what the outcome was of New York’s audit…)
You can still get an anonymous card [1], along with paper cards from a machine, and printed e-tickets. So I would not say that travelling anonymously is becoming impossible, but rather that the current method is a lot more convenient for most, and thus the most known one.
The card is anonymous, but loading it with money is not, at least not in practice - most machines I've encountered only accept Maestro/VPay (which is an improvement over PIN, as they are marginally available in other countries, but they are also tied to your identity), so you are left with the service points at major train stations at best. Exceptions were more common in the Strippenkaart era.
At least that was the situation by late 2019/early 2020, as I have not been able to travel to Randstad since then for rather obvious reasons.
Thanks for pointing this out. I didn't know about that. My experience was like that: one day I could buy transport card by cash, the other day the driver informed that I cannot but tickets by cash anymore.
Yeah there is that wish to go away from cash but we also had this: [0, from 2016]. I hope we will have more privacy oriented fintech companies soon, indeed it may swing the wrong way. It depends a bit on the ruling parties (we have many and they have to form a coalition.)
Can you elaborate on that term? We are talking here about digital payments, right? (where usually more than 3 parties involved in this process) How are you gonna make sure the whole transaction is not traceable back to you?
this phrase is an oxymoron. Banks need to monitor, track, report activities. Central banks 'siphon' all transactions every day/week/month, so they can cross reference that Henry Bemis made in total $100m transactions today even if he used 50 different banks. A single bank can only track/monitor for AML its own clients. Central Banks can do that. Tax authorities can tap into bank's data.
Side note: There is no such thing as privacy when you use a card. The only thing that 'protects' you is that your bank won't sell your data to Facebook. But NatWest banking app DOES talk to FB when you fire it up... so... at least they don't tell FB (yet) everything you do.
Specific institutions, like finance, need to be able to discern your identity in some way in order to remain viable economic institutions. Provenance of monies can be a big question, and an important one, when dealing with people who spend their time in financial crime. If financial institutions could use a technology that is similar to PGP that maintains an identity without needing to reveal who you are, to me this is privacy. There's obvious exceptions to that, but generally I think it's a good idea given that one of the major ways merchandisers collect data on you is via transactions.
Banks (and similar orgs) have a term for this. It is called "KYC" Know Your Customer. That includes all your data (the ones they have, the ones you provide - e.g. address, tax/payroll records if you want to apply for a loan and they ask source of income, etc.) When you talk to a "relationship manager" be certain that (if they are any good at their job) what you tell them is recorded and stays in your file.
This has also a positive side. E.g. I never shop shoes online. So my bank called me one fine afternoon because someone used my card number to buy shoes. That store only sells women's shoes (I am a man). This was not consistent with my "profile" (of course I have one) and they cancelled the transactions, refunded the money, notified VISA and merchant, and called me to tell me that they will see the transactions on my logs (-50, -100, -150 and then +50, +100, +150).
I expect and demand that from my bank, but not from Facebook: "hey why aren't you in your typical pizza resto and you went across the street?"
This is interesting use case but has nothing to do with invasive KYC (as done by banks), the same anomaly detection and follow up could be done if you were some random identifier “Joe” with any contact detail (email, phone number, telegram handle, ...)
It will always be traceable and you can see that many fintecht companies that make things easier (like bunq and N26) also catch a lot of attention from bad guys and at the same time seem to freeze quite some accounts based on suspicious activity (I see that on the forums, I think there are a lot of false positives as well). A lot of "Whatsapp fraud money" seems to move through these companies, no wonder because with some you can get several cards activated immediately, funnel money through hopeless people's accounts into bitcoin exchanges or cash and it's gone.
Anyway, we can only hope they won't outlaw cryptocurrencies to have a glimmer of hope for anonymous payment in the future.
