the fact that Apple and Google are both lobbying hard against the EU's Digital Markets Act (DMA) gives me the sense that it's working as intended#apple #google #DMA #EU
Uncategorized
16
Posts
4
Posters
41
Views
-
-
-
@heals @ainmosni points 9 and 10 contain the relevant text and are described here: https://www.eu-digital-markets-act.com/Digital_Markets_Act_Article_6.html
-
@heals @ainmosni points 9 and 10 contain the relevant text and are described here: https://www.eu-digital-markets-act.com/Digital_Markets_Act_Article_6.html
@ansuz so lets say I use an e2ee encrypted messenger and the provider of that messenger thus cannot read or decrypt my messages.
They could under that clause request realtime access to data generated by the platform core service used for push notifications / device notifications for their app - which are generally displayed to me unencrypted and tada, e2ee and at the same time readable plaintext for the provider of the messenger?
I know that’ll imply a certain degree of bad intent from the provider but reading over article 9 it also sounds entirely within the realm of things you’d be allowed to do unless you anyone can prove that all notifications would classify as personally identifiable data that needs my permission to collect and process?
/cc @ainmosni
-
@ansuz so lets say I use an e2ee encrypted messenger and the provider of that messenger thus cannot read or decrypt my messages.
They could under that clause request realtime access to data generated by the platform core service used for push notifications / device notifications for their app - which are generally displayed to me unencrypted and tada, e2ee and at the same time readable plaintext for the provider of the messenger?
I know that’ll imply a certain degree of bad intent from the provider but reading over article 9 it also sounds entirely within the realm of things you’d be allowed to do unless you anyone can prove that all notifications would classify as personally identifiable data that needs my permission to collect and process?
/cc @ainmosni
-
-
@ansuz the notification provider isn’t able to decrypt your messages - that’s the catch. The messenger on your device can decrypt the message and send a local notification for you which normally none else can access 😅
As for the consent - yeah that’s the grey area here.. Notifications is a core service but access to that data shouldn’t be allowed to anyone really.
But it’s hard to say if all of the messages you get would classify as personal data (think things like WhatsApp news broadcasts) but generally they can’t be classified either without scanning the content and then we spin in a nasty circle 😐The DMA has its good ideas - no arguing on that- but certain areas still feel problematic / not completely thought through (like scope of application.. gatekeepers are obligated, non gatekeepers aren’t.. why not apply it equally to all businesses that provide comparable services or technologies?)
-
@ansuz the notification provider isn’t able to decrypt your messages - that’s the catch. The messenger on your device can decrypt the message and send a local notification for you which normally none else can access 😅
As for the consent - yeah that’s the grey area here.. Notifications is a core service but access to that data shouldn’t be allowed to anyone really.
But it’s hard to say if all of the messages you get would classify as personal data (think things like WhatsApp news broadcasts) but generally they can’t be classified either without scanning the content and then we spin in a nasty circle 😐The DMA has its good ideas - no arguing on that- but certain areas still feel problematic / not completely thought through (like scope of application.. gatekeepers are obligated, non gatekeepers aren’t.. why not apply it equally to all businesses that provide comparable services or technologies?)
@heals I understand the distinction, but if there's a chance of notification contents leaving the device then consent is required. That's what I meant by exfiltration. If that's the default then I think it's unfair to call such systems e2ee, regardless of the messenger's encryption, because as a system it fails to meet such guarantees.
I think the issues you're raising will largely come down to how the DMA is enforced. Many of the initial interpretations of the GDPR were wildly incorrect as well, and it took years of legal cases to show that such creative interpretations of its text were very illegal.
I expect that's what we'll see over the next few years as long as lobbying like this does not prompt any concessions from legislators.
-
@heals I understand the distinction, but if there's a chance of notification contents leaving the device then consent is required. That's what I meant by exfiltration. If that's the default then I think it's unfair to call such systems e2ee, regardless of the messenger's encryption, because as a system it fails to meet such guarantees.
I think the issues you're raising will largely come down to how the DMA is enforced. Many of the initial interpretations of the GDPR were wildly incorrect as well, and it took years of legal cases to show that such creative interpretations of its text were very illegal.
I expect that's what we'll see over the next few years as long as lobbying like this does not prompt any concessions from legislators.
@ansuz I’m afraid to wait and see..
The base idea of the DMA is nice but the EU being the EU they always backe things into laws that aren’t fully cooked and it takes the years you mention just to realise that and maybe amend / fix things (not including the GDPR, that one was actually nicely done).
It’s scary to think that the same people are on a happy course to kick-off ChatControl and feel great about it
:( -
@ansuz I’m afraid to wait and see..
The base idea of the DMA is nice but the EU being the EU they always backe things into laws that aren’t fully cooked and it takes the years you mention just to realise that and maybe amend / fix things (not including the GDPR, that one was actually nicely done).
It’s scary to think that the same people are on a happy course to kick-off ChatControl and feel great about it
:(@heals I think they tend to be more clear about the spirit of their laws than the exact text. the problems arise when American corporations do their best bad-faith interpretation of the text while ignoring the stated intentions of the laws, because that's closer to how the US legal system works 🤷 if you just keep in mind what such laws were supposed to accomplish when interpreting them, none of the rulings have really been that surprising.
chatcontrol seems to me like a special beast because it has strong ties to American lobbyists that are in its favour, rather than being intended as a way to regulate them. it's also different in that constitutional lawyers have said will be illegal according to existing law even if legislated, so at least there's that
-
undefined oblomov@sociale.network shared this topic on
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@dneary how would you know if you didn't
-
-
@levelbot I bet
-
@murph I just compared two!
-
@jason welp, that's the wildest thing I've ever heard, but ok
-
@evan You learn something new every day!
-
@gubi
Ma quale opinione?
CHI CAZZO È ENTRATO IN UCRAINA CON L'ESERCITO?
Perché se sei pacifista una invasione non la giustifichi MAI.
È la Russia che ha smesso la diplomazia e invaso.
È un fatto.
E non è la prima volta nella storia.
Da Praga ai tempi di usrr a cecenia georgia etc più recenti.
Ha politica di invasione imperialista.
È un fatto.
-
dubstep levels are currently at 26% but fluctuating wildly
(26%) ■■□□□□□□□□
