How would PGP help in the long run? If client side scanning is mandated for everything then the natural place for it to wind up is in the OS. Once your OS is scanning all the things, your privacy is finished - pretty good or otherwise.

You can run the forbidden Linux software on legacy hardware.

Of course, all new hardware will have hardcoded firmware scanning the DRM’d keyboard controller.

In fact, proprietary OSes already phone home so often it's just mind blowing. On the mobile camp, only GrapheneOS and niche Linux distributions like SailfishOS are quiet if you inspect network traffic. The tools for client-side scanning are there, it's quite easy to implement total control.

Microsoft has been pushing Recall for a while now. Clearly they will make it a cornerstone feature, potentially without the ability to opt out.

> If client side scanning is mandated for everything then the natural place for it to wind up is in the OS. Once your OS is scanning all the things, your privacy is finished - pretty good or otherwise.

An air gap can solve that problem:

1. Create an illegal message on a machine with no internet.

2. Encrypt the message.

3. Copy the encrypted message over to a machine that does have internet.

4. Send it.

Tinfoil Chat does that (and more).

https://github.com/maqp/tfc

Perhaps it’d go that way.

But the chat control proposal specifically involves forcing the makers of messaging apps to scan the contents of messages.

PGP remains very relevant under those current proposals.

In that case you could an Arduino, Raspberry Pi, or similar to write and convert the message. The converted msg can then be sent over USB, wifi, etc to the computer

Right, and then Chat Control looks at the encrypted text and goes "oh huh this looks encrypted and suspicious, let's put this user on a list for closer inspection" or eventually just refuses to let you send the message at all. Steganography is hard and it will be very difficult to hide that you're sending encrypted messages.

But how do we then protect our messages to less tech savvy people? Encryption must be effortless and usable by the masses, or it will be almost pointless.

If Chat Control passes, then encryption will not be effortless and usable by the masses, that's the whole point. Basic encrypted chat will be on the level of Snowden trying to communicate with the journalists back in the days – only possible if both parties are willing to go to lengths.

PGP will never ever see mass adoption. It's too complicated and nothing will fix that. If chat control succeeds, a handful of nerds might be able to protect their comms, but mass encryption as we have it today will be dead. I like how nobody can read my chats with my mom or my landlord and would prefer it stays that way. The average user simply does not care enough to jump through a single additional hoop.

But isn't that what makes it so absurd? The people that this supposedly targets will then become "nerds" and use PGP for their messaging, while the majority of people not discussing illegal activities will just suffer from worse security.

I expect that a large portion of the actually – not supposedly – targeted demographic will still not care or know how to set up encrypted comms, and I guess the EP also expects them not to. If someone actually wants to evade CSAR, they probably would know how to (and if not, all the better).

> Otherwise, PGP might become cool

People need convenient access to PGP. If their App Store removes all PGP apps then they might have to upload their privatekey to a PWA. And then no one's any better off.

If the everyman is forced to choose between being surveilled or using PGP, I reckon I know what he'd choose regardless.

There's no reason email clients can't make PGP keys easy, proton actually makes it quite easy to add a PGP key for an email address.

Nobody ever talks about S/MIME, but it's the corporate version of PGP/GPG for mail. Apple made it dead easy to use S/MIME encryption. Most vendors do, because it's still a requirement for some government purchasing (DoD is moving away from it). I was honestly and pleasantly surprised how easy it was to use S/MIME with the built-in mail programs on macOS and iOS/iPadOS, and I'm a bit surprised that Apple didn't just automate an S/MIME key for every iCloud mail user.

What's the new standard that the DoD requires for secure communication with contractors?

Does Proton allow you to use any email client? Last I checked IMAP and SMTP is disabled and you're captive in their webmail or official client unless you pay for their bridge software.

Which makes this post ironic https://proton.me/blog/what-is-an-email-client

I use Thunderbird to access my Proton Mail. They have an app called Proton Mail Bridge that allows you to access it via IMAP or SMTP.

https://proton.me/mail/bridge

Edit: Missed the paid part in you message. Yeah, I have a paid account.

There's no reason Chat Control can't mandate scanning in email apps, either.

And what's stopping the government from forcing proton to hand over private keys or else?

"or I bet that there will be new ways to chat without mass surveillance."

In a way I am fatalistic about it now/see the good in the bad. If this really comes one day, it will be a great push for decentraliced anonymous communication networks again.