davidchisnall / banning-e2ee-is-stupid Goto Github PK

Is it possible that, if a censorship third party gets a way to distinguish cleartext messages and encrypted messages underneath the message exchange platform, they may be able to infer that someone is doing something interesting. (And, they simply block it). For example, the following observation comes from a firewall technology:

We find that, instead of directly defining what fully encrypted traffic is, the censor applies crude but efficient heuristics to exempt traffic that is unlikely to be fully encrypted traffic; it then blocks the remaining non-exempted traffic. These heuristics are based on the fingerprints of common protocols, the fraction of set bits, and the number, fraction, and position of printable ASCII characters.

https://www.usenix.org/conference/usenixsecurity23/presentation/wu-mingshi

Nice write-up and sample implementation. One issue I foresee is that in the event e2ee is banned, anyone found to be using it in any form (including this one) is:
A) Automatically suspect of being up to no good, possibly providing probable cause (excuse) for point B.
B) Subject to being arrested/detained/beaten with a rubber hose/etc. - actual details depending on regime in power and whoever you find yourself in the hands of.

So much like the DMCA - sure you can bypass the rule by technical means, but doing so will itself be illegal and subject to punishment.

Having given the FBI//MI5/moral equivalent in your country probable cause, they may react with a warrant, confiscate all of your electronic devices and let you sit in limbo for years wondering if you will be charged with anything. Not fun, even if they don't beat you or lock you up.

QED: We're all screwed.