Hi everyone.
I’m curious to understand what could happened to simpleX if the new “security” plan in EU gets voted?
Because I’m not versed enough with the political and legal wording in thoses papers I’ve got a hard time to actually understand.
- Will simpleX be obligated to comply?
- Will simpleX retire from EU?
- Would It be illegal to use simpleX if the bill passes?
- Could we still use simpleX with a proxy/VPN from a country outside of EU?
- …
I’m genuinely concerned about what I’m reading here and there on lemmy… I hope someone could give me some interesting point of view.
Thanks.
I believe it had to do with the size of SimpleX (fewer than X employees, or fewer than Y users). I can’t fully remember, but I asked about it on Reddit (which I think I probably deleted when I switched to Lemmy).
It would likely be similar to a GDPR violation. The server would have to be reported and investigated, and then a fine will be levied. We will have to wait until we see the final version of the law to be certain, however. SimpleX has new “private routing” servers, which hide your IP address from the SimpleX relays, so perhaps if those become self-hostable, it will be better than a VPN (here’s another blog post about that). It would also be incredibly hard to enforce, because the private routing server itself doesn’t encrypt your messages, and the SimpleX network has no way of knowing the request came from the EU. That’s very much a legal grey area, and I’m not a lawyer, so I don’t know how things would actually work out. I still think that using SimpleX’s private routing servers would likely not work (since for compliance, my belief is that there would still be IP based blocking), but it’s hard to say.
The other side to this is that all encryption happens on the device (hence why SimpleX is safe even on compromised servers, something detailed in their whitepaper if you’re interested), so it may just be that downloads are blocked in the EU. Again, it will depend on the final version of the law, and I’m not a lawyer, so this is all speculation. Since all the SimpleX servers do is transport one already encrypted message to some other endpoint, it may be no issue for them to operate as normal. The law may require that the app checks your location before you can send a message however, in which case I’m not sure how things would be handled. The app could either check your IP address (bypassable by VPN), or check your location (bypassable by location spoofing). Regardless of which it would use, I find it likely that you will simply be denied the ability to send files (as I believe this law only pertains to files, not all messages?).
Hopefully this law doesn’t pass, but if it does, all of this will likely depend on the final version of the law. It could very well be that SimpleX is unaffected due to exemption, as with chat control in the UK.
It seems that you have gotten a response from a SimpleX contributor that confirms that they can’t really say what exactly the law passing would mean for SimpleX. It’s far too difficult to predict the wording of the law, and it could change at any point, so trying to prepare in advance isn’t a realistic option. SimpleX will likely release a blog post shortly after the law passes (if it does) detailing what it will mean for SimpleX. I’d keep an eye on https://simplex.chat/blog/. It’s a difficult situation from a legal standpoint, so this whole thing is really hard to say anything definitive about.