I just got this in my Tuta email. If you want the details, you should look at it, I’m just offering a summary.

France is about to pass the worst surveillance law in the EU. We must stop them now!

Two things jumped out at me. The first is that the French legislature is doing what legislatures periodically attempt - to compel software companies to provide law enforcement back doors. This NEVER works, intentional weaknesses are always exploited, it’s just a matter of time. And given the behavior of the U.S. this last week, it’s surprising to see ANYONE trying to implement this.

The second one was a bit surprising

Both mention the quantum-safe encrypted chat app Signal as a means to protect all communication, not just highly sensitive messages.

I put up Post Quantum Cryptography Reading for myself five months ago and I noted that there are post-quantum algos in an OpenSSL build, but this code is not yet mainstream. Hearing the Signal has also gone quantum resistant is not unexpected, but why did I have to read about it in a Tuta advocacy email?

If you’re scratching your head on “post quantum”, the use of quantum processors can plow through encrypted communications in minutes that might take millions of years with even our fastest supercomputers. You don’t need to have a quantum processor to fight this off, you just need some clever new algorithms in the software on the devices you use. If your cryptographic libraries have things like CRYSTALS, Falcon, and SPHINCS+ in them … you are as safe as the skill of the developer(s) using those libraries. That’s pretty safe for a front line app like Signal, less so for hobby projects. Cryptography isn’t magic, those algos are complex, powerful tools, and if developers misuse them, you could get bit.

Conclusion:

Maybe some day a convergence of really repressive governments might break cryptography in commonly used commercial applications. That means the apps in your phones store will all respect the man. If you’re running a FOSS operating system, you can download whatever, install it, and it won’t have those misfeatures.

But that eliminates 98% of people having access to safe software. We’ve been through this periodically since the 1990s, a government tries to overreach, then Theo de Raadt flicks one finger like Laura Moon straightening out Mad Sweeney, and the world goes back to the way it was.

When the day comes that using Signal ( WHICH MEANS RELAYING YOUR CALLS ) becomes unsafe, I’ll have some suggestions here on what to do. You’ll need to take others by the hand and lead them to safety. But we’re nowhere near that yet, so relax, keep urging your people to get Signal installed and set up a name so they can keep their number hidden.