Decentralized does not mean lack of liability. That's a marketing ploy. P2P filesharers and tor hosted sites are taken to court on the daily because of this one little trick called the IP address. Everything you send has your external IP. It doesn't matter that they "can't prove it was you". Courts have continually upheld that an IP address is grounds for either civil discovery or further criminal investigation. And yes, the court can absolutely compel you to unlock your full disk encrypted MacBook/Linux/bitlocker whatever.

The only reason people en mass can do decentralized is because of the availability of encryption, because VPN's, because companies and software can offer encryption. This legislation and it's precedent would kill the decentralized web. It's not as if Google is going to go broke - they'd be the first to be approved and go on their merry way.

I said P2P, not TOR. With P2P systems you only host your own stuff. So if they want to take someone to court it would be the person with the illegal content on their system... IE. who you want to go after. There is no reason to have to prove anything. Those P2P filesharers that are taken to court are the ones sharing the files, not just random people on the network.

With P2P and Federated systems (encrypted or not), the people hosting the content are breaking the law and are the ones you go after. Just like now (pre Earn-It), where they go after the people posting the files to the central servers and not the central servers themselves.

As a general rule it's unwise to hope for some unintended side effect of bad legislation to solve unrelated problems. The goal of this legislation is surveillance and control. If passed, it will achieve that goal. If it has a side effect of significant number of people starting to use encrypted P2P communication (doubtful imo), they will pass more legislation to make that illegal too, since "child abusers are obviously using P2P encryption now", and most "normal people" don't. And that time it will be even easier than passing the original EARN IT act.

Government overreach must be fought every step of the way, otherwise by the time it finally gets you personally, it will be too late.

Let's not get blinded by our dislike for centralized platforms. This is not the way to solve their problems, this way only creates more problems for people.

Never claimed to hope for the law to pass and that to happen. It was more speculation on what might happen if it did pass.

Regarding them attacking P2P.. IMO they wouldn't be able to attack P2P specifically without attacking encryption in general. There are to many ways to implement P2P using standard encryption technologies. I think they are starting to realize they can't win that fight without losing the larger war and so are attacking privacy from the angles they can get away with. Like corporate interests to avoid lawsuits.

They can certainly, say, ban Apple and Google from hosting such P2P apps in their app stores, then any such apps are useless to most people. They could also go after developers, forcing them to either install backdoors or shut down - see what kind of laws Australia passed about that, as an example.

Remember they only care about most people, they don't need to get every last one of us. Their point is to make default methods of communication unencrypted.

Sites hosted behind Tor do not reveal your external IP address.

Not directly, you still have to contact nodes to get there. Through traffic analysis we can determine the path, or simply the feds can expand their number of nodes. Feds already own a good chunk of the network. Bandwidth and servers are expensive after all. Or even easier make phishing sites that grab your IP through any number of browser technologies. Torbrowser won't be around for long when Firefox becomes another chromium skin.

This is not an accurate description of anything.

- Traffic analysis only works for a global adversary

- Feds would need to control a very sizeable chunk of the network to deanonymize your HS, and you can use your own nodes (also see Vanguard)

- "phishing attacks that grab your IP through any number of browser technologies" obviously do not apply to servers

- If Firefox would end, Tor would obviously have no choice but to re-write it all for Chromium.

Pretty sure the government won't view it that way. It'll be called a loophole and crushed if it gets mainstream. This is the country where sending an HTML GET and receiving response 200 can be prosecuted under the CFAA.

We need a legal environment that explicitly protects encrypted communications, not one where they are are maybe tolerated on the fringe.

This is a different battle. The government has gone after general purpose encryption multiple times and has been beaten back so far. And while this would definitely be a win for that side of things it isn't the same battle and the Earn IT Act is not about encryption in general. It is about encryption in the context of commercial entities and their managed content.

With greater surveillance power and the precedence of passing this bill the government gains the ability to push a stronger one, including one that targets general encryption.

Your intended effect is uncertain at best, I'm not even sure it's going to be a net benefit in the most ideal scenario (losing encryption in commercial setting is at the very least extremely inefficient), and there would certainly be high costs to the society until that materializes. At worst it would never materialize.

You're effectively advocating to take a very high risk to liberty and privacy for some very wishful thinking.

I'm sorry I didn't make this clear enough. I don't want this to happen, I'm just speculation that it could have side effects that are helpful to parts of the community that would like to see less reliance on centralized systems. I'm not saying that is worth the tradeoff, because I don't think it is. Just interesting.

Regarding the point that this could/would lead to an attack on general encryption, IMO I think they are doing this more because they are beginning to understand that they can't attack general purpose encryption head on. It is needed in to many places to make it illegal. So they are attacking it from the sides, through corporate interests.