The NSA called it counter-terrorism. The EU called it child safety. Same mechanism. Different label.

You've seen this before. Not in Europe. In America. In 2013.

Edward Snowden walked out of the NSA with 1.5 million documents and showed the world that the United States government was running PRISM — a mass surveillance program that collected emails, chats, search histories, and phone calls from hundreds of millions of people. The justification? Counter-terrorism. The keywords that triggered alerts? Nobody knows. The oversight? None you could see.

Chat Control is the European version of the same idea. Different decade. Different justification. Same mechanism: scan everything, flag keywords, trust the government to use it responsibly.

The EU tried it. And on March 26, 2026, it failed. By one vote.

❓ What is Chat Control?

Chat Control is the nickname for the EU's Child Sexual Abuse Regulation (CSAR), first proposed by the European Commission in May 2022. The stated goal was to fight child sexual abuse material online. Nobody argues with that goal.

The problem was the method. Chat Control would have required every messaging platform — Signal, WhatsApp, Telegram, iMessage, email — to scan every private message before it was sent. Every photo. Every video. Every word.

This is called client-side scanning. Your device does the checking before the message is encrypted. The message leaves your phone clean. But the scan has already happened. Your phone already reported on you.

Cryptographers and security experts called it what it is: a backdoor. Not a metaphorical backdoor. A literal architectural backdoor built into every encrypted messaging app on the continent.

❓ What happened on March 26, 2026?

The EU Parliament voted to reject extending the temporary law that had been allowing platforms to voluntarily scan private messages. That temporary exemption — called the ePrivacy derogation — expired on April 3, 2026.

The critical amendment passed by one vote. One. A single MEP changed the result. Without that vote, voluntary mass scanning of European private messages would have continued legally for years.

The Electronic Frontier Foundation called it a real win for privacy. But they also said: don't celebrate yet.

❓ Why does Chat Control keep coming back?

This is the third time Chat Control has been blocked. And it keeps returning because the political logic behind it never goes away.

Governments don't like things they can't see. Encrypted messages are things governments can't see. Every time a new justification appears — terrorism, child safety, organised crime — the same proposal returns with a new label.

The Fight Chat Control campaign put it clearly: this is a zombie proposal. You can vote it down. You can let the temporary law expire. But the underlying desire — to scan your private messages — doesn't die.

And here's the thing that doesn't make the news: even while the mandatory version was being blocked, Google, Meta, Microsoft, and Snap signed a joint statement saying they would continue voluntary scanning of their platforms. Voluntary. Without legal requirement. Because they want to.

That's the part worth worrying about.

❓ What does PRISM have to do with this?

Everything.

PRISM was the NSA's mass surveillance program revealed by Edward Snowden in June 2013. It collected data from Google, Facebook, Microsoft, Apple, Yahoo, Skype, YouTube, and AOL. It ran keyword alerts. It flagged conversations. It stored metadata on hundreds of millions of people who had never been suspected of anything.

The NSA said: terrorism. The EU said: child safety.

Same architecture. Same keyword scanning. Same centralised flagging. Same reliance on trusting that the authority scanning your messages will only use the data for the stated purpose.

History shows they never do. Privacy International has documented case after case where surveillance tools built for one purpose were quietly extended to another. Tax evasion. Immigration. Political dissent. Journalism.

The justification changes. The infrastructure stays.

❓ Why are Signal, WhatsApp, and Telegram vulnerable to Chat Control?

Because they all have a phone number at the door.

Signal requires a phone number to register. Your phone number is your real identity. It links to your carrier. Your carrier links to your name and address. Your name and address link to everything else.

WhatsApp requires a phone number. WhatsApp is owned by Meta. Meta has repeatedly complied with government data requests in documented cases. Meta's voluntary scanning commitments mean your data is being processed even without a legal requirement.

Telegram requires a phone number. Telegram runs on central servers. Telegram handed over user IP addresses to German authorities in 2024. Telegram stores your data. Telegram can be subpoenaed.

Client-side scanning works by scanning on your device before encryption. If you use any app that has your phone number and runs on central servers, that scan can be implemented. The platform knows who you are. The scan result gets reported back.

Identity plus centralisation equals scannability.

❓ Why is Z-TEXT immune to Chat Control?

Z-TEXT has no phone number. No email. No central server. No company database with your identity. No platform that can be ordered to implement scanning.

Z-TEXT is a 3-in-1 privacy app built on the BitcoinZ blockchain. Your identity on Z-TEXT is a cryptographic z-address — a shielded address protected by zk-SNARKs zero-knowledge proofs. Nobody can link that address to a person. Not a company. Not a government.

Z-TEXT messages travel as shielded transactions on a public blockchain. The transaction exists. The content does not. The sender is invisible. The recipient is invisible. The metadata is zero.

Chat Control requires a platform to implement scanning. Z-TEXT is not a platform. Z-TEXT is a protocol on a decentralised blockchain. There is no company to receive the order. There is no server to run the scan on. There is no phone number to link the result to a person.

Z-TEXT wasn't designed to resist Chat Control. Z-TEXT was designed to have no data at all. Resisting Chat Control is just a side effect of having nothing to hand over.

❓ What should I do right now?

Three things.

First: understand that Chat Control is not dead. It's paused. The underlying CSAR proposal is still in negotiation. Age verification requirements are still on the table. Every three years the mandatory scanning clause gets reviewed. The Access Now team is watching this closely. So is the Electronic Frontier Foundation. You should be watching too.

Second: stop using messengers that have a phone number at the door. That phone number is the key that makes scanning work. Without it, the scan result can't be linked back to you. With it, you're already identified.

Third: think about what messenger you'd use if Chat Control passed tomorrow. Not what you use today. What you'd switch to when the law changes. The answer should already be installed on your phone.

🔗 Also read:   Signal vs Z-TEXT  ·  WhatsApp vs Z-TEXT  ·  Session vs Z-TEXT  ·  Telegram vs Z-TEXT  ·  Metadata Kills Privacy  ·  Three Stories. One Week.

FREEDOM BY PRIVACY · Z-TEXT · BUILT ON BITCOINZ SINCE 2017