this post was submitted on 07 Dec 2023
134 points (90.4% liked)

Technology

60021 readers
3392 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 38 points 1 year ago (1 children)

Great! But, let's remember this is Facebook after all, so... πŸ€·β€β™‚οΈ

[–] JeeBaiChow 21 points 1 year ago (2 children)

...they'll skim the metadata after client-side decryption while on its way to presentation?

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago)
[–] [email protected] 9 points 1 year ago (2 children)

Hell, why stop at Metadata? The app can see all the data before encrypting and sending

[–] JeeBaiChow 3 points 1 year ago

(taps head) you got it!

[–] [email protected] 3 points 1 year ago

Does it say between which ends is the encryption? Or who manages the keys?

[–] LEDZeppelin 32 points 1 year ago

Fuck facebook

[–] [email protected] 30 points 1 year ago (2 children)
[–] [email protected] 17 points 1 year ago* (last edited 1 year ago)

It's end-to-end-to-end encryption.

Your data is now encrypted while they mine it.

[–] [email protected] 4 points 1 year ago (28 children)

Well WhatsApp already has it

[–] CaptainSpaceman 5 points 1 year ago

Moxie helped WhatsApp integrate the Signal protocol for e2ee, but I dont trust thatt they never implemented any backdoors in their protocol after Moxie was done helping them.

IMO, just use Signal anyways. Fuck Meta

load more comments (27 replies)
[–] GaimDS 21 points 1 year ago (2 children)

I don't believe it for a second ngl 🫠

[–] surewhynotlem 6 points 1 year ago

I believe it, but only as a cost saving measure. By enabling e2ee they can wiggle out of having to deal with warrants and the government. It's about reducing the burden on their data retention and reporting teams.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

I don't believe there's ever been an instance of E2EE Messenger texts being given to law enforcement, whereas there are plenty of instances where Facebook has provided law enforcement with non-encrypted messages after being served a warrant.

Believe what you want, but ignoring the legal liability from blatantly lying like that, there's precisely zero evidence that Messenger's encryption is compromised.

[–] [email protected] 1 points 1 year ago (1 children)

The encryption doesn't have to be compromised when their app does the message scanning before encrypting.

Technically it's still E2EE

[–] [email protected] 2 points 1 year ago (1 children)

Sure, but at that point, it's a legitimate question of what goal you're trying to satisfy with E2EE. This doesn't prevent metadata analysis being used for marketing purposes - and if that's something you're strongly against, that's perfectly fair - but it does make it completely impossible for message content to be provided to law enforcement, even in the face of a warrant. That is hugely powerful, because we've already seen cases of FB Messenger texts being used to go after women who get abortions, just for one example. In countries with truly oppressive governments, that benefit can't be overstated.

Sure, Facebook will try to sell you some shit, but they're not going to send the police to arrest you. Having E2EE is a strict improvement over the status quo, and if you do care deeply about privacy on the more commercial side, there's always Signal or other privacy-first services.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)
[–] [email protected] 1 points 1 year ago (1 children)

Nothing technically would prevent that, but eventually that evidence would end up in public court and the ruse would be up.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)
[–] ElectroVagrant 11 points 1 year ago (1 children)

Personally I'm about as willing to trust this as WhatsApp's end-to-end encryption, given Meta/Facebook's involvement, but thought it was worth keeping folks here apprised of the situation in the corporate space.

[–] [email protected] 2 points 1 year ago (2 children)

Has WhatsApp's encryption ever been shown to not be trustworthy?

Facebook has had to provide law enforcement with FB Messenger texts before after being served a warrant. Are you saying this has also happened with WhatsApp, even though that should be impossible? That's a pretty big claim, so I'd love to see your evidence.

[–] [email protected] 2 points 1 year ago (1 children)
  1. It’s Facebook

  2. It’s closed source

Zero trust from me, not touching any of that

[–] [email protected] 1 points 1 year ago (3 children)

So, no evidence. Gotcha.

For WhatsApp, given how much noise the UK law enforcement has been making about trying to ban encryption, I'm inclined to believe it actually is working. I'm sure Facebook does some metadata analysis and that does feed back into their advertising profiles, but that's a different thing from being able to turn over actual message content that's supposedly been encrypted over to law enforcement.

But hey, if you do find actual evidence, I'm all ears.

[–] [email protected] 2 points 1 year ago (1 children)

I’m not the person you responded to, so I made no claims that need any evidence.

I just love shitting on fucking rubbish Facebook and will do so online at any point possible.

Fuck yo evidence and fuck yo Facebook

[–] [email protected] 1 points 1 year ago (1 children)

Most people don't so openly state that they don't care about facts or evidence and form their beliefs primarily from vibes, so thanks for at least being upfront about it.

load more comments (2 replies)
[–] ElectroVagrant 2 points 1 year ago

To my knowledge, it hasn't, but that's not the main point of my comment so much as expressing my distrust of the parent company. In that respect, no, I'm not aiming to make a claim that Meta/Facebook have had to disclose messages from WhatsApp to law enforcement and essentially undermine its end-to-end-encryption.

Nevertheless, I think it's reasonable and fair to be suspicious of Meta/Facebook given its history of questionable actions concerning people's data. They're in the business of using people's data for marketing/advertising purposes, not safeguarding it, after all.

[–] [email protected] 11 points 1 year ago (3 children)

Is it going to be like Whatsapp end-to-end encryption where they just rolled out a 4-digit pincode for "backups" on their servers as the third end?

[–] ElectroVagrant 9 points 1 year ago* (last edited 1 year ago)

It sounds like it, although it looks like it's a 6-digit pin instead from the image in the article.

There's also this additional info directly from Facebook's blog post about all this:

When your chats are upgraded, you will be prompted to set up a recovery method, such as a PIN, so you can restore your messages if you lose, change or add a device.

[–] [email protected] 1 points 1 year ago

WhatsApp is using the Signal protocol for E2EE chats

[–] [email protected] 1 points 1 year ago

Is your issue that it's 4 digits, or something else?

[–] [email protected] 6 points 1 year ago (1 children)

So Facebook, the company that reviews your private messages ( https://money.com/facebook-reviews-private-messages/ ) will let you encrypt your messages to other messenger users (That it also monitors) so that a third party can't get that data without paying them first?

[–] cheese_greater 4 points 1 year ago (1 children)

I mean if its not encrypted, that could only ever be double-speak. If they say its e2ee, I'm sure they're still hoovering metadata but thats a strong claim that requires rigorous implementation thats going to be tested equally rigorously. Still think people should delete the app tho

[–] JeeBaiChow 4 points 1 year ago (1 children)

Rigorous? Not really. The decryption takes place client side in-app, and they simply process it before it hits the display. Just because it's encrypted in transit doesn't mean fb doesn't have ita greasy paws all over it.

[–] cheese_greater 3 points 1 year ago (2 children)

The whole point (arguably) is to avoid another situation like when the girl got nailed for an abortion and the mother got charged with facillitating or something because Facebooks chat records between them were accessible to Facebook -> Government upon request/warrant/etc.

I get Facebook sucks but lets try to think clearly about this. Otherwise I wouldn't be questioning your points but this is a palpable issue that embarassed them and laid bare how dangerous and rickety the whole setup was

load more comments (2 replies)
[–] jacktherippah 2 points 1 year ago

Ah yes, we do end to end encryption bro! Trust me bro!

[–] [email protected] 1 points 1 year ago

This is the best summary I could come up with:


Meta is rolling out end-to-end encryption for one-on-one chats and calls on Messenger, finally fulfilling a promise that’s been in the works for quite awhile.

β€œOur engineers, cryptographers, designers, policy experts and product managers have worked tirelessly to rebuild Messenger features from the ground up.”

According to Crisan, you won’t sacrifice Messenger features when using encrypted chats, so you’ll still be able to use things like themes and custom reactions.

β€œI believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever,” he wrote in a Facebook post.

Last year, the company drew headlines when a 17-year-old from Nebraska and her mother faced criminal charges for performing an illegal abortion after police obtained their Messenger chat history.

Anti-encryption advocates say that the technology makes it harder to find bad actors on messaging apps like WhatsApp, which is already encrypted by default.


The original article contains 378 words, the summary contains 164 words. Saved 57%. I'm a bot and I'm open source!

load more comments
view more: next β€Ί