Isn't this actually improving safety by openly admitting how things always were in practice?
Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.
Truly safe e2e requires open source client provided by a trusted entity who is as much as possible independent from the one who provides the untrusted transport layer. Eg how pgp email works.
show comments
jbverschoor
Just make it an OS feature.
There’s no need for the application to know the exact contents.
Other than search, but for most messaging and other apps the device can easily do indexing
Textbox with attribute ”encrypted”. Keys in the enclave/keychain.
paxys
Everyone is hypothesizing government backdoors and whatever else but to me there's a simpler and more obvious reason - AI.
Companies started pushing E2EE a few years ago because users' private messaging data used to be a liability. Now that the data can be fed into LLMs for training and inference its value has gone up significantly, and the privacy and security tradeoffs are suddenly worthwhile.
PMs across the industry are pushing product decks with "conversational AI assistants" to get their next promotion. I've been in more than one of these meetings myself. If the data is encrypted then there's no way to build this kind of stuff.
morpheuskafka
So apparently this was opt-in, much like Telegram's OTR chat feature, and thus completely different than WhatsApp where it has always been default. Not a good look regardless, but the few who went into chat settings for a specific person to turn this on in the first place will likely just switch to WhatsApp or another app rather than continue without it.
treesknees
It could be a move to have parity with TikTok, where they claim it’s for safety reasons. I’ve been seeing advertisements for Instagram touting their child/teen protection features. Seems like they’re really trying to beat the allegations that Instagram is bad for children’s health.
When Meta starting introducing E2E messaging it was a huge push. I wonder why they're doing away with it.
show comments
gausswho
Is this legitimate? It's so incoherent to see this blurb at the top saying it's being retired while everything underneath is pitching the value of e2e.
dcliu
On the other hand Messenger has moved to only supporting e2ee chats, wonder why the difference.
show comments
everdrive
There's a general trend right now against privacy and in a more general sense against freedom. More and more companies are on board with it. I'm not sure if anyone in HN has any useful advice in this regard. I feel like I don't know what to do about the internet for the next 5-10 years. Does this particular measure matter very much? No, but it's another brick in the wall.
show comments
Papazsazsa
Socials are caught in the innovator's dilemma.
Given the dependence our society now has on the internet, it's bonkers to me that more VCs aren't rethinking their investment strategy. Privacy is not some niche concern anymore, check out the response to Flock for example.
show comments
methuselah_in
It feels like it's time to move to lemon writing over paper on normal post. Only way you can no talk freely.
mvrckhckr
The only reason I can think of for this change is governmental pressure. I don’t see how it benefits the platform itself (nor its users).
show comments
kevincloudsec
the timeline for all of this is not a coincidence. meta spent millions lobbying for age verification laws that require content scanning. hard to scan content that's encrypted.
jonathantf2
This feature has never been available to me- it just threw an error each time. Wonder how far it actually got rolled out?
EmbarrassedHelp
In a sane world, removing E2E encrypted messaging would be worthy of huge fines.
CrzyLngPwd
Did they give a reason why are they doing this?
Bender
Never rely on a platform used by the masses to perform E2EE. It is far too easy to strip away E2EE for targeted users without their knowledge as they maintain the server and client code. This advise is to protect from corporations gobbling up and ultimately leaking sensitive data. Spooks can target the device itself via debug access for nation state level threats.
Consider instead using a code word or phrase to move sensitive conversations to something self hosted such as jabber using OMEMO XEP-0384 and XEP-0373 OpenPGP for XMPP and SASL SCRAM. OMEMO is an implementation of the Signal protocol on top of the XMPP protocol.
e.g. "_Expletive_! I stubbed my toe!" other-person: "lol geezer watch where you are walking." conversation quietly and temporarily moves to the pre-shared self-hosted Jabber server. Temporarily because going dark can draw attention. Feed the big chat platform boring garbage and misdirection.
show comments
alex1138
I don't use IG although they dearly want me to, giving me a popup every time I visit, but let me talk about FB for a second (and btw FB wanted to enable cross-platform messaging on the platforms they own - Meta - which seems anti-trust-y) - when they introduced encryption on FB, they made it mandatory. They opted everyone in, and it broke Messenger. If you delete cookies you might also delete messages. Isn't that convenient?
villgax
just waiting on whatsapp to rug pull as well & then bye bye privacy & meta from my life
show comments
j45
This could obviously tie to sending you more ads.
It could also tag people communicating about topics ig chat that it is actively suppressing.
They may be looking for an uproar to reverse the policy as so far, it's just words.
yobid20
because they want to read your messages for training ai and for advertising
some_furry
I wonder if this is the start of a trend or just a one-off?
Isn't this actually improving safety by openly admitting how things always were in practice?
Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.
Truly safe e2e requires open source client provided by a trusted entity who is as much as possible independent from the one who provides the untrusted transport layer. Eg how pgp email works.
Just make it an OS feature. There’s no need for the application to know the exact contents. Other than search, but for most messaging and other apps the device can easily do indexing
Textbox with attribute ”encrypted”. Keys in the enclave/keychain.
Everyone is hypothesizing government backdoors and whatever else but to me there's a simpler and more obvious reason - AI.
Companies started pushing E2EE a few years ago because users' private messaging data used to be a liability. Now that the data can be fed into LLMs for training and inference its value has gone up significantly, and the privacy and security tradeoffs are suddenly worthwhile.
PMs across the industry are pushing product decks with "conversational AI assistants" to get their next promotion. I've been in more than one of these meetings myself. If the data is encrypted then there's no way to build this kind of stuff.
So apparently this was opt-in, much like Telegram's OTR chat feature, and thus completely different than WhatsApp where it has always been default. Not a good look regardless, but the few who went into chat settings for a specific person to turn this on in the first place will likely just switch to WhatsApp or another app rather than continue without it.
It could be a move to have parity with TikTok, where they claim it’s for safety reasons. I’ve been seeing advertisements for Instagram touting their child/teen protection features. Seems like they’re really trying to beat the allegations that Instagram is bad for children’s health.
https://news.ycombinator.com/item?id=47241817
When Meta starting introducing E2E messaging it was a huge push. I wonder why they're doing away with it.
Is this legitimate? It's so incoherent to see this blurb at the top saying it's being retired while everything underneath is pitching the value of e2e.
On the other hand Messenger has moved to only supporting e2ee chats, wonder why the difference.
There's a general trend right now against privacy and in a more general sense against freedom. More and more companies are on board with it. I'm not sure if anyone in HN has any useful advice in this regard. I feel like I don't know what to do about the internet for the next 5-10 years. Does this particular measure matter very much? No, but it's another brick in the wall.
Socials are caught in the innovator's dilemma.
Given the dependence our society now has on the internet, it's bonkers to me that more VCs aren't rethinking their investment strategy. Privacy is not some niche concern anymore, check out the response to Flock for example.
It feels like it's time to move to lemon writing over paper on normal post. Only way you can no talk freely.
The only reason I can think of for this change is governmental pressure. I don’t see how it benefits the platform itself (nor its users).
the timeline for all of this is not a coincidence. meta spent millions lobbying for age verification laws that require content scanning. hard to scan content that's encrypted.
This feature has never been available to me- it just threw an error each time. Wonder how far it actually got rolled out?
In a sane world, removing E2E encrypted messaging would be worthy of huge fines.
Did they give a reason why are they doing this?
Never rely on a platform used by the masses to perform E2EE. It is far too easy to strip away E2EE for targeted users without their knowledge as they maintain the server and client code. This advise is to protect from corporations gobbling up and ultimately leaking sensitive data. Spooks can target the device itself via debug access for nation state level threats.
Consider instead using a code word or phrase to move sensitive conversations to something self hosted such as jabber using OMEMO XEP-0384 and XEP-0373 OpenPGP for XMPP and SASL SCRAM. OMEMO is an implementation of the Signal protocol on top of the XMPP protocol.
e.g. "_Expletive_! I stubbed my toe!" other-person: "lol geezer watch where you are walking." conversation quietly and temporarily moves to the pre-shared self-hosted Jabber server. Temporarily because going dark can draw attention. Feed the big chat platform boring garbage and misdirection.
I don't use IG although they dearly want me to, giving me a popup every time I visit, but let me talk about FB for a second (and btw FB wanted to enable cross-platform messaging on the platforms they own - Meta - which seems anti-trust-y) - when they introduced encryption on FB, they made it mandatory. They opted everyone in, and it broke Messenger. If you delete cookies you might also delete messages. Isn't that convenient?
just waiting on whatsapp to rug pull as well & then bye bye privacy & meta from my life
This could obviously tie to sending you more ads.
It could also tag people communicating about topics ig chat that it is actively suppressing.
They may be looking for an uproar to reverse the policy as so far, it's just words.
because they want to read your messages for training ai and for advertising
I wonder if this is the start of a trend or just a one-off?
We all know what this means.
Use this https://www.ricochetrefresh.net/ Chat and file transfer over tor
Wait, people trust communication via Instagram thinking they are secure?