Centralized proprietary software on on proprietary platforms can always be opted into a special update that makes all the private keys deterministic making end to end encryption useless for anyone with knowledge of that targeted backdoor.
Only FOSS can deliver verifiable E2EE, and all centralized and proprietary solutions like Zoom, Whatsapp, Instagram, etc should end the security theater.
I applaud Meta for at least being honest about one product.
I'm not sure if this meets the bar for substantive and thoughtful discussion, but this kind of corporate cowardice, enforced by unelected bureaucrats standing at the bully pulpit is only going to get worse as the noose tightens on the open web.
The combination of hardware attestation and walled garden "app stores" is the end goal of most policymakers in this area, and it happens to suit the monopolists in Google and Apple and Facebook down to the ground.
Perhaps a timely reminder that things do not always get better over time, and that we may have lived past the high point of secure communications in our lifetime.
> Our messaging system has long been designed to balance user privacy with the ability to respond to scams, harassment, and other safety concerns when users report them or when required by law
TikTok about why they won’t put e2e for private messages.
I guess it’s reasonable to give up privacy to save the children, TikTok cares so much about our kids safety and wellbeing !
Siri fell behind due to how good Apple’s privacy is.
Everyone made fun of them for protecting them.
This is exactly the opposite of that, where Mark is throwing you and your children under the bus again because he’s unoriginal and doesn’t know how to make money any other way than by getting all up in your business, statistically.
I'm not sure the value of end to end encryption for proprietary application chats. For emails and SMS messages, your messages are being sent between different multiple servers on the open internet and it opens you up to spying, but end to end encryption on instagram is only protecting your chats from Meta.
I find the end to end encryption on Facebook to be detrimental to ease of use, because you always have to use a pin code, etc for the web interface.
If you don't trust meta with your chats, you probably shouldn't be using their application to begin with.
It's too bad we fell so hard for centralization. In an alternate universe, messaging on the Internet could have been:
1. Alice's device has a publicly routable IP address with a domain name like alice.home.her.isp
2. Bob's device is has same qualities, using: bob.mobile.his.isp
Then Alice can just open her chat app up, add bob@bob.mobile.his.isp and off they go. I mean we had UNIX's "talk" for how long but instead of evolving/securing/fixing it, we blew it! And now we have all these companies 1. coming up with their own incompatible protocols and 2. inserting their stupid centralized servers as intermediaries. And now every chat message we send over the Internet has to be received and re-sent through a handful of amoral corporations.
I worked at Instagram during this (not at the EeE, but saw enough of it, to see that it was a mess).
I think the reason for dropping it, is more of a technical issue and user experience, rather than a 'desire' issue or company will. From my understanding, Zuck wanted this. The implementation was a mess, and folks have different expectations about messages to appear at every platform. Having messages disappear between devices/web, or having to back up encryption, keys, etc... it was just a terrible user experience. Even employees, disliked this feature.
This was not something actually asked by users, but more of a feature done in order to thwart all the types of legal issues created when folks use the platform.
At some point, I counted, there were 64 'leads', just to make this happen. Each lead, had a certain area, or surface/views, which means we are talking about hundreds of folks involved to make this happen (across fb and ig).
It was a boodongle, and it was something that users didn't ask.
Ps. I know, many here at HN really care about this, but the average user was not willing to put up with the degradation of the user experience in order to make this happen.
All workarounds, require weakening E2E, which made it pointless.
Ultimately, If you want a truly E2E, you will have to use a platform specifically made for it. IG/FB are just not it.
Even Telegram, doesn't have it enabled by default, unless you specifiy it.
Meta Shuts Down End-to-End Encryption for Instagram Messaging
(pcmag.com)284 points by tcp_handshaker 15 hours ago | 189 comments
Comments
Only FOSS can deliver verifiable E2EE, and all centralized and proprietary solutions like Zoom, Whatsapp, Instagram, etc should end the security theater.
I applaud Meta for at least being honest about one product.
Then why didn't you make the opt-in default like Signal and WhatsApp? :-)
The combination of hardware attestation and walled garden "app stores" is the end goal of most policymakers in this area, and it happens to suit the monopolists in Google and Apple and Facebook down to the ground.
Perhaps a timely reminder that things do not always get better over time, and that we may have lived past the high point of secure communications in our lifetime.
TikTok about why they won’t put e2e for private messages.
I guess it’s reasonable to give up privacy to save the children, TikTok cares so much about our kids safety and wellbeing !
I’ve talked to Apple engineers.
Siri fell behind due to how good Apple’s privacy is.
Everyone made fun of them for protecting them.
This is exactly the opposite of that, where Mark is throwing you and your children under the bus again because he’s unoriginal and doesn’t know how to make money any other way than by getting all up in your business, statistically.
If they allow E2E encryption, they can't scan for CSAM or do other monitoring stuff effectively, so they can't provide a "safe" place for minors.
Obviously the right answer is kids shouldn't be exposed to social media at all, but more eyeballs is more important than our kids.
I find the end to end encryption on Facebook to be detrimental to ease of use, because you always have to use a pin code, etc for the web interface.
If you don't trust meta with your chats, you probably shouldn't be using their application to begin with.
1. Alice's device has a publicly routable IP address with a domain name like alice.home.her.isp
2. Bob's device is has same qualities, using: bob.mobile.his.isp
Then Alice can just open her chat app up, add bob@bob.mobile.his.isp and off they go. I mean we had UNIX's "talk" for how long but instead of evolving/securing/fixing it, we blew it! And now we have all these companies 1. coming up with their own incompatible protocols and 2. inserting their stupid centralized servers as intermediaries. And now every chat message we send over the Internet has to be received and re-sent through a handful of amoral corporations.
I think the reason for dropping it, is more of a technical issue and user experience, rather than a 'desire' issue or company will. From my understanding, Zuck wanted this. The implementation was a mess, and folks have different expectations about messages to appear at every platform. Having messages disappear between devices/web, or having to back up encryption, keys, etc... it was just a terrible user experience. Even employees, disliked this feature.
This was not something actually asked by users, but more of a feature done in order to thwart all the types of legal issues created when folks use the platform.
At some point, I counted, there were 64 'leads', just to make this happen. Each lead, had a certain area, or surface/views, which means we are talking about hundreds of folks involved to make this happen (across fb and ig).
It was a boodongle, and it was something that users didn't ask.
Ps. I know, many here at HN really care about this, but the average user was not willing to put up with the degradation of the user experience in order to make this happen. All workarounds, require weakening E2E, which made it pointless.
Ultimately, If you want a truly E2E, you will have to use a platform specifically made for it. IG/FB are just not it.
Even Telegram, doesn't have it enabled by default, unless you specifiy it.
Shouldn't we be aiming to increase e2e encryption for the most regularly used communication platforms?
3 days ago https://news.ycombinator.com/item?id=48024160
mid-March https://news.ycombinator.com/item?id=47363922
While they ALREADY probably only have Messenger for nefarious reasons https://news.ycombinator.com/item?id=4151433
He's a bit of a... something. That might get a 'low effort comment' moniker attached to it. Rhymes with ociopath