"In March, a spokesperson for Meta told The Guardian that the decision to abandon encryption was due to low uptake. "Very few people were opting in to end-to-end encrypted messaging in DMs, so we're removing this option from Instagram in the coming months," the spokesperson said."
I wonder what it's like being a spokesperson for a company (or administration) where everyone including yourself knows your statements are misleading at best.
What you're describing more often applies to retail and service workers whose pay provides little incentive to do more than the absolute minimum to maintain employment.
Whereas it seems this might be a situation where the situation is actually inverse: being paid enough to not care.
I really would not assume that the spokesperson knows the true technological implications. As a Software Engineer, who has talked to people in marketing and PR from various companies, they know how much upper management tells them unless they independently research or understand, you can really tell when you start talking technical to them or asking them questions (based on business needs). I would assume it is very likely that they are oblivious.
Oh people care, it’s just - the likelihood of being held responsible in the current USA political climate is moot.
Americans can’t even agree on persecuting pedophiles, what makes you think they can agree on a clear loss of privacy for the normies that only people in power will only benefit from?
It's true though. There actually exist people whose only incentive in life is the pay they receive or the profits they can make. It seems to be more common in the US where your worth as a human being is measured by your wealth. That's why the USA looks in most parts like a third world country with a few enclaves where the rich people live.
It feels absurd to have seen E2EE fought for and considered table stakes by many users, especially the technically-oriented, now rolled back a short time later by these companies who never really cared about privacy to begin with and clearly don't expect any backlash.
It also feels like the wide-scale desperate adoption of AI has weakened claims about the essential nature of privacy, now that everyone has demonstrated that they are happy to feed their innermost thoughts, secrets, personal conflicts, code, medical records, legal documents, etc. into cloud AI platforms.
I have so many problems with using Matrix with multiple devices and most of them are caused by its encryption. If there was a magic wand that would add encryption to a system without changing anything else there would be no reason not to use it, but the reality is that E2EE does place limits on the overall functionality of the system. This is why Telegram is so popular. It works well, and part of the reason it works well is not bothering with encryption. For instance, when you join a group chat, the server can just send you the message history (if enabled) and there's no need to negotiate keys with every other participant. There no "joining...", you just press the button and you're in.
True e2e makes it hard to sync a new device and makes it easy to lose all your history. The company also can't help you recover your messages and it's unclear for normal people why (often met with anger or disappointment).
Unencrypted messaging is easier and more convenient, just login from anywhere and done. So there are actual technical and rational reasons to choose against e2e.
This is not correct. People are happy to give up privacy in exchange for the convenience of being able to restore message history remotely, even if they lose their key.
I’m curious if this was built off the work Moxie did with them back in the day, but as I recall Facebook Messenger had E2EE built off Signal’s technology a decade or so back, and the zeitgeist back then was at least a little bit less user hostile.
I feel like Messenger was originally a new front-end for the send message feature of thefacebook.com's social network for college students. It was based on the PHP architecture where all the messages are in a database and you just render HTML to show them.
That grew into the Messenger mobile app. They eventually added private messaging, but it was never popular/defaulted because users expected the chat moles on facebook.com to be able to show the same messages as the mobile app. If facebook.com can't read your messages, it can't show them there.
That era of Facebook was the last shred of respect I had for them, but it was starting to die for me. Now I've noticed younger generations really don't seem to care about Facebook, and friends I grew up with who used to post on Facebook no longer do.
I feel like if e.g. Whatsapp were not end-to-end encrypted, it would have faced significantly more regulatory scrutiny in the EU and other places where it's effectively replaced phone calls and SMS.
Probably figured they'd ride the wave of E2EE messaging while public popularity crested to draw some conversations (group chats?) onto the platform, just to inevitably rug pull later.
Given how few upvotes and comments this submission gets, no one here is surprised at the disappearance of the feature. I guess at 8 May there'll be a higher upvoted submission that better matches the relevance of Meta's move in HN submission history.
This might not be obvious to some, like it wasn't to me, but Instagram chat history is used for profiling. I noticed when I chatted with someone about something on Instagram, and instantly reels with the subject of our discussion started appearing in my feed.
Failing to connect those dots is (unfortunately) what keeps many, many people from moving their otherwise private conversations to a more private channel. I think you're right that it bears mentioning.
Many people are absolutely convinced that their phones are listening to their in-person conversations already, yet seem ok with continuing to use them.
GPG doesn't support forward secrecy, which is table stakes for encrypted messaging these days. And that's to say nothing about the slightly suboptimal usabilty...
All of the above and anything else you can think of that can be tied back to 1.) profit; or 2.) the accumulation of clout with authorities (in that order).
what has meta ever done that would instill trust in you? From the very article you cited:
> The best thing you can do to preserve your privacy and security with your Meta messages is to use end-to-end encryption (E2EE) whenever possible. WhatsApp has E2EE built-in, and Meta has automatically started rolling it out for Messenger, but you might need to manually start an E2EE chat for existing conversations in the app. The same goes for Instagram: Meta offers E2EE, but you need to enable it yourself. In either app, tap the name of the chat to check whether or not that conversation is currently E2EE.
I didn't say that I trust Meta. My point was that saying they're doing it so they can read your messages just means that the people commenting don't know how E2EE works, or how it is still not a 100% secure way of communicating, just a more secure way of communicating. Once one of those ends is compromised, it's game over.
I really don't understand what the point of the quote you're citing? Or how it goes against what I was saying?
The best thing you can do would be to use E2EE. That would be the most secure thing. It won't, however, prevent the makers of your E2EE product from reading the messages once they're unencrypted, regardless of who makes it.
"In March, a spokesperson for Meta told The Guardian that the decision to abandon encryption was due to low uptake. "Very few people were opting in to end-to-end encrypted messaging in DMs, so we're removing this option from Instagram in the coming months," the spokesperson said."
I wonder what it's like being a spokesperson for a company (or administration) where everyone including yourself knows your statements are misleading at best.
I've noticed it is a quite common attitude in society, not paid enough to care so they don't.
What you're describing more often applies to retail and service workers whose pay provides little incentive to do more than the absolute minimum to maintain employment.
Whereas it seems this might be a situation where the situation is actually inverse: being paid enough to not care.
I really would not assume that the spokesperson knows the true technological implications. As a Software Engineer, who has talked to people in marketing and PR from various companies, they know how much upper management tells them unless they independently research or understand, you can really tell when you start talking technical to them or asking them questions (based on business needs). I would assume it is very likely that they are oblivious.
Oh people care, it’s just - the likelihood of being held responsible in the current USA political climate is moot.
Americans can’t even agree on persecuting pedophiles, what makes you think they can agree on a clear loss of privacy for the normies that only people in power will only benefit from?
It’s all exhausting
In this case wouldn't it be paid enough to [deliberately] not care?
What do you mean? It's a depressing thought people only care about things for financial incentive.
It's true though. There actually exist people whose only incentive in life is the pay they receive or the profits they can make. It seems to be more common in the US where your worth as a human being is measured by your wealth. That's why the USA looks in most parts like a third world country with a few enclaves where the rich people live.
It feels similar to being a buzzing fridge. These people possibly can't have any feelings or else they couldn't do that job.
Being good at serving the interests of wealthy people as a paid liar has proven to be a demonstrably good skill set for a career in politics.
It feels absurd to have seen E2EE fought for and considered table stakes by many users, especially the technically-oriented, now rolled back a short time later by these companies who never really cared about privacy to begin with and clearly don't expect any backlash.
It also feels like the wide-scale desperate adoption of AI has weakened claims about the essential nature of privacy, now that everyone has demonstrated that they are happy to feed their innermost thoughts, secrets, personal conflicts, code, medical records, legal documents, etc. into cloud AI platforms.
I do not think any person would freely choose unencrypted messaging.
There is no reason for unencrypted messaging.
This is a fundamental market failure.
It is only through bundling these messaging services with other services + platform dominance that unencrypted messaging still lives.
I have so many problems with using Matrix with multiple devices and most of them are caused by its encryption. If there was a magic wand that would add encryption to a system without changing anything else there would be no reason not to use it, but the reality is that E2EE does place limits on the overall functionality of the system. This is why Telegram is so popular. It works well, and part of the reason it works well is not bothering with encryption. For instance, when you join a group chat, the server can just send you the message history (if enabled) and there's no need to negotiate keys with every other participant. There no "joining...", you just press the button and you're in.
True e2e makes it hard to sync a new device and makes it easy to lose all your history. The company also can't help you recover your messages and it's unclear for normal people why (often met with anger or disappointment).
Unencrypted messaging is easier and more convenient, just login from anywhere and done. So there are actual technical and rational reasons to choose against e2e.
This is not correct. People are happy to give up privacy in exchange for the convenience of being able to restore message history remotely, even if they lose their key.
> I do not think any person would freely choose unencrypted messaging.
Many people do, e.g. by switching from Whatsapp to Telegram.
The market is working alright; people are (uninformedly) voting with their wallets (or rather, their personal data).
Everything Meta has built is antithetical to privacy. I’m surprised this feature existed at all.
I’m curious if this was built off the work Moxie did with them back in the day, but as I recall Facebook Messenger had E2EE built off Signal’s technology a decade or so back, and the zeitgeist back then was at least a little bit less user hostile.
I feel like Messenger was originally a new front-end for the send message feature of thefacebook.com's social network for college students. It was based on the PHP architecture where all the messages are in a database and you just render HTML to show them.
That grew into the Messenger mobile app. They eventually added private messaging, but it was never popular/defaulted because users expected the chat moles on facebook.com to be able to show the same messages as the mobile app. If facebook.com can't read your messages, it can't show them there.
That era of Facebook was the last shred of respect I had for them, but it was starting to die for me. Now I've noticed younger generations really don't seem to care about Facebook, and friends I grew up with who used to post on Facebook no longer do.
I feel like if e.g. Whatsapp were not end-to-end encrypted, it would have faced significantly more regulatory scrutiny in the EU and other places where it's effectively replaced phone calls and SMS.
Probably figured they'd ride the wave of E2EE messaging while public popularity crested to draw some conversations (group chats?) onto the platform, just to inevitably rug pull later.
I assume Meta has backdoor access.
Then why end the feature? Would it not be better to maintain the facade and continue to benefit from it?
Then why end the more insidious route rather than stay the course?
This has always been my assumption as well.
Given how few upvotes and comments this submission gets, no one here is surprised at the disappearance of the feature. I guess at 8 May there'll be a higher upvoted submission that better matches the relevance of Meta's move in HN submission history.
This might not be obvious to some, like it wasn't to me, but Instagram chat history is used for profiling. I noticed when I chatted with someone about something on Instagram, and instantly reels with the subject of our discussion started appearing in my feed.
Failing to connect those dots is (unfortunately) what keeps many, many people from moving their otherwise private conversations to a more private channel. I think you're right that it bears mentioning.
Many people are absolutely convinced that their phones are listening to their in-person conversations already, yet seem ok with continuing to use them.
What's a sufficiently private/secure messaging platform? Signal comes to mind, but I'm open to alternatives.
A few people gave some input on this here: https://news.ycombinator.com/item?id=47945392
Signal and Threema seem to be known for good UX and viability as everyday messengers.
There was this table: https://www.messenger-matrix.de/messenger-matrix-en.html
GPG-encrypted email.
GPG doesn't support forward secrecy, which is table stakes for encrypted messaging these days. And that's to say nothing about the slightly suboptimal usabilty...
Hard to convince others that are less knowledgeable and/or involved to use this over a typical mode of communication like Signal.
What’s the endgame here?
- just better ad targeting? (lol if so)
- policing accounts for various possible infractions?
- training data for ML models?
All of the above and anything else you can think of that can be tied back to 1.) profit; or 2.) the accumulation of clout with authorities (in that order).
Will the messages be used as training data now?
Yes.
No, it won't. All the "news" about that at the end of last year was 100% nonsense, started by tech "influencers" who cited nothing and showed nothing.
https://lifehacker.com/tech/meta-is-not-scraping-dms-to-trai...
what has meta ever done that would instill trust in you? From the very article you cited:
> The best thing you can do to preserve your privacy and security with your Meta messages is to use end-to-end encryption (E2EE) whenever possible. WhatsApp has E2EE built-in, and Meta has automatically started rolling it out for Messenger, but you might need to manually start an E2EE chat for existing conversations in the app. The same goes for Instagram: Meta offers E2EE, but you need to enable it yourself. In either app, tap the name of the chat to check whether or not that conversation is currently E2EE.
I didn't say that I trust Meta. My point was that saying they're doing it so they can read your messages just means that the people commenting don't know how E2EE works, or how it is still not a 100% secure way of communicating, just a more secure way of communicating. Once one of those ends is compromised, it's game over.
I really don't understand what the point of the quote you're citing? Or how it goes against what I was saying?
The best thing you can do would be to use E2EE. That would be the most secure thing. It won't, however, prevent the makers of your E2EE product from reading the messages once they're unencrypted, regardless of who makes it.