Isn't this actually improving safety by openly admitting how things always were in practice?
Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.
Truly safe e2e requires open source client provided by a trusted entity who is as much as possible independent from the one who provides the untrusted transport layer. Eg how pgp email works.
This happened to my girlfriend and me twice on Messenger. On two consecutive nights, we heard a male voice with an American accent speaking as if he were talking to someone else, almost like they were conducting some kind of operation. It seemed as though he suddenly realized that we could hear him, after which the voice abruptly disappeared. The following night, it happened again, but this time the voice sounded like that of an African American woman. The situation was similar to the previous night. From that night, we have not used it to communicate and used Signal instead.
One of the scary things is that not even this really works. Ignoring supply chain attacks, most people treat any client as effectively black box. When was the last time you read through the code of a messaging app? How do you know its safe? Maybe _you_ read through it, but 99% of people don't.
one thing to consider is how just the optics of major players using e2e was an overall benefit.
people who otherwise would have gone their entire lives without ever hearing about encryption were exposed to the term and the marketing convinced them that encryption and privacy was a valuable thing, even if they didnt fully understand the mechanisms or why e2e might not necessarily be very effective in specific circumstances.
later, when presented between option a and option b, where one has encryption and the other doesnt, they are more likely to choose the one with it ("well, if instagram and facebook use it and say it is good...")
between signal and plain text, it is easier to convince friends to use signal if they see positive marketing about encryption on other popular apps they use. it is easier to convince them to encrypt their backups before uploading them to their google drive. hell, its just a good conversation starter to introduce encryption/online privacy to people that never really think about it. that type of thing.
those same friends are not going to use irc regardless. not really a loss if it was never even on the table.
I don't disagree, but I think there is a distinction between "everything is e2ee, but specific conversations may be MiTM without detection" and "nothing is e2ee and can be retrospectively inspected at will" that goes a little beyond security theatre - makes it more analogous to old fashioned wiretaps in my mind.
Obviously it involves trust that it isn't actually "we say it's e2ee but actually we also MiTM every conversation"
It's all about trust at the end of the day. And given that it was exposed that Apple, Microsoft, Meta, Google etc all collaborated with the US government to provide surveillance (PRISM) by Edward Snowden, how we can trust them ever again?
E2E encryption lets Meta turn down government subpoenas because they can say they truly don't have access to the unencrypted data.
I can't say I really mind this change by Meta that much overall though. Anyone who's serious about privacy probably knew better than to pick "Instagram chat" as their secure channel. And on the other hand having the chats available helps protect minors.
Everyone is hypothesizing government backdoors and whatever else but to me there's a simpler and more obvious reason - AI.
Companies started pushing E2EE a few years ago because users' private messaging data used to be a liability. Now that the data can be fed into LLMs for training and inference its value has gone up significantly, and the privacy and security tradeoffs are suddenly worthwhile.
PMs across the industry are pushing product decks with "conversational AI assistants" to get their next promotion. I've been in more than one of these meetings myself. If the data is encrypted then there's no way to build this kind of stuff.
It could be a move to have parity with TikTok, where they claim it’s for safety reasons. I’ve been seeing advertisements for Instagram touting their child/teen protection features. Seems like they’re really trying to beat the allegations that Instagram is bad for children’s health.
Cars nowadays are packed with microphones and permanently connected to the internet on daily basis so that drivers can have remote assistance when the car breaks once every 5 years or so.
I keep hearing this one. But at least for EU, the eCall system requires external communication to be disabled until activated during serious accident. It cannot be used for tracking the vehicle in real-time.
> 2. The personal data processed pursuant to this Regulation shall only be used for the purpose of handling the emergency situations referred to in the first subparagraph of Article 5(2).
> Manufacturers shall provide clear and comprehensive information in the owner's manual about the processing of data carried out through the 112-based eCall in-vehicle system. That information shall consist of:
> the fact that there is no constant tracking of the vehicle;
That vehicle nowadays are equipped with always-on internet and microphones is not related to remote assistance.
Your car if new enough, IS reporting its diagnostics including GPS via cell. All the time. This isn’t exactly personally identifiable so they get away with it just fine.
This is unrelated to the microphones and assistance systems.
There are two definitions: a) Personal Data and b) Emergency Situations
What is an emergency situation and how can a car determine it is one? These are "smart" cars which aren't nowadays smart enough to process all your data locally, so that data is sent to servers elsewhere which process if either points a) or b) apply.
It is your choice to believe that voice data is ever deleted once acquired by governments and entities thirsty to benefit from that information.
For security experts this is just another "I told you so" within a few years.
One of my favorite things about going EV is the forums tend to be full of paranoid nerds which means someone will be willing to try desoldering the cell modem off their boards to see what happens.
So apparently this was opt-in, much like Telegram's OTR chat feature, and thus completely different than WhatsApp where it has always been default. Not a good look regardless, but the few who went into chat settings for a specific person to turn this on in the first place will likely just switch to WhatsApp or another app rather than continue without it.
It was for plausible deniability because of regulatory scrutiny. Regulator's dead now, so now there's no downside and only upsides to spying on your users.
i am guessing that they just dont really need to pretend to care anymore. e2e messaging was a big marketing push, not ever an ideological thing. i assume they no longer believe the marketing benefits outweigh the downsides.
I doubt it, E2E isba huge part of Whatsapp's selling point considering it's exclusively a messaging app. Instagram is primarily a social app with messaging features.
You're thinking of Apple. WhatsApp backups are not stored by Meta. Apple is the company that breaks their "end-to-end" encryption by backing up the encryption keys to their own servers.
Yes. I believe a small percentage of Apple users do this. Unfortunately that doesn't prevent Apple from reading your messages from the backups of the vast majority of people you correspond with.
Just make it an OS feature.
There’s no need for the application to know the exact contents.
Other than search, but for most messaging and other apps the device can easily do indexing
Textbox with attribute ”encrypted”. Keys in the enclave/keychain.
Is this legitimate? It's so incoherent to see this blurb at the top saying it's being retired while everything underneath is pitching the value of e2e.
To me, Instagram is a public platform at its core, where people publish things for the whole world to see. Private messages are just a secondary feature.
It is like having a conversation in a restaurant, where the guy at the next table can listen to everything, but usually doesn't. Good enough for planning a surprise party, not for truly sensitive information. Kind of like private messages in Reddit, Discord, etc... a convenient feature, but don't expect real privacy.
Messenger has a higher expectation of privacy, Facebook is more at the "group of friends" level. While Instagram is a public restaurant, Facebook is more like a house party. WhatsApp has the highest expectation of privacy as it is designed for private, often one-to-one conversations first.
It also takes work to keep it working and it may have a lot of bugs already, that are hard to fix because of it. A non-E2EE chat app is very easy to make.
There's a general trend right now against privacy and in a more general sense against freedom. More and more companies are on board with it. I'm not sure if anyone in HN has any useful advice in this regard. I feel like I don't know what to do about the internet for the next 5-10 years. Does this particular measure matter very much? No, but it's another brick in the wall.
The US is building out the infrastructure for a police state. The people who control the consolidated tech platforms are either spearheading or collaborating with that process. Privacy as a concept isn't even in the cards.
You need to be prepared to avoid saying naughty things on the internet. Otherwise, perhaps someone will figure out that you great-great grandfather didn't sign in the right spot in 1897 and you're presence in the United States is void, retroactive to your birth. Off to El Salvador with you, enemy of the people.
A lot of our current privacy and liberty woes were exacerbated by 9/11. Can you imagine a Church Committee in 2026? Me neither.
Three letter agencies have way too much power and they've shaped our culture+laws for the worse. Osama Bin Laden has done way more damage to American citizens' lives than he could've ever dreamed of.
Just like the KGB and Putin's minions, Bin Laden correctly saw fault lines and weaknesses in the US an exploited them. He did what he did with a long-range context in mind. The "three letter agencies" were neutered in the 90s as part of the peace dividend which is why he was successful. The Russians used "active measures" with intelligence in the US 2016 among other times and Bin Laden chose terrorist violence. The Russian misinformation strategy is tried and true and corporate actors now use it successfully as well.
The whole thing sucks. This Iran adventure lays the vulnerability of the US military machine pretty bare. More, escalated conflict is probably in the world's future for decades to come.
Someone pointed out something to me and it's really struck a chord with me.
In the USA, we hate the government collecting information on us, but shrug our shoulders when corporations do it.
In Europe, it's the exact opposite. They created GDPR to restrict how corporations collect and share data about you, but they shrug their shoulders at government doing it.
Obviously, this is incredibly reductive and over-simplified, but the general idea of it feels pretty true.
> I'm not sure if anyone in HN has any useful advice in this regard.
Self host. It's still possible to buy computer hardware and install FOSS replacements for most/all of the services you need, and plumb it all through to your mobile devices using wireguard/tailscale. If you're behind a CGNAT you can proxy it through a cheap VPS that won't fuck you on bandwidth costs. Thanks to Proxmox, I probably have better uptime on my services than e.g. Github these days.
When it becomes impossible to get open PC hardware, I don't know. I like to think I will just stop using the internet for anything besides the bare minimum NPC type activities that are required to engage with the institutions of society.
I wonder if promoting open-source tooling and best practices could make it easier for new apps to adopt security features like E2E encryption. For example, someone building a chat app might not add E2E encryption unless they have access to user-friendly tools and are encouraged to do so.
Startups that initially choose the more private implementation version often face a disadvantage. They may not see immediate benefits and instead experience drawbacks, such as caring a bit more than their competitors. For example, an AI plugin using local large language models for privacy might not be rewarded as much as a competitor who fully embraces cloud-based solutions.
unfortunately, since the messaging/trend isnt "we are against privacy" (it is "we are protecting children, which reluctantly means we all have to sacrifice a wee bit of privacy"), it is really hard to fight back without being labelled as someone who is against protecting children.
but the advice is basically the same as it always has been:
- talk to your friends and family about it. do it with passion, but without hyperbole or conspiracy or aggression. any person you can convince to care is a win. organize with like-minded people.
- talk to your representatives in government. vote for representatives that are pro-privacy (when possible). convince your like-minded friends and family to do the same.
- to the greatest extent possible, dont purchase/use products/services which are facilitating the trend. (but, you also need to be realistic or you will burn out! and that is a bigger loss overall).
- if you are a decision-maker at work, or have any sort of input, leverage it as best as you can to make pro-privacy business decisions. however, similar to the above point, recognize that you still need to be realistic and dont get yourself fired arguing some decision. it is better to make 1,000 nudges in the right direction than it is to be fired/burn out trying to make 1 big nudge.
- support organizations that align with your beliefs. this can be monetarily, or by volunteering, or by spreading awareness of the organization itself. for example, many people have never heard of the electronic frontier foundation and have no idea what they do. lots of people dont know of the ACLU either (or, maybe they have heard the name, but dont know what they do or why it matters).
>unfortunately, since the messaging/trend isnt "we are against privacy" (it is "we are protecting children, which reluctantly means we all have to sacrifice a wee bit of privacy"), it is really hard to fight back without being labelled as someone who is against protecting children.
That's not what I am seeing on the ground. Many discord users I have seen talk about this issue frame this as an attack on freedom and privacy by hiding it behind the same narrative that has been used so many times before of protecting children. You can only push fake narratives so far until people start getting the message that people are hiding nefarious attacks on society behind fake movements.
>Many discord users I have seen talk about this issue frame this as an attack on freedom
good! ideally, someone is helping them organize and action those thoughts and feelings outside of whatever discord channel you are in.
i am referring to how it is being framed by the people pushing the agenda. age verification laws (as an easy example) arent being advertised as "we want to spy on you", they are being advertised as "this will protect children from harms".
talk to debbie in accounting instead of babmorley420 in discord, and ask her opinion. she is not likely to frame it as an attack on privacy/freedom. she is likely to frame it as a necessary sacrifice for the greater good. and her opinion also matters, she also votes. we need to convince the debbies of the world -- they outnumber the babmorley420s
i teach tech in college and just earlier today made a post about how i am not seeing the same when i compare my current students to students 5, 10, or 15 years ago. i hope that i am the one in the bubble.
On one hand, I think a lot of the larger issues and divisions we’ve seen in society over the last 20 years are a direct result of our primary means of communication, entertainment and information being one that allows such ease of impersonation. While most of us here understand just how much Internet content is created with influence as a goal, and the posted by accounts with false identities, a majority of people still don’t. (And many who do don’t understand just how prevalent it is). I also think that sadly we’ve demonstrated that when people feel they are anonymous and beyond consequence, they’re willing to say and advocate for some terrible things which they might otherwise not have, and seeing others say those things reinforces their willingness to say and do them. If social media and internet norms of today had held the original Facebook model of requiring verification of your actual identity (back in the day .edu email days), I truly think we would live in a much different and in many ways better world.
On the other hand, I fully acknowledge that many of the people pushing for the removal of privacy and encryption are not doing so for altruistic reasons, but so that they have a more data to mine and monetize, or have the ability to monitor to a frightening degree, and that these tools once available will be available to any regime or government, so even if the ones currently pushing do have naively good intentions, the next ones very well may not.
But, I also struggle with the knowledge that for sophisticated parties, the privacy that most people think they have is a sham to begin with. There are already many tools available to piece together information sources and build a horrifyingly complex and accurate picture of individuals activities and identities. So I wonder if the illusion of privacy isn’t worse than the public at least being forced to confront the fact that they have none in the first place, and therefore being able to truly see and address the issue, while the security minded and technical individuals will always find a way obfuscate their identity and activity, just as they always have.
Facebook accounts today still have identity verification (they often ask for scans of IDs, etc) and yet it doesn't seem to result in a noticeably improved discourse there compared to say, Twitter before Musks takeover. I don't think anonymity actually changes discourse that much.
In my opinion anonymity is a great red herring. The worst offenders on the internet have verified accounts and are public figures. The problem is algorithmic content, prioritizing for engagement and outrage, and then connecting _everyone_. We had what was effectively anonymity in the 90s, but really had NONE of the crazy society-breaking extremism we see now. Getting rid of anonymity will really do NOTHING to halt the march of internet-fueled extremism.
Everything is a sliding scale. There would be improvement from verified identities (and doing so through a zero-trust network is feasible.) I agree the worst actors wouldn't care at all, and in that case we address the algorithmic amplification problem.
This. People don't recognize that a tech company with an algorithmic feed is indistinguishable from a public awareness filter. It allows a couple hundred to 1000's of people to set the Overton window of millions/billions. When we actually didn't go algorithmic and went off more natural filtering (geographic, chronological, scope/impact based), it was a modality that one would be hard pressed to even find a schoolchild that couldn't end up being able to meaningfully navigate the space with due training. This is, of course, exactly why monied individuals foam at owning any of the few consolidated media outlets/tech companies. Societal scale leverage on the machine of public awareness.
I sometimes feel a bit weird about this. In the 90s it felt like "we" won the crypto wars: PGP, the fight over export controls, the Clipper Chip, etc. There was a strong sense that privacy and strong crypto had become settled questions.
I feel like e2ee on phones with OSes from the big two is a lost cause.
I'll bet this is the year where open hardware/bios starts getting more popular, hopefully. So we can have open hardware/software.
Even with e/os/ or another u
De-googled version of android?
Not directly to you but in general: I do not think (most) of Europe is going the same direction as US. I actually see a lot of hope in response to EU leaders about digital infrastructure, communication & security. we have started to stop realing on America, but it will take 10-20 years before you see the entire crash trump made
Weak hardware can work quite well with optimized and non-bloated software (which doesn't constantly phone home). For example, maps and Youtube work smoothly on Pinephone with SXMo. See also: https://puri.sm/posts/the-danger-of-focusing-on-specs/.
E2EE on Instagram was never real, trustable E2EE. No open-source client, no way to verify that private key is never sent to server, and encryption of a key with a low-entropy PIN is effectively plaintext.
As a California resident I request to download my personal data from every service I can, and I’m constantly surprised. We each have scores for all kinds of things. The local power company keeps a “Green Ideology” score on me.
Because it's not illegal. Most data privacy laws just require that user can see data collected about them and prevent sale of said data in optout fashion.
There are rarely laws around preventing collection of said data or using said data for some new service.
It’s likely some customer segmentation label generated through PCA or some other clustering approach.
The qualifying criteria is probably just having picked an offer for renewable-sourced energy in the past, indicating that it has some importance to you. So you will be given more green energy offers in future.
Every company segments its customer base this way for marketing. Sometimes it’s even useful.
They probably don't care. It's probably a mostly BS number. But they probably have to have it and have it at least look like they're trying to be serious about generating it in order to qualify for preferential treatment on some sort of permitting or write off some class of investment in a slightly better way at tax time or something.
I'm not sure if this is better or worse than them doing it because they believe in it.
In this specific case you can avoid Meta. In general, if you're in the US, you probably have a primary election coming up soon and certainly have a general election in November. Ask your politicians what their thoughts are on these topics and make an informed vote. Continue to pressure the incumbents as well.
You're on a site with a surprisingly high amount of support among commenters for trading privacy and freedom for convenience and comfort where it aligns with their religion/other biases or desired consumer experiences. I don't know if this the best place to ask for advice.
I'm not sure people realize that HN is already at the most libertarian end, and all the discourse spaces which are much closer to actual power and legislation are much less pro-privacy.
Reddit seems to have drifted back to more libertarian than HN on privacy issues. At least in technical subreddits. Not sure why that is, perhaps there are more users here whose salaries are tied to surveillance.
Historically, like 10-20 years ago, libertarian would be staunchly pro privacy. Is this no longer the case? If libertarians have dropped this stance, since it is so close to what was the core beliefs, I really have no mental model of the philosophy/politics for libertarians any more.
Any primer/link on what current libertarians believe is welcome.
It’s possible to want something without wanting to live in a system where there is a nanny to enforce that thing. Other means of enforcement exist, such as free markets.
Yes, but there's really not very many libertarians left who haven't cast their lot in for Republican support, resulting in the present situation. Not that there were many to begin with.
You might find it useful to distinguish between right and left libertarians.
All my anarchist (left libertarian) friends are pretty consistently opposed to state and corporate surveillance. There is plenty of theory in a canon of literature that goes back to the mid 19th century, even as there are many subgroups and spurs off that general line of thought all with their own sets of (usually somewhat) consistent lines.
If you want something short and brutal, I am a fan of "Desert" by anonymous, but "A Utopia of Rules" by David Graeber is not a bad thing to read and probably closer to a popular line. Or the CIA-Coded Yale academic James Scott has a lot to say, "Two Cheers for Anarchism" and "Seeing Like a State" both seem to have influenced a lot of people.
Historically "right libertarians" (the US Libertarian political party, for instance) have been, uh, "less consistent" in their thinking, so you might have a hard time finding anything that looks like a "philosophy" in that branch of "thought". Plenty of goofy-ass ideas, but little consistency except a strange ability to begrudgingly conform to GOP politics at the end of the day.
It's depressing to think that after the abuses people suffered during the lockdowns the response has been to embrace authoritarianism even more. It makes me fear how far this could go before people realize how bad it is.
Fundamentally I think that liberal democracy won't be able to survive compute, communication, and storage being cheap, combined with asymmetric encryption. I really think there should be an article illustrating just how much that last one is fundamental to making the apparatus of control cheap and effective in a way that 20th century regimes could only dream of.
i don't understand this doomer mentality regarding the internet.
internet is a service that you choose what to engage and how. don't like a platform? find another, build it or stop using it altogether.
personally, i find these things really great has it helps nudge people into the more decentralized web. a few years ago those who were pushing for privacy respecting apps and platforms were deemed too paranoid.
Network effects will keep a person on a platform until a critical mass of their social circle decide to leave all at once. I'm no expert, but I suspect that that critical mass is pretty high, maybe more than 50% of a person's circle. So it's not exactly vanilla free-market competition. Entrenched players have a pretty big advantage.
what does your social circle being on Instagram bring to you? seriously, this picture-sharing app has evolved into this content spread machine that brings very little value.
When most of your social circle exists on one platform, you tend to use that platform less for its specific features, and more because of the fact that all your friends are there. I don't personally use Instagram, and this is anecdotal information, but I know a lot of people who only use Instagram to see what their friends and family are up to, and to watch the occasional reel.
But you're absolutely right about Instagram's evolution. It's crazy.
First you said that people should use decentralized platforms. Now you acknowledge that there's nobody of value on those platforms so now you say people should stop wanting to connect in the first place.
I mean, okay? Next time just say social media is a cancer, and don't waste our time moving goal posts.
Given the dependence our society now has on the internet, it's bonkers to me that more VCs aren't rethinking their investment strategy. Privacy is not some niche concern anymore, check out the response to Flock for example.
There is a product reason - AI features are fundamentally incompatible with E2EE. If they want to bring more AI generated experiences and content into Instagram then the data needs to be accessible by them.
I can think of a few reasons why a company built on profiling (and advertising to) user interests might be interested in the private conversations of their users
the timeline for all of this is not a coincidence. meta spent millions lobbying for age verification laws that require content scanning. hard to scan content that's encrypted.
Never rely on a platform used by the masses to perform E2EE. It is far too easy to strip away E2EE for targeted users without their knowledge as they maintain the server and client code. This advise is to protect from corporations gobbling up and ultimately leaking sensitive data. Spooks can target the device itself via debug access for nation state level threats.
Consider instead using a code word or phrase to move sensitive conversations to something self hosted such as jabber using OMEMO XEP-0384 and XEP-0373 OpenPGP for XMPP and SASL SCRAM. OMEMO is an implementation of the Signal protocol on top of the XMPP protocol.
e.g. "_Expletive_! I stubbed my toe!" other-person: "lol geezer watch where you are walking." conversation quietly and temporarily moves to the pre-shared self-hosted Jabber server. Temporarily because going dark can draw attention. Feed the big chat platform boring garbage and misdirection.
Agreed. I just mentioned that for the spooks who don't like I am suggesting moving sensitive conversations elsewhere using basic opsec. I assume the farm recruits on HN are probably just as concerned about AI taking their jobs. Surely someone has bought AI a coffee unprompted by now, maybe even flirted with the AI.
I don't quite understand your comment. I also disagree with some implications of the final bit of your first comment: encryption is obviously basic privacy, but the interesting bit is who you're talking to.
So having a signal for switching mediums is something that I feel indicates thinking in the wrong direction.
So having a signal for switching mediums is something that I feel indicates thinking in the wrong direction.
It's not for everyone. I grew up with code phrases. My mom knew that if I said "I love you" to send in the cavalry. We had similar processes in the military. If I answered the phone a particular way they knew the remote site was under siege.
It's not for privacy in the way you may be thinking. This was long before cell phones or the internet existed and the conversation would have been over the rotary phone and it is assumed someone is in the house with me that should not be. Goal being police have authorization to kick down the door and assist the person or people that are nutritionally deficient in lead.
Unless you're actually a spy, there's no reason to do this. Just use your secure solution all the time with those conversation partners who are willing to use it.
Unless you're actually a spy, there's no reason to do this. Just use your secure solution all the time with those conversation partners who are willing to use it.
Fundamentally I agree with you but people will stay on the platforms where their friends are. To change that the platform would have to do something really bad such as forcing age checks and even then I think many will just put up with it to stay connected to their friends.
I don't use IG although they dearly want me to, giving me a popup every time I visit, but let me talk about FB for a second (and btw FB wanted to enable cross-platform messaging on the platforms they own - Meta - which seems anti-trust-y) - when they introduced encryption on FB, they made it mandatory. They opted everyone in, and it broke Messenger. If you delete cookies you might also delete messages. Isn't that convenient?
Probably a one off? Instagram’s e2ee was opt-in from the start- and meanwhile Facebook Messenger is now “e2ee for everyone” and none of this is affecting the main e2ee messaging apps people use - WhatsApp, Signal, and iMessage
Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.
Truly safe e2e requires open source client provided by a trusted entity who is as much as possible independent from the one who provides the untrusted transport layer. Eg how pgp email works.
people who otherwise would have gone their entire lives without ever hearing about encryption were exposed to the term and the marketing convinced them that encryption and privacy was a valuable thing, even if they didnt fully understand the mechanisms or why e2e might not necessarily be very effective in specific circumstances.
later, when presented between option a and option b, where one has encryption and the other doesnt, they are more likely to choose the one with it ("well, if instagram and facebook use it and say it is good...")
between signal and plain text, it is easier to convince friends to use signal if they see positive marketing about encryption on other popular apps they use. it is easier to convince them to encrypt their backups before uploading them to their google drive. hell, its just a good conversation starter to introduce encryption/online privacy to people that never really think about it. that type of thing.
those same friends are not going to use irc regardless. not really a loss if it was never even on the table.
Obviously it involves trust that it isn't actually "we say it's e2ee but actually we also MiTM every conversation"
I can't say I really mind this change by Meta that much overall though. Anyone who's serious about privacy probably knew better than to pick "Instagram chat" as their secure channel. And on the other hand having the chats available helps protect minors.
Companies started pushing E2EE a few years ago because users' private messaging data used to be a liability. Now that the data can be fed into LLMs for training and inference its value has gone up significantly, and the privacy and security tradeoffs are suddenly worthwhile.
PMs across the industry are pushing product decks with "conversational AI assistants" to get their next promotion. I've been in more than one of these meetings myself. If the data is encrypted then there's no way to build this kind of stuff.
https://news.ycombinator.com/item?id=47241817
And billionaires and nine-day old alts wonder why they need a bunker.
Some parts of the legislation (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32...):
> 2. The personal data processed pursuant to this Regulation shall only be used for the purpose of handling the emergency situations referred to in the first subparagraph of Article 5(2).
> Manufacturers shall provide clear and comprehensive information in the owner's manual about the processing of data carried out through the 112-based eCall in-vehicle system. That information shall consist of:
> the fact that there is no constant tracking of the vehicle;
That vehicle nowadays are equipped with always-on internet and microphones is not related to remote assistance.
Your car if new enough, IS reporting its diagnostics including GPS via cell. All the time. This isn’t exactly personally identifiable so they get away with it just fine.
This is unrelated to the microphones and assistance systems.
That is the kind of thing people allow when they click accept or decline on those pesky ”we and our 195735 partners would like to…” dialogs.
There are two definitions: a) Personal Data and b) Emergency Situations
What is an emergency situation and how can a car determine it is one? These are "smart" cars which aren't nowadays smart enough to process all your data locally, so that data is sent to servers elsewhere which process if either points a) or b) apply.
It is your choice to believe that voice data is ever deleted once acquired by governments and entities thirsty to benefit from that information.
For security experts this is just another "I told you so" within a few years.
https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
Now it just costs them the data and development cost to maintain. Any remaining problems they'll throw some crappy AI moderator at to fix.
And I will be pushing to remove WhatsApp if that’s the case.
Textbox with attribute ”encrypted”. Keys in the enclave/keychain.
Messenger has a higher expectation of privacy, Facebook is more at the "group of friends" level. While Instagram is a public restaurant, Facebook is more like a house party. WhatsApp has the highest expectation of privacy as it is designed for private, often one-to-one conversations first.
You need to be prepared to avoid saying naughty things on the internet. Otherwise, perhaps someone will figure out that you great-great grandfather didn't sign in the right spot in 1897 and you're presence in the United States is void, retroactive to your birth. Off to El Salvador with you, enemy of the people.
And so does my response to your comment.
But I do wonder if self-censure is really the best strategy.
Take the Utah Data Center (https://en.wikipedia.org/wiki/Utah_Data_Center), combine it with the Disposition Matrix (https://en.wikipedia.org/wiki/Disposition_Matrix), informally known as a kill list for even US citizens, and it does seem like you're getting a Police State!
Three letter agencies have way too much power and they've shaped our culture+laws for the worse. Osama Bin Laden has done way more damage to American citizens' lives than he could've ever dreamed of.
Just like the KGB and Putin's minions, Bin Laden correctly saw fault lines and weaknesses in the US an exploited them. He did what he did with a long-range context in mind. The "three letter agencies" were neutered in the 90s as part of the peace dividend which is why he was successful. The Russians used "active measures" with intelligence in the US 2016 among other times and Bin Laden chose terrorist violence. The Russian misinformation strategy is tried and true and corporate actors now use it successfully as well.
The whole thing sucks. This Iran adventure lays the vulnerability of the US military machine pretty bare. More, escalated conflict is probably in the world's future for decades to come.
In the USA, we hate the government collecting information on us, but shrug our shoulders when corporations do it.
In Europe, it's the exact opposite. They created GDPR to restrict how corporations collect and share data about you, but they shrug their shoulders at government doing it.
Obviously, this is incredibly reductive and over-simplified, but the general idea of it feels pretty true.
Self host. It's still possible to buy computer hardware and install FOSS replacements for most/all of the services you need, and plumb it all through to your mobile devices using wireguard/tailscale. If you're behind a CGNAT you can proxy it through a cheap VPS that won't fuck you on bandwidth costs. Thanks to Proxmox, I probably have better uptime on my services than e.g. Github these days.
When it becomes impossible to get open PC hardware, I don't know. I like to think I will just stop using the internet for anything besides the bare minimum NPC type activities that are required to engage with the institutions of society.
[0] https://podcast.james.network/@linuxprepper/episodes
Startups that initially choose the more private implementation version often face a disadvantage. They may not see immediate benefits and instead experience drawbacks, such as caring a bit more than their competitors. For example, an AI plugin using local large language models for privacy might not be rewarded as much as a competitor who fully embraces cloud-based solutions.
but the advice is basically the same as it always has been:
- talk to your friends and family about it. do it with passion, but without hyperbole or conspiracy or aggression. any person you can convince to care is a win. organize with like-minded people.
- talk to your representatives in government. vote for representatives that are pro-privacy (when possible). convince your like-minded friends and family to do the same.
- to the greatest extent possible, dont purchase/use products/services which are facilitating the trend. (but, you also need to be realistic or you will burn out! and that is a bigger loss overall).
- if you are a decision-maker at work, or have any sort of input, leverage it as best as you can to make pro-privacy business decisions. however, similar to the above point, recognize that you still need to be realistic and dont get yourself fired arguing some decision. it is better to make 1,000 nudges in the right direction than it is to be fired/burn out trying to make 1 big nudge.
- support organizations that align with your beliefs. this can be monetarily, or by volunteering, or by spreading awareness of the organization itself. for example, many people have never heard of the electronic frontier foundation and have no idea what they do. lots of people dont know of the ACLU either (or, maybe they have heard the name, but dont know what they do or why it matters).
That's not what I am seeing on the ground. Many discord users I have seen talk about this issue frame this as an attack on freedom and privacy by hiding it behind the same narrative that has been used so many times before of protecting children. You can only push fake narratives so far until people start getting the message that people are hiding nefarious attacks on society behind fake movements.
good! ideally, someone is helping them organize and action those thoughts and feelings outside of whatever discord channel you are in.
i am referring to how it is being framed by the people pushing the agenda. age verification laws (as an easy example) arent being advertised as "we want to spy on you", they are being advertised as "this will protect children from harms".
talk to debbie in accounting instead of babmorley420 in discord, and ask her opinion. she is not likely to frame it as an attack on privacy/freedom. she is likely to frame it as a necessary sacrifice for the greater good. and her opinion also matters, she also votes. we need to convince the debbies of the world -- they outnumber the babmorley420s
i teach tech in college and just earlier today made a post about how i am not seeing the same when i compare my current students to students 5, 10, or 15 years ago. i hope that i am the one in the bubble.
On one hand, I think a lot of the larger issues and divisions we’ve seen in society over the last 20 years are a direct result of our primary means of communication, entertainment and information being one that allows such ease of impersonation. While most of us here understand just how much Internet content is created with influence as a goal, and the posted by accounts with false identities, a majority of people still don’t. (And many who do don’t understand just how prevalent it is). I also think that sadly we’ve demonstrated that when people feel they are anonymous and beyond consequence, they’re willing to say and advocate for some terrible things which they might otherwise not have, and seeing others say those things reinforces their willingness to say and do them. If social media and internet norms of today had held the original Facebook model of requiring verification of your actual identity (back in the day .edu email days), I truly think we would live in a much different and in many ways better world.
On the other hand, I fully acknowledge that many of the people pushing for the removal of privacy and encryption are not doing so for altruistic reasons, but so that they have a more data to mine and monetize, or have the ability to monitor to a frightening degree, and that these tools once available will be available to any regime or government, so even if the ones currently pushing do have naively good intentions, the next ones very well may not.
But, I also struggle with the knowledge that for sophisticated parties, the privacy that most people think they have is a sham to begin with. There are already many tools available to piece together information sources and build a horrifyingly complex and accurate picture of individuals activities and identities. So I wonder if the illusion of privacy isn’t worse than the public at least being forced to confront the fact that they have none in the first place, and therefore being able to truly see and address the issue, while the security minded and technical individuals will always find a way obfuscate their identity and activity, just as they always have.
Switch to decentralized, e2ee alternatives, support https://eff.org
Not directly to you but in general: I do not think (most) of Europe is going the same direction as US. I actually see a lot of hope in response to EU leaders about digital infrastructure, communication & security. we have started to stop realing on America, but it will take 10-20 years before you see the entire crash trump made
Is it because this kind of phones are a very niche product so they can't benefit from the economy of scale?
Maybe android phone manufacturers can get better deals from chip manufacturers because they buy chips in large quantities?
Having seen how things work where freedom is not the default, I much prefer freedom.
There are rarely laws around preventing collection of said data or using said data for some new service.
Sometimes people talk about GDPR being only the cookie banner, but thanks to it, its forbidden to collect that kind of data.
https://gdpr-info.eu/art-9-gdpr/
The qualifying criteria is probably just having picked an offer for renewable-sourced energy in the past, indicating that it has some importance to you. So you will be given more green energy offers in future.
Every company segments its customer base this way for marketing. Sometimes it’s even useful.
I'm not sure if this is better or worse than them doing it because they believe in it.
Any primer/link on what current libertarians believe is welcome.
All my anarchist (left libertarian) friends are pretty consistently opposed to state and corporate surveillance. There is plenty of theory in a canon of literature that goes back to the mid 19th century, even as there are many subgroups and spurs off that general line of thought all with their own sets of (usually somewhat) consistent lines.
If you want something short and brutal, I am a fan of "Desert" by anonymous, but "A Utopia of Rules" by David Graeber is not a bad thing to read and probably closer to a popular line. Or the CIA-Coded Yale academic James Scott has a lot to say, "Two Cheers for Anarchism" and "Seeing Like a State" both seem to have influenced a lot of people.
Historically "right libertarians" (the US Libertarian political party, for instance) have been, uh, "less consistent" in their thinking, so you might have a hard time finding anything that looks like a "philosophy" in that branch of "thought". Plenty of goofy-ass ideas, but little consistency except a strange ability to begrudgingly conform to GOP politics at the end of the day.
Fundamentally I think that liberal democracy won't be able to survive compute, communication, and storage being cheap, combined with asymmetric encryption. I really think there should be an article illustrating just how much that last one is fundamental to making the apparatus of control cheap and effective in a way that 20th century regimes could only dream of.
internet is a service that you choose what to engage and how. don't like a platform? find another, build it or stop using it altogether.
personally, i find these things really great has it helps nudge people into the more decentralized web. a few years ago those who were pushing for privacy respecting apps and platforms were deemed too paranoid.
But you're absolutely right about Instagram's evolution. It's crazy.
the only social circle that truly matters is the geographically close one. no amount of E2EE or fancy chat app will replace being physically present.
I mean, okay? Next time just say social media is a cancer, and don't waste our time moving goal posts.
You don't have to wait for everyone to switch, in fact it's pretty normal to reach different people on different chats.
https://xkcd.com/1810/
Given the dependence our society now has on the internet, it's bonkers to me that more VCs aren't rethinking their investment strategy. Privacy is not some niche concern anymore, check out the response to Flock for example.
Consider instead using a code word or phrase to move sensitive conversations to something self hosted such as jabber using OMEMO XEP-0384 and XEP-0373 OpenPGP for XMPP and SASL SCRAM. OMEMO is an implementation of the Signal protocol on top of the XMPP protocol.
e.g. "_Expletive_! I stubbed my toe!" other-person: "lol geezer watch where you are walking." conversation quietly and temporarily moves to the pre-shared self-hosted Jabber server. Temporarily because going dark can draw attention. Feed the big chat platform boring garbage and misdirection.
It is possible to defend against them. Maybe not on your phone though.
So having a signal for switching mediums is something that I feel indicates thinking in the wrong direction.
It's not for everyone. I grew up with code phrases. My mom knew that if I said "I love you" to send in the cavalry. We had similar processes in the military. If I answered the phone a particular way they knew the remote site was under siege.
Everyone knows you talk to your parents, but code phrases are not a way to get privacy.
Fundamentally I agree with you but people will stay on the platforms where their friends are. To change that the platform would have to do something really bad such as forcing age checks and even then I think many will just put up with it to stay connected to their friends.
It could also tag people communicating about topics ig chat that it is actively suppressing.
They may be looking for an uproar to reverse the policy as so far, it's just words.