jacktherippah,

Ah yes, we do end to end encryption bro! Trust me bro!

heygooberman,
@heygooberman@lemmy.today avatar

Great! But, let’s remember this is Facebook after all, so… 🤷‍♂️

JeeBaiChow,

…they’ll skim the metadata after client-side decryption while on its way to presentation?

BearOfaTime,

Hell, why stop at Metadata? The app can see all the data before encrypting and sending

JeeBaiChow,

(taps head) you got it!

critical,

Does it say between which ends is the encryption? Or who manages the keys?

LEDZeppelin,

Fuck facebook

yildo,

Is it going to be like Whatsapp end-to-end encryption where they just rolled out a 4-digit pincode for "backups" on their servers as the third end?

Kusimulkku,

WhatsApp is using the Signal protocol for E2EE chats

ElectroVagrant,

It sounds like it, although it looks like it’s a 6-digit pin instead from the image in the article.

There’s also this additional info directly from Facebook’s blog post about all this:

When your chats are upgraded, you will be prompted to set up a recovery method, such as a PIN, so you can restore your messages if you lose, change or add a device.

NENathaniel,
@NENathaniel@lemmy.ca avatar

Is your issue that it’s 4 digits, or something else?

GaimDS,
@GaimDS@lemmy.world avatar

I don’t believe it for a second ngl 🫠

BraveSirZaphod,
BraveSirZaphod avatar

I don't believe there's ever been an instance of E2EE Messenger texts being given to law enforcement, whereas there are plenty of instances where Facebook has provided law enforcement with non-encrypted messages after being served a warrant.

Believe what you want, but ignoring the legal liability from blatantly lying like that, there's precisely zero evidence that Messenger's encryption is compromised.

BearOfaTime,

The encryption doesn’t have to be compromised when their app does the message scanning before encrypting.

Technically it’s still E2EE

BraveSirZaphod,
BraveSirZaphod avatar

Sure, but at that point, it's a legitimate question of what goal you're trying to satisfy with E2EE. This doesn't prevent metadata analysis being used for marketing purposes - and if that's something you're strongly against, that's perfectly fair - but it does make it completely impossible for message content to be provided to law enforcement, even in the face of a warrant. That is hugely powerful, because we've already seen cases of FB Messenger texts being used to go after women who get abortions, just for one example. In countries with truly oppressive governments, that benefit can't be overstated.

Sure, Facebook will try to sell you some shit, but they're not going to send the police to arrest you. Having E2EE is a strict improvement over the status quo, and if you do care deeply about privacy on the more commercial side, there's always Signal or other privacy-first services.

LWD, (edited )

deleted_by_author

  • Loading...
  • BraveSirZaphod,
    BraveSirZaphod avatar

    Nothing technically would prevent that, but eventually that evidence would end up in public court and the ruse would be up.

    surewhynotlem,

    I believe it, but only as a cost saving measure. By enabling e2ee they can wiggle out of having to deal with warrants and the government. It’s about reducing the burden on their data retention and reporting teams.

    tsonfeir,
    @tsonfeir@lemm.ee avatar

    Yeah right.

    Kusimulkku,

    Well WhatsApp already has it

    tsonfeir,
    @tsonfeir@lemm.ee avatar

    Sure, Jan.

    Kusimulkku,

    Huh?

    tsonfeir,
    @tsonfeir@lemm.ee avatar

    Do you believe everything you hear a company say who has proven themselves to be untrustworthy?

    End to end doesn’t necessarily mean that the middle can’t read it, it just means strangers listening can’t read it. WhatsApp isn’t open source, and auditing that encryption on a binary level would prove difficult.

    As we have seen, companies can also bow to the wills of governments, and if enough pressure is applied they often agree to backdoors.

    If it’s not open source, it’s a scam.

    Kusimulkku,

    End to end doesn’t necessarily mean that the middle can’t read it, it just means strangers listening can’t read it.

    I thought it meant nobody between the two ends can read it.

    tsonfeir,
    @tsonfeir@lemm.ee avatar

    End->(public network)->WhatsApp->(public network)->End

    So, no stranger can read it.

    The key word is stranger. WhatsApp made the encryption you’re using and could (and I’m sure does) have the ability to decrypt it.

    True end to end is where you and your partner have keys and you both encrypt on the client side, and don’t tell the middle man. That way no malicious intent from the server could ever decrypt the actual message.

    Kusimulkku,

    True end to end is where you and your partner have keys and you both encrypt on the client side, and don’t tell the middle man. That way no malicious intent from the server could ever decrypt the actual message.

    That’s how the Signal protocol they’re using is working

    tsonfeir,
    @tsonfeir@lemm.ee avatar

    WhatsApp is not peer to peer.

    Kusimulkku,

    Nobody said it was?

    tsonfeir,
    @tsonfeir@lemm.ee avatar

    What is it you thought they were saying?

    Kusimulkku,

    You seem confused. E2EE doesn’t mean peer-to-peer. Signal protocol isn’t peer-to-peer. You don’t need to be peer-to-peer to have secure communication because E2EE makes it so that the server can’t read what the two ends are writing.

    tsonfeir,
    @tsonfeir@lemm.ee avatar

    Can you prove to me that WhatsApp actually encrypts the message on the phone in such a way that WhatsApp can’t see the message when it’s on their server?

    Do you truly believe a company owned by Meta would provide that kind of security from THEM? A company whose income is profiting on DATA supplied by users?

    Tell me you believe this.

    Kusimulkku,

    We know they certainly implemented it at one point. So it’s not a big ask to do that for Messenger. And like someone said, would probably benefit them too since don’t have to give info they don’t have. But with it being closed source, it can’t be verified if they’re using it now.

    tsonfeir,
    @tsonfeir@lemm.ee avatar

    Do you believe that Meta, if given the opportunity, would choose personal privacy over making money? It’s an easy yes, or no question to answer. 

    Kusimulkku,

    What money?

    tsonfeir,
    @tsonfeir@lemm.ee avatar

    Just money. Yes or no.

    Kusimulkku,

    I need to know what your question means to answer it. What money are we talking about?

    tsonfeir,
    @tsonfeir@lemm.ee avatar

    I’m not Meta, so I can’t give you a detailed breakdown of how they use the data they collect to make money. So, let’s assume by money I just mean money from their many sources. It’s a pretty easy question with only one answer.

    Kusimulkku,

    I’m not Meta, so I can’t give you a detailed breakdown of how they use the data they collect to make money.

    But you are talking about what sort of money, something they’d get from not using E2EE?

    tsonfeir,
    @tsonfeir@lemm.ee avatar

    Something they’d get from being able to read messages.

    Kusimulkku,

    I guess it depends how much. If they’ll net like a billion from not doing E2EE then yeah absolutely. If it’s significantly less they’d might still go with E2EE for the PR and not having to comply with shit. It’s not like they’d lose all the metadata anyway.

    tsonfeir, (edited )
    @tsonfeir@lemm.ee avatar

    Let me be sure I know what you’re saying. You feel it’s perfectly fine if their encryption is done in such a way that they can read the encrypted information on the server as long as they don’t make a lot of money on it?

    Kusimulkku,

    You are way off. For reference, here’s what you asked

    Do you believe that Meta, if given the opportunity, would choose personal privacy over making money?

    And my answer

    I guess it depends how much. If they’ll net like a billion from not doing E2EE then yeah absolutely. If it’s significantly less they’d might still go with E2EE for the PR and not having to comply with shit. It’s not like they’d lose all the metadata anyway.

    tsonfeir,
    @tsonfeir@lemm.ee avatar

    Ahhh going way back to the start. Got it. Glad we’re on the same page now.

    Kusimulkku,

    Well yeah, I just wanted to know first what you were asking before answering

    selokichtli,

    Can we verify they are still using the Signal protocol?

    Kusimulkku,

    Not realiably, afaik

    tsonfeir,
    @tsonfeir@lemm.ee avatar

    If they are, they’ve probably modified it.

    CaptainSpaceman,

    Moxie helped WhatsApp integrate the Signal protocol for e2ee, but I dont trust thatt they never implemented any backdoors in their protocol after Moxie was done helping them.

    IMO, just use Signal anyways. Fuck Meta

    iHUNTcriminals,

    It’s end-to-end-to-end encryption.

    Your data is now encrypted while they mine it.

    Rocketpoweredgorilla,
    @Rocketpoweredgorilla@lemmy.ca avatar

    So Facebook, the company that reviews your private messages ( money.com/facebook-reviews-private-messages/ ) will let you encrypt your messages to other messenger users (That it also monitors) so that a third party can’t get that data without paying them first?

    cheese_greater,

    I mean if its not encrypted, that could only ever be double-speak. If they say its e2ee, I’m sure they’re still hoovering metadata but thats a strong claim that requires rigorous implementation thats going to be tested equally rigorously. Still think people should delete the app tho

    JeeBaiChow,

    Rigorous? Not really. The decryption takes place client side in-app, and they simply process it before it hits the display. Just because it’s encrypted in transit doesn’t mean fb doesn’t have ita greasy paws all over it.

    cheese_greater,

    The whole point (arguably) is to avoid another situation like when the girl got nailed for an abortion and the mother got charged with facillitating or something because Facebooks chat records between them were accessible to Facebook -> Government upon request/warrant/etc.

    I get Facebook sucks but lets try to think clearly about this. Otherwise I wouldn’t be questioning your points but this is a palpable issue that embarassed them and laid bare how dangerous and rickety the whole setup was

    BearOfaTime,

    They claim E2EE. No third party breaks it. Law enforcement is appeased.

    But their closed-source app could still be analyzing the messages before encrypting. We wouldn’t know, because it’s closed source.

    They could still argue it’s E2EE, as it was encrypted on one end and decrypted on the other.

    Facefuck and Zuckerdick get no benefit of the doubt - not only have they not earned it, they’ve demonstrated they are untrustworthy.

    cheese_greater,

    But if they have access to the content in that way, they will be retaining it or manipulating it in some retainable way, the fruits of which are automatically up for grabs via legal request/warrant.

    The moment it becomes plaintext for them or they have any access to non-ciphertext, its fair game for the governement. The whole point of this (or at least part of it) is to avoid a repeat of the mother/daughter abortion" conspiracy" that has already caused them a lot of problems and even less trust than previously. And it was super predictable.

    ElectroVagrant,

    Personally I’m about as willing to trust this as WhatsApp’s end-to-end encryption, given Meta/Facebook’s involvement, but thought it was worth keeping folks here apprised of the situation in the corporate space.

    BraveSirZaphod,
    BraveSirZaphod avatar

    Has WhatsApp's encryption ever been shown to not be trustworthy?

    Facebook has had to provide law enforcement with FB Messenger texts before after being served a warrant. Are you saying this has also happened with WhatsApp, even though that should be impossible? That's a pretty big claim, so I'd love to see your evidence.

    ElectroVagrant,

    To my knowledge, it hasn’t, but that’s not the main point of my comment so much as expressing my distrust of the parent company. In that respect, no, I’m not aiming to make a claim that Meta/Facebook have had to disclose messages from WhatsApp to law enforcement and essentially undermine its end-to-end-encryption.

    Nevertheless, I think it’s reasonable and fair to be suspicious of Meta/Facebook given its history of questionable actions concerning people’s data. They’re in the business of using people’s data for marketing/advertising purposes, not safeguarding it, after all.

    Rai,
    1. It’s Facebook
    2. It’s closed source

    Zero trust from me, not touching any of that

    BraveSirZaphod,
    BraveSirZaphod avatar

    So, no evidence. Gotcha.

    For WhatsApp, given how much noise the UK law enforcement has been making about trying to ban encryption, I'm inclined to believe it actually is working. I'm sure Facebook does some metadata analysis and that does feed back into their advertising profiles, but that's a different thing from being able to turn over actual message content that's supposedly been encrypted over to law enforcement.

    But hey, if you do find actual evidence, I'm all ears.

    BearOfaTime,

    The evidence we have is the historic behaviour of Facefuck and Zuckerfuck.

    Fuck anything connected to this asshole.

    They could easily scan your messages via the app before encrypting.

    Being closed source we have no way to examine this.

    But yea, keep on trusting an org that has repeatedly demonstrated they’re untrustworthy.

    BraveSirZaphod,
    BraveSirZaphod avatar

    In case you were unaware, you come off as a literal child. Cheers.

    Rai,

    I’m not the person you responded to, so I made no claims that need any evidence.

    I just love shitting on fucking rubbish Facebook and will do so online at any point possible.

    Fuck yo evidence and fuck yo Facebook

    BraveSirZaphod,
    BraveSirZaphod avatar

    Most people don't so openly state that they don't care about facts or evidence and form their beliefs primarily from vibes, so thanks for at least being upfront about it.

    BearOfaTime,

    Wow, nice insults.

    If we’re going down that road, keep bootlicking Zuckerberg and Facebook, despite the history of the company and him.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • technology@lemmy.world
  • Durango
  • rosin
  • Youngstown
  • InstantRegret
  • mdbf
  • slotface
  • everett
  • cisconetworking
  • kavyap
  • thenastyranch
  • DreamBathrooms
  • rhentai
  • tacticalgear
  • magazineikmin
  • bokunoheroacademia
  • tester
  • ethstaker
  • khanakhh
  • Leos
  • GTA5RPClips
  • osvaldo12
  • cubers
  • normalnudes
  • relationshipadvice
  • lostlight
  • modclub
  • HellsKitchen
  • sketchdaily
  • All magazines