It could be a move to have parity with TikTok, where they claim it’s for safety reasons. I’ve been seeing advertisements for Instagram touting their child/teen protection features. Seems like they’re really trying to beat the allegations that Instagram is bad for children’s health.
Is this legitimate? It's so incoherent to see this blurb at the top saying it's being retired while everything underneath is pitching the value of e2e.
So apparently this was opt-in, much like Telegram's OTR chat feature, and thus completely different than WhatsApp where it has always been default. Not a good look regardless, but the few who went into chat settings for a specific person to turn this on in the first place will likely just switch to WhatsApp or another app rather than continue without it.
There's a general trend right now against privacy and in a more general sense against freedom. More and more companies are on board with it. I'm not sure if anyone in HN has any useful advice in this regard. I feel like I don't know what to do about the internet for the next 5-10 years. Does this particular measure matter very much? No, but it's another brick in the wall.
Never rely on a platform used by the masses to perform E2EE. It is far too easy to strip away E2EE for targeted users without their knowledge as they maintain the server and client code. This advise is to protect from corporations gobbling up and ultimately leaking sensitive data. Spooks can target the device itself via debug access for nation state level threats.
Consider instead using a code word or phrase to move sensitive conversations to something self hosted such as jabber using OMEMO XEP-0384 and XEP-0373 OpenPGP for XMPP and SASL SCRAM. OMEMO is an implementation of the Signal protocol on top of the XMPP protocol.
e.g. "_Expletive_! I stubbed my toe!" other-person: "lol geezer watch where you are walking." conversation quietly and temporarily moves to the pre-shared self-hosted Jabber server. Temporarily because going dark can draw attention. Feed the big chat platform boring garbage and misdirection.
Given the dependence our society now has on the internet, it's bonkers to me that more VCs aren't rethinking their investment strategy. Privacy is not some niche concern anymore, check out the response to Flock for example.
I don't use IG although they dearly want me to, giving me a popup every time I visit, but let me talk about FB for a second (and btw FB wanted to enable cross-platform messaging on the platforms they own - Meta - which seems anti-trust-y) - when they introduced encryption on FB, they made it mandatory. They opted everyone in, and it broke Messenger. If you delete cookies you might also delete messages. Isn't that convenient?
Isn't this actually improving safety by openly admitting how things always were in practice?
Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.
Truly safe e2e requires open source client provided by a trusted entity who is as much as possible independent from the one who provides the untrusted transport layer. Eg how pgp email works.
>Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.
You are no more capable of spotting a deliberately concealed backdoor in a binary than in source code, there's simply no meaningful difference.
the timeline for all of this is not a coincidence. meta spent millions lobbying for age verification laws that require content scanning. hard to scan content that's encrypted.
30 comments
[ 7.4 ms ] story [ 50.3 ms ] threadhttps://news.ycombinator.com/item?id=47241817
Consider instead using a code word or phrase to move sensitive conversations to something self hosted such as jabber using OMEMO XEP-0384 and XEP-0373 OpenPGP for XMPP and SASL SCRAM. OMEMO is an implementation of the Signal protocol on top of the XMPP protocol.
e.g. "_Expletive_! I stubbed my toe!" other-person: "lol geezer watch where you are walking." conversation quietly and temporarily moves to the pre-shared self-hosted Jabber server. Temporarily because going dark can draw attention. Feed the big chat platform boring garbage and misdirection.
It could also tag people communicating about topics ig chat that it is actively suppressing.
They may be looking for an uproar to reverse the policy as so far, it's just words.
Given the dependence our society now has on the internet, it's bonkers to me that more VCs aren't rethinking their investment strategy. Privacy is not some niche concern anymore, check out the response to Flock for example.
Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.
Truly safe e2e requires open source client provided by a trusted entity who is as much as possible independent from the one who provides the untrusted transport layer. Eg how pgp email works.
You are no more capable of spotting a deliberately concealed backdoor in a binary than in source code, there's simply no meaningful difference.