136 comments

[ 3.0 ms ] story [ 88.9 ms ] thread
Happy to see it, but if a fine is the only consequence then they’re going to go back to doing the exact same thing tomorrow.
Many will cheer for any case that hurts Meta without reading the details, but we should be aware that these cases are one of the key reasons why companies are backtracking from features like end-to-end encryption:

> The New Mexico case also raised concerns that allowing teens to use end-to-end encryption on Instagram chats — a privacy measure that blocks anyone other than sender and receiver from viewing a conversation — could make it harder for law enforcement to catch predators. Midway through trial, Meta said it would stop supporting end-to-end-encrypted messaging on Instagram later this year.

The New York case has explicitly gone after their support of end-to-end encryption as a target: https://www.reuters.com/legal/government/meta-executive-warn...

The Clipper chip is coming back.
How is the Clipper chip different from what online platforms claim have: a curated kids only section?
Is it illegal or is it just illegal on general purpose platforms whose focus isn't extreme security?

We all know Meta can still read E2EE chats (otherwise they wouldn't do it) and they're using E2EE as an excuse to avoid liability for the things their platform encourages. Contrast this with something like Signal where the entire point is to be secure.

> Many will cheer for any case that hurts Meta

Absolutely. Particularly where they've been found to be guilty.

> but we should be aware that these cases are one of the key reasons why companies are backtracking from features like end-to-end encryption

Why _social media_ companies are backtracking. I'm extremely nonplussed by this outcome.

> concerns that allowing teens

Yes, because that's what we all had in mind when considering the victims and perpetrators of these crimes.

I’m actually okay with not letting under age people use e2e. I’m not okay with blocking everyone. I have 2 kids.
The correct nuance here is...

* Classifying accounts as child accounts (moderated by a parent)

* Allowing account moderators to review content in the account that is moderated (including assigning other moderation tools of choice)

In call cases transparency and enabling consumer choice should be the core focus.

Additionally: by default treat everyone online as an adult. Parents that allow their kids online like that without supervision / some setting that the user agent is operated by a child intend to allow their children to interact with strangers. This tends to work out better in more controlled and limited circumstances where the adults involved have the resources to provide suitable supervision.

At the same time, any requirements should apply only to commercial products. Community (gratis / not for profit) efforts presumably reflect the needs of a given community.

I think getting the age thing correct is key to get parental classification to work properly(I think now platforms just ask for a birth date which is lame) e.g

> Surveys by Britain’s tech regulator, Ofcom, find that among children aged 10-12, over half use Snapchat, more than 60% TikTok and more than 70% WhatsApp. All three apps have a notional minimum age of 13: https://archive.ph/y3pQO

Once you get the classification correct — and AI cannot it do this — only via community ombudsman/age verifiers, in a privacy first way*, the app stores can easily tell the app devs what accounts are sensitive and filtering should be much more effective.

*Basically once your age is verified by a real human for your device(using device local encryption to verify biometrics) you are set. No kid should be able to bypass and install apps it on devices that their parents hand to them. There will always be black market devices with these apps, but there are ways of beating those to be very minimal by existing tech.

It’s very hard to control kids internet access. Impossible really. Even if you do it fine at home, once they go to school it’s whatever policies the school has. Most require laptops and provide internet access.
I feel uncomfortable about the idea of controlling children, even my own. Certainly there is a requirement to protect children from others but I feel like putting in guard rails to prevent children from themselves only leads to making things taboo and, as a result, more interesting.
> Classifying accounts as child accounts (moderated by a parent)

Notice also that even if you do this, you still don't need the service to be able to decrypt the content, only the parent.

This could even be generically useful, e.g. you have a messenger used by business and then the messages can be read by the client company's administrator/manager but not the messaging company's.

I don’t agree we should Treat everyone as an adult by default online. We wouldn’t do that in any other circumstances.
I think this is the way. Not control, but just make it simpler for parents to handle their childrens devices. You dont have to make everyone share their age, you just make it so that parents can in a simpler way choose what the children should be able to access. Make it easy to do right, dont add more control. Its kind of the old anti-piracy copyprotections. The pirates always cracked it, and in the end, the ones who got to sit there trying to figure out what is the word in the manual is the user who actually paid for the game. So making it worse for the ones who paid, and better for the cracked version. So, make it simple.
That doesn't work, unless the system knows everyone's family relationships.

Not guesses. Not is told about and takes on trust. Knows.

There's nothing to stop a kid creating a fake adult account and using it as an adult, perhaps creating their own kid account for "official" use.

Ultimately this is an unsolvable problem without a single source of truth for verified ID and user age.

The only responsible way to do that is to create a global "ID escrow" agency, where ID details are private and aren't available to governments or corporations without a court order, but the agency can provide basic age checks and other privacy services of a limited nature.

Good luck with that idea in this culture.

Meanwhile we have the opposite - real ID is known to governments and corporations, personal habits and beliefs of all kinds can be tracked, there is zero expectation of privacy, and kids still aren't protected.

This is the core issue.

We know that this isn't really going to reduce harm for children, we know Meta is not seriously going to suffer or change, and we know this is going to be used as a cudgel to beat down privacy and increase surveillance.

This is a good thing for “social” media. If you use any social media app (especially those owned by Meta) you should assume that absolutely everything you do is for full public consumption. Maybe these changes will make everyone stop thinking that anything is private when using “social” media apps.
Rock meet hard place?

Harm to kids is actually happening, and this is always going to be a hot button topic.

E2E is critical for our current ability to communicate online, but will be a lower priority when pitted against child safety.

Fighting the good fight is one thing, fighting for the sake of it, without a plan that addresses the tactical reality is another altogether.

Personally, I think E2E will be defended, but it’s becoming a lightning rod for attention. As if removing encryption will solve the emerging issues.

I suspect providing alternatives to champion, such as privacy preserving ways to verify age, will force a conversation on why E2E needs to go.

Centralized organizations with proprietary software can never offer meaningful end to end encryption because they can just ship an app update to disable or backdoor it at any time.

It is better for them to be forced to turn off the security theater so people that need actual privacy can research alternatives.

The lawyers using the finding badly internally doesn’t mean the finding was fundamentally unsound and or won’t ultimately be a positive thing.
Only accounts that exist 14 year plus are elligible for e2e?
It's illegal to hand a minor harmful material. Meta did exactly that. I support people's rights to make and buy sports cars, But it is illegal to hand the keys to a minor and leave them unsupervised.
If someone sends a child a dick pic by physical mail, is the post company responsible?
If that someone is the post company, yes. The harmful material in this case is the E2E chat software.
No. Meta is backtracking because the business case for and to end encryption is gone. They willingly will give the Trump administration whatever the want because they are not in the business of fighting authoritarian governments, they are in the virtue signalling business when governments are constrained by the rule of law.

The business case was to be able to say “we don’t know”. That case is gone.

> (my emphasis) Meta said it would stop supporting end-to-end-encrypted messaging on Instagram later this year.

Whatsapp and messenger are still fine, then.

However did we survive all of these years with unencrypted SMS or voice calls?!
As a platform operator I think end to end encryption does no good in free products. It just makes you blamed for liability that you couldn’t foreseen or mitigate.
Another poster child for Meta's lobbying (bribery) to encourage OS level age verification. (numerous recent references in HN posts)

They very much want to push this liability off onto someone else...

As far as end-to-end encryption, on SM sites (social media or SadoMasochism, however you want to read it) I don't really see the need.

You were downvoted, but right. Meta wants to be able to say, "hey, the OS said she was 18!" and not get in trouble for it.

Online child exploitation should be a strict liability offense.

> As far as end-to-end encryption, on SM sites (social media or SadoMasochism, however you want to read it) I don't really see the need.

You don't see any benefit to allowing people to encrypt their private communications in a way that can't be accessed by the company?

It's weird to see tech news commenters swing from being pro-privacy to anti-privacy when the topic of social media sites come up.

> Another poster child for Meta's lobbying (bribery) to encourage OS level age verification. (numerous recent references in HN posts)

The references I saw showed Meta had lobbied for some of the laws that require age verification be done by the site or by third party ID services. They did not show that Meta lobbied for any of the OS bills.

Some showed that Meta had lobbied in some of the states with those bills, but they just showed Meta's total lobbying budget for those states.

So... Question. Seeing as Zuck is the majority voting shareholder and highest ranked executive, why isn't there a piercing of the corporate veil going on? This isn't some distributed blame case. Ultimately, his decision making led to what the jury finds objectionable. I find it absurd that somehow, the corporate veil is able to absorb even this? Somebody accepted the risk. That somebody is at the top of the pyramid. Want to send a message? Get 'em.
> The New Mexico attorney general’s office created multiple fake Facebook and Instagram profiles posing as children as part of its investigation into Meta. Those test accounts encountered sexually suggestive content and requests to share pornographic content, the suit alleges.

> The fake child accounts were allegedly contacted and solicited for sex by the three New Mexico adult men who were arrested in May of 2024. Two of the three men were arrested at a motel, where they allegedly believed they would be meeting up with a 12-year-old girl, based on their conversations with the decoy accounts.

and

> “The product is very good at connecting people with interests, and if your interest is little girls, it will be really good at connecting you with little girls,” Bejar said.

This is what it's about right? The article doesn't make it seem like encryption is meaningfully part of this case at all.

> Midway through trial, Meta said it would stop supporting end-to-end-encrypted messaging on Instagram later this year.

There's no indication that that decision, or the announcement, are directly related to the trial, just they just happened at the same time? It's a link drawn by CNN, without presenting any clear connection

They have been under a lot of pressure for years to disable e2e messaging because it prevents them from monitoring messages for child abuse. This was a central point of the trial. While they haven't given a reason for the change I think its reasonable to infer it is in response to this pressure.

However there is another possible explanation

> Tom Sulston, head of policy at Digital Rights Watch, said rather than acceding to law enforcement demands, the move was more likely due to Meta deciding against moving messaging on WhatsApp, Facebook and Instagram to a single platform.

I cheer any decision that holds any private web property (like Facebook) accountable for it's user actions.

It helps to reduce hegemony of large social platforms and promotes privately owned websites. For example, I know everyone who has permissions to post on my website (or pre-moderate strangers comments), and is ready to take responsibility for their posts, what my website publishes.

Currently the legal stance seems strange to me -- large media platforms are allowed to store, distribute, rank and sell strangers data, while at the same time they claim they are not responsible for it.

So... end to end message encryption means meta can't see messages child molesters are sending to children.
This is one of the first times the court found the platform itself can be liable, overruling frequent industry claims that they just host content and are never responsible for the content. $375 million sounds big but is peanuts compared to their annual revenue. And of course Meta will appeal and then try to drag everything out for years and years. Expect copycat lawsuits.

These platforms expose minors to predators and bad actors, and Meta was proven lying about safety.

We don't want age verification, and we do want E2E encryption. Yet, because Meta is an evil company, we cheer on this judgement.

Reality, folks: you can't have both.

Why can we not have both? I don't see the assertion backed up at all.
With E2EE and no age verification, there is no way Meta could have any control over messages sent to children, so it does not make sense to hold them responsible.
Can one be opposed to age verification in the OS and yet totally happy that Meta got this fine? There is a very big difference between e2e encryption /telephone and social media. Social media is more akin to a phone book. I do not recall there ever being any phone books listing minors. That's completely unacceptable and unnecessary. I am totally OK with phonebooks (or their modern digital equivalents which enable people discovery and user generated content discovery) to abide by the same KYC rules as banks. And be only for adults. Your kids using e2e encrypted messaging to communicate with their friends whom they have met in person? Nothing wrong with that, we all have the right to privacy. Kids listing their contact information publicly? Absolute no.
Do we have to wait for any appeals before the performative mail out settlement checks for $1 routine?
Seems insufficient to keep Social Security solvent after 2040.

Are the kids alright?

The same company intentionally driving minors towards this content (despite claiming to care about them) is also lobbying in secrecy for requiring all of us to scan our ID and face in order to use our phones and computers.

Their stated reason? Child safety.

Their actual reason? You can figure that out.

Maybe I'm just getting old and cynical but, while I think current social media is bad for children, I'm very suspicious of the current international agreement that it's time to take action, especially with all the ID verification coming from multiple avenues
> I'm very suspicious of the current international agreement that it's time to take action

Especially since, when you look at the behavior of younger people, they're way more careful about social media than millennials were. My teenage child an their friends keep all of their conversations in a massive but private group chat. Any social media consumed by them, is basically 'read only'. They don't post online, none of them of have social media accounts where they post pictures of themselves etc.

Same with all of my younger gen-z coworkers. If they have socials the post very selectively and all content is work friendly.

The people I see that need "protection" are aging millenials that don't really understand how wildly they're exposing themselves and families. I cringe when I see the amount of personal photos and information shared by the view millenials I know who still need their ego-boost from these platforms (and that number itself is much smaller).

Younger people don't share their opinion and anything resembling private photos online any more.

Alternative headline: household spyware cash machine forced to pay $20 for being bad.

If you want to punish Meta then you have to punish the wonder boy who runs it. Not even share holders can fight off the guy spending 80B on the metaverse.

You're not wrong, but the problem for Meta is that this, along with their other fine for mental harm is setting a precedence.

This fine is somewhat larger, at $375 million, but the other one (https://www.msn.com/en-us/health/other/meta-and-youtube-fine...) basically open the gates for millions of people suing.

Sadly I don't think it's enough for Meta to change, because they have no business model if they are forced to be serious about online safety. That's probably also why they are pushing so hard for age verification, make safety a problem for someone else.

Oh no those pesky Europeans extorting money from US tech companies. No, wait..
the leaders of these companies don'tlet their kids use it.
This particular verdict is a long time coming. How it drives meaningful change is the bigger question.

One of the challenges we need to resolve is the race to the bottom for online communities - engagement metrics will always result in a PH level that supports more acerbic behavior.

There’s multiple analyses that you can find, if not your own experience, to believe that we should be able to do better with our information commons.

Just today, I found a paper that studied a corpus of Twitter discussions and found that bad-faith interactions constituted 68.3% of all replies (Twitter data).

The engineer and analyst side of us will always question these types of analyses.

I’ve read enough papers at this point for the methods to matter more than the conclusion.

1) meta, and the other tech platforms need to open up their research and data. NDAs and business incentives prevent us from having the boring technical conversations.

2) tech needs someone else to be the bogeyman - the way we did for tobacco. The profit incentive ensures profitable predatory features pass review. Expecting firms to ignore quarterly shareholder reviews for warm fuzzies is … setting ourselves up for failure.

Regulators (with teeth) need to be propped up so that the right amount of predictable friction (liability) is introduced.

3) tech firms need an opportunity or forum to come clean. The sheer gap between the practical reality of something like content moderation vs the ignorance of users and regulators - results in surprise and outrage when people find out how the sausage is made.

4) algorithm defaults decide the median experience for participants in our shred market place of ideas. The defaults need to be set in a manner that works for humans and society (whatever that might be).

Economies are systems to align incentives to achieve subjective goals.