• Steve@lemmy.today
    link
    fedilink
    English
    arrow-up
    38
    ·
    11 months ago

    Great! But, let’s remember this is Facebook after all, so… 🤷‍♂️

      • CaptainSpaceman@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        11 months ago

        Moxie helped WhatsApp integrate the Signal protocol for e2ee, but I dont trust thatt they never implemented any backdoors in their protocol after Moxie was done helping them.

        IMO, just use Signal anyways. Fuck Meta

          • tsonfeir@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            11 months ago

            Do you believe everything you hear a company say who has proven themselves to be untrustworthy?

            End to end doesn’t necessarily mean that the middle can’t read it, it just means strangers listening can’t read it. WhatsApp isn’t open source, and auditing that encryption on a binary level would prove difficult.

            As we have seen, companies can also bow to the wills of governments, and if enough pressure is applied they often agree to backdoors.

            If it’s not open source, it’s a scam.

            • Kusimulkku@lemm.ee
              link
              fedilink
              English
              arrow-up
              1
              ·
              11 months ago

              End to end doesn’t necessarily mean that the middle can’t read it, it just means strangers listening can’t read it.

              I thought it meant nobody between the two ends can read it.

              • tsonfeir@lemm.ee
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                11 months ago

                End->(public network)->WhatsApp->(public network)->End

                So, no stranger can read it.

                The key word is stranger. WhatsApp made the encryption you’re using and could (and I’m sure does) have the ability to decrypt it.

                True end to end is where you and your partner have keys and you both encrypt on the client side, and don’t tell the middle man. That way no malicious intent from the server could ever decrypt the actual message.

                • Kusimulkku@lemm.ee
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  11 months ago

                  True end to end is where you and your partner have keys and you both encrypt on the client side, and don’t tell the middle man. That way no malicious intent from the server could ever decrypt the actual message.

                  That’s how the Signal protocol they’re using is working

    • surewhynotlem@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      11 months ago

      I believe it, but only as a cost saving measure. By enabling e2ee they can wiggle out of having to deal with warrants and the government. It’s about reducing the burden on their data retention and reporting teams.

    • BraveSirZaphod@kbin.social
      link
      fedilink
      arrow-up
      3
      arrow-down
      2
      ·
      edit-2
      11 months ago

      I don’t believe there’s ever been an instance of E2EE Messenger texts being given to law enforcement, whereas there are plenty of instances where Facebook has provided law enforcement with non-encrypted messages after being served a warrant.

      Believe what you want, but ignoring the legal liability from blatantly lying like that, there’s precisely zero evidence that Messenger’s encryption is compromised.

      • BearOfaTime@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        11 months ago

        The encryption doesn’t have to be compromised when their app does the message scanning before encrypting.

        Technically it’s still E2EE

        • BraveSirZaphod@kbin.social
          link
          fedilink
          arrow-up
          2
          ·
          11 months ago

          Sure, but at that point, it’s a legitimate question of what goal you’re trying to satisfy with E2EE. This doesn’t prevent metadata analysis being used for marketing purposes - and if that’s something you’re strongly against, that’s perfectly fair - but it does make it completely impossible for message content to be provided to law enforcement, even in the face of a warrant. That is hugely powerful, because we’ve already seen cases of FB Messenger texts being used to go after women who get abortions, just for one example. In countries with truly oppressive governments, that benefit can’t be overstated.

          Sure, Facebook will try to sell you some shit, but they’re not going to send the police to arrest you. Having E2EE is a strict improvement over the status quo, and if you do care deeply about privacy on the more commercial side, there’s always Signal or other privacy-first services.

  • ElectroVagrant@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    11
    ·
    11 months ago

    Personally I’m about as willing to trust this as WhatsApp’s end-to-end encryption, given Meta/Facebook’s involvement, but thought it was worth keeping folks here apprised of the situation in the corporate space.

    • BraveSirZaphod@kbin.social
      link
      fedilink
      arrow-up
      3
      ·
      11 months ago

      Has WhatsApp’s encryption ever been shown to not be trustworthy?

      Facebook has had to provide law enforcement with FB Messenger texts before after being served a warrant. Are you saying this has also happened with WhatsApp, even though that should be impossible? That’s a pretty big claim, so I’d love to see your evidence.

      • ElectroVagrant@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        To my knowledge, it hasn’t, but that’s not the main point of my comment so much as expressing my distrust of the parent company. In that respect, no, I’m not aiming to make a claim that Meta/Facebook have had to disclose messages from WhatsApp to law enforcement and essentially undermine its end-to-end-encryption.

        Nevertheless, I think it’s reasonable and fair to be suspicious of Meta/Facebook given its history of questionable actions concerning people’s data. They’re in the business of using people’s data for marketing/advertising purposes, not safeguarding it, after all.

  • yildo@kbin.social
    link
    fedilink
    arrow-up
    11
    ·
    11 months ago

    Is it going to be like Whatsapp end-to-end encryption where they just rolled out a 4-digit pincode for “backups” on their servers as the third end?

    • ElectroVagrant@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      11 months ago

      It sounds like it, although it looks like it’s a 6-digit pin instead from the image in the article.

      There’s also this additional info directly from Facebook’s blog post about all this:

      When your chats are upgraded, you will be prompted to set up a recovery method, such as a PIN, so you can restore your messages if you lose, change or add a device.

    • cheese_greater@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      11 months ago

      I mean if its not encrypted, that could only ever be double-speak. If they say its e2ee, I’m sure they’re still hoovering metadata but thats a strong claim that requires rigorous implementation thats going to be tested equally rigorously. Still think people should delete the app tho

      • JeeBaiChow@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        11 months ago

        Rigorous? Not really. The decryption takes place client side in-app, and they simply process it before it hits the display. Just because it’s encrypted in transit doesn’t mean fb doesn’t have ita greasy paws all over it.

        • cheese_greater@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          11 months ago

          The whole point (arguably) is to avoid another situation like when the girl got nailed for an abortion and the mother got charged with facillitating or something because Facebooks chat records between them were accessible to Facebook -> Government upon request/warrant/etc.

          I get Facebook sucks but lets try to think clearly about this. Otherwise I wouldn’t be questioning your points but this is a palpable issue that embarassed them and laid bare how dangerous and rickety the whole setup was

          • BearOfaTime@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            edit-2
            11 months ago

            They claim E2EE. No third party breaks it. Law enforcement is appeased.

            But their closed-source app could still be analyzing the messages before encrypting. We wouldn’t know, because it’s closed source.

            They could still argue it’s E2EE, as it was encrypted on one end and decrypted on the other.

            Facefuck and Zuckerdick get no benefit of the doubt - not only have they not earned it, they’ve demonstrated they are untrustworthy.

            • cheese_greater@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              11 months ago

              But if they have access to the content in that way, they will be retaining it or manipulating it in some retainable way, the fruits of which are automatically up for grabs via legal request/warrant.

              The moment it becomes plaintext for them or they have any access to non-ciphertext, its fair game for the governement. The whole point of this (or at least part of it) is to avoid a repeat of the mother/daughter abortion" conspiracy" that has already caused them a lot of problems and even less trust than previously. And it was super predictable.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    This is the best summary I could come up with:


    Meta is rolling out end-to-end encryption for one-on-one chats and calls on Messenger, finally fulfilling a promise that’s been in the works for quite awhile.

    “Our engineers, cryptographers, designers, policy experts and product managers have worked tirelessly to rebuild Messenger features from the ground up.”

    According to Crisan, you won’t sacrifice Messenger features when using encrypted chats, so you’ll still be able to use things like themes and custom reactions.

    “I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever,” he wrote in a Facebook post.

    Last year, the company drew headlines when a 17-year-old from Nebraska and her mother faced criminal charges for performing an illegal abortion after police obtained their Messenger chat history.

    Anti-encryption advocates say that the technology makes it harder to find bad actors on messaging apps like WhatsApp, which is already encrypted by default.


    The original article contains 378 words, the summary contains 164 words. Saved 57%. I’m a bot and I’m open source!