Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
daft_pink 4 hours ago

I'm not sure the value of end to end encryption for proprietary application chats. For emails and SMS messages, your messages are being sent between different multiple servers on the open internet and it opens you up to spying, but end to end encryption on instagram is only protecting your chats from Meta.

I find the end to end encryption on Facebook to be detrimental to ease of use, because you always have to use a pin code, etc for the web interface.

If you don't trust meta with your chats, you probably shouldn't be using their application to begin with.

shiandow 3 hours ago | parent | next [-]

I'm not sure I disagree, but I would summarise it slightly differently.

If you don't want Mark Zuckerberg to upload your private messages into his own chat AI, then stop using Instagram immediately.

ergocoder 3 hours ago | parent | prev | next [-]

Actually, by doing e2e encryption, Meta can say to the authorities that Meta doesn't see any message and cannot be blamed for anything. We cannot snoop user's conversation, and that's generally a good thing.

The authority holds Meta responsible anyway; they don't care about the implementation detail. They want to catch a pedo, and Meta is unable to produce evidence that helps them. Everyone else will yell at Meta for helping pedos.

You can substitute "pedo" with any other heinous crime e.g. terrorism.

And this is how we arrive at the current situation.

mrexcess 3 hours ago | parent [-]

> The authority holds Meta responsible anyway

What form of accountability are you suggesting is even being leveraged, here? No law could force Meta to backdoor its encryption, afaik. Public pressure would be unlikely to work.

Is Meta afraid of anything real, or is this just blame shifting via ungrounded speculation?

ergocoder 3 hours ago | parent [-]

They can because Meta has chosen to implement e2e encryption. They could have chosen not to implement e2e encryption. All within their controls.

Australia already has this law in place where a company must hand over user's conversation. A company cannot make an excuse that they themselves implement e2e to prevent themselves from reading user's messages. Source: https://www.bbc.com/news/world-australia-46463029

UK has a proposal to ban encryption this year. It is still being discussed.

> Public pressure would be unlikely to work

Public pressure works to a certain degree. Do you think a product manager at Meta would want to be labeled as "protecting pedos"?

mrexcess 2 hours ago | parent [-]

> Public pressure works to a certain degree. Do you think a product manager at Meta would want to be labeled as "protecting pedos"?

I think that Meta can afford as much PR as they would need to out-message this sort of BS, again if they were inclined to protect user privacy in the first place. Look at Apple.

sedatk 3 hours ago | parent | prev | next [-]

> but end to end encryption on instagram is only protecting your chats from Meta.

No. It protects your chats from Meta and all governments of the countries where Meta operates.

In fact, I expect Instagram to be more reachable globally now because these relaxed communication standards would be welcomed by oppressive governments as they can now retrieve messages as they please for whatever purpose they deem.

Barrin92 3 hours ago | parent | prev [-]

the entire point of encryption is that you don't trust the channel you communicate through, that's what it was invented for, communication across adversarial channels. Distrust is the only condition under which you need encryption.

In addition from a practical POV it's if anything the reverse is the case. Email encryption is larp security because plain text is the default, leaks metadata and its interfaces make it trivial for people to leak entire conversations. If there's one technology where you should just assume your messages are public, it's email before someone copy pastes or wrongly forwards your encrypted communication to fifty other people.

Private message encryption makes sense because it's now a default, information exchanged is usually personal, and the problem isn't just Meta but law enforcement extorting your data out of their hands, which encryption in the real world has prevented a few times now already.

ergocoder 3 hours ago | parent [-]

It's a governance.

The executives don't want anyone else to be able to use the messages in a malicious way, so they decide to cut it at the sources of the messages i.e. e2e encryption.

This is like: corporate emails being deleted after 6 months. When an authority asks for emails from the last year, they can say they don't have it.

Now the authority can ask for the emails not to be deleted at all but then that will be a different battle the authority has to fight.

Corporate emails often don't involve pedos/terrorism, so there's much less push to retain corporate emails forever.