This could be very good for Meta, just get the government to never exercise the law on you and to do it instead on smaller competitors that may threaten you.
Now everyone wanting to make a communications app (or anything implementing that functionality) is risking an expensive lawsuit on the UK. Meta too, but they have the bucks and influence to weather it.
It wasn't long since there was a discussion where some people were arguing that they can't make moral judgements because disobeying the law would put them in a very difficult situation:
The consequence for not obliging with the online safety bill is pulling out from the UK market. The consequence for ignoring legally sound US court orders is Meta executives going to jail.
The above case was with FB messenger which is (was?) not e2e encrypted and since Meta already had the data they were obliged to comply with a court-issued warrant.
With E2EE, they can legally skirt such demands since they can claim they don't have the data so that's a win for them as well.
“If the company refused to do, it could face fines of up to 4% of its parent company Meta’s annual turnover – unless it pulled out of the UK market entirely.”
Wow. I wonder if it got to that point if Meta would change course and disable end to end encryption for UK users and people messaging UK users, if that would be sufficient to comply. If this lobbying causes the UK to change course, I wonder what impact that would have on other countries’ attempts to weaken encryption, if any other such attempts are happening.
As of something like 2015 they allowed you to add your PGP public key to your profile to get encrypted notification messages. They are pretty much encryption hipsters.
On the other hand, it's not really end to end encrypted. They've inserted a sort of man-in-the-end bit so they can check your content in the app and send out information about the content out-of-band. I don't know if they do this for advertising purposes, but I know they do image recognition to detect for example, specific types of pornography.
I was wondering why can't chat apps be like email apps: i.e., let users point to a private key on their own phone, and publish their public key. Then, just like exchanging secure emails, people transparently chat using the same encrypt-decrypt mechanism? Won't this work?
If E2EE in messaging becomes table stakes and Meta can find a way to inject ads subtly enough not to piss off users into quitting, Meta wins hard since they've been building their AI infra to "get around" Apple's tracking restrictions for a while now and there are reports that it is finally showing good results. They'll be able to dial in their ads way better than any competitors until they catch up in the AI department.
Isn't this a red herrring? I thought the law didn't require the removal of E2E encryption, but rather mandated the addition of a back door that submits some kind of meta data summary to a third party service?
Dark patterns trick WhatsApp users to enable backups to Google and Apple. If you have them disabled odds are good the other side got tricked into them. Even if your backups are encrypted, it's using only a 64bit key. That means Five Eyes have near real-time access to your "encrypted" messages. Hell, I have to decline backups every time I use WhatsApp on my iPhone, yet after a phone reset all my messages were still there. They were gone in Signal for example. Is UK making a stink about it to lure bad people into a false sense of security? We all know why large US tech companies bought Skype (twice) back in the day. It's naive to think WhatsApp was bought for a different purpose.
I don't really believe WhatsApp was bought to show ads on WhatsApp, I believe it was bought to forestall competition and protect Facebook's existing revenue. Zuckerberg was afraid that users would leave Facebook for WhatsApp, and tried to prevent that by buying it and merging it in to messenger.
They largely failed though, as for political (and maybe also technical) reasons the merge was cancelled.
The backups were indeed WhatsApp's Achilles heel. However recently they've finally given users the option to store the key on their side and only there.
Instead of removing end-to-end encryption, there may be alternative solutions to address law enforcement concerns. For example, law enforcement agencies could work with WhatsApp to develop lawful access mechanisms that allow them to access messages in specific cases where they have a legitimate need to do so. These mechanisms could be subject to strict oversight and transparency to prevent abuse.
If the messages are end-to-end encrypted, there is no way to do this. A backdoor or other mechanism means it is no longer end-to-end - some third party is involved.
Furthermore, the UK has a long history of such “strict oversight and transparency” hardly existing, when it comes to these matters, with numerous controversies with police and other agencies abusing their access to systems.
It is worth noting, however, that WhatsApp messages can generally be accessed with such a backdoor anyway. The majority of users backup their messages to iCloud or Google Drive, encrypted, with WhatsApp holding the key. Consumer tools already exist that can access these encrypted backups, and fetch the key from WhatsApp with nothing but a text message. A warrant to Google/Apple for the backup is all that is needed, apart from the small % of users who have enabled the new E2EE backups.
In this case certain child protection groups are suggesting that encryption is a hinderance to protecting children in some scenarios. Specifically it allows social media companies a convenient get out in terms of accepting responsibility.
I think there's two ways to interpret that:
a) At face value, in that its boomer mindset popular among the Tory voting base to want to convert the internet back into the pre-internet world and its possible the blues are just genuinely representing these concerns.
b) these child protection groups in years to come will be revealed to have links to MI5, given MI5 is one of the few agencies that the government does tend to listen to. Its worth remembering that the UK used to predominantly communicate using text messages which are sent over clear so the universal adoption of encryption post Snowden revelations has been a thorn in the side of intelligence agencies for many years now.
what does this have to do with the eu? The bad proposals I've seen have all been shut down, and instead good laws like gdpr and net neutrality have been enacted eu-wide.
I believe you don't know the meaning of the term "end-to-end encryption". Obviously the application itself (and the phone) can see the text you put into it, because it has to display that text.
"End-to-end encrypted" means "from the moment the text leaves the phone, to the moment the text arrives at the recipient's phone, the text is encrypted such that no intermediate party can read it". You must of course trust or verify that the WhatsApp app isn't leaking your text, that the keyboard you are using isn't leaking your text, that Android or iOS or whatever isn't leaking your text, that you yourself aren't somehow taking unencrypted backups and you aren't using whatever unencrypted-backup features WhatsApp might make available, etc.
[+] [-] jcarrano|3 years ago|reply
Now everyone wanting to make a communications app (or anything implementing that functionality) is risking an expensive lawsuit on the UK. Meta too, but they have the bucks and influence to weather it.
[+] [-] variant|3 years ago|reply
[+] [-] ttt3ts|3 years ago|reply
[+] [-] Havoc|3 years ago|reply
Not because FB as platform in particular but because I appreciate someone with weight telling the UK law makers that their insane ideas are insane.
Just the fact that there is a different position suggests that there is a question to be answered and thought about. Get everyone stop and think.
[+] [-] d33|3 years ago|reply
It wasn't long since there was a discussion where some people were arguing that they can't make moral judgements because disobeying the law would put them in a very difficult situation:
https://news.ycombinator.com/item?id=35028107&
[+] [-] saddlerustle|3 years ago|reply
[+] [-] nsenifty|3 years ago|reply
With E2EE, they can legally skirt such demands since they can claim they don't have the data so that's a win for them as well.
[+] [-] mariojv|3 years ago|reply
Wow. I wonder if it got to that point if Meta would change course and disable end to end encryption for UK users and people messaging UK users, if that would be sufficient to comply. If this lobbying causes the UK to change course, I wonder what impact that would have on other countries’ attempts to weaken encryption, if any other such attempts are happening.
[+] [-] rany_|3 years ago|reply
[+] [-] jacooper|3 years ago|reply
I think had WhatsApp not added E2EE in 2014, Encryption wouldn't be that wide spread today.
[+] [-] upofadown|3 years ago|reply
[+] [-] baby|3 years ago|reply
[+] [-] m463|3 years ago|reply
[+] [-] tgv|3 years ago|reply
[+] [-] penguin_booze|3 years ago|reply
[+] [-] cassianoleal|3 years ago|reply
There was a time when Google chat, Facebook Messenger and other high profile chat networks could all interconnect through it.
[0] https://xmpp.org/ [1] https://wiki.xmpp.org/web/OTR
Edit: typo
[+] [-] panick21_|3 years ago|reply
If you use Signal, you can do it basically. Same for Matrix.
Its just that these systems try to make it so people don't have to know anything about this to use it securely.
[+] [-] skizm|3 years ago|reply
https://www.ft.com/content/fc95a0f7-5e4e-4616-9b17-7b72daee6...
[+] [-] sureglymop|3 years ago|reply
[+] [-] yosser|3 years ago|reply
[+] [-] rwaksmunski|3 years ago|reply
[+] [-] Quarrelsome|3 years ago|reply
Sorry, is it naive to think that Facebook bought WhatsApp for its userbase and technology?
[+] [-] advisedwang|3 years ago|reply
They largely failed though, as for political (and maybe also technical) reasons the merge was cancelled.
[+] [-] omgomgomgomg|3 years ago|reply
[+] [-] wkat4242|3 years ago|reply
[+] [-] Laaas|3 years ago|reply
[+] [-] okamiueru|3 years ago|reply
Anyone know?
[+] [-] acqbu|3 years ago|reply
[+] [-] pgalvin|3 years ago|reply
Furthermore, the UK has a long history of such “strict oversight and transparency” hardly existing, when it comes to these matters, with numerous controversies with police and other agencies abusing their access to systems.
It is worth noting, however, that WhatsApp messages can generally be accessed with such a backdoor anyway. The majority of users backup their messages to iCloud or Google Drive, encrypted, with WhatsApp holding the key. Consumer tools already exist that can access these encrypted backups, and fetch the key from WhatsApp with nothing but a text message. A warrant to Google/Apple for the backup is all that is needed, apart from the small % of users who have enabled the new E2EE backups.
[+] [-] ridiculous_leke|3 years ago|reply
[+] [-] eddsh1994|3 years ago|reply
[+] [-] Quarrelsome|3 years ago|reply
I think there's two ways to interpret that:
a) At face value, in that its boomer mindset popular among the Tory voting base to want to convert the internet back into the pre-internet world and its possible the blues are just genuinely representing these concerns.
b) these child protection groups in years to come will be revealed to have links to MI5, given MI5 is one of the few agencies that the government does tend to listen to. Its worth remembering that the UK used to predominantly communicate using text messages which are sent over clear so the universal adoption of encryption post Snowden revelations has been a thorn in the side of intelligence agencies for many years now.
[+] [-] irthomasthomas|3 years ago|reply
[+] [-] 2Gkashmiri|3 years ago|reply
[+] [-] ciancimino|3 years ago|reply
[+] [-] hiurwbkjlfjo|3 years ago|reply
[deleted]
[+] [-] h10h10h10|3 years ago|reply
[deleted]
[+] [-] explodingcamera|3 years ago|reply
[+] [-] egberts1|3 years ago|reply
[+] [-] omgomgomgomg|3 years ago|reply
And the predictive text spits out what it thinks you want to type.
And backups are possible even if you never had one before.
This is so very dodgy to me.
Maybe its e2e from the moment you submit until it arrives at the desired destination.
Which brings me to the next issue, they need to parse the text to display and when you quote a text, does it just blindly quote a blurb?
I do not believe in conspiracies and such, but there are so many double speech possibilities here...
[+] [-] Smaug123|3 years ago|reply
"End-to-end encrypted" means "from the moment the text leaves the phone, to the moment the text arrives at the recipient's phone, the text is encrypted such that no intermediate party can read it". You must of course trust or verify that the WhatsApp app isn't leaking your text, that the keyboard you are using isn't leaking your text, that Android or iOS or whatever isn't leaking your text, that you yourself aren't somehow taking unencrypted backups and you aren't using whatever unencrypted-backup features WhatsApp might make available, etc.
[+] [-] josh2600|3 years ago|reply
Signal or GTFO.