
“Facebook are going to monetize encrypted messaging by consolidating metadata” - mariedm
https://threader.app/thread/1088914192847917056
======
riazrizvi
Surveillance on the general public is bought by employers/businesses not
security services. Yet all these articles keep mentioning law enforcement. 90%
of people don’t care if the NSA/FBI are mining their communication for
criminal activity. They would care if they realized it affected their job
offers, they would care if they realized it means lower wages, less
competition, less political freedom. The USA has long aspired to be a place of
outstanding liberty; to run your own business, to say what you want, to own
what you want, and in a less corrupt landscape relative to the rest of the
world. With its lead in citizen surveillance it is fast becoming the opposite.

~~~
Mirioron
The problem with the FBI/NSA mining their communication "for criminal
activity" is that they probably don't do it exclusively for that. After
Snowden we found out that sometimes NSA employees would use this snooping to
stalk people they wanted to be in a relationship with, spy on their neighbors
and other such unsavory things.

~~~
arminiusreturns
The other angle, besides just personal abuse (Ala loversgate), that far too
many people fail to consider is this:

If the executive branch has such ubiquitous surveillance powers, given their
history of manual blackmail and compromise operations, they are highly likely
to seek to expand those blackmail style ops to a level heretofor impossible,
essentially removing some of the last vestiges of the already under attack
principle of seperation of powers and the checks and balances system which is
a foundational part of the intended American political structure.

------
est31
Signal on the other hand has made eliminated their access to much of the
metadata, including contact information [1] (using SGX sandboxes which is no
perfect solution but better what Facebook has) and information about who has
sent a specific message [2].

[1]: [https://signal.org/blog/private-contact-
discovery/](https://signal.org/blog/private-contact-discovery/)

[2]: [https://signal.org/blog/sealed-sender/](https://signal.org/blog/sealed-
sender/)

~~~
no_identd
"no perfect solution" indeed, a few examples:

1\.
[https://twitter.com/BRIAN_____/status/1074541770782892032](https://twitter.com/BRIAN_____/status/1074541770782892032)

2\. [https://foreshadowattack.eu/](https://foreshadowattack.eu/)

3\.
[https://twitter.com/bascule/status/1085087004352602112](https://twitter.com/bascule/status/1085087004352602112)

4\. [https://github.com/jovanbulck/sgx-
step](https://github.com/jovanbulck/sgx-step)

Any many more.

SGX is a hamfisted pseudo-solution better solved properly by going to the
roots of the nightmare landscape of trust issues:

[http://bootstrappable.org/](http://bootstrappable.org/)

[http://langsec.org/occupy/](http://langsec.org/occupy/)

We need fully bootstrapping libre hardware avoiding the trusting trust problem
YESTERDAY. If we had that, this entire load of problems would disappear and
becomes one of cryptographically certified agent-to-agent, end-to-end trust
provenance attesting.

The entire concept of a "compromisable system" only exists because we let the
industry get away with closed hardware bullshit and because we put our fingers
in our ears and go "LALALALALA CAN'T HEAR YOU" whenever someone brings up the
trusting trust problem.

I suspect we do that because it, for quite a while now, has let us avoid
confronting the age old philosophical questioning of the risks & uncertainties
of inter- & intrapersonal placement & position of trust & doubt.

Quite similar to how philosophers tend to pack up and run away screaming any
time someone brings up the Münchhausen trilemma, because, to quote
rationalwiki:

"it breaks the legs of philosophy, science, and any other possible approach to
reality."

~~~
est31
I mostly agree, but note that the contact discovery problem is a bit tough to
solve without an SGX-like solution: [https://signal.org/blog/contact-
discovery/](https://signal.org/blog/contact-discovery/)

------
mondo9000
The Facebook outrage mob reminds me of my slashdot days when everyone referred
to Microsoft as Micro$oft.

Doesn't it feel weird that there used to be positive facebook stories, but now
its all negative 24/7?

~~~
eitland
> The Facebook outrage mob reminds me of my slashdot days when everyone
> referred to Microsoft as Micro$oft.

The fight against old Microsoft is a win-win success story (for now, I'm
keeping an eye on all big players and so should everyone else.)

Microsoft is nicer and I think more profitable than ever. They don't call our
code or favourite OS cancer anymore but actively support us. My understanding
is even a lot of MS employees prefer the new Microsoft.

If we can manage to do the same with Facebook then feel free to come up with a
similar stupid name for them. Because right now I think they deserve it as
much as old M$ did.

~~~
opportune
It took Microsoft a top-level executive change (Satya) to fix itself. Facebook
shows no signs of an executive change until Mark retires and devotes himself
to full time philanthropy so the world doesn’t remember him as evil (who else
does that remind you of...)

~~~
giancarlostoro
I feel like this does a disservice to the prior open source efforts that
Microsoft slowly went through during the Ballmer era. Sure they were not as
impressive but they were the start of it all imho.

~~~
bartread
Agree. That ball had started rolling before Ballmer's departure. You could see
it in efforts like PyTools and NTVS, just for openers.

------
doublepg23
Can someone fill me in on why people are _upset_ Facbook will be consolidating
DMs/PMs accross services - _using E2E_?

I've went other the past news releases, it seems to be a _good_ thing to me.

~~~
bassman9000
Metadata + Countries where Rule Of Law doesn't apply + "Law" Enforcement
requests

E.g. Middle East countries

~~~
lclarkmichalek
You get what E2E encryption is, right?

~~~
bassman9000
You get what metadata is, right?

That FB doesn't get to snoop what you're saying doesn't prevent them from
knowing who you are saying it too. They still control the app.

------
remarkEon
Guys, just delete your Facebook.

One of the underrated benefits is not bothering to read articles like this
because it doesn't effect you ... since you deleted your Facebook.

~~~
stevenicr
I wish it was that easy.

What other people do on fbook and whatsapp and messenger does affect me. I
need articles and discussions like this so I can try to educate those who use
those services.

If I could somehow make it so fbook would auto remove my name from any
messages, delete any pictures with me uploaded by anyone, and ignore (not
store) my name and phone number when it takes the contacts off of friends
phones for example . Do not store the location of my residence if one of my
friends is messaging their "whatever" from my place. I don't want to be
associated with location sharing of whatever people are doing on their phone.

\- I'd gladly file whatever 'right to be forgotten / never known' request with
fbook.

In the meantime, we need to know as much as possible as to what this beast is
doing with data.

------
craftyguy
It's really annoying how so much facebook 'news' and conspiracy theory makes
it to the front page of HN. I hereby propose renaming Hacker News to Facebook
News.

Edit: there's no way that this comment is any _more_ off topic that the vast
majority of the facebook crap posted here.

~~~
djohnston
people are growing weary of the media's desperate narrative.

------
randomacct3847
I read another tech journalist twitter thread that hypothesized it was to make
it harder for a regulator to break up the company because once combined it
would be near impossible to break up without negatively impacting users.

------
nobody271
Facebook encrypted messaging! What's next, military intelligence? How about a
vegan big-mac? Maybe a quality automobile by GM?

I think steganography is an excellent way to deliver encrypted messaging to
consumers. It has so many inherent features that I'm surprised it isn't
already widely used. Let's see:

\- easy to recognize but hard to detect

\- can pass through any channel that accepts images

\- massive storage capacity (10MB+ depending on how you roll)

\- encryption easily baked in!

\- many additional use cases (store your kids ssc or passwords, store
encrypted notes, anonymous communication by just posting an image online
somewhere).

Everyone should know Facebook encryption is about as good as free (or maybe
most) VPN encryption. But with steganography all you need is an open source
application that you can trust or a popular codec.

If anyone is interested I have a stalled steganography project that I'm
waiting to get back to (once I finish a ASP.NET Core book)
[https://github.com/smchughinfo/steganographyjr](https://github.com/smchughinfo/steganographyjr).
I'm making it as easy to use as possible (UWP, iOS, Android, a website, Web
API, Nuget, and possibly a native app for Debian if I get the time) Most of
that work, though, you get for free with .NET Standard + Xamarin but it's
still a lot of work.

~~~
cannonedhamster
Burger King has a veggie Big Mac.

[https://www.bk.com/menu-item/veggie-burger](https://www.bk.com/menu-
item/veggie-burger)

Steganography has a bad connotation because it's heavily used in the
pedophilia realm which would limit it's uptake, somewhat like torrents.
Perfectly valid and useful tech that gets used by a few but not by most.

I think Telegram, even with it's flaws, is the closest I've come to an easy to
use encrypted messaging app that I can get my mother to use and like.

~~~
nobody271
I don't think anyone cares if pedophiles use it. They only care if it will
work for them. Heck, if it keeps pedophiles safe that's a pretty good
endorsement. I think the primary road block for most people is not seeing a
use case combined with the technology not being readily available (excluding a
few apps that aren't compatible with each other).

~~~
FuckOffNeemo
I think you're grossly under selling the emotional response the larger public
user base would have to being associated with paedophilia. Albeit, even if
it's tangibly associated via an app.

Unfortunately that's the nature of the beast. You and I, in addition to our
peers would probably see it as an endorsement (as you coffecfly stated). But
we're not Joe Bloggs.

The feeling of disgust is so easily manipulated amongst the greater public.

------
djohnston
maybe trump paved the way for twitter posts to become leading news, but this
is hardly more than a rando on the internet speculating. whatever it takes to
keep that narrative up i guess

------
xivxix
This article specifically talks about sex workers using whatsapp and the fact
that because of meta data sharing, IF a warrant comes from the government to
find users associated with a certain group (such as sex workers groups) on
Facebook, it indirectly brings whatsapp users into that group as well through
indirect means. Interesting issue yet so many "if"s. The reality is that
Facebook needs to make money from whatsapp at some point. If keeping end to
end message encryption is important, then they are left with three equally bad
options:

# Charge for the service (whatsapp will lose 90% of its userbase in a month)

# Show generic ads (worse value than even TV ads, because at least TV ads know
a little bit about the viewers of a certain show but whatsapp has no idea)

# Figure out a way to deliver targeted ads.

~~~
bassman9000
_1- Charge for the service (whatsapp will lose 90% of its userbase in a
month)_

Why? Whatsapp used to charge a yearly fee for the app.

~~~
FuckOffNeemo
For $1 I'd agree most of the user base would commit to paying it too.

~~~
giancarlostoro
I wonder how much that covers how much they spend on the infrastructure to run
WhatsApps backend services. If its even profitable.

~~~
FuckOffNeemo
The infrastructure wouldn't be much more than Signals, surely?

------
xenihn
>Don't you know that our plans have your interests -- not ours -- in mind? Who
else could wade through the sea of garbage you people produce, retrieve
valuable truths and even interpret their meaning for later generations?

------
swampthinker
"We don't know what you're writing, but we know who you're talking to! We love
encryption now!"

------
m_ke
It will also make it easier for them to take your FB profile and run targeted
ads on whatsapp using it.

------
Havoc
I don't think this is really gonna change much. Or really it's just going from
bad to bad.

------
arthurcolle
Literally exactly what they said they wouldn't do. I gotta get off Facebook
stat

------
avatarbl
But don't they already know who you are talking to ?

------
akerro
No surprises here.

------
Zhyl
The title seems to suggest an announcement but the article is essentially
speculation. Sure, it's likely that Facebook will exploit the mega-chatosphere
for its data in the same way it currently does with each service individually
(and cross service if you count account linkage). However, this article is
essentially sensationalism for the sake of plugging their own privacy focused
chat app.

I suggest the title be renamed to something less official sounding.

~~~
sctb
Sure thing, we've taken a stab at it.

~~~
vermontdevil
It’s not an article. It’s a “roll up” of a thread by Sarah Jamie Lewis as you
can see here

[https://twitter.com/sarahjamielewis/status/10889141928479170...](https://twitter.com/sarahjamielewis/status/1088914192847917056?s=21)

~~~
thekyle
That makes more sense. I was wondering why the article was so "all over the
place", it's just because every sentence was actually a separate tweet.

