
Facebook’s third act: Mark Zuckerberg announces his firm’s next business model - amch
https://www.economist.com/business/2019/03/07/mark-zuckerberg-announces-his-firms-next-business-model
======
dang
[https://news.ycombinator.com/item?id=19321609](https://news.ycombinator.com/item?id=19321609)

------
t0mbstone
The phrase "end-to-end encryption" means very little when Facebook controls
the clients on both ends, and when they control the encryption keys.

If the Facebook messenger app can launch and immediately display your
messages, then they have the ability to read your messages. You just have to
trust them when they say they won't.

The only way a messaging platform can guarantee true end-to-end security of
your messages is if the message both enters and exits their control boundaries
in an encrypted state. This means that you would have to use a third party
tool to talk to their API, and then you would need to provide your key to it
(not Facebook) to decrypt and encrypt messages.

Anything less than this is just security theater. As a side note, pretty much
every single popular "encrypted messaging" app (such as Whatsapp and Signal)
suffers from this same fundamental flaw. There's absolutely nothing stopping
them from pushing out a code update that uploads your keys to their servers
and gives them access to freely read your messages, and there's nothing
stopping them from sending a copy of your un-encrypted messages to themselves.
If they control the app, and it's not a fully open source, and if every
release isn't audited, it's impossible for them to guarantee they can't read
your messages.

------
DannyB2
> The apps will be integrated, he said, and messages sent through

> them encrypted end-to-end, so that even Facebook cannot read them.

Why do I have difficulty believing that? Maybe Zukerberg meant Facebook would
always be one end of the end-to-end, and the reporter _assumed_ that Facebook
cannot read the messages.

Sorry to be skeptical about this. But I just am.

~~~
emilsedgh
Wait, Mark Zuckerberg decided to use the term E2E but actually change it's
real meaning to complete opposite?

That's some 1984 crap right there.

E2E with "Facebook being one end" essentially means normal SSL!

~~~
cjhopman
No, that's something that happened only in DannyB2's mind (I was confused for
a moment because DannyB is usually reasonable, the 2 has sure changed him).

------
ABCLAW
Am I the only one looking at this announcement and going "holy shit"?

If we ignore the very well deserved Zuck skepticism for a moment, this kills
Snapchat, almost immediately demolishes the wave of negative PR that Facebook
is starting to drown under, gets ahead of the regulatory environment that's
being put together, and also creates an Amazonesque platform which enables
their core service and allows them to expand it dramatically.

Would I run a Discord competitor off FB servers if I knew they weren't
snooping on my shit? Yes. Would I care that they use non PII to serve ads
through the platform? Not really.

Would I run a slack competitor off FB servers if they weren't snooping on my
shit and were enterprise data compliant? Yes. Would I mind if they
occasionally sent me ads with enterprise services in my industry (ask me for
it, and tell me it's to bucket ads!)? I'd probably welcome it.

They have the engineering talent and the resources to make this happen in a
big way. But do they have the sincerity to make it happen? Probably not.

------
munk-a
There are so many grains of salt for this to be taken with and the track
record of Facebook and Zucky makes me quite skeptical that anything concrete
will come from this announcement.

Also, I feel like this may be a dupe?

~~~
steve19
Zuck has such a long track record of lying and treating his users with
contempt, I trust nothing he says.

------
choochootrain
"privacy-focused" until governments subpoena messages from the world's largest
and most active digital network. or until advertisers demand more knobs for
their retargeting. or until zuckerberg changes the company priority yet again
and sweeps this under the rug.

if i were any more skeptical it would underflow into unbridled hope.

------
40acres
From a product perspective I think this is the right move. Aside from data
privacy concerns, a lot of the critism of Facebook as a product seems to be
due to it's global nature -- how your feed is mixed with Grandma posting
conspiracy memes and your high school acquaintance talking about how her
multilevel marketing scheme is amazing.

Many people say they only use Facebook to keep in touch with certain folks and
for the event planning capabilities. If Facebook can successfully integrate
the three apps and make Facebook seem more like a neighborhood coffee shop
than a global forum I could see it really fueling growth and engagement.

~~~
barkingcat
yah a combination of meetup groups and eventbrite would a good place for
facebook to make a lot of money.

------
Mr_Shiba
Yeah well, this only makes me redouble my efforts to get rid of whats-app. If
only idiotic managers would stop making pointless job related whats-app groups
for everything...

------
zalebz
of course the subtext here is that FB currently can and does snoop on these
services (which is certainly no surprise to the HN crowd). regardless, IMHO
this is refreshing news in that a media barrage of bad publicity over privacy
concerns has actually caused one of the largest companies in the world to
change their behavior (assuming Zuck follows through on this promise to the
full extent).

------
jfasi
While I'm happy to see Facebook doing this, I feel like it's already burnt the
goodwill and trust it would have needed for the public to trust it. This isn't
something you do retroactively, you're either proactive about security and
privacy from the start or you're not.

Contrast this with how Apple became a privacy bulwark. No one asked them to
encrypt iMessage and implement Secure Enclave and disable USB communication
after 24 hours of screen lock or any of the other myriad security improvements
they've made. They did it proactively, and they've been rewarded with
perception accordingly.

My prediction: this is going nowhere. Zuckerberg promised a "Clear History"
feature almost a year ago, and it's nowhere to be seen [1]. What reason do we
have to believe that the company built by a Mark "Dumb Fucks" Zuckerberg [2]
which failed to deliver the last round of promised reforms and used PR firms
to discredit its opponents [3] has suddenly seen the light and is pivoting to
privacy? Get real.

[1] [https://www.recode.net/2018/12/17/18140062/facebook-clear-
hi...](https://www.recode.net/2018/12/17/18140062/facebook-clear-history-
update-privacy-targeting-data-collection)

[2]
[https://www.theregister.co.uk/2010/05/14/facebook_trust_dumb...](https://www.theregister.co.uk/2010/05/14/facebook_trust_dumb/)

[3]
[https://www.theguardian.com/technology/2018/nov/21/facebook-...](https://www.theguardian.com/technology/2018/nov/21/facebook-
admits-definers-pr-george-soros-critics-sandberg-zuckerberg)

------
Skunkleton
So is the TL;DR that they want to make a WeChat like thing?

~~~
annexrichmond
I wouldn't exactly call WeChat privacy-focused

