If the executive branch has such ubiquitous surveillance powers, given their history of manual blackmail and compromise operations, they are highly likely to seek to expand those blackmail style ops to a level heretofor impossible, essentially removing some of the last vestiges of the already under attack principle of seperation of powers and the checks and balances system which is a foundational part of the intended American political structure.
Something like that.
I agree that we need to educate people more about how things like jobs, loans, and other things can be affected by data trails easily gobbled up by many different apps and devices.
In my small amount of speaking to people, it seems to me that people older than 35 don't worry about hackers or fbk, or three letter agency spy on all their pics and messages. However most of them pause when I explain that apps like messenger can steal all of their kids' pics in the background, services like instagram sell me pics off their kids phones for a few cents, and there are some pervs at whichever agency and computer company that can access all of their kids stuff for example.
To me the biggest concern about recording and storing all this information is the ability of corps and guv agencies being able to rewind time and pressure would be powerful public figures or other people into doing shady things in order to keep that recorded data in cold storage and off the next leak that ends up in the wild and reported in whatever-news.
So there are many educational points with all this that people should be educated about.
When I mention that divorce lawyers may have a field day with the flirting pms / dms that their friends may have sent and that have been stored by zucks servers, I often get "wow never thought of that" - which of course could be used to change financial futures, kids custoday, etc.
Then of course the marketers using data to get you to do things, and banks selling your debit card data about sexual purchases and such. There are many important things to consider when it comes to privacy.
How meta data alone can be used to infer relationships and such can be damaging with serious legal consequences beyond the marketing sales.
If polls were run with a little info added about how data can be used. I would hope that less than 50% of people don't care.
Any many more.
SGX is a hamfisted pseudo-solution better solved properly by going to the roots of the nightmare landscape of trust issues:
We need fully bootstrapping libre hardware avoiding the trusting trust problem YESTERDAY. If we had that, this entire load of problems would disappear and becomes one of cryptographically certified agent-to-agent, end-to-end trust provenance attesting.
The entire concept of a "compromisable system" only exists because we let the industry get away with closed hardware bullshit and because we put our fingers in our ears and go "LALALALALA CAN'T HEAR YOU" whenever someone brings up the trusting trust problem.
I suspect we do that because it, for quite a while now, has let us avoid confronting the age old philosophical questioning of the risks & uncertainties of inter- & intrapersonal placement & position of trust & doubt.
Quite similar to how philosophers tend to pack up and run away screaming any time someone brings up the Münchhausen trilemma, because, to quote rationalwiki:
"it breaks the legs of philosophy, science, and any other possible approach to reality."
Doesn't it feel weird that there used to be positive facebook stories, but now its all negative 24/7?
The fight against old Microsoft is a win-win success story (for now, I'm keeping an eye on all big players and so should everyone else.)
Microsoft is nicer and I think more profitable than ever. They don't call our code or favourite OS cancer anymore but actively support us. My understanding is even a lot of MS employees prefer the new Microsoft.
If we can manage to do the same with Facebook then feel free to come up with a similar stupid name for them. Because right now I think they deserve it as much as old M$ did.
Farcebook? Been guilty of that one for 8 years. Never had an account, so the label is all hearsay ... but what i kept hearing made me afraid to become a Farce of myself ... so i said to myself "stay away". Hard enough to be self-effacing.
i do still hope we will find a way to communicate easily with relevant others without doing violence to our communication methods for the sake of (what is essentially) a random nudnick's business plan and profit model.
Farcebook likes to go around and break as many things as fast as possible. Before them we had serious people and thought oriented to finding compatible methods. They still exist, but all the oxygen in the room is depleted by Farcebook.
Forced updates rebooting critical systems, bricking devices, rampant spying that is difficult to impossible to disable.
How do you fit that with "win-win success story" and "Microsoft is nicer [...] than ever"?
I can remember such a time for Google. I can even remember such a time for Microsoft, back when people stayed in line for Windows 95. I was 13 back then and got my first computer.
Sure, investors were pleased with Facebook's rapid growth and people liked it because its UI didn't suck like MySpace. But Facebook has always been morally bankrupt due to its leadership and this has been visible for quite some time.
In our country we have a saying that applies perfectly: a fish rots from the head down ;-)
Richard Stalman has a page documenting Facebook's wrongdoings and it's pretty good: https://stallman.org/facebook.html
Frankly newspapers really changed idea only after Trump won the elections.
I find somewhat fun that some of the recent news about facebook being evil actually talk a lot about that period (ex: the recent news about the "friendly fraud" class action) and some are the consequences of the (naive, as we a lot of us were at the time - me included!) choices facebook made back them (wanting to be a platform, without really understanding what it meant) before pivoting to the current model (which is AFAIK far more similar to google's).
Facebook has lost the trust of the public in ways that other major tech firms haven’t.
I agree that Facebook is certainly a convenient scapegoat to hide all the other issues that plagued the Clinton campaign (from the DNC scandal, to the unlikeable candidate, through some controversial phrases she said during the campaign itself, and so on). Also it helps newspapers since they have to take no blame for what happened (and do no real analysis on why democrats lost).
I'm pretty convinced that if Clinton had won - even if Clinton had used CA data to do so - there would be far (far) less media coverage about the "evil of Facebook", regardless of the impact of their incompetence in the election. That was the case with Obama already after all.
Not what I see here on HN:
I see complaints from merchants (mostly with legitimate issues it seems) and praise from end users.
What exactly was the outrage toward Microsoft back then? A company trying to make money? Preposterous!
I've went other the past news releases, it seems to be a good thing to me.
They will build the largest surveillance system ever conceived and will sell it under the banner of consumer encryption."
If I could snap my fingers and everyone would switch to Matrix  I would, but as it stands hundreds of millions of people use these services daily and getting them more privacy will be useful.
At least at that point they will not have the contents of your messages. Which now they do (with the exception of whatsapp).
But I've yet to find similar opinions in tech groups online or even less techy spaces.
E.g. Middle East countries
The ideal scenario for rule of law is no privacy. However, privacy has intrinsic value of its own so we're stuck trying to maximize privacy while minimizing the corruption. It's an ongoing balancing act; every society will do it differently and it will change over time.
Even the star child Signal  has to store metadata...
That FB doesn't get to snoop what you're saying doesn't prevent them from knowing who you are saying it too. They still control the app.
One of the underrated benefits is not bothering to read articles like this because it doesn't effect you ... since you deleted your Facebook.
What other people do on fbook and whatsapp and messenger does affect me. I need articles and discussions like this so I can try to educate those who use those services.
If I could somehow make it so fbook would auto remove my name from any messages, delete any pictures with me uploaded by anyone, and ignore (not store) my name and phone number when it takes the contacts off of friends phones for example . Do not store the location of my residence if one of my friends is messaging their "whatever" from my place. I don't want to be associated with location sharing of whatever people are doing on their phone.
- I'd gladly file whatever 'right to be forgotten / never known' request with fbook.
In the meantime, we need to know as much as possible as to what this beast is doing with data.
Edit: there's no way that this comment is any more off topic that the vast majority of the facebook crap posted here.
I think steganography is an excellent way to deliver encrypted messaging to consumers. It has so many inherent features that I'm surprised it isn't already widely used. Let's see:
- easy to recognize but hard to detect
- can pass through any channel that accepts images
- massive storage capacity (10MB+ depending on how you roll)
- encryption easily baked in!
- many additional use cases (store your kids ssc or passwords, store encrypted notes, anonymous communication by just posting an image online somewhere).
Everyone should know Facebook encryption is about as good as free (or maybe most) VPN encryption. But with steganography all you need is an open source application that you can trust or a popular codec.
If anyone is interested I have a stalled steganography project that I'm waiting to get back to (once I finish a ASP.NET Core book) https://github.com/smchughinfo/steganographyjr. I'm making it as easy to use as possible (UWP, iOS, Android, a website, Web API, Nuget, and possibly a native app for Debian if I get the time) Most of that work, though, you get for free with .NET Standard + Xamarin but it's still a lot of work.
I don’t want my conversations with my mother to be public. But we are not going to communicate in secret messages hidden in images as if we are espionage agents, and most assuredly 98% of the public will not, either. Not to mention that steganography has a security by obscurity aspect - the more you raise knowledge that textual messages may be concealed in images, and present a common mechanism for doing so, the less effective it is for escaping scrutiny.
Also, I’d note for your points that stegonography has no ‘storage capacity’. That’s a characteristic of the underlying medium. It is not a standalone communication system - if I’m sending secret spy image messages to my tow truck company instead of normal text messages, the storage is foremost limited by the text message system.
I agree with you, but couldn't you say the same thing about using end-to-end encryption in a chat program as a substitute for messaging that's just encrypted in transit?
> I agree with you, but couldn't you say the same thing about using end-to-end encryption in a chat program as a substitute for messaging that's just encrypted in transit?
I just want to point out, again, that this is not an argument that I tried to make.
I can encrypt the hard drive. I can encrypt a text file to a binary encrypted file. I can encrypt a text file to a text file with something like pgp. But none of those are what I would call user friendly. But through the magic of steganography you could do all that and save it to an image file. Now we have something that people might be comfortable using.
As for secure chat idk. I wouldn't trust Windows, iOS, Android, my ISP, my VPN, the NSA (and whoever else), the spyware my mom has installed on her computer that neither of us know about, etc. I'd probably just google for something but I wouldn't be under any illusion that it's totally secure.
Typically, files on a phone don’t have an extension that is presented to the user.
Steganography alone is just security through obscurity? I guess I'm not sure which algorithm you are thinking of but regardless it's very easy to encrypt your data before writing it to the image so in any case, that is a non-problem. The same goes with your sentence about the use of steganography detection. Maybe it's possible for some algorithms, I don't know, but I have very strong doubts about that and again, it's encrypted.
The amount of data you can write to an image using a steganographic algorithm could be rightly called its "storage capacity", yes? Or do you believe that for each image there is an exact maximum storage capacity regardless of the way you encode data to it?
If you are not using stegonagraphy for the obscurity aspect, why use it at all? Why not just encrypted plaintext that can be decrypted?
Stegonagraphy is intended to conceal that a message is being sent at all, other than the apparent message of an image. If my recipient and I are both using Cool Stegonagraphy Messaging App, or you are marketing CSMA to the general public, that removes that crucial feature.
As far as storage capacity, I mean is not a concept that stegonagraphy envelops. The amount of data you could include would be limited by the lower level transmission systems - whatever software and hardware you are using to actually transmit, device, store and view images such as image format and your phone storage.
Storage capacity IS a function of the algorithm and the image. That's simply a fact. For example, say we are just bit flipping a 512x512px image and we take up all 8 bits in each color channel in each pixel. That lets us write 512 * 512 * 8 * 3 = 6291456 bits or about 6Mb. ...I can see how it looks like I was talking about real time communication because I said messaging. That was a mistake and honestly I have been playing around with the thought of if/how steganography could be used for chat but that really was not how I meant it to sound. I was thinking about how steganography might be able to make encryption more user friendly.
Sure, stegonagraphy has a capacity for information that based on the image format utilized. But the real upper capacity is dependent upon the other layers.
The way to make it user friendly is to make it transparent. I don’t see how this would do that.
However I can imagine some use cases where others would want to keep say a kinky fantasy story someone wrote to them, but need to keep it in a form that if discovered may be difficult to discern that it was a naughty message at all.
Like the "calculator app" that many of the younger folks are using to hide nudes... you'd have a "cool cat memes with friends app" - with some of the images shared having extra data embedded...
some parents and others are getting smarter about seeing the most used apps on a phone, so they are able to question why someone used "hidden locker calculator" 8 hours each day. If you had "cat meme share" being used 8 hours a day, you could open said app and show your parents/lover/ whoever the funny memes.. and they may not know that extra info could be embedded for example.
This may save some people doing bad things, but may also save some people from being outted about their <insert small niche not socially well accepted interest / lover / friend here>
No. Any online service worth its salt is going to reencode images to serve proper sizes and maybe do other processing. Along the way stuff like EXIF data and other worthless (for displaying the image) chuff will get stripped from the image. Alternatively, if you mean not somehow embedding in the file but encoding in the actual pixels of the image, that data will get lost as well when the image is resized and resampled. To survive most image manipulations, the data will have to be quite crude and you'll have low bandwidth with this kind of encryption.
An exception would be some photographer oriented services like Flickr that allow you to download the original file but those are a minority.
Yes. Any algorithm designed to be resilient to common processing steps will pass this test with flying colors. Also, EXIF data is not used in steganography, by definition.
Steganography has a bad connotation because it's heavily used in the pedophilia realm which would limit it's uptake, somewhat like torrents. Perfectly valid and useful tech that gets used by a few but not by most.
I think Telegram, even with it's flaws, is the closest I've come to an easy to use encrypted messaging app that I can get my mother to use and like.
Unfortunately that's the nature of the beast. You and I, in addition to our peers would probably see it as an endorsement (as you coffecfly stated). But we're not Joe Bloggs.
The feeling of disgust is so easily manipulated amongst the greater public.
Anyhow, I go up to the counter and rattle off everyone's order from my list. I'm making conversation with the person at the checkout, and mention I'm a vegitarian (I think sometimes it's a little like crossfit, in that regard) Anyhow, this person mentioned that burger king had vegiburgers, and they could make me one. Excited to have something other than just french fries, I accepted.
So I get back to the office and hand out the burgers. I go to dig into mine, and it's just a bun with way too much mayonase and some lettuce. It was so disappointing.
I'm not a vegitarian anymore, but I do still enjoy vegiburgers, so I will have to go try this out.
I'm not saying either approach is better. Maybe one is better, I don't really know.
# Charge for the service (whatsapp will lose 90% of its userbase in a month)
# Show generic ads (worse value than even TV ads, because at least TV ads know a little bit about the viewers of a certain show but whatsapp has no idea)
# Figure out a way to deliver targeted ads.
The issue about being careful about using those metadata for friends/"you could know" (which was always terrible for me) and related functionality is legit though. They should give the user the option of opting out (ex: I don't want you to show my FB profile to people I only have in whatsapp/instagram). Even better, they should allow for opting in and opt out everyone by default.
Why? Whatsapp used to charge a yearly fee for the app.
I suggest the title be renamed to something less official sounding.