Meta gets a lot of flak for privacy, but at the same time, they end to end encry...

lloeki · on Dec 7, 2023

> at cost to the company

If by "cost" you mean Meta being in the business of siphoning user behaviour, Meta controls the E in E2E a.k.a the apps, so it's a matter of trusting them to not do covert on-device analysis + result exfiltration.

xvector · on Dec 8, 2023

Plenty of people have reverse-engineered the apps and found no evidence of this. They use the same protocol as Signal under the hood.

Many cybersecurity engineers passionate about this stuff have worked for Meta. They, too, would have blown the whistle at some point.

lloeki · on Dec 8, 2023

The E2E protocol is immaterial, it's about what the endpoint app does and which telemetry it reports.

Not saying they do it, again it's about trust in the context of:

- Meta (the company, not the employees) having a bad track record

- Meta's business model being what it is (building profiles and selling tooling around that), creating tension with privacy matters

xvector · on Dec 9, 2023

Their track record with E2EE is pretty great, given that they opt to disable WhatsApp in countries that ban E2EE instead of disabling E2EE.

drsnow · on Dec 7, 2023

No company is obligated to do anything. Such lack of obligation is not sufficient reason to praise companies that do the bare minimum to keep user data safe. Sure they aren't obligated but how on earth does that matter?

xvector · on Dec 8, 2023

E2EE certainly is not the "bare minimum", TLS is. Maybe encryption at rest, but even that's debatable.

Shish2k · on Dec 7, 2023

If E2EE is “the bare minimum”, how are there so many successful and thriving companies who don’t do it? And why are you even on HN, which doesn’t do it?