The phrase "end-to-end encryption" means very little when Facebook controls the clients on both ends, and when they control the encryption keys.
If the Facebook messenger app can launch and immediately display your messages, then they have the ability to read your messages. You just have to trust them when they say they won't.
The only way a messaging platform can guarantee true end-to-end security of your messages is if the message both enters and exits their control boundaries in an encrypted state. This means that you would have to use a third party tool to talk to their API, and then you would need to provide your key to it (not Facebook) to decrypt and encrypt messages.
Anything less than this is just security theater. As a side note, pretty much every single popular "encrypted messaging" app (such as Whatsapp and Signal) suffers from this same fundamental flaw. There's absolutely nothing stopping them from pushing out a code update that uploads your keys to their servers and gives them access to freely read your messages, and there's nothing stopping them from sending a copy of your un-encrypted messages to themselves. If they control the app, and it's not a fully open source, and if every release isn't audited, it's impossible for them to guarantee they can't read your messages.
> The apps will be integrated, he said, and messages sent through
> them encrypted end-to-end, so that even Facebook cannot read them.
Why do I have difficulty believing that? Maybe Zukerberg meant Facebook would always be one end of the end-to-end, and the reporter _assumed_ that Facebook cannot read the messages.
I suspect they were just paraphrasing Zuckerberg's blog post[1]:
> Encryption. People's private communications should be secure. End-to-end encryption prevents anyone -- including us -- from seeing what people share on our services.
E2E doesn't actually matter that much in the end; it's far more interesting to advertisers (and therefore valuable to Facebook) to know who you're talking to than to know what you said. Three-letter agencies know this too - scanning encrypted traffic for keywords is going to get them a lot more chaff than wheat, but spotting that five suspected criminals/subversives/journalists (delete as appropriate to your political tastes...) are having an ongoing conversation is almost pure wheat in that it tells them to expend effort on finding out whether they're making nefarious plans or just sharing cat macros.
No, that's something that happened only in DannyB2's mind (I was confused for a moment because DannyB is usually reasonable, the 2 has sure changed him).
Am I the only one looking at this announcement and going "holy shit"?
If we ignore the very well deserved Zuck skepticism for a moment, this kills Snapchat, almost immediately demolishes the wave of negative PR that Facebook is starting to drown under, gets ahead of the regulatory environment that's being put together, and also creates an Amazonesque platform which enables their core service and allows them to expand it dramatically.
Would I run a Discord competitor off FB servers if I knew they weren't snooping on my shit? Yes. Would I care that they use non PII to serve ads through the platform? Not really.
Would I run a slack competitor off FB servers if they weren't snooping on my shit and were enterprise data compliant? Yes. Would I mind if they occasionally sent me ads with enterprise services in my industry (ask me for it, and tell me it's to bucket ads!)? I'd probably welcome it.
They have the engineering talent and the resources to make this happen in a big way. But do they have the sincerity to make it happen? Probably not.
There are so many grains of salt for this to be taken with and the track record of Facebook and Zucky makes me quite skeptical that anything concrete will come from this announcement.
"privacy-focused" until governments subpoena messages from the world's largest and most active digital network.
or until advertisers demand more knobs for their retargeting.
or until zuckerberg changes the company priority yet again and sweeps this under the rug.
if i were any more skeptical it would underflow into unbridled hope.
From a product perspective I think this is the right move. Aside from data privacy concerns, a lot of the critism of Facebook as a product seems to be due to it's global nature -- how your feed is mixed with Grandma posting conspiracy memes and your high school acquaintance talking about how her multilevel marketing scheme is amazing.
Many people say they only use Facebook to keep in touch with certain folks and for the event planning capabilities. If Facebook can successfully integrate the three apps and make Facebook seem more like a neighborhood coffee shop than a global forum I could see it really fueling growth and engagement.
Yeah well, this only makes me redouble my efforts to get rid of whats-app. If only idiotic managers would stop making pointless job related whats-app groups for everything...
of course the subtext here is that FB currently can and does snoop on these services (which is certainly no surprise to the HN crowd).
regardless, IMHO this is refreshing news in that a media barrage of bad publicity over privacy concerns has actually caused one of the largest companies in the world to change their behavior (assuming Zuck follows through on this promise to the full extent).
While I'm happy to see Facebook doing this, I feel like it's already burnt the goodwill and trust it would have needed for the public to trust it. This isn't something you do retroactively, you're either proactive about security and privacy from the start or you're not.
Contrast this with how Apple became a privacy bulwark. No one asked them to encrypt iMessage and implement Secure Enclave and disable USB communication after 24 hours of screen lock or any of the other myriad security improvements they've made. They did it proactively, and they've been rewarded with perception accordingly.
My prediction: this is going nowhere. Zuckerberg promised a "Clear History" feature almost a year ago, and it's nowhere to be seen [1]. What reason do we have to believe that the company built by a Mark "Dumb Fucks" Zuckerberg [2] which failed to deliver the last round of promised reforms and used PR firms to discredit its opponents [3] has suddenly seen the light and is pivoting to privacy? Get real.
the TL;DR is that Zuckerberg seems to want to move the company from being a completely open public space to more of a collection of private communities, because that is what, according to him, people are gravitating towards.
I don't think there's an explicit mention in there that they want to be a wechat like system. But there's also been talk about facebook introducing their own crypto-ish currency, so I guess it's not an outlandish idea either.
