Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.
Truly safe e2e requires open source client provided by a trusted entity who is as much as possible independent from the one who provides the untrusted transport layer. Eg how pgp email works.
people who otherwise would have gone their entire lives without ever hearing about encryption were exposed to the term and the marketing convinced them that encryption and privacy was a valuable thing, even if they didnt fully understand the mechanisms or why e2e might not necessarily be very effective in specific circumstances.
later, when presented between option a and option b, where one has encryption and the other doesnt, they are more likely to choose the one with it ("well, if instagram and facebook use it and say it is good...")
between signal and plain text, it is easier to convince friends to use signal if they see positive marketing about encryption on other popular apps they use. it is easier to convince them to encrypt their backups before uploading them to their google drive. hell, its just a good conversation starter to introduce encryption/online privacy to people that never really think about it. that type of thing.
those same friends are not going to use irc regardless. not really a loss if it was never even on the table.
Whatever the cause, it sure sounds like it was a strange and unnerving experience.
Walking outside (after asking my wife if she could hear it): silence. Trees rustling, normal noises.
It was background noise. But inside the apartment that combination of different sounds was just right that it sounded like muffled music to me - but hence why I couldn't identify it, whatever was there was just me thinking I was hearing things.
Draw ones own conclusions about the relative technical plausibility of the events described by the OP (how would digital packet based audio experience a glitch which is structured as though you'd tuned into another analog radio station? It wouldn't: that doesn't happen and it isn't even a failure mode).
Obviously it involves trust that it isn't actually "we say it's e2ee but actually we also MiTM every conversation"
I can't say I really mind this change by Meta that much overall though. Anyone who's serious about privacy probably knew better than to pick "Instagram chat" as their secure channel. And on the other hand having the chats available helps protect minors.
Eg. The Debian random number generator bug.
You are no more capable of spotting a deliberately concealed backdoor in a binary than in source code, there's simply no meaningful difference.
Companies started pushing E2EE a few years ago because users' private messaging data used to be a liability. Now that the data can be fed into LLMs for training and inference its value has gone up significantly, and the privacy and security tradeoffs are suddenly worthwhile.
PMs across the industry are pushing product decks with "conversational AI assistants" to get their next promotion. I've been in more than one of these meetings myself. If the data is encrypted then there's no way to build this kind of stuff.
Some parts of the legislation (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32...):
> 2. The personal data processed pursuant to this Regulation shall only be used for the purpose of handling the emergency situations referred to in the first subparagraph of Article 5(2).
> Manufacturers shall provide clear and comprehensive information in the owner's manual about the processing of data carried out through the 112-based eCall in-vehicle system. That information shall consist of:
> the fact that there is no constant tracking of the vehicle;
That vehicle nowadays are equipped with always-on internet and microphones is not related to remote assistance.
https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
Now it just costs them the data and development cost to maintain. Any remaining problems they'll throw some crappy AI moderator at to fix.
That is not the view their legal department takes, I guarantee it. Congress ain't gonna keep its composition indefinitely.
And I will be pushing to remove WhatsApp if that’s the case.
Messenger has a higher expectation of privacy, Facebook is more at the "group of friends" level. While Instagram is a public restaurant, Facebook is more like a house party. WhatsApp has the highest expectation of privacy as it is designed for private, often one-to-one conversations first.
You need to be prepared to avoid saying naughty things on the internet. Otherwise, perhaps someone will figure out that you great-great grandfather didn't sign in the right spot in 1897 and you're presence in the United States is void, retroactive to your birth. Off to El Salvador with you, enemy of the people.
And so does my response to your comment.
But I do wonder if self-censure is really the best strategy.
Take the Utah Data Center (https://en.wikipedia.org/wiki/Utah_Data_Center), combine it with the Disposition Matrix (https://en.wikipedia.org/wiki/Disposition_Matrix), informally known as a kill list for even US citizens, and it does seem like you're getting a Police State!
Three letter agencies have way too much power and they've shaped our culture+laws for the worse. Osama Bin Laden has done way more damage to American citizens' lives than he could've ever dreamed of.
In the USA, we hate the government collecting information on us, but shrug our shoulders when corporations do it.
In Europe, it's the exact opposite. They created GDPR to restrict how corporations collect and share data about you, but they shrug their shoulders at government doing it.
Obviously, this is incredibly reductive and over-simplified, but the general idea of it feels pretty true.
Self host. It's still possible to buy computer hardware and install FOSS replacements for most/all of the services you need, and plumb it all through to your mobile devices using wireguard/tailscale. If you're behind a CGNAT you can proxy it through a cheap VPS that won't fuck you on bandwidth costs. Thanks to Proxmox, I probably have better uptime on my services than e.g. Github these days.
When it becomes impossible to get open PC hardware, I don't know. I like to think I will just stop using the internet for anything besides the bare minimum NPC type activities that are required to engage with the institutions of society.
Startups that initially choose the more private implementation version often face a disadvantage. They may not see immediate benefits and instead experience drawbacks, such as caring a bit more than their competitors. For example, an AI plugin using local large language models for privacy might not be rewarded as much as a competitor who fully embraces cloud-based solutions.
The qualifying criteria is probably just having picked an offer for renewable-sourced energy in the past, indicating that it has some importance to you. So you will be given more green energy offers in future.
Every company segments its customer base this way for marketing. Sometimes it’s even useful.
I'm not sure if this is better or worse than them doing it because they believe in it.
Having seen how things work where freedom is not the default, I much prefer freedom.
There are rarely laws around preventing collection of said data or using said data for some new service.
Switch to decentralized, e2ee alternatives, support https://eff.org
Not directly to you but in general: I do not think (most) of Europe is going the same direction as US. I actually see a lot of hope in response to EU leaders about digital infrastructure, communication & security. we have started to stop realing on America, but it will take 10-20 years before you see the entire crash trump made
but the advice is basically the same as it always has been:
- talk to your friends and family about it. do it with passion, but without hyperbole or conspiracy or aggression. any person you can convince to care is a win. organize with like-minded people.
- talk to your representatives in government. vote for representatives that are pro-privacy (when possible). convince your like-minded friends and family to do the same.
- to the greatest extent possible, dont purchase/use products/services which are facilitating the trend. (but, you also need to be realistic or you will burn out! and that is a bigger loss overall).
- if you are a decision-maker at work, or have any sort of input, leverage it as best as you can to make pro-privacy business decisions. however, similar to the above point, recognize that you still need to be realistic and dont get yourself fired arguing some decision. it is better to make 1,000 nudges in the right direction than it is to be fired/burn out trying to make 1 big nudge.
- support organizations that align with your beliefs. this can be monetarily, or by volunteering, or by spreading awareness of the organization itself. for example, many people have never heard of the electronic frontier foundation and have no idea what they do. lots of people dont know of the ACLU either (or, maybe they have heard the name, but dont know what they do or why it matters).
That's not what I am seeing on the ground. Many discord users I have seen talk about this issue frame this as an attack on freedom and privacy by hiding it behind the same narrative that has been used so many times before of protecting children. You can only push fake narratives so far until people start getting the message that people are hiding nefarious attacks on society behind fake movements.
good! ideally, someone is helping them organize and action those thoughts and feelings outside of whatever discord channel you are in.
i am referring to how it is being framed by the people pushing the agenda. age verification laws (as an easy example) arent being advertised as "we want to spy on you", they are being advertised as "this will protect children from harms".
talk to debbie in accounting instead of babmorley420 in discord, and ask her opinion. she is not likely to frame it as an attack on privacy/freedom. she is likely to frame it as a necessary sacrifice for the greater good. and her opinion also matters, she also votes. we need to convince the debbies of the world -- they outnumber the babmorley420s
Any primer/link on what current libertarians believe is welcome.
On one hand, I think a lot of the larger issues and divisions we’ve seen in society over the last 20 years are a direct result of our primary means of communication, entertainment and information being one that allows such ease of impersonation. While most of us here understand just how much Internet content is created with influence as a goal, and the posted by accounts with false identities, a majority of people still don’t. (And many who do don’t understand just how prevalent it is). I also think that sadly we’ve demonstrated that when people feel they are anonymous and beyond consequence, they’re willing to say and advocate for some terrible things which they might otherwise not have, and seeing others say those things reinforces their willingness to say and do them. If social media and internet norms of today had held the original Facebook model of requiring verification of your actual identity (back in the day .edu email days), I truly think we would live in a much different and in many ways better world.
On the other hand, I fully acknowledge that many of the people pushing for the removal of privacy and encryption are not doing so for altruistic reasons, but so that they have a more data to mine and monetize, or have the ability to monitor to a frightening degree, and that these tools once available will be available to any regime or government, so even if the ones currently pushing do have naively good intentions, the next ones very well may not.
But, I also struggle with the knowledge that for sophisticated parties, the privacy that most people think they have is a sham to begin with. There are already many tools available to piece together information sources and build a horrifyingly complex and accurate picture of individuals activities and identities. So I wonder if the illusion of privacy isn’t worse than the public at least being forced to confront the fact that they have none in the first place, and therefore being able to truly see and address the issue, while the security minded and technical individuals will always find a way obfuscate their identity and activity, just as they always have.
internet is a service that you choose what to engage and how. don't like a platform? find another, build it or stop using it altogether.
personally, i find these things really great has it helps nudge people into the more decentralized web. a few years ago those who were pushing for privacy respecting apps and platforms were deemed too paranoid.
You don't have to wait for everyone to switch, in fact it's pretty normal to reach different people on different chats.
Fundamentally I think that liberal democracy won't be able to survive compute, communication, and storage being cheap, combined with asymmetric encryption. I really think there should be an article illustrating just how much that last one is fundamental to making the apparatus of control cheap and effective in a way that 20th century regimes could only dream of.
Given the dependence our society now has on the internet, it's bonkers to me that more VCs aren't rethinking their investment strategy. Privacy is not some niche concern anymore, check out the response to Flock for example.
NSFW stuff doesn’t need the internet anymore. Critique of regimes aren’t safe either so being online is just a crutch and thats so sad.
Textbox with attribute ”encrypted”. Keys in the enclave/keychain.
It could also tag people communicating about topics ig chat that it is actively suppressing.
They may be looking for an uproar to reverse the policy as so far, it's just words.
Consider instead using a code word or phrase to move sensitive conversations to something self hosted such as jabber using OMEMO XEP-0384 and XEP-0373 OpenPGP for XMPP and SASL SCRAM. OMEMO is an implementation of the Signal protocol on top of the XMPP protocol.
e.g. "_Expletive_! I stubbed my toe!" other-person: "lol geezer watch where you are walking." conversation quietly and temporarily moves to the pre-shared self-hosted Jabber server. Temporarily because going dark can draw attention. Feed the big chat platform boring garbage and misdirection.
It is possible to defend against them. Maybe not on your phone though.
So having a signal for switching mediums is something that I feel indicates thinking in the wrong direction.
Fundamentally I agree with you but people will stay on the platforms where their friends are. To change that the platform would have to do something really bad such as forcing age checks and even then I think many will just put up with it to stay connected to their friends.
