112

Facebook Messenger's Rollout of End-to-End Encryption Leaves Metadata Questions Unanswered (spectrum.ieee.org)

submitted 5 months ago by ForgottenFlux@lemmy.world to c/privacy@lemmy.ml

12 comments fedilink hide all child comments

Excerpts from the article and another article by the Electronic Frontier Foundation (EFF) :

While Meta won’t collect messages themselves, there is nothing stopping them from collecting metadata on those very messages.

By design, Meta has access to a lot of unencrypted metadata, such as who sends messages to whom, when those messages were sent, and data about you, your account, and your social contacts. None of that will change with the introduction of default encryption.

Meta has a reputation for collecting its users’ data: a key part of its lucrative advertising business. In fact, last year, the company earned a US $1.3 billion fine from European Union regulators for transferring EU citizens’ Facebook data to the United States.

Meta’s documentation indicates the company will continue to process messages’ metadata: what time a message was sent, for example, and who sent it to whom. The company says it will use metadata to help identify bad actors. Privacy advocates see this use case as evidence metadata can make a double-edged sword.

“This also demonstrates how much can be inferred from behaviors and metadata without needing access to the actual contents of messages themselves,” says Geraghty. “So we have to ask: What could Meta be using this data for additionally? It’s likely this metadata will be used to continuously enrich user profiles for targeted advertising purposes.”

top 12 comments

sorted by: hot top controversial new old

[-] Anticorp@lemmy.world 39 points 5 months ago

While Meta won’t collect messages themselves

We have no proof of this, only the word of a company that habitually lies and cheats.

[-] hersh@literature.cafe 6 points 5 months ago

Yeah, I wouldn't be too confident in Facebook's implementation, and I certainly don't believe that their interests are aligned with their users'.

That said, it seems like we're reaching a turning point for big tech, where having access to private user data becomes more of a liability than an asset. Having access to the data means that they will be required by law to provide that data to governments in various circumstances. They might have other legal obligations in how they handle, store, and process that data. All of this comes with costs in terms of person-hours and infrastructure. Google specifically cited this is a reason they are moving Android location history on-device; they don't want to deal with law enforcement constantly asking them to spy on people. It's not because they give a shit about user privacy; it's because they're tired of providing law enforcement with free labor.

I suspect it also helps them comply with some of the recent privacy protection laws in the EU, though I'm not 100% sure on that. Again, this is a liability issue for them, not a user-privacy issue.

Also, how much valuable information were they getting from private messages in the first place? Considering how much people willingly put out in the open, and how much can be inferred simply by the metadata they still have access to (e.g. the social graph), it seems likely that the actual message data was largely redundant or superfluous. Facebook is certainly in position to measure this objectively.

The social graph is powerful, and if you really care about privacy, you need to worry about it. If you're a journalist, whistleblower, or political dissident, you absolutely do not want Facebook (and by extension governments) to know who you talk you or when. It doesn't matter if they don't know what you're saying; the association alone is enough to blow your cover.

The metadata problem is common to a lot of platforms. Even Signal cannot use E2EE for metadata; they need to know who you're communicating with in order to deliver your messages to them. Signal doesn't retain that metadata, but ultimately you need to take their word on that.

[-] Endward23@futurology.today 2 points 5 months ago* (last edited 5 months ago)

Yeah, I wouldn’t be too confident in Facebook’s implementation, and I certainly don’t believe that their interests are aligned with their users’.

I'm quite sure, they arn't. This statement doesn't mean that I think they have bad intention or something. It's just, at least for me, obivious that the interest of the users and these of the companies are highly different. This is also the case with other companies and their customers.

Having access to the data means that they will be required by law to provide that data to governments in various circumstances.

A more paranoid person than myself would suspect that any big enough gouverment world simply force the companies to collect and share data.

The metadata problem is common to a lot of platforms.

From the viewpoint of the cooperations, this is a good deal. Enough privacy to keep people on the plattform and still enough data for advertisment.

[-] pipariturbiini@sopuli.xyz 23 points 5 months ago

It's called "metadata", so clearly it belongs to Meta.

[-] cheese_greater@lemmy.world 2 points 5 months ago

And lawyers are just practicing ;)

[-] Anticorp@lemmy.world 0 points 5 months ago* (last edited 5 months ago)

By that reasoning, all your CaccaDoodie are belong to us.

[-] Endward23@futurology.today 8 points 5 months ago

Meta-Data is a good wordplay here, even if not intended and the correct wording...

[-] pineapplelover@lemm.ee 7 points 5 months ago

Unless it's open source, they could be lying behind their teeth for all we know.

[-] beta_tester@lemmy.ml 5 points 5 months ago

Even if they open the source code, the server can run something different

[-] ShortN0te@lemmy.ml 6 points 5 months ago

Thats the thing about e2e. The server does not matter.

[-] beta_tester@lemmy.ml 4 points 5 months ago

Initially I wanted to include the app as well but somehow I didn't. If facebook would open its source code for the app, it doesn't mean that you could build it and use it that way without additional keys and facebook wouldn't want that which would mean they still publish an app you don't know the exact source code of.

[-] pineapplelover@lemm.ee 3 points 5 months ago

AGPL v3

this post was submitted on 21 Jan 2024

112 points (97.5% liked)

Privacy

29784 readers

694 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS