Textbox with attribute ”encrypted”. Keys in the enclave/keychain.
Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.
Truly safe e2e requires open source client provided by a trusted entity who is as much as possible independent from the one who provides the untrusted transport layer. Eg how pgp email works.
Obviously it involves trust that it isn't actually "we say it's e2ee but actually we also MiTM every conversation"
people who otherwise would have gone their entire lives without ever hearing about encryption were exposed to the term and the marketing convinced them that encryption and privacy was a valuable thing, even if they didnt fully understand the mechanisms or why e2e might not necessarily be very effective in specific circumstances.
later, when presented between option a and option b, where one has encryption and the other doesnt, they are more likely to choose the one with it ("well, if instagram and facebook use it and say it is good...")
between signal and plain text, it is easier to convince friends to use signal if they see positive marketing about encryption on other popular apps they use. it is easier to convince them to encrypt their backups before uploading them to their google drive. hell, its just a good conversation starter to introduce encryption/online privacy to people that never really think about it. that type of thing.
those same friends are not going to use irc regardless. not really a loss if it was never even on the table.
I can't say I really mind this change by Meta that much overall though. Anyone who's serious about privacy probably knew better than to pick "Instagram chat" as their secure channel. And on the other hand having the chats available helps protect minors.
Companies started pushing E2EE a few years ago because users' private messaging data used to be a liability. Now that the data can be fed into LLMs for training and inference its value has gone up significantly, and the privacy and security tradeoffs are suddenly worthwhile.
PMs across the industry are pushing product decks with "conversational AI assistants" to get their next promotion. I've been in more than one of these meetings myself. If the data is encrypted then there's no way to build this kind of stuff.
And billionaires and nine-day old alts wonder why they need a bunker.
Some parts of the legislation (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32...):
> 2. The personal data processed pursuant to this Regulation shall only be used for the purpose of handling the emergency situations referred to in the first subparagraph of Article 5(2).
> Manufacturers shall provide clear and comprehensive information in the owner's manual about the processing of data carried out through the 112-based eCall in-vehicle system. That information shall consist of:
> the fact that there is no constant tracking of the vehicle;
That vehicle nowadays are equipped with always-on internet and microphones is not related to remote assistance.
Your car if new enough, IS reporting its diagnostics including GPS via cell. All the time. This isn’t exactly personally identifiable so they get away with it just fine.
This is unrelated to the microphones and assistance systems.
That is the kind of thing people allow when they click accept or decline on those pesky ”we and our 195735 partners would like to…” dialogs.
There are two definitions: a) Personal Data and b) Emergency Situations
What is an emergency situation and how can a car determine it is one? These are "smart" cars which aren't nowadays smart enough to process all your data locally, so that data is sent to servers elsewhere which process if either points a) or b) apply.
It is your choice to believe that voice data is ever deleted once acquired by governments and entities thirsty to benefit from that information.
For security experts this is just another "I told you so" within a few years.
https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
Now it just costs them the data and development cost to maintain. Any remaining problems they'll throw some crappy AI moderator at to fix.
And I will be pushing to remove WhatsApp if that’s the case.
Messenger has a higher expectation of privacy, Facebook is more at the "group of friends" level. While Instagram is a public restaurant, Facebook is more like a house party. WhatsApp has the highest expectation of privacy as it is designed for private, often one-to-one conversations first.
You need to be prepared to avoid saying naughty things on the internet. Otherwise, perhaps someone will figure out that you great-great grandfather didn't sign in the right spot in 1897 and you're presence in the United States is void, retroactive to your birth. Off to El Salvador with you, enemy of the people.
And so does my response to your comment.
But I do wonder if self-censure is really the best strategy.
Take the Utah Data Center (https://en.wikipedia.org/wiki/Utah_Data_Center), combine it with the Disposition Matrix (https://en.wikipedia.org/wiki/Disposition_Matrix), informally known as a kill list for even US citizens, and it does seem like you're getting a Police State!
Three letter agencies have way too much power and they've shaped our culture+laws for the worse. Osama Bin Laden has done way more damage to American citizens' lives than he could've ever dreamed of.
Just like the KGB and Putin's minions, Bin Laden correctly saw fault lines and weaknesses in the US an exploited them. He did what he did with a long-range context in mind. The "three letter agencies" were neutered in the 90s as part of the peace dividend which is why he was successful. The Russians used "active measures" with intelligence in the US 2016 among other times and Bin Laden chose terrorist violence. The Russian misinformation strategy is tried and true and corporate actors now use it successfully as well.
The whole thing sucks. This Iran adventure lays the vulnerability of the US military machine pretty bare. More, escalated conflict is probably in the world's future for decades to come.
In the USA, we hate the government collecting information on us, but shrug our shoulders when corporations do it.
In Europe, it's the exact opposite. They created GDPR to restrict how corporations collect and share data about you, but they shrug their shoulders at government doing it.
Obviously, this is incredibly reductive and over-simplified, but the general idea of it feels pretty true.
Self host. It's still possible to buy computer hardware and install FOSS replacements for most/all of the services you need, and plumb it all through to your mobile devices using wireguard/tailscale. If you're behind a CGNAT you can proxy it through a cheap VPS that won't fuck you on bandwidth costs. Thanks to Proxmox, I probably have better uptime on my services than e.g. Github these days.
When it becomes impossible to get open PC hardware, I don't know. I like to think I will just stop using the internet for anything besides the bare minimum NPC type activities that are required to engage with the institutions of society.
Startups that initially choose the more private implementation version often face a disadvantage. They may not see immediate benefits and instead experience drawbacks, such as caring a bit more than their competitors. For example, an AI plugin using local large language models for privacy might not be rewarded as much as a competitor who fully embraces cloud-based solutions.
but the advice is basically the same as it always has been:
- talk to your friends and family about it. do it with passion, but without hyperbole or conspiracy or aggression. any person you can convince to care is a win. organize with like-minded people.
- talk to your representatives in government. vote for representatives that are pro-privacy (when possible). convince your like-minded friends and family to do the same.
- to the greatest extent possible, dont purchase/use products/services which are facilitating the trend. (but, you also need to be realistic or you will burn out! and that is a bigger loss overall).
- if you are a decision-maker at work, or have any sort of input, leverage it as best as you can to make pro-privacy business decisions. however, similar to the above point, recognize that you still need to be realistic and dont get yourself fired arguing some decision. it is better to make 1,000 nudges in the right direction than it is to be fired/burn out trying to make 1 big nudge.
- support organizations that align with your beliefs. this can be monetarily, or by volunteering, or by spreading awareness of the organization itself. for example, many people have never heard of the electronic frontier foundation and have no idea what they do. lots of people dont know of the ACLU either (or, maybe they have heard the name, but dont know what they do or why it matters).
That's not what I am seeing on the ground. Many discord users I have seen talk about this issue frame this as an attack on freedom and privacy by hiding it behind the same narrative that has been used so many times before of protecting children. You can only push fake narratives so far until people start getting the message that people are hiding nefarious attacks on society behind fake movements.
good! ideally, someone is helping them organize and action those thoughts and feelings outside of whatever discord channel you are in.
i am referring to how it is being framed by the people pushing the agenda. age verification laws (as an easy example) arent being advertised as "we want to spy on you", they are being advertised as "this will protect children from harms".
talk to debbie in accounting instead of babmorley420 in discord, and ask her opinion. she is not likely to frame it as an attack on privacy/freedom. she is likely to frame it as a necessary sacrifice for the greater good. and her opinion also matters, she also votes. we need to convince the debbies of the world -- they outnumber the babmorley420s
i teach tech in college and just earlier today made a post about how i am not seeing the same when i compare my current students to students 5, 10, or 15 years ago. i hope that i am the one in the bubble.
On one hand, I think a lot of the larger issues and divisions we’ve seen in society over the last 20 years are a direct result of our primary means of communication, entertainment and information being one that allows such ease of impersonation. While most of us here understand just how much Internet content is created with influence as a goal, and the posted by accounts with false identities, a majority of people still don’t. (And many who do don’t understand just how prevalent it is). I also think that sadly we’ve demonstrated that when people feel they are anonymous and beyond consequence, they’re willing to say and advocate for some terrible things which they might otherwise not have, and seeing others say those things reinforces their willingness to say and do them. If social media and internet norms of today had held the original Facebook model of requiring verification of your actual identity (back in the day .edu email days), I truly think we would live in a much different and in many ways better world.
On the other hand, I fully acknowledge that many of the people pushing for the removal of privacy and encryption are not doing so for altruistic reasons, but so that they have a more data to mine and monetize, or have the ability to monitor to a frightening degree, and that these tools once available will be available to any regime or government, so even if the ones currently pushing do have naively good intentions, the next ones very well may not.
But, I also struggle with the knowledge that for sophisticated parties, the privacy that most people think they have is a sham to begin with. There are already many tools available to piece together information sources and build a horrifyingly complex and accurate picture of individuals activities and identities. So I wonder if the illusion of privacy isn’t worse than the public at least being forced to confront the fact that they have none in the first place, and therefore being able to truly see and address the issue, while the security minded and technical individuals will always find a way obfuscate their identity and activity, just as they always have.
Switch to decentralized, e2ee alternatives, support https://eff.org
Not directly to you but in general: I do not think (most) of Europe is going the same direction as US. I actually see a lot of hope in response to EU leaders about digital infrastructure, communication & security. we have started to stop realing on America, but it will take 10-20 years before you see the entire crash trump made
Is it because this kind of phones are a very niche product so they can't benefit from the economy of scale?
Maybe android phone manufacturers can get better deals from chip manufacturers because they buy chips in large quantities?
Having seen how things work where freedom is not the default, I much prefer freedom.
There are rarely laws around preventing collection of said data or using said data for some new service.
Sometimes people talk about GDPR being only the cookie banner, but thanks to it, its forbidden to collect that kind of data.
The qualifying criteria is probably just having picked an offer for renewable-sourced energy in the past, indicating that it has some importance to you. So you will be given more green energy offers in future.
Every company segments its customer base this way for marketing. Sometimes it’s even useful.
I'm not sure if this is better or worse than them doing it because they believe in it.
Any primer/link on what current libertarians believe is welcome.
All my anarchist (left libertarian) friends are pretty consistently opposed to state and corporate surveillance. There is plenty of theory in a canon of literature that goes back to the mid 19th century, even as there are many subgroups and spurs off that general line of thought all with their own sets of (usually somewhat) consistent lines.
If you want something short and brutal, I am a fan of "Desert" by anonymous, but "A Utopia of Rules" by David Graeber is not a bad thing to read and probably closer to a popular line. Or the CIA-Coded Yale academic James Scott has a lot to say, "Two Cheers for Anarchism" and "Seeing Like a State" both seem to have influenced a lot of people.
Historically "right libertarians" (the US Libertarian political party, for instance) have been, uh, "less consistent" in their thinking, so you might have a hard time finding anything that looks like a "philosophy" in that branch of "thought". Plenty of goofy-ass ideas, but little consistency except a strange ability to begrudgingly conform to GOP politics at the end of the day.
Fundamentally I think that liberal democracy won't be able to survive compute, communication, and storage being cheap, combined with asymmetric encryption. I really think there should be an article illustrating just how much that last one is fundamental to making the apparatus of control cheap and effective in a way that 20th century regimes could only dream of.
internet is a service that you choose what to engage and how. don't like a platform? find another, build it or stop using it altogether.
personally, i find these things really great has it helps nudge people into the more decentralized web. a few years ago those who were pushing for privacy respecting apps and platforms were deemed too paranoid.
But you're absolutely right about Instagram's evolution. It's crazy.
the only social circle that truly matters is the geographically close one. no amount of E2EE or fancy chat app will replace being physically present.
I mean, okay? Next time just say social media is a cancer, and don't waste our time moving goal posts.
You don't have to wait for everyone to switch, in fact it's pretty normal to reach different people on different chats.
Given the dependence our society now has on the internet, it's bonkers to me that more VCs aren't rethinking their investment strategy. Privacy is not some niche concern anymore, check out the response to Flock for example.
Consider instead using a code word or phrase to move sensitive conversations to something self hosted such as jabber using OMEMO XEP-0384 and XEP-0373 OpenPGP for XMPP and SASL SCRAM. OMEMO is an implementation of the Signal protocol on top of the XMPP protocol.
e.g. "_Expletive_! I stubbed my toe!" other-person: "lol geezer watch where you are walking." conversation quietly and temporarily moves to the pre-shared self-hosted Jabber server. Temporarily because going dark can draw attention. Feed the big chat platform boring garbage and misdirection.
It is possible to defend against them. Maybe not on your phone though.
So having a signal for switching mediums is something that I feel indicates thinking in the wrong direction.
It's not for everyone. I grew up with code phrases. My mom knew that if I said "I love you" to send in the cavalry. We had similar processes in the military. If I answered the phone a particular way they knew the remote site was under siege.
Everyone knows you talk to your parents, but code phrases are not a way to get privacy.
Fundamentally I agree with you but people will stay on the platforms where their friends are. To change that the platform would have to do something really bad such as forcing age checks and even then I think many will just put up with it to stay connected to their friends.
It could also tag people communicating about topics ig chat that it is actively suppressing.
They may be looking for an uproar to reverse the policy as so far, it's just words.