Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Encryption Facebook Government

Did Facebook End The Encryption Debate? (forbes.com) 163

Forbes contributor Kalev Leetaru argues that "the encryption debate is already over -- Facebook ended it earlier this year." The ability of encryption to shield a user's communications rests upon the assumption that the sender and recipient's devices are themselves secure, with the encrypted channel the only weak point... [But] Facebook announced earlier this year preliminary results from its efforts to move a global mass surveillance infrastructure directly onto users' devices where it can bypass the protections of end-to-end encryption. In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on the user's device, scanning each cleartext message before it is sent and each encrypted message after it is decrypted. The company even noted that when it detects violations it will need to quietly stream a copy of the formerly encrypted content back to its central servers to analyze further, even if the user objects, acting as true wiretapping service...

If Facebook's model succeeds, it will only be a matter of time before device manufacturers and mobile operating system developers embed similar tools directly into devices themselves, making them impossible to escape... Governments would soon use lawful court orders to require companies to build in custom filters of content they are concerned about and automatically notify them of violations, including sending a copy of the offending content. Rather than grappling with how to defeat encryption, governments will simply be able to harness social media companies to perform their mass surveillance for them, sending them real-time alerts and copies of the decrypted content.

Putting this all together, the sad reality of the encryption debate is that after 30 years it is finally over: dead at the hands of Facebook. If the company's new on-device content moderation succeeds it will usher in the end of consumer end-to-end encryption and create a framework for governments to outsource their mass surveillance directly to social media companies, completely bypassing encryption.

In the end, encryption's days are numbered and the world has Facebook to thank.


UPDATE: 8/2/2019 Will Cathcart, WhatsApp's vice president of product management, took to the internet with this forceful response. "We haven't added a backdoor to WhatsApp. To be crystal clear, we have not done this, have zero plans to do so, and if we ever did, it would be quite obvious and detectable that we had done it. We understand the serious concerns this type of approach would raise, which is why we are opposed to it."
This discussion has been archived. No new comments can be posted.

Did Facebook End The Encryption Debate?

Comments Filter:
  • Wow (Score:5, Insightful)

    by phantomfive ( 622387 ) on Sunday July 28, 2019 @01:37PM (#59001950) Journal

    In the end, encryption's days are numbered and the world has Facebook to thank.

    Dumbest thing I've read all year (including my own writing).

    • by Anonymous Coward

      If anyone thinks facebook IS the Internet, ... let them die in their ignorance.
      Let's make they don't know about everything else, shall we?

      • FB is not even a social network. Let alone the WWW. An anti-social 'tard farm is more like it.

    • by Anonymous Coward

      In the end, encryption's days are numbered and the world has Facebook to thank.

      Dumbest thing I've read all year (including my own writing).

      If privacy days are numbered on the Internet, then we only have ourselves to blame (or thank, if you are Facebook, Google, Amazon, etc.). We built all this, we did it to ourselves. Slowly, and bit by bit, but we did this to ourselves.

    • Re:Wow (Score:5, Insightful)

      by gweihir ( 88907 ) on Sunday July 28, 2019 @02:17PM (#59002194)

      Sweeping conclusions from minimal events (Facebook never had privacy, they just have increased the level of deception here) is the name of the game. Journalism is dead, instead we now have this cheaply made fake.

      • by AmiMoJo ( 196126 )

        WhatsApp, which is owned by Facebook, uses the Signal protocol for encrypted messages. Signal is generally well regarded, rated highly by the EFF and cryptographers. However, the specific implementation in WhatsApp is secret and not audited.

        GCHQ, the UK's equivalent of the NSA, suggested that WhatsApp and similar apps using end-to-end encryption should install a backdoor that allows GCHQ to be added to chat groups silently. So rather than weakening the crypto, simply backdoor the app. That appears to be wha

    • by AHuxley ( 892839 )
      The NSA and GCHQ always got the data they wanted, so its not encryption.
      • And this isn't even new tech. Anti-virus software have intercepted encrypted traffic for years.

      • See, this is basically what I came here to say. If you're using FaceBook, what the hell do you care about encryption or even security itself?

    • If they're going to sit on the device, like a giant keystroke logger, why bother encrypting anything? At this point, its just not worth the CPU cycles and battery life..... Once again, Facebook kills something as we know for the sake of its own profits.
      • by xystren ( 522982 )
        so that's why my mobile device battery life had gone to hell...And to think they convinced me it was just a failing battery.
    • by ebvwfbw ( 864834 )

      Too bad you can only get 5, Insightful. That's one of the most Captain Obvious moments this year.

  • Well... (Score:4, Informative)

    by Kokuyo ( 549451 ) on Sunday July 28, 2019 @01:38PM (#59001954) Journal

    ...yes, if you don't root your device. I doubt LineageOS would come with such tools installed.

    And from there it's up to us to decide if we want to even use apps that do such things. So I'm not really worried.

    • or just buy a dumbphone that does not have android on it, social media and smartphones have made me hate most electronics. one of these days i hope the shit hits the fan and its all over for the scabs that did this to our electronics and IT
      • One of my neighbours is doing that now. Not because of privacy, but because smartphones have become too complicated to use as phones. He's going back to a flip-phone (they are now marketed as seniors phones and cost almost as much as a cheap smartphone ).
  • No (Score:5, Insightful)

    by Nkwe ( 604125 ) on Sunday July 28, 2019 @01:48PM (#59002006)
    People who insist on letting a third party "protect" their communications are the ones ending the encryption debate. People who are trading convenience for security are ending the encryption debate. Secure communications have always been hard and always will be hard because the only way to truly have secure communications between two (and only two) individuals is for those two individuals to personally maintain individual or shared secrets.
    • by gweihir ( 88907 )

      Well, not that hard. Finding out how to use PGP or GnuPG securely takes less than a day. The overhead per message is in the minutes at worst. As an IT expert, I would not call that "hard". There are lots of things in IT that are hard and require you weeks or months to invest before you can do them well. But that one day is apparently already far too much to expect from people that spent years learning to read and write in the first place.

      • by Anonymous Coward

        An self proclaimed IT expert only took a day to figure out ow to securely send a message every few minutes? And you think that's a practical solution for normal people?

        I'm guaranteed way the fuck more technical than you are but there is no way in hell i'm going to waste the few precious years I have on this planet fucking around with user-antagonistic trash like pgp. Why does so much open source suck so hard at usability? Making things easy is not shameful. Making them hard is not honorable. Making the

    • Secure communications is easy - meet in person.
      • The always on microphone in your tracker (phone) will help fill in this intelligence gap by uploading the missing minutes to the appropriate server.
    • by hey! ( 33014 )

      People who insist on letting a third party "protect" their communications are the ones ending the encryption debate.

      Unless you write your own software, that's pretty much everyone.

      • by N1AK ( 864906 )
        Unless you write your own software and only communicate with yourself you're reliant on at least one other party for your communications to be protected.
    • by AHuxley ( 892839 )
      Its totally protected all the way to the approved ad company.
    • by 0ptix ( 649734 )

      > the only way to truly have secure communications between two (and only two) individuals is for those two individuals to personally maintain individual or shared secrets.

      whats wrong with public key crypto?

      Also, i find the line your drawing a bit arbitrary here. e.g. you could just as well claim that to get secure communication with out trusting anyone else you'd have to design your own crypto primitives, implement them, build your own hardware, etc. Its just all a bit arbitrary.

      alternatively maybe card

      • by Nkwe ( 604125 )

        > the only way to truly have secure communications between two (and only two) individuals is for those two individuals to personally maintain individual or shared secrets.

        whats wrong with public key crypto?

        Other than complexity, nothing wrong with public key cryptography - that is the "individual secret" that I mentioned above. With public key you don't have to share a secret with whomever you are communicating with, but you do have to keep your private key (the individual secret) private. To be secure you need to generate the private key on your device using a TPM (or some other form of cryptographic hardware that does not ever allow the private key to be accessed directly or exported), generate a signing re

    • by AmiMoJo ( 196126 )

      Insisting that people become op-sec and crypto experts isn't going to help anyone. Adding string end-to-end crypto to apps is, because even if it isn't perfect it still massively increases the cost of mass surveillance.

      It also makes it easier for people who really do care to blend in to the crowd. GCHQ used to take special interest in encrypted data, and got rather upset when BitTorrent added crypto to the protocol to defeat ISP throttling because suddenly their filters were clogged.

  • illusiory privacy (Score:5, Insightful)

    by hdyoung ( 5182939 ) on Sunday July 28, 2019 @01:50PM (#59002020)
    Seriously. Did anyone, at any point in time, anywhere in the world, actually believe that ANYTHING posted in Facebook.... was truly private?

    This applies to more than FB. The only form of anonymity available on the internet is the sort that exists in a crowded restaurant: there are a million conversations going at once, and yours just isn't that special, and most of the time nobody is gonna bother to listen. The story changes the second that someone with the motivation really decides to eavesdrop ...... or if they write a computer program that can record and separate the million simultaneous conversations. Hello, zero internet privacy, you were basically always with us.
    • When the very rare times I write down a user's password, I make sure they change it in front of me AND eat the paper it was written on. Only takes once for most...
    • by Texmaize ( 2823935 ) on Sunday July 28, 2019 @08:22PM (#59003682)
      To tech savvy people, the idea that something was private on Facebook is absurd. Since we spend some much time with technology, it is easy to forget that like everything else, it is an acquired skill. You have inherent expertise that transcends the understanding of most others. Congratulations.

      What the OP and others forget is that not everyone has time to dedicate to learning all this arcane shit. Instead, they are learning their own arcane shit. They feel the SAME way about you. Like, when you go to the mechanic for a car issue, and he looks at you like you are a moron because you did not do a "simple" repair yourself. Or, the dentist, who drones on about how you are not doing something so obvious as clean your teeth the way they do. How about the dancer, who just can't believe someone as nerdy as you does not have that level of practiced grace? Etc etc

      So, instead of succumbing to dark impulse to make fun of them and say they get what they deserve, maybe show some empathy, and remember that you are the dumbass noob in other areas of life. Take the time to explain things. Make the world a slightly better place by sharing what you know. If you show people why big tech like FB is evil, they can help you fight it. Laugh at them, and they will help FB come after you....
    • Same could be said about moving about in public, talking with friends in a restaurant, having a modern TV, owning a smartphone, using a car that was built after 2018 etc. ad nauseum.

      There is a huge difference between "some (few, with no central collection) people may overhear some (few, unrelated) conversations at some point in time (uncommon)" and "all communication is scanned and reported at all times and reported to one central authority". One is several orders of magnitude more fascist than the other.

      Th

    • There is not, and never has been, any such thing as "privacy" online. That fact goes all the way back to the days of timesharing on mainframes.

      Nothing more to say.

  • by oldgraybeard ( 2939809 ) on Sunday July 28, 2019 @01:54PM (#59002040)
    Want privacy don't install certain spying apps/go to their web sites on your device.
    Funny Zuck does not like having customers?

    But then if this is their solution I will take it!!!!! I really don't need anything they have or provide ;)

    Just my 2 cents ;)
  • I don’t get it (Score:4, Interesting)

    by 93 Escort Wagon ( 326346 ) on Sunday July 28, 2019 @01:56PM (#59002060)

    How does Facebook doing an end-around “end the encryption debate”?

    What Facebook is talking about doing seems pretty orthogonal to the discussion around encryption. It does, however, make me think their apps are basically behaving like malware and should be treated the same way.

  • by devslash0 ( 4203435 ) on Sunday July 28, 2019 @01:59PM (#59002070)
    Blacklists and filters? How on Earth would that even have a chance of being accurate? What about the context? What about your personal relation with your interlocutor? What about sarcasm, jokes and all other complex structures in our language? How long before the government starts judging us by single out-of-context lines?

    There are also security implications. Those blacklists have to be provided from somewhere. Source and destination (for suspicious messages) addresses will be discovered pretty damn soon. If you're an administrator, you can easily intercept traffic in your network (DNS/IP redirections) and block/intercept communications. I can easily see how this will get exploited by all the public wifi providers. Perhaps even ISPs.
  • by vux984 ( 928602 ) on Sunday July 28, 2019 @02:05PM (#59002112)

    So... end to end encryption is useless if you don't trust the endpoint. Duh. If you are using whatsapp or facebook or facebook messenger, you are trusting facebook. This has always been categorically stupid.

    "If Facebook's model succeeds, it will only be a matter of time before device manufacturers and mobile operating system developers embed similar tools directly into devices themselves"

    Wow, how did we get this far before anyone thought of this?! Oh wait... you mean the "clipper chip" model, from the 90s, where the hardware is spying you for the NSA?

    We've known about this avenue of attack forever, and idiot lawmakers have been proposing it for the last 30 years. Facebook hasn't really moved the needle here. I guess its good it woke up the article author... although he's already surrendered in defeat. Fucking donut.

  • If you still have a facebook account, you are a moron...

  • by gweihir ( 88907 ) on Sunday July 28, 2019 @02:12PM (#59002156)

    And the reasons are simple: Encryption (like, for example backups) is inconvenient and requires you to learn some things before it works and is secure. All efforts to make it "just work" have predictably failed. Hence the only ones that have secure encryption are the experts and the few non-experts that invested a few hours (apparently already too much effort for most people) to find out how it works. These people will continue to have secure encryption, the rest will never have it. And while the attempts of Facebook described in the story are impressive in their sheer dishonesty and deception, they are not the root-cause for this.

  • on the devices of people that don't faceplant?

  • by bistromath007 ( 1253428 ) on Sunday July 28, 2019 @02:26PM (#59002232)

    "Remember when it was legal not to be on Facebook?" - Utahraptor, 2013

  • So don't use Facebook, or any other crappy app that rapes your data. If the idiot who wrote this article didn't realize that this has been happening for fucking decades and is about as newsworthy as a Cardashian (sp?) article, then I suggest he stick to only writing Cardashian crap. Must be a slow news week.
  • by nehumanuscrede ( 624750 ) on Sunday July 28, 2019 @02:39PM (#59002294)

    Is a risky endeavor anyway.

    A simple keylogger built into any number of installed apps ( base, user or clandestine installation), programs, the OS or even the GD hardware ( like your keyboard ) itself will negate even the most amazing crypto algorithm ever created.

    The argument for secure crypto on a digital device is moot if an adversary can gain ( or already has ) any level of control over the endpoints.

  • it ends facebook (Score:4, Interesting)

    by sdinfoserv ( 1793266 ) on Sunday July 28, 2019 @03:22PM (#59002508)
    it does not have anything to do with the merits of encryption - it has to do with trust in a corporation who's single revenue model is to sell you, the user, out. It's easy, stop using FB apps. Delete them. Stop using the platform. problem solved.
  • by rnturn ( 11092 ) on Sunday July 28, 2019 @05:10PM (#59002988)

    ... device you own and use, what the heck are you waiting for? IMHO, Facebook would spy on everyone and/or give the government the spare key to your communications so they could do the spying themselves if it meant keeping the company from being broken up and Zuckerberg fined to oblivion or out of jail.

    Whatever products you're using today, you should be looking for alternative in the event that Facebook buys them. With the money they now have, it'd be a good idea to start thinking about living without certain applications---they could buy just about anyone nowadays.

    This is (to me anyway) reminiscent of the days of doing due diligence research on what products one could switch to in a commercial setting in case CA were to buy one of the applications your business depended on. In those cases it was to protect against outrageous licensing and maitenance fees. With Facebook it's worse; it's everyones' personal privacy that's at stake.

    • Really, what is the value of things like privacy, confidentiality, and freedom compared to the sweet, sweet rush you get by being liked by people who don't know you? Come on man, priorities!
  • Fuck you too, Zuck.
  • While idiots keep using language like 'encryption' to mean cryptography in all its forms - authentication, authorization, signing, privacy, liveness, replay protection and so on, they will continue to be the class of idiot who should not write opinions on cryptography online if they don't want their idiocy exposed.

  • Isn't it time to say enough is enough?
  • OMG, I hever realized that Facebook is essential. When did Facebook become essential? The last company that sold me a phone with Facebook preinstalled and unremovable never sold me anything again, and never will. Ever.

    Fuck Facebook.

  • You can bust encryption by spying on the decrypted text being entered prior to encryption? Wow! I'm amazed that no one in the computer security field has ever realized this! This is ground-breaking! We are all screwed! How could we not have seen such an obvious flaw across several decades of computer security work?!

    Does this really need to be tagged as sarcastic?

    Operating systems should be set up to specifically block this sort of thing. The only stuff that should be able to globally intercept keyboar
  • encryption's days are numbered and the world has Facebook to thank

    The author has an enormous blind spot, leading to erroneous conclusions. Facebook doesn't give a crap, per se, about end to end encryption. The whole thing is coming out of pressure and regulations from various governments for them to "do something" about people talking to each other outside of approved channels.

  • Will I be required by law to have social media apps installed on my phone, tablet or laptop? Perhaps there is a simpler method.

    There are countries that are right now requiring root certificates belonging to their government be installed on computing devices. The U.S. Attorney General is demanding an encryption back-door such as this right now. No pesky court order required. Your communications are always accessible on demand, in real-time, that way.

    It may be that we are not yet cowed sufficiently to let

  • " In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. "

    I'm not even vaguely interested FakeBook or WhatApp, and I'm certainly unwilling to have my messages "content-moderated" by those lefty companies.

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...