(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Unrolled thread re: “Meta’s Biggest Encrypted Messaging Mistake Was Its Promise” opinion-piece in @Wired by @elegant_wallaby

2021-12-04 21:19:28+00:00

So, David wrote this, and I find it a really curious mixture: painting a picture of hard technological problems as-if it was somehow reckless to even attempt to solve them, and doom-mongering of the approach — woe betide Facebook for attempting to architect a solution which leans this way, rather than that way.

So I wrote this attached thread to communicate what I think of both the analysis and the frame; and basically… it fits a popular model of “don’t wait for the software to arrive, critique the mere attempt as being intolerable hubris” which is commonly employed by third-parties who desperately want to influence how a company develops product, because they have a flame of insight which burns within, and which clearly a mere bunch of techbros or nerds are not going to understand or be concerned with unless they are told — and Wired gave David a pulpit from which to preach.

This is the fashion of the moment. I look forward to it passing — or, at least I look forward to Messenger hopefully shipping an E2EE solution that is worthy of the title, so that the same pundits can move on to criticising something more approximately tangible.

But one thing we should be reminded of in several dimensions: Facebook — or indeed any other platforms, currently — is not a “state actor”; it cannot literally throw you in jail, it cannot literally remove from you your “fundamental rights”, it does not partake of the state’s “monopoly on violence.” Therefore the drive to pre-judge or circumscribe its actions is less essential, even less existential. Certainly there are concerns of monopoly which are very trendy at the moment (and I consider: badly handled) but the sound and fury being pre-emptively directed at a tech company for re-engineering a core product to provide more privacy and security to users, is simply extraordinary.

And the extent makes one wonder what motivations are really at play?

Unrolled thread

Person working at orgo that quietly advocates adoption of varying species of in-app client-side scanning, upset that others might innovate using the non-app web for E2E-Secure Messaging:

tl;dr having E2EE on every website in every context is unlikely to happen, much less interoperably. We should focus on a more tightly focused app ecosystem instead. https://t.co/h46Mtk0rrl — David Thiel (@elegant_wallaby) December 3, 2021

Same person writes Wired article with strap-line regarding (& peppered with) popularly-reported but groundless claims of “delay” of delivery of Messenger E2EE:

https://www.wired.com/story/meta-end-to-end-encryption-delay/

Same person must have missed the YouTube video from the “Real World Cryptography” conference in February 2020, describing Messenger E2E progress, saying that it’d be harder/take longer than WhatsApp & giving no dates.

Same person must have missed my pointing out that claims of “delay” (“Meta’s greatest misstep isn’t this latest delay”) are entirely due to editorialising by the UK’s notoriously statist Daily Telegraph.

Curious, as the same person was also arguing with me regarding the relative importance of protecting 2.7+ billion people, versus drilling holes in privacy to help rescue unmeasured but small numbers of children.

Same person’s article is busily occupied by finger-wagging:

Finger Shake Judge Judy GIF

1/ “the company must improve its existing content-oblivious harm-reduction mechanisms”—okay, so maybe they’ll do that?

2/ “Meta must also limit recommendation engines & discoverability”— perhaps, or perhaps there’s some other mitigation?

Same person used to work there & now does not. Strange, then, for person to be explaining product functional & design requirements to the world unless person felt some benefit to “playing to the gallery”. Big “bully pulpit” energy.

Pastor Declare GIF

Same person clearly appears to believe they’re a better engineer than those employed on Messenger E2E. This helps me understand why person left, because Meta is filled with better engineers than either of us.

First, we need key generation and management of some kind. Generating keys within JS is possible, but how are you going to store them? Local storage mechanisms are read/write, and we don't want the site to be able to take our keys. 2/ — David Thiel (@elegant_wallaby) December 3, 2021

Overall person’s writing— David, @elegant_wallaby —smacks of not liking not being the Product Manager for Messenger E2E.

For the sake of us all, I’m happy to see what gets shipped, trying to stop it being diluted, & glad that he is not the one calling the shots.

Seth Meyers Please GIF by Late Night with Seth Meyers

Originally tweeted by Alec Muffett (@AlecMuffett) on 2021/12/04.
[END]

[1] URL: https://alecmuffett.com/article/15628
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.