(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


THOUGHT EXPERIMENT: how the experiences of #Twitter and #ThreadsApp show us how the #OnlineSafetyBill could be a windfall for fully-end-to-end-encrypted Facebook @Messenger

2023-07-19 19:47:03+00:00

THOUGHT EXPERIMENT: how the experiences of #Twitter and #ThreadsApp show us how the #OnlineSafetyBill could be a windfall for fully-end-to-end-encrypted Facebook @Messenger

Potential Futures…

Here’s a potential future timeline which just struck me:

The Online Safety Bill passes, demanding some sort of client-side scanning of messages to be implemented The requisite parts of the bill, unlike part 3 of the Digital Economy Act, get enacted Some idiot attempts to expedite getting Ofcom to demand spyware be inserted into Signal and WhatsApp Signal and WhatsApp exit the UK market — Signal likely actively/in-protest, WhatsApp when someone actually tries telling them to insert a backdoor There is no reliable, trustworthy, user-friendly, at-scale E2EE messenger in the UK market What happens next?

NB: I don’t count Telegram as trustworthy, nor Element as scalable, iMessage only does Apple, and the plethora of existing European/other E2EE messengers are beyond the political pale; and to create an all-British Replacement Patriotic Messenger will be a massive Government IT-project clusterfuck.

But in the words of Yoda: “there is another,” even though the Home Office has had its big guns directed squarely at it for several years: Facebook Messenger.

It’s possible of course that Ofcom may try to proactively demand the deployment of “accredited [surveillance] technology” into Facebook Messenger, but seeing that Messenger is not yet E2EE and is merely rapidly headed in that direction, it would be interesting to see them try to make the case without actual evidence.

So… with WhatsApp gone, and Signal gone, what are our Parliamentarians — and those around them in the departments, along with their spads and peers — what are these people going to use for secure communications in order to arrange their policies and parties and shagging?

My bet: E2EE-Enabled Facebook Messenger; and here’s how the Threads launch fits into the possible strategy:

Threads Launch == E2EE Messenger Launch

I was an engineer on Facebook Messenger, and I put the first cut of E2EE into the app, so I’m privy to a few arcane insights:

I know that WhatsApp, to some extent, runs as a separate estate within (now) Meta; there’s some shared infrastructure dependencies, but otherwise there’s a chalk-versus-cheese distinction in the codebases and operation I know / I get to see other ex-Meta engineers who are complaining that “Threads is broken for me, timeline does not load!” only to later note “Oh wait, I’m in Europe where it has not launched yet…” (…because of regulatory uncertainty) … and also: I’m fairly certain that WhatsApp in the UK is not a huge cash-cow like some politicians assume that somehow it must be

I have written previously about how technologies like “feature flags” can be used to limit access to a service, and the “Threads” launch should deeply underscore that it’s entirely possible to blacklist one/more countries from access to a service because of legal uncertainty, and that Meta are entirely willing to do so for extended periods of time.

So where we saw Elon Musk gutting Twitter to the point where people flocked to a new Meta app, in this case we’ll have:

WhatsApp and Signal evacuating the UK hostile environment towards privacy, leaving a huge and sudden vacuum

Politicians and Public with nowhere else to go to immediately find well-integrated, secure, expressive messenger software

A “new” E2EE-by-default Facebook Messenger launched recently-enough that OFCOM have not yet had cause to try destroying it, being as they’ve been so tied-up with the other ones…

It would be a bit like dropping a lifeboat in front of a small, sinking ship, and telling people that they are free to use it so long as they don’t punch a hole in the hull… no?

I’m pretty sure that the result would be a regulatory fudge in favour of privacy — after all, Part 3 of the Digital Economy Act never came to fruition, did it? So there must be a kernel of realpolitik somewhere in Westminster.

PostScript: Why would Ofcom/HMG wait before applying pressure on Messenger?
[END]

[1] URL: https://alecmuffett.com/article/85187
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.