(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


BREAKING: Meta Facebook Messenger is now rolling out End-To-End Encryption by Default #E2EE

2023-12-07 03:39:39+00:00

TL;DR: Private communication for several billion people just got a lot more secure. It will continue to improve over time. Competing platforms now have a bar to jump over.

Messenger has begun the migration for two-party chats to be end-to-end encrypted by default, and E2EE group chat will soon be on the way.

First up, some useful links:

I’ll put more links here and update the blogpost as I find them.

Some History…

In very-early 2015 — fresh off the back of building the Facebook Tor Onion — my manager & director jointly approached me and asked whether I’d be interested in end-to-end encrypting Messenger; this was extraordinary hubris on our part because we were working in “Trust & Safety” engineering rather than Messenger itself; however with the Tor deployment they evidently felt that I had the necessary combination of sales skill, engineering chops and rank insubordination to maybe pull it off.

Messenger’s then-leadership were frankly primarily driven by a desire to close any “gaps” in comparison to competing messaging platforms, but they were at least willing to entertain people coming over from “Security Infrastructure” to act as technical design authorities, implement the backend work, and overall help define and deliver a “credible” solution. The importance of credibility cannot be overstated; more than once I had executives and directors try to lecture me with “…why aren’t we just going faster by rolling our own cryptography, like Apple?”; my response that “People already have enough reasons not to trust us” …did not always land well.

About 18 months later — it flew past, but that is a phenomenally long time in Facebook engineering project terms — we shipped Facebook Messenger Secret Conversations — which was the right solution for the time: a mobile-only, 2-person secure messenger “mode”, based on Signal Protocol, with (very cute) disappearing messages, and a novel message storage and transport infrastructure to address the special needs of the above. It would have been hard to ship functionality beyond these boundaries where it could conflict with the grand visions of contemporary product leadership who were more focused on payments than privacy.

After launch (mid-2016) I quit the company, not from anger but from exhaustion and exasperation at leadership’s then-attempts to court favour with the Chinese Goverment; but I left behind some amazing people and an amazing team who could express the engineering benefits of E2EE.

So it wasn’t wholly a surprise when in January 2019 as quoted in the NYT:

Mr. Zuckerberg has also ordered that the apps all incorporate end-to-end encryption, the people said, a major step that protects messages from being viewed by anyone except the participants in a conversation. In a statement, Facebook said it wanted to “build the best messaging experiences we can; and people want messaging to be fast, simple, reliable and private.” It added: “We’re working on making more of our messaging products end-to-end encrypted and considering ways to make it easier to reach friends and family across networks.”

The enormous challenge that Zuckerberg posed to his engineers was explained by Jon Millican at the Real World Crypto conference in 2020 where he described converting Messenger to E2EE as “a full-stack rethink of an entire product”; it was shortly after this conference that Andy Greenberg helpfully documented that a full stack rethink would take “several years” which demonstrated the lies from other journalists hoping to present the long development cycle as representing political ambivalence regards giving more privacy to more people.

So here we are: in 2021 Meta said they would deliver Messenger E2EE in 2023, and in 2023 it is being delivered, and more people than ever before will have greater control over who can see the messages they share and for how long.

But some things never change and people in general still have enough reason not to trust Meta, so I am delighted to see that the team have expended much effort towards credibility; so the product launch is bolstered by white papers and blog posts describing:

the technology in use, and

the necessary storage solution, but also

a statement of what Meta thinks is necessary for E2EE to be credible …

and for them to be held to account against.

This is powerful medicine for the industry; my spare-time work for the past few years has orbited the challenge of a falsifiable test for E2EE — basically: if you do not deliver X then you do not deliver E2EE — but this goes much further into providing a checklist of desirable behaviours, features, and implementation within the spirit of E2EE.

It will be interesting to see what competing products fall short in comparison.

Think of the Children…

There are journalists and activists who are hell-bent upon gaining clicks by painting privacy as the enemy of child safety – but to a first approximation all children will grow to to be adults who require online privacy and some degree of freedom from oversight by the states.

Privacy is not the problem.

It’s approaching Christmas, and here’s a little thought experiment: you’re out with a friend, go to a pub, and as you sit down or prop up the bar the publican places a discreet microphone just in case you say something which might constitute child abuse.

If you walk into a park – heck, if you walk together into a farmer’s field – there’s a person with a clipboard there to check how old you are, to log your identity, and (again) to fit you with microphones in order to record what you say (“…it’s all analysed by an AI, dear, nobody is spying on you…”) just in case you are a child abuser.

The above is to live under unevidenced permanent suspicion and monitoring. It is totalitarian and easily repurposed to oppressive political ends, not least to crush dissent. It is not where we as a society want to go… but it is the direction that we will be taking if we demand that software be written in such a way to treat “the state” or “law enforcement” as anything other than being just another a fourth party to other people’s communication.

There is much more I can add to this, but one aforementiond journalist is playing exactly this trick to pursue clicks and I would rather be quick than verbose.

One last little thought from the perspective of the UK

We in the UK have a terrible track record of passing overbearing ostensible “public safety” laws to repress the right-wing bogeypeople of the day — vagrancy/sus-laws, “teaching gay in schools”, stop-and-search under the terrorism act — and the Online Safety Bill is a fledgeling in the same mould. They can take decades to undo.

Nobody will admit this for several years yet, because they perceive that a demand that “the platforms must do something” is somehow meant to be punitive to the platforms, rather than punitive to everyone.

It’s not far removed from the Brexit referendum thinking that “voting for Brexit will get the Tories out, and serve them right…” — it didn’t work out that way.
[END]

[1] URL: https://alecmuffett.com/article/108588
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.