[Moeancurly]

Is there a good (for the end user) reason that Messenger does not have E2EE enabled by default?

From The Verge's article[1]:

> However, campaigners note that Meta always has to comply with legal requests for data, and that the company can only change this if it stops collecting that data in the first place. In the case of Celeste and Jessica Burgess, this would have meant making end-to-end encryption (E2EE) the default in Facebook Messenger. This would have meant that police would have had to gain access to the pair’s phones directly to read their chats. (E2EE is available in Messenger but has to be toggled on manually. It’s on by default in WhatsApp.)

[1]: https://www.theverge.com/2022/8/10/23299502/facebook-chat-me...

[btown]

From Meta's perspective, in all the ways that matter, the advertiser is the end user. Non-advertisers' impressions and data are simply inventory that can be sold to end users. And it would be bad for the "end user" if that inventory was stored by default in a form that could not be easily indexed for cost-efficient packaging and delivery.

(Lest you think I'm exaggerating, inventory is literally an industry term: https://smallbusiness.chron.com/advertising-inventory-mean-3...)

[skoskie]

It doesn't matter whether end (you) to end (facebook) encryption is enabled or not. That only protects data "in transit". The information is still accessible in to facebook "at rest". Enabling E2EE should give you absolutely no sense of privacy from Facebook because it doesn't exist.

[aposm]

This is contrary to the universally understood meaning of E2EE (as in, end to end between the two participants in the conversation). I'm not one to blindly take Facebook's PR statements at face value, but if you're making the claim that Facebook is deliberately advertising E2EE while secretly redefining the term to mean non-E2EE, you should have some strong evidence. Those sorts of linguistic gotchas don't work in real life or in a courtroom.

[upbeat_general]

Is this assuming they build in client-side reporting functionality? In this case it’s not E2EE anyway.

Or are you saying it’s not E2EE unless the clients are auditable?

[ahahahahah]

It's mostly not enabled by default due to uproar from politicians and organizations like NCMEC on how it would protect child abusers. I expect that they are currently working on features to help address that and will enable it by default when those are ready.

[harshitaneja]

How would you implement E2EE on a web application?

[Miraste]

Drop the web app, make a native one like Signal does if they even bother with desktop. They clearly don't want people to use it anyway, they've been implementing dark patterns to push the phone version of Messenger for years.

[harshitaneja]

They already have whatsapp which does the very thing.

[btown]

Encryption keys could themselves be encrypted with a password that the user would type, that is only ever saved in browser local storage, or even only in memory and needs to be retyped on each pageload.

There's nothing preventing the government from forcing Meta to implement a backdoor that exfiltrates the unencrypted key, of course, but that's true of non-web-based systems as well.

[harshitaneja]

I am not sure how would that prevent them having access to the key and subsequently the data? Is there any platform which implements what you are suggesting and prevents the platform access to the data on a web application?

Genuinely asking as I would love to implement something for my customers which gives them control over their data while it resides on my servers.

[Xylakant]

Your parent poster proposes that the key itself is protected by a password that the user needs to enter and that the unlocked key is only stored on the users device (local storage for browsers,…)

The server only serves encrypted data that gets decoded in the browser.

The primary usability problem for that approach is that there’s no way to recover the data (messages) if the user ever forgets the keys passphrase.

Another problem is that all of the rendering that uses such encrypted data needs to happen client side in JS, WASM or similar.

[harshitaneja]

Ah. I misinterpreted this thinking the user password would be used but in this case having a separate password which user would have to reenter erratically.

I am not in security but think that XSS might be a concern here with something so sensitive.

And UX problems that come with it. Sounds interesting though to at least discuss with customers to see if the benefits are worth the costs to them.

[sofixa]

But then if the user forgets their password, there's no way to reset it.

[tomuli38]

If you think it is a good thing to obey the state's abortion laws, then yes it is a good for violating messages to be reported to law enforcement.

The question I think you meant to ask if it is a good thing for companies to obey the state.

[jakelazaroff]

No, the question is whether Facebook should have access to those messages at all.

[tomuli38]

I am at a loss for words if people expect Facebook of all companies to not access the data on their platform. Of course they will access the data on their platform. Texts and apps like Signal are a different story.

[fknorangesite]

> Texts and apps like Signal are a different story.

In what way are they "a different story" from Messenger?

[Miraste]

They're not owned by Facebook.