[1vuio0pswjnm7]

"Meta said it rolled out end-to-end encryption "for all personal chats and calls on Messenger and Facebook" in December. And in 2018, Facebook told Vox that it doesn't use private messages for ad targeting.1 But a few months later, The New York Times, citing "hundreds of pages of Facebook documents," reported that Facebook "gave Netflix and Spotify the ability to read Facebook users' private messages.""

1. "Does Facebook use info from your private messages to target you with ads?

No. Facebook says it might look at your private messages to determine if they violate the company's policies, but it doesn't use that information for ad targeting. Facebook won't use the contents of your private messages to target you with ads on Facebook Messenger, WhatsApp or Instagram either, according to a spokesperson."

https://www.vox.com/2018/4/11/17177842/facebook-advertising-...

If the messages are encrypted "end-to-end" or whatever the chosen marketing buzzwords, so that Facebook cannot read them, then how is FB able to "use" messages for anything. One accustomed to normal communications services might think FB is storing and delivering messages and that's all. But in truth, it's "using" them. (For purposes other than complying with any request from a court of comptent jurisdiction.)

Exactly what they might be doing is of course highly confidential. You are free to take guesses. FB may answer yes or no. Answers cannot be verified, so their value outside of marketing is dubious.

NB. Meta _is_ a third party. It feels as if some people believe they can redefine terms like "end-to-end", "third party", etc. As if they know many readers will happily go along for the ride.

[1oooqooq]

They describe several cases where the E2E means user<->facebook<->otheruser. Some examples: group chat. Shared images. Shared Urls with snipets. Absolutely everything involving interactions with a whatsapp "business account".

So they are not exactly lying. just being extremely dishonest.

[MattyMc]

user<->facebook<->otheruser is the exact OPPOSITE of end-to-end. There’s literally a middleman who can read your messages.

Theyre sooooo dishonest.

[KAKAN]

Yeah, one of the “ends” being Facebook itself. It's “legal” as in it is indeed end-to-end encrypted in the same way Cloudflare-hosted websites are, but very shitty. I always thought Facebook did this, but having some confirmation bias is very nice indeed, lol.

[leidenfrost]

My guess is that FB stores the keys to reverse the encryption.

The point of e2e is to block any third party to to see your conversations by sniffing packets. Not to stop Meta themselves.

[pushedx]

The OpenWhisper protocol, which is supposedly implemented by Messages and WhatsApp, was designed specifically to enable anonymous key agreement between the two or more parties sending messages, and no one else, including the service provider.

Whether or not Facebook actually implements it this way is a great question.

[appplication]

> two or more parties

When you’re having a 1:1 conversation with someone at a party, and then crack a joke and some weird dude 10 feet away laughs at you and says “good one”.

The obvious answer here would be for meta to consider itself party to your conversation.

[AdamJacobMuller]

Packet sniffing is mitigated by TLS/HTTPS.

The point of end to end is to to ensure that only me and the person I'm sending a message to can read it and that none of the systems in-between us can read the plain text of it.

[aftbit]

Uh nope, that's a huge move of the goal posts. The point of E2E is to ensure that nobody besides the two endpoints can read the messages, including all hops along the way, notably including the service provider themselves.

The problem is that this requires users to do things like use one device to authenticate another or restart key exchange with all of their peers. If a user loses their phone, then they will need to redo their security exchange process, which nobody wants to do or even understands. Thus companies often store key material in an insecure way to allow new devices to be silently added to the account.

Plus, even if E2E is well implemented, there are still problems when the endpoint software can be remotely updated to a version that exfiltrates keys or messages.

[bawolff]

> The point of e2e is to block any third party to to see your conversations by sniffing packets. Not to stop Meta themselves.

No... the point of end to end encryption is to be encrypted end to end. Its literally the name. If meta can read your encrypted messages, that is just normal encryption not end to end encryption.

[roncesvalles]

Although the frank meaning of "E2E encryption" is that a message is encrypted on the sender's device and only decrypted on the intended recipient's device, that is never ever what big tech companies mean when they use this term.

For one, this would remove companies' ability to support lawful interception, which puts them afoul of American law.

[Thorrez]

Is lawful interception possible with Whatsapp? I thought it had actual E2E encryption.