[Sunlis]

It may have been, but even if it was the encryption was likely done server-side. If I'm understanding this correctly, they will now be encrypting data before it leaves your browser. That way their servers never see the true data, so they can't be held accountable for what users are uploading.

In the previous model of receiving data then possible encoding it, they have full access to the raw data uploaded and are responsible for policing the legality of the files being uploaded.

[malandrew]

TBH, I can't wait until this becomes the standard way for lots of services to do business. This is going to be better for everyone's privacy and it's ultimately going to be cheaper and less complex for everyone to do this by default because the alternatively is being forced to fund cost of policing; something that Hollywood is already trying to force ISPs to do. Section 230 of the Communications Decency Act was supposed to provide this protection, but it's become clear it simply doesn't provide enough protection when highly motivated politically-connected actors get involved. Encryption from end-point to end-point creates a situation where providers don't even need to worry about needing the protections from Section 230.