,
20 tweets,
20 min read
Read on Twitter
1/ I'm getting requests for my take on the Facebook / WhatsApp story from @MikeIsaac — I've seen the reportage and on the basis of that, my observations are:
@MikeIsaac 2/ "Civil Society" has had it wrong for a long time, all the scare-stories about Facebook analysing message content. Truth: message content is a not a good way to monetise a messenger platform — but WhatsApp has to be paid-for somehow, therefore:
@MikeIsaac 3/ Hypothetical: roll WhatsApp into Messenger and make Messenger meet the "E2E"-security bar, monetise both (all three, if IG included) by looking at the metadata & relationships.
What would the business benefits of doing this, be?
What would the business benefits of doing this, be?
@MikeIsaac 4/ Well, for one thing, lower infrastructure costs (less duplication) and a smaller attack surface; as I and others have pointed out repeatedly, if you're just shunting E2E messages between other peoples' devices, there is A LOT LESS DATA AT RISK OF EXFILTRATION BY BAD GUYS.
@MikeIsaac 5/ Further: there is going to be a metric-shit-ton of regulatory interest in Facebook merging the services; if Mark can say "whoa, look, we can't see content, we're not spying on people" — AND CAN MAKE THAT TECHNICALLY CREDIBLE — then Facebook will have a much smoother ride.
@MikeIsaac 6/ Next: Facebook need a good security story at the moment, after the [personal opinion: overhyped] Cambridge Analytica flaming, & the sad "access token" hacks — and my take is THIS PROPOSAL CLEARLY MAXIMISES THE PRIVACY AFFORDED TO THE GREATEST # OF PEOPLE AND IS A GOOD IDEA.
@MikeIsaac 7/ "But Alec, you must be wrong, Facebook would never leave money on the table by not providing a backdoor to plaintext content in order to advertise" — incorrect; aside from the possibility of pushing ever more and smarter sentiment-analysis code onto peoples' devices, there is>
@MikeIsaac 7b/ <also the fact that Facebook is large enough and adept enough to indulge in inference from metadata; in fact the past/current "Onavo" Facebook property — a VPN — stands as an example of this approach:
theverge.com/2018/8/22/1777…
theverge.com/2018/8/22/1777…
@MikeIsaac 8/ So, yeah; I am looking at this story and wondering whether it comes from an official-but-unattributable-briefing, and if so, "why now?" — but I think it would make a lot of sense, and would enhance the data- (but not necessarily metadata-) privacy of billions of people.
@MikeIsaac 9/ On that basis I look forward to following what happens next, and — important for my friends in @OpenRightsGroup, @privacyint, @bbw1984, @EFF, @laquadrature, @netzpolitik & so forth — TO SUPPORT THIS ENDEAVOUR ON GENERAL PRINCIPLES, and to watch for details.
@MikeIsaac @OpenRightsGroup @privacyint @bbw1984 @EFF @laquadrature @netzpolitik 10/ We in civil society (and some of us formerly/inside Facebook) have been shouting for some time for Facebook to implement "End-To-End-Encrypted-By-Default-Everything"
It'd be rude of us to criticise / not encourage their attempts, though I'm certain some pundits will try to.
It'd be rude of us to criticise / not encourage their attempts, though I'm certain some pundits will try to.
@MikeIsaac @OpenRightsGroup @privacyint @bbw1984 @EFF @laquadrature @netzpolitik 11/ So when you see some asshole trying to be postmodern or cynical about this — eg: for the advertising reasons alluded to, above — DO CALL THEM OUT.
Tell them to wait and see.
If we piss on it, it may never catch fire.
</end>
Tell them to wait and see.
If we piss on it, it may never catch fire.
</end>
@MikeIsaac @OpenRightsGroup @privacyint @bbw1984 @EFF @laquadrature @netzpolitik "oh, my, look, who would have thought?"
@MikeIsaac @OpenRightsGroup @privacyint @bbw1984 @EFF @laquadrature @netzpolitik Important sub-thread by @alexstamos re: how raising the bar of acceptable message services to include E2E FOR FREE makes paid-for (centralised) E2E competition less attractive, because of lack of alternate means to monetise… unless you're already Facebook
@MikeIsaac @OpenRightsGroup @privacyint @bbw1984 @EFF @laquadrature @netzpolitik @alexstamos This doesn't, of course, negatively impact the likes of @BriarApp - which is nice. :-)
@MikeIsaac @OpenRightsGroup @privacyint @bbw1984 @EFF @laquadrature @netzpolitik @alexstamos @BriarApp Here's @BBCNews on the story; this sort of regulatory "interest" IS WHY CIVIL SOCIETY NEEDS TO GET ITS ACT TOGETHER to sing from the same score:
1) Yes, Mister Regulator, End-To-End is Good and Helpful
2) No, Madame Regulator, Mandatory Backdoors for Gov't would be a bad idea:
1) Yes, Mister Regulator, End-To-End is Good and Helpful
2) No, Madame Regulator, Mandatory Backdoors for Gov't would be a bad idea:
@MikeIsaac @OpenRightsGroup @privacyint @bbw1984 @EFF @laquadrature @netzpolitik @alexstamos @BriarApp @BBCNews Link for the above article; what we _do not_ want to happen is for regulators to receive mixed messages from Civil Society about the desirability of (publicly-specified) E2E messaging being done by FB as a business enabler.
bbc.co.uk/news/technolog…
bbc.co.uk/news/technolog…
Nitpick the Advertising business *in general* if it floats your boat, sure; but more privacy for primary data, is better.
THREAD on how Facebook should NOT go about the process of fighting "fake news" in an E2E-encrypted context:
THREAD CONTINUES:
