Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

End-to-end encryption only prevents in-flight access of the data by your ISP. At either "end" that data can be trivially decrypted, and probably isn't even stored on an encrypted server to boot. It would require a lot more than E2EE to meaningfully resist government surveillance.


Just to clarify one possible misconception, the two ends would be the mother and daughter’s phones in this case. Meta shouldn’t have the key to decrypt accessible to them.

You’re absolutely correct that it can be decrypted on either end but Meta should resist putting a backdoor in their app that allows this. If no other reason than it compels them to be in the middle of this criminal case.

Also Facebook Messenger already enables this (https://www.facebook.com/help/messenger-app/1084673321594605) but it’s not the default. It should be.

This is just basic privacy and for sure won’t protect you from a focused government attack but it’s a start.


This is the part where things get ambiguous and it's hard to say how things go. On paper, you are correct and I 100% agree with everything in this comment. In practice, I have no reason to believe anything Facebook says correlates with the implementation of their encryption.

I want to believe it's a safe system, but as-always it comes down to trusting trust. Without accountability, it's hard to take WhatsApp or iMessage or any E2EE service at face value. E2EE leaves so many exploits on the table that I basically treat it as marketing fluff.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: