HN

E2E encrypted messaging on Instagram will no longer be supported after 8 May (help.instagram.com)
1d ago by mindracer 404 points 200 comments
avallach 1d ago
Isn't this actually improving safety by openly admitting how things always were in practice?

Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.

Truly safe e2e requires open source client provided by a trusted entity who is as much as possible independent from the one who provides the untrusted transport layer. Eg how pgp email works.

john_strinlai 1d ago
one thing to consider is how just the optics of major players using e2e was an overall benefit.

people who otherwise would have gone their entire lives without ever hearing about encryption were exposed to the term and the marketing convinced them that encryption and privacy was a valuable thing, even if they didnt fully understand the mechanisms or why e2e might not necessarily be very effective in specific circumstances.

later, when presented between option a and option b, where one has encryption and the other doesnt, they are more likely to choose the one with it ("well, if instagram and facebook use it and say it is good...")

GoblinSlayer 1d ago
And Big Brother realized this optics was a mistake.
gzread 1d ago
If someone's given the choice between say Instagram and IRC, and chooses Instagram because they heard it has E2EE, that's a loss.
john_strinlai 1d ago
perfect is the enemy of good, etc etc.

between signal and plain text, it is easier to convince friends to use signal if they see positive marketing about encryption on other popular apps they use. it is easier to convince them to encrypt their backups before uploading them to their google drive. hell, its just a good conversation starter to introduce encryption/online privacy to people that never really think about it. that type of thing.

those same friends are not going to use irc regardless. not really a loss if it was never even on the table.

inquirerGeneral 14h ago
[dead]
iamthejuan 1d ago
This happened to my girlfriend and me twice on Messenger. On two consecutive nights, we heard a male voice with an American accent speaking as if he were talking to someone else, almost like they were conducting some kind of operation. It seemed as though he suddenly realized that we could hear him, after which the voice abruptly disappeared. The following night, it happened again, but this time the voice sounded like that of an African American woman. The situation was similar to the previous night. From that night, we have not used it to communicate and used Signal instead.
browsingonly 21h ago
I work on products that feature live monitoring capabilities. There's no connection to the monitoring side's microphone (or camera) — why would there be? I'm not sure why there would be for their products.

Whatever the cause, it sure sounds like it was a strange and unnerving experience.

prox 1d ago
You mean like a voicecall on Messenger? That is creepy.
XorNot 17h ago
One time when I was in Hawaii I could swear there was a club playing dance music quite loudly somewhere a few blocks over: there was that muffled quality to it where I kept trying to pick out the song from inside my Airbnb.

Walking outside (after asking my wife if she could hear it): silence. Trees rustling, normal noises.

It was background noise. But inside the apartment that combination of different sounds was just right that it sounded like muffled music to me - but hence why I couldn't identify it, whatever was there was just me thinking I was hearing things.

Draw ones own conclusions about the relative technical plausibility of the events described by the OP (how would digital packet based audio experience a glitch which is structured as though you'd tuned into another analog radio station? It wouldn't: that doesn't happen and it isn't even a failure mode).

root_axis 1d ago
What do you imagine was going on here?
exe34 20h ago
did you check your carbon monoxide alarm batteries?
RobRivera 19h ago
I understand this reference.
mnahkies 1d ago
I don't disagree, but I think there is a distinction between "everything is e2ee, but specific conversations may be MiTM without detection" and "nothing is e2ee and can be retrospectively inspected at will" that goes a little beyond security theatre - makes it more analogous to old fashioned wiretaps in my mind.

Obviously it involves trust that it isn't actually "we say it's e2ee but actually we also MiTM every conversation"

londons_explore 2h ago
Even with closed source clients, MitMing every conversation would likely be detected by some academic soon enough - various people take memory dumps of clients etc and someone would flag it up soon enough.
JasonADrury 1h ago
>Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.

You are no more capable of spotting a deliberately concealed backdoor in a binary than in source code, there's simply no meaningful difference.

dgrin91 23h ago
One of the scary things is that not even this really works. Ignoring supply chain attacks, most people treat any client as effectively black box. When was the last time you read through the code of a messaging app? How do you know its safe? Maybe _you_ read through it, but 99% of people don't.
londons_explore 2h ago
And even if you did read through every line of code, it is super easy to hide a deliberate bug which entirely breaks encryption.

Eg. The Debian random number generator bug.

dhblumenfeld1 21h ago
wouldn't signal fall under this category (same entity control the client and server in between) but they have no way of peaking inside any envelopes?
hsbauauvhabzb 20h ago
Every e2e solution relies on trusting the application/tooling/crypto used. Open source is better than nothing, but is not a silver bullet for trust.
chis 1d ago
E2E encryption lets Meta turn down government subpoenas because they can say they truly don't have access to the unencrypted data.

I can't say I really mind this change by Meta that much overall though. Anyone who's serious about privacy probably knew better than to pick "Instagram chat" as their secure channel. And on the other hand having the chats available helps protect minors.

Synaesthesia 1d ago
It's all about trust at the end of the day. And given that it was exposed that Apple, Microsoft, Meta, Google etc all collaborated with the US government to provide surveillance (PRISM) by Edward Snowden, how we can trust them ever again?
fragmede 22h ago
Did they collaborate? Google freaked out when Snowden revealed what the NSA was doing.
Synaesthesia 15h ago
They definitely did collaborate with the NSA.
slim 12h ago
the purpose of this move is to feed your private conversations to ai
paxys 1d ago
Everyone is hypothesizing government backdoors and whatever else but to me there's a simpler and more obvious reason - AI.

Companies started pushing E2EE a few years ago because users' private messaging data used to be a liability. Now that the data can be fed into LLMs for training and inference its value has gone up significantly, and the privacy and security tradeoffs are suddenly worthwhile.

PMs across the industry are pushing product decks with "conversational AI assistants" to get their next promotion. I've been in more than one of these meetings myself. If the data is encrypted then there's no way to build this kind of stuff.

Archonical 21h ago
It's around the same time they announced their Applied AI org under Boz, which is responsible for data for Avocado/Mango/Watermelon training now. The timing certainly doesn't help.
morpheuskafka 1d ago
So apparently this was opt-in, much like Telegram's OTR chat feature, and thus completely different than WhatsApp where it has always been default. Not a good look regardless, but the few who went into chat settings for a specific person to turn this on in the first place will likely just switch to WhatsApp or another app rather than continue without it.
treesknees 1d ago
It could be a move to have parity with TikTok, where they claim it’s for safety reasons. I’ve been seeing advertisements for Instagram touting their child/teen protection features. Seems like they’re really trying to beat the allegations that Instagram is bad for children’s health.

https://news.ycombinator.com/item?id=47241817

dmix 1d ago
Protecting kids and Terrorism, always the reason why nobody is allowed to have privacy on the internet.
nunobrito 1d ago
Cars nowadays are packed with microphones and permanently connected to the internet on daily basis so that drivers can have remote assistance when the car breaks once every 5 years or so.
youknownothing 1d ago
And also so employees of said companies can spy on drivers and make fun of them: https://www.reuters.com/technology/tesla-workers-shared-sens...
stephbook 1d ago
Which just shows that consumers don't care. Tesla's camera surveillance wasn't exactly secret.
nobodyandproud 1d ago
Equating what companies get away with, as the clear signal to what consumers care about.

And billionaires and nine-day old alts wonder why they need a bunker.

Sohcahtoa82 1d ago
Customers care, but not enough to actually change purchasing patterns.
mounram 23h ago
They care, but it is not in their top priorities
Sayrus 1d ago
I keep hearing this one. But at least for EU, the eCall system requires external communication to be disabled until activated during serious accident. It cannot be used for tracking the vehicle in real-time.

Some parts of the legislation (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32...):

> 2. The personal data processed pursuant to this Regulation shall only be used for the purpose of handling the emergency situations referred to in the first subparagraph of Article 5(2).

> Manufacturers shall provide clear and comprehensive information in the owner's manual about the processing of data carried out through the 112-based eCall in-vehicle system. That information shall consist of:

> the fact that there is no constant tracking of the vehicle;

That vehicle nowadays are equipped with always-on internet and microphones is not related to remote assistance.

SV_BubbleTime 1d ago
This is such misdirection.

Your car if new enough, IS reporting its diagnostics including GPS via cell. All the time. This isn’t exactly personally identifiable so they get away with it just fine.

This is unrelated to the microphones and assistance systems.

cluckindan 1d ago
It becomes personally identifiable through correlations with other datasets.

That is the kind of thing people allow when they click accept or decline on those pesky ”we and our 195735 partners would like to…” dialogs.

Sayrus 1d ago
Which is exactly my point. Cars are reporting on you, but tying that to remote assistance is disingenuous.
nobodyandproud 1d ago
[flagged]
Sayrus 1d ago
Happy to read your thoughts, can you elaborate on this?
nunobrito 1d ago
Kindly read point number 2 slowly.

There are two definitions: a) Personal Data and b) Emergency Situations

What is an emergency situation and how can a car determine it is one? These are "smart" cars which aren't nowadays smart enough to process all your data locally, so that data is sent to servers elsewhere which process if either points a) or b) apply.

It is your choice to believe that voice data is ever deleted once acquired by governments and entities thirsty to benefit from that information.

For security experts this is just another "I told you so" within a few years.

Sayrus 4h ago
Emergency situations are defined by two situations: severe accidents and manual press of the button. Article 6 covers the data being sent, Article 5 covers the manufacturer's obligations. Your audio during the accident and your last three locations may leak, but the eCall system is not designed for a permanent phone-home system. If I remember correctly, you can't even use the eCall SIM for tracking as that'd encourage people to disable safety features.

All the things you are talking about, permanent phone-home, tracking of location, audio and video, driving habits, are tracked, sent and resold. That's what smart cars do. But it is not done through the eCall system. See it from the company perspective: why would they risk penalties for non-compliance when they can gather and resell all personal data with no risks using their own system instead of a safety one?

officeplant 1d ago
One of my favorite things about going EV is the forums tend to be full of paranoid nerds which means someone will be willing to try desoldering the cell modem off their boards to see what happens.
hackingonempty 1d ago
Also drug dealers and money launderers.

https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...

maqp 1d ago
The sad part is, Instagram is exceptionally damaging to kids for a disjoint set of reasons.
throwfaraway4 1d ago
As is social media in general. I highly recommend reading the Anxious Generation
butlike 1d ago
It's bad for EVERYONE's health. Try to limit your usage and you'll feel better. I promise you'll feel better.
jszymborski 1d ago
Protect your kids from whom? Surely not Meta, which is my main concern.
plagiarist 1d ago
It certainly is unsafe for their AI training corpus. Win / win if they can also lie about protecting children as a motivation.
PunchyHamster 1d ago
More like excuse
varispeed 1d ago
How these protections are working when I get served literal porn every couple of shorts on Instagram?
garbawarb 1d ago
When Meta starting introducing E2E messaging it was a huge push. I wonder why they're doing away with it.
gmerc 1d ago
It was for plausible deniability because of regulatory scrutiny. Regulator's dead now, so now there's no downside and only upsides to spying on your users.
dngray 1d ago
They never did this for user privacy, and yes I think you're spot on. This was just to remove liability.

Now it just costs them the data and development cost to maintain. Any remaining problems they'll throw some crappy AI moderator at to fix.

gmerc 1d ago
Not hard to be right about this when you worked there at the time ;)
mpalmer 20h ago
> no downside

That is not the view their legal department takes, I guarantee it. Congress ain't gonna keep its composition indefinitely.

infinitewars 1d ago
Palantir
john_strinlai 1d ago
i am guessing that they just dont really need to pretend to care anymore. e2e messaging was a big marketing push, not ever an ideological thing. i assume they no longer believe the marketing benefits outweigh the downsides.
varispeed 1d ago
Probably Whatsapp is next, if it isn't quietly already.
garbawarb 1d ago
I doubt it, E2E isba huge part of Whatsapp's selling point considering it's exclusively a messaging app. Instagram is primarily a social app with messaging features.
gzread 1d ago
Normal people don't choose a messaging app based on E2EE but based on whether their friends use it.
grvdrm 2h ago
"Your security code with X changed"

"What's a security code?"

deafpolygon 1d ago
> Probably Whatsapp is next, if it isn't quietly already.

And I will be pushing to remove WhatsApp if that’s the case.

paxys 1d ago
Because they realized they need the data for AI
gzread 1d ago
PR. They wanted to seem like the good guys, but they get your messages through backdoors like the automatic backup.
modeless 1d ago
You're thinking of Apple. WhatsApp backups are not stored by Meta. Apple is the company that breaks their "end-to-end" encryption by backing up the encryption keys to their own servers.
topranks 23h ago
You can opt-in to encrypting those backups so Apple have no access.
modeless 23h ago
Yes. I believe a small percentage of Apple users do this. Unfortunately that doesn't prevent Apple from reading your messages from the backups of the vast majority of people you correspond with.
gausswho 1d ago
Is this legitimate? It's so incoherent to see this blurb at the top saying it's being retired while everything underneath is pitching the value of e2e.
dcliu 1d ago
On the other hand Messenger has moved to only supporting e2ee chats, wonder why the difference.
GuB-42 1d ago
To me, Instagram is a public platform at its core, where people publish things for the whole world to see. Private messages are just a secondary feature. It is like having a conversation in a restaurant, where the guy at the next table can listen to everything, but usually doesn't. Good enough for planning a surprise party, not for truly sensitive information. Kind of like private messages in Reddit, Discord, etc... a convenient feature, but don't expect real privacy.

Messenger has a higher expectation of privacy, Facebook is more at the "group of friends" level. While Instagram is a public restaurant, Facebook is more like a house party. WhatsApp has the highest expectation of privacy as it is designed for private, often one-to-one conversations first.

ajsnigrutin 1d ago
Sure, but if you already have e2ee, it takes work to remove it... why invest the time to do that?
gzread 1d ago
It also takes work to keep it working and it may have a lot of bugs already, that are hard to fix because of it. A non-E2EE chat app is very easy to make.
paxys 1d ago
WhatsApp and Messenger are pure messaging apps. For Instagram, DMs are just a tiny part of the overall experience.
everdrive 1d ago
There's a general trend right now against privacy and in a more general sense against freedom. More and more companies are on board with it. I'm not sure if anyone in HN has any useful advice in this regard. I feel like I don't know what to do about the internet for the next 5-10 years. Does this particular measure matter very much? No, but it's another brick in the wall.
Spooky23 1d ago
The US is building out the infrastructure for a police state. The people who control the consolidated tech platforms are either spearheading or collaborating with that process. Privacy as a concept isn't even in the cards.

You need to be prepared to avoid saying naughty things on the internet. Otherwise, perhaps someone will figure out that you great-great grandfather didn't sign in the right spot in 1897 and you're presence in the United States is void, retroactive to your birth. Off to El Salvador with you, enemy of the people.

rurp 1d ago
Just want to clarify that "naughty" doesn't at all mean "bad" or "immoral". It means "Anything any current ot future regime will dislike"
wolttam 1d ago
Pretty safe to say that you pointing that out counts as naughty.

And so does my response to your comment.

But I do wonder if self-censure is really the best strategy.

query_demotion 1d ago
>The US is building out the infrastructure for a police state.

Take the Utah Data Center (https://en.wikipedia.org/wiki/Utah_Data_Center), combine it with the Disposition Matrix (https://en.wikipedia.org/wiki/Disposition_Matrix), informally known as a kill list for even US citizens, and it does seem like you're getting a Police State!

hypeatei 1d ago
A lot of our current privacy and liberty woes were exacerbated by 9/11. Can you imagine a Church Committee in 2026? Me neither.

Three letter agencies have way too much power and they've shaped our culture+laws for the worse. Osama Bin Laden has done way more damage to American citizens' lives than he could've ever dreamed of.

Spooky23 1d ago
By design.

Just like the KGB and Putin's minions, Bin Laden correctly saw fault lines and weaknesses in the US an exploited them. He did what he did with a long-range context in mind. The "three letter agencies" were neutered in the 90s as part of the peace dividend which is why he was successful. The Russians used "active measures" with intelligence in the US 2016 among other times and Bin Laden chose terrorist violence. The Russian misinformation strategy is tried and true and corporate actors now use it successfully as well.

The whole thing sucks. This Iran adventure lays the vulnerability of the US military machine pretty bare. More, escalated conflict is probably in the world's future for decades to come.

query_demotion 23h ago
This wasn't by design. Obama had options. He campaigned against mass surveillance but flip-flopped once in office, installing the very surveillance levers he criticized. “No more secrecy,” he said. “That is a commitment that I make to you.”[1] If his only option was to install these surveillance levers, then I guess American democracy is just a lost cause.

[1] https://www.pbs.org/wgbh/frontline/article/obama-on-mass-gov...

mc32 1d ago
It feels to me Europe and the UK, in the western world, are further ahead on the legal road to surveillance than the US.
Sohcahtoa82 1d ago
Someone pointed out something to me and it's really struck a chord with me.

In the USA, we hate the government collecting information on us, but shrug our shoulders when corporations do it.

In Europe, it's the exact opposite. They created GDPR to restrict how corporations collect and share data about you, but they shrug their shoulders at government doing it.

Obviously, this is incredibly reductive and over-simplified, but the general idea of it feels pretty true.

toxik 1d ago
Sorry, this is just not true. Stasi was a government agency, and it was from this kind of thing that European privacy advocacy sprung up.
ls612 1d ago
[flagged]
mikepurvis 1d ago
Sure, but I think the point of this thread was (or should be) what can be done in the US to resist this. There's a lot of things the US resists doing because voters who never traveled outside of it can be convinced that what it is as implemented elsewhere is somehow flawed or worse than the status quo.

You see this exact pattern with real health care, common sense gun laws, investment in mass transportation, probably more that I'm not thinking of.

mp05 1d ago
> Sure, but I think the point of this thread was (or should be) what can be done in the US to resist this.

I read that as "we're not going to sit with the uncomfortable implication that the places being held up as policy exemplars are also the places criminalizing speech."

gzread 1d ago
What differentiates correct politics from incorrect politics?
messe 1d ago
Who's we?
caconym_ 1d ago
> I'm not sure if anyone in HN has any useful advice in this regard.

Self host. It's still possible to buy computer hardware and install FOSS replacements for most/all of the services you need, and plumb it all through to your mobile devices using wireguard/tailscale. If you're behind a CGNAT you can proxy it through a cheap VPS that won't fuck you on bandwidth costs. Thanks to Proxmox, I probably have better uptime on my services than e.g. Github these days.

When it becomes impossible to get open PC hardware, I don't know. I like to think I will just stop using the internet for anything besides the bare minimum NPC type activities that are required to engage with the institutions of society.

abnercoimbre 1d ago
If you don't know where to start check out the Linux Prepper [0] podcast. (I'm not affiliated, just a listener who enjoys the show.)

[0] https://podcast.james.network/@linuxprepper/episodes

aavci 1d ago
I wonder if promoting open-source tooling and best practices could make it easier for new apps to adopt security features like E2E encryption. For example, someone building a chat app might not add E2E encryption unless they have access to user-friendly tools and are encouraged to do so.

Startups that initially choose the more private implementation version often face a disadvantage. They may not see immediate benefits and instead experience drawbacks, such as caring a bit more than their competitors. For example, an AI plugin using local large language models for privacy might not be rewarded as much as a competitor who fully embraces cloud-based solutions.

starkparker 1d ago
That's all fine and good but this is Meta removing an existing implementation. How would you stop decisions like that?
reactordev 1d ago
If you’re a good boy then you have nothing to hide right? Not even your passwords…
john_strinlai 1d ago
unfortunately, since the messaging/trend isnt "we are against privacy" (it is "we are protecting children, which reluctantly means we all have to sacrifice a wee bit of privacy"), it is really hard to fight back without being labelled as someone who is against protecting children.

but the advice is basically the same as it always has been:

- talk to your friends and family about it. do it with passion, but without hyperbole or conspiracy or aggression. any person you can convince to care is a win. organize with like-minded people.

- talk to your representatives in government. vote for representatives that are pro-privacy (when possible). convince your like-minded friends and family to do the same.

- to the greatest extent possible, dont purchase/use products/services which are facilitating the trend. (but, you also need to be realistic or you will burn out! and that is a bigger loss overall).

- if you are a decision-maker at work, or have any sort of input, leverage it as best as you can to make pro-privacy business decisions. however, similar to the above point, recognize that you still need to be realistic and dont get yourself fired arguing some decision. it is better to make 1,000 nudges in the right direction than it is to be fired/burn out trying to make 1 big nudge.

- support organizations that align with your beliefs. this can be monetarily, or by volunteering, or by spreading awareness of the organization itself. for example, many people have never heard of the electronic frontier foundation and have no idea what they do. lots of people dont know of the ACLU either (or, maybe they have heard the name, but dont know what they do or why it matters).

trinsic2 1d ago
>unfortunately, since the messaging/trend isnt "we are against privacy" (it is "we are protecting children, which reluctantly means we all have to sacrifice a wee bit of privacy"), it is really hard to fight back without being labelled as someone who is against protecting children.

That's not what I am seeing on the ground. Many discord users I have seen talk about this issue frame this as an attack on freedom and privacy by hiding it behind the same narrative that has been used so many times before of protecting children. You can only push fake narratives so far until people start getting the message that people are hiding nefarious attacks on society behind fake movements.

john_strinlai 1d ago
>Many discord users I have seen talk about this issue frame this as an attack on freedom

good! ideally, someone is helping them organize and action those thoughts and feelings outside of whatever discord channel you are in.

i am referring to how it is being framed by the people pushing the agenda. age verification laws (as an easy example) arent being advertised as "we want to spy on you", they are being advertised as "this will protect children from harms".

talk to debbie in accounting instead of babmorley420 in discord, and ask her opinion. she is not likely to frame it as an attack on privacy/freedom. she is likely to frame it as a necessary sacrifice for the greater good. and her opinion also matters, she also votes. we need to convince the debbies of the world -- they outnumber the babmorley420s

trinsic2 1d ago
Agreed. What I meant to say is at least the younger generation are starting to see past this smoke screen more so now than maybe 20 years ago.
int_19h 17h ago
Now if only they actually went out and voted...
john_strinlai 1d ago
that is very refreshing to hear.

i teach tech in college and just earlier today made a post about how i am not seeing the same when i compare my current students to students 5, 10, or 15 years ago. i hope that i am the one in the bubble.

trinsic2 14h ago
I'm part of a community around the stop killing games initiative. So maybe it's a bit slanted because most might be pc gamers (technically inclined). But it's a pretty big movement on this front and most of them see right through this. A lot of them don't like what discord is doing. Whether or not they'll put there money where there mouth is is another matter.
Cider9986 1d ago
You could try becoming a privacy advocate. https://www.privacyguides.org/en/activism/
j_bizzle 1d ago
I’m truly on the fence about all of this.

On one hand, I think a lot of the larger issues and divisions we’ve seen in society over the last 20 years are a direct result of our primary means of communication, entertainment and information being one that allows such ease of impersonation. While most of us here understand just how much Internet content is created with influence as a goal, and the posted by accounts with false identities, a majority of people still don’t. (And many who do don’t understand just how prevalent it is). I also think that sadly we’ve demonstrated that when people feel they are anonymous and beyond consequence, they’re willing to say and advocate for some terrible things which they might otherwise not have, and seeing others say those things reinforces their willingness to say and do them. If social media and internet norms of today had held the original Facebook model of requiring verification of your actual identity (back in the day .edu email days), I truly think we would live in a much different and in many ways better world.

On the other hand, I fully acknowledge that many of the people pushing for the removal of privacy and encryption are not doing so for altruistic reasons, but so that they have a more data to mine and monetize, or have the ability to monitor to a frightening degree, and that these tools once available will be available to any regime or government, so even if the ones currently pushing do have naively good intentions, the next ones very well may not.

But, I also struggle with the knowledge that for sophisticated parties, the privacy that most people think they have is a sham to begin with. There are already many tools available to piece together information sources and build a horrifyingly complex and accurate picture of individuals activities and identities. So I wonder if the illusion of privacy isn’t worse than the public at least being forced to confront the fact that they have none in the first place, and therefore being able to truly see and address the issue, while the security minded and technical individuals will always find a way obfuscate their identity and activity, just as they always have.

nemomarx 1d ago
Facebook accounts today still have identity verification (they often ask for scans of IDs, etc) and yet it doesn't seem to result in a noticeably improved discourse there compared to say, Twitter before Musks takeover. I don't think anonymity actually changes discourse that much.
everdrive 1d ago
In my opinion anonymity is a great red herring. The worst offenders on the internet have verified accounts and are public figures. The problem is algorithmic content, prioritizing for engagement and outrage, and then connecting _everyone_. We had what was effectively anonymity in the 90s, but really had NONE of the crazy society-breaking extremism we see now. Getting rid of anonymity will really do NOTHING to halt the march of internet-fueled extremism.
abnercoimbre 1d ago
Everything is a sliding scale. There would be improvement from verified identities (and doing so through a zero-trust network is feasible.) I agree the worst actors wouldn't care at all, and in that case we address the algorithmic amplification problem.
salawat 1d ago
This. People don't recognize that a tech company with an algorithmic feed is indistinguishable from a public awareness filter. It allows a couple hundred to 1000's of people to set the Overton window of millions/billions. When we actually didn't go algorithmic and went off more natural filtering (geographic, chronological, scope/impact based), it was a modality that one would be hard pressed to even find a schoolchild that couldn't end up being able to meaningfully navigate the space with due training. This is, of course, exactly why monied individuals foam at owning any of the few consolidated media outlets/tech companies. Societal scale leverage on the machine of public awareness.
wslh 1d ago
I sometimes feel a bit weird about this. In the 90s it felt like "we" won the crypto wars: PGP, the fight over export controls, the Clipper Chip, etc. There was a strong sense that privacy and strong crypto had become settled questions.
fsflover 1d ago
> I feel like I don't know what to do about the internet for the next 5-10 years.

Switch to decentralized, e2ee alternatives, support https://eff.org

trinsic2 1d ago
I feel like e2ee on phones with OSes from the big two is a lost cause. I'll bet this is the year where open hardware/bios starts getting more popular, hopefully. So we can have open hardware/software.
sisve 1d ago
Even with e/os/ or another u De-googled version of android?

Not directly to you but in general: I do not think (most) of Europe is going the same direction as US. I actually see a lot of hope in response to EU leaders about digital infrastructure, communication & security. we have started to stop realing on America, but it will take 10-20 years before you see the entire crash trump made

trinsic2 14h ago
Yea sorry I was speaking from the U.S. perspective. But still Europe is still involved in certain things like age gating. That is a clear sign that there are some entrenched interests that want to erode privacy on that front. I hope that moving away from U.S. corps for communication services happens. We (U.S.) really need a kick in the pants. I feel like there is authoritarian agendas everywhere now though.
gzread 1d ago
Is Google snooping your SimpleX chats?
fsflover 9h ago
We don't know. They seem to have this capability though.
fsflover 1d ago
GNU/Linux phones already exist. See: Librem 5 and Pinephone.
vova_hn2 1d ago
I find it really off putting, how weak is their hardware, compared to a normal Android phone in a similar price range.
fsflover 1d ago
Weak hardware can work quite well with optimized and non-bloated software (which doesn't constantly phone home). For example, maps and Youtube work smoothly on Pinephone with SXMo. See also: https://puri.sm/posts/the-danger-of-focusing-on-specs/.
vova_hn2 1d ago
I hope so, but I just don't understand what exactly causes such massive price difference.

Is it because this kind of phones are a very niche product so they can't benefit from the economy of scale?

Maybe android phone manufacturers can get better deals from chip manufacturers because they buy chips in large quantities?

fragmede 21h ago
Yes exactly that. The weak hardware at those prices are the best they can afford. The economy of scale that they can afford let's them charge that little for flagship phone and still makes money. People won't put their money where their mouths are, we're all too cheap to pay what things are really worth.
trinsic2 14h ago
It's not just this but there are also devices that can be sold artificially cheaper because advertisers are the real customers
fsflover 1d ago
Niche product, non-standard components, strict requirements of free drivers with GNU/Linux support: https://puri.sm/posts/breaking-ground/
subscribed 1d ago
If you like privacy without security then yeah .
fsflover 1d ago
There is no security in a vacuum. Security depends on your threat model. I use Firefox with NoScript and never run untrusted apps on my Librem 5.
peyton 1d ago
As a California resident I request to download my personal data from every service I can, and I’m constantly surprised. We each have scores for all kinds of things. The local power company keeps a “Green Ideology” score on me.
newsoftheday 1d ago
When I see the word "score", it reminds me of the CCP social scoring system.
scarecrowbob 1d ago
Weird... when I see something done by US-Based capitalist and attributed to communists half a world away, it makes me think of the Powell Memo.
newsoftheday 1d ago
That is weird, the US didn't ask the CCP to invent social scoring.
scarecrowbob 18h ago
I mean -also- weird to claim that the CCP invented scoring folks, but even if they did, it'd be hella weird to think that somehow they helped a US local power company implement it...

Look, I get that "CCP Bad". It's just always wild to see folks try and make that case when something has literally nothing to do with it, especially while there are plenty of pretty horrific and material mechanisms in play without pretending that the big-O Other is to blame.

johnisgood 1d ago
It makes me curious what other scores (I would call them labels) there are.
wiether 1d ago
How is that even legal?
natch 1d ago
This is in the US. It’s a free country. Things are legal by default (that’s a good thing) until the system notices them and makes a law.

Having seen how things work where freedom is not the default, I much prefer freedom.

stackskipton 1d ago
Because it's not illegal. Most data privacy laws just require that user can see data collected about them and prevent sale of said data in optout fashion.

There are rarely laws around preventing collection of said data or using said data for some new service.

wiether 1d ago
But it's not any data, it's political orientation data!

Sometimes people talk about GDPR being only the cookie banner, but thanks to it, its forbidden to collect that kind of data.

https://gdpr-info.eu/art-9-gdpr/

knowitnone3 1d ago
[dead]
dheera 1d ago
How do they know your ideology? Are they scraping your social media or running sentiment analysis on your customer service chats?
_djo_ 1d ago
It’s likely some customer segmentation label generated through PCA or some other clustering approach.

The qualifying criteria is probably just having picked an offer for renewable-sourced energy in the past, indicating that it has some importance to you. So you will be given more green energy offers in future.

Every company segments its customer base this way for marketing. Sometimes it’s even useful.

dheera 32m ago
I see... so maybe I should use PCA to give them the most uncorrelated response to all of their clusters as possible just to mess with them.
cucumber3732842 1d ago
They probably don't care. It's probably a mostly BS number. But they probably have to have it and have it at least look like they're trying to be serious about generating it in order to qualify for preferential treatment on some sort of permitting or write off some class of investment in a slightly better way at tax time or something.

I'm not sure if this is better or worse than them doing it because they believe in it.

dheera 1d ago
E2EE on Instagram was never real, trustable E2EE. No open-source client, no way to verify that private key is never sent to server, and encryption of a key with a low-entropy PIN is effectively plaintext.
add-sub-mul-div 1d ago
You're on a site with a surprisingly high amount of support among commenters for trading privacy and freedom for convenience and comfort where it aligns with their religion/other biases or desired consumer experiences. I don't know if this the best place to ask for advice.
pjc50 1d ago
I'm not sure people realize that HN is already at the most libertarian end, and all the discourse spaces which are much closer to actual power and legislation are much less pro-privacy.
davorak 1d ago
Historically, like 10-20 years ago, libertarian would be staunchly pro privacy. Is this no longer the case? If libertarians have dropped this stance, since it is so close to what was the core beliefs, I really have no mental model of the philosophy/politics for libertarians any more.

Any primer/link on what current libertarians believe is welcome.

natch 1d ago
It’s possible to want something without wanting to live in a system where there is a nanny to enforce that thing. Other means of enforcement exist, such as free markets.
pjc50 1d ago
Yes, but there's really not very many libertarians left who haven't cast their lot in for Republican support, resulting in the present situation. Not that there were many to begin with.
scarecrowbob 1d ago
You might find it useful to distinguish between right and left libertarians.

All my anarchist (left libertarian) friends are pretty consistently opposed to state and corporate surveillance. There is plenty of theory in a canon of literature that goes back to the mid 19th century, even as there are many subgroups and spurs off that general line of thought all with their own sets of (usually somewhat) consistent lines.

If you want something short and brutal, I am a fan of "Desert" by anonymous, but "A Utopia of Rules" by David Graeber is not a bad thing to read and probably closer to a popular line. Or the CIA-Coded Yale academic James Scott has a lot to say, "Two Cheers for Anarchism" and "Seeing Like a State" both seem to have influenced a lot of people.

Historically "right libertarians" (the US Libertarian political party, for instance) have been, uh, "less consistent" in their thinking, so you might have a hard time finding anything that looks like a "philosophy" in that branch of "thought". Plenty of goofy-ass ideas, but little consistency except a strange ability to begrudgingly conform to GOP politics at the end of the day.

iamnothere 1d ago
Reddit seems to have drifted back to more libertarian than HN on privacy issues. At least in technical subreddits. Not sure why that is, perhaps there are more users here whose salaries are tied to surveillance.
dfxm12 1d ago
In this specific case you can avoid Meta. In general, if you're in the US, you probably have a primary election coming up soon and certainly have a general election in November. Ask your politicians what their thoughts are on these topics and make an informed vote. Continue to pressure the incumbents as well.
ls612 1d ago
It's depressing to think that after the abuses people suffered during the lockdowns the response has been to embrace authoritarianism even more. It makes me fear how far this could go before people realize how bad it is.

Fundamentally I think that liberal democracy won't be able to survive compute, communication, and storage being cheap, combined with asymmetric encryption. I really think there should be an article illustrating just how much that last one is fundamental to making the apparatus of control cheap and effective in a way that 20th century regimes could only dream of.

Larrikin 1d ago
What abuses?
krystalgamer 1d ago
i don't understand this doomer mentality regarding the internet.

internet is a service that you choose what to engage and how. don't like a platform? find another, build it or stop using it altogether.

personally, i find these things really great has it helps nudge people into the more decentralized web. a few years ago those who were pushing for privacy respecting apps and platforms were deemed too paranoid.

ultratalk 1d ago
Network effects will keep a person on a platform until a critical mass of their social circle decide to leave all at once. I'm no expert, but I suspect that that critical mass is pretty high, maybe more than 50% of a person's circle. So it's not exactly vanilla free-market competition. Entrenched players have a pretty big advantage.
happosai 1d ago
Ah Network effect, That's why we all are still using Skype, microsoft messenger and ICQ.

You don't have to wait for everyone to switch, in fact it's pretty normal to reach different people on different chats.

https://xkcd.com/1810/

ultratalk 15h ago
Well, maybe it was normal ~10 years ago, when that comic was published, but is now getting rarer and rarer, as each new generation consolidates itself on a single platform.
krystalgamer 1d ago
what does your social circle being on Instagram bring to you? seriously, this picture-sharing app has evolved into this content spread machine that brings very little value.
ultratalk 1d ago
When most of your social circle exists on one platform, you tend to use that platform less for its specific features, and more because of the fact that all your friends are there. I don't personally use Instagram, and this is anecdotal information, but I know a lot of people who only use Instagram to see what their friends and family are up to, and to watch the occasional reel.

But you're absolutely right about Instagram's evolution. It's crazy.

krystalgamer 1d ago
this is a very 21st century thing, the ability to know what everyone is doing at any time. extremely voyeuristic too.

the only social circle that truly matters is the geographically close one. no amount of E2EE or fancy chat app will replace being physically present.

tredre3 1d ago
First you said that people should use decentralized platforms. Now you acknowledge that there's nobody of value on those platforms so now you say people should stop wanting to connect in the first place.

I mean, okay? Next time just say social media is a cancer, and don't waste our time moving goal posts.

krystalgamer 18h ago
> that there's nobody of value on those platforms so now you say people should stop wanting to connect in the first place

that's exactly what i said and not a figment of your imagination.

if your social circle mostly exists on instagram like the person that i was replying to mentioned :), then you have no social life. any of these platforms is just an add-on to real social interaction. prioritize the real thing and the platform stops mattering.

> social media is a cancer

it isn't but your comment is.

Schlagbohrer 1d ago
Many people make their livings from these platforms. They cant leave without abandoning most of their income stream.
krystalgamer 1d ago
find a different employer? what kind of argument is that.
Papazsazsa 1d ago
Socials are caught in the innovator's dilemma.

Given the dependence our society now has on the internet, it's bonkers to me that more VCs aren't rethinking their investment strategy. Privacy is not some niche concern anymore, check out the response to Flock for example.

Cider9986 1d ago
Some are. See simplex.chat, anytype.io.
mvrckhckr 1d ago
The only reason I can think of for this change is governmental pressure. I don’t see how it benefits the platform itself (nor its users).
arlort 1d ago
I can think of a few reasons why a company built on profiling (and advertising to) user interests might be interested in the private conversations of their users
mvrckhckr 5h ago
In that case, why introduce the feature in the first place?
paxys 1d ago
There is a product reason - AI features are fundamentally incompatible with E2EE. If they want to bring more AI generated experiences and content into Instagram then the data needs to be accessible by them.
mvrckhckr 5h ago
That's an interesting angle. I'm not sure I see the direct connection, but it can be a user choice.
gzread 1d ago
I can think of some. Less code complexity to support a feature that didn't work properly and nobody was using? More ability to detect spam?
mvrckhckr 1h ago
Wasn't it automatically used when it was implemented?
methuselah_in 1d ago
It feels like it's time to move to lemon writing over paper on normal post. Only way you can no talk freely.
quectophoton 21h ago
Except instead of sending through post offices, it'd probably be through "runners" like on Mirror's Edge.
jbverschoor 23h ago
Just make it an OS feature. There’s no need for the application to know the exact contents. Other than search, but for most messaging and other apps the device can easily do indexing

Textbox with attribute ”encrypted”. Keys in the enclave/keychain.

kevincloudsec 1d ago
the timeline for all of this is not a coincidence. meta spent millions lobbying for age verification laws that require content scanning. hard to scan content that's encrypted.
jonathantf2 1d ago
This feature has never been available to me- it just threw an error each time. Wonder how far it actually got rolled out?
Bender 1d ago
Never rely on a platform used by the masses to perform E2EE. It is far too easy to strip away E2EE for targeted users without their knowledge as they maintain the server and client code. This advise is to protect from corporations gobbling up and ultimately leaking sensitive data. Spooks can target the device itself via debug access for nation state level threats.

Consider instead using a code word or phrase to move sensitive conversations to something self hosted such as jabber using OMEMO XEP-0384 and XEP-0373 OpenPGP for XMPP and SASL SCRAM. OMEMO is an implementation of the Signal protocol on top of the XMPP protocol.

e.g. "_Expletive_! I stubbed my toe!" other-person: "lol geezer watch where you are walking." conversation quietly and temporarily moves to the pre-shared self-hosted Jabber server. Temporarily because going dark can draw attention. Feed the big chat platform boring garbage and misdirection.

impossiblefork 1d ago
People catch the spooks and their exploits all the time though.

It is possible to defend against them. Maybe not on your phone though.

Bender 1d ago
Agreed. I just mentioned that for the spooks who don't like I am suggesting moving sensitive conversations elsewhere using basic opsec. I assume the farm recruits on HN are probably just as concerned about AI taking their jobs. Surely someone has bought AI a coffee unprompted by now, maybe even flirted with the AI.
impossiblefork 1d ago
I don't quite understand your comment. I also disagree with some implications of the final bit of your first comment: encryption is obviously basic privacy, but the interesting bit is who you're talking to.

So having a signal for switching mediums is something that I feel indicates thinking in the wrong direction.

Bender 1d ago
So having a signal for switching mediums is something that I feel indicates thinking in the wrong direction.

It's not for everyone. I grew up with code phrases. My mom knew that if I said "I love you" to send in the cavalry. We had similar processes in the military. If I answered the phone a particular way they knew the remote site was under siege.

impossiblefork 1d ago
That's an okay use, but in that use you're not attempting to achieving privacy.

Everyone knows you talk to your parents, but code phrases are not a way to get privacy.

Bender 1d ago
It's not for privacy in the way you may be thinking. This was long before cell phones or the internet existed and the conversation would have been over the rotary phone and it is assumed someone is in the house with me that should not be. Goal being police have authorization to kick down the door and assist the person or people that are nutritionally deficient in lead.
Zak 1d ago
Unless you're actually a spy, there's no reason to do this. Just use your secure solution all the time with those conversation partners who are willing to use it.
Bender 1d ago
Unless you're actually a spy, there's no reason to do this. Just use your secure solution all the time with those conversation partners who are willing to use it.

Fundamentally I agree with you but people will stay on the platforms where their friends are. To change that the platform would have to do something really bad such as forcing age checks and even then I think many will just put up with it to stay connected to their friends.

CrzyLngPwd 1d ago
Did they give a reason why are they doing this?
alex1138 1d ago
I don't use IG although they dearly want me to, giving me a popup every time I visit, but let me talk about FB for a second (and btw FB wanted to enable cross-platform messaging on the platforms they own - Meta - which seems anti-trust-y) - when they introduced encryption on FB, they made it mandatory. They opted everyone in, and it broke Messenger. If you delete cookies you might also delete messages. Isn't that convenient?
villgax 1d ago
just waiting on whatsapp to rug pull as well & then bye bye privacy & meta from my life
dylan604 1d ago
Wouldn't bye bye meta be hello privacy into your life?
some_furry 1d ago
I wonder if this is the start of a trend or just a one-off?
odo1242 1d ago
Probably a one off? Instagram’s e2ee was opt-in from the start- and meanwhile Facebook Messenger is now “e2ee for everyone” and none of this is affecting the main e2ee messaging apps people use - WhatsApp, Signal, and iMessage
nunobrito 1d ago
TikTok replied recently it wouldn't encrypt its messages either, citing user security as reason.
EmbarrassedHelp 1d ago
In a sane world, removing E2E encrypted messaging would be worthy of huge fines.
j45 1d ago
This could obviously tie to sending you more ads.

It could also tag people communicating about topics ig chat that it is actively suppressing.

They may be looking for an uproar to reverse the policy as so far, it's just words.

yobid20 1d ago
because they want to read your messages for training ai and for advertising
gitaarik 13h ago
And maybe to also have a better relationship with the government?
zipping1549 1d ago
We all know what this means.
MMTlover 1d ago
Use this https://www.ricochetrefresh.net/ Chat and file transfer over tor
maxalbarello 1d ago
[dead]
emsign 1d ago
[flagged]
apopapo 1d ago
It's not only the united states of America. These tyrannical views have been brewing everywhere for years, and there was not enough public counter-narrative to these ideologies.
krystalgamer 1d ago
because everyone is forced to use Instagram messaging, right?
chromic04850 1d ago
[dead]
arunc 1d ago
Wait, people trust communication via Instagram thinking they are secure?
blitzar 1d ago
Facebook were at both ends, the encryption was between the ends.
arunc 22h ago
Ah, OK. I was never an Facebook/Instagram user, so thanks for explaining that.