Hacker News new | past | comments | ask | show | jobs | submit login

so you can report a message thread to fb for abuse and then contractors check the messages to verify for said abuse.

how is this news? it's the equivalent of taking a screenshot of a whatsapp thread and reporting that, doesn't affect e2e encrpytion in any way.




If someone other than sender or recipient can read messages -- it's not E2E.


I think you're grasping the wrong end of the stick.

If someone reports you, they (the people receiving the report) will be able to read the messages. This is the same if you use iMessage, Signal or any other system. (ie you take your phone to the police and show them the messages, they will see your messages, obviously.)

The key difference is that facebook has a button to report the message to them.


The recipients can do whatever they want.

Facebook is not a recipient and therefore should not be able to read e2e messages (that are not directed to them)

Edit: I just read that the reporting process includes sending unencrypted messages to WA as part of the report. So indeed the whole story is moot.


Technically the communication between both ends is encrypted. What each end does with the unencrypted content is out of the scope of E2E encryption.


By your logic signal is not e2e because I can copy a message from a friend and post it here.


e2e is only as secure as either of your e's


If you have access to the message, you can do whatever you want with it. There is no way around that. End-to-end encryption is like a mathematically sealed envelop and only prevents seeing the message in transit. What sender or receiver choose to do is always up to them.


Actual problem is that you can't (must / should not) write your own client and control your keys).


If the recipient then sends those messages to the cops, that doesn't mean it's not E2E.

Of course there's a bit of a sliding scale here. If the recipient automatically and unknowingly sends all past messages to the cops when they try to report a single abusive message, it's not E2E but it sure is a back door. It's not clear from the article just how much history is sent with each report.


But why are we desensitized to move on with life and letting a company lie about what their product offers? Isn’t there a law somewhere about fake claims? I’m sure it’s somewhere in the policies but if a bread company said they were gluten free and they weren’t, they would be in deep shit no?


Because it doesn't sound like a lie to me? They're saying "we don't read your messages - unless you explicitly send us a copy".


I'm not a proponent of many of the practices Facebook regularly engages in but this, as described, is quite harmless. I'm not sure what the purpose of this article is other than to try and paint a false narrative.

Are people really unaware that encryption doesn't limit the information they send to only ever be viewed by the intended recipient? That's not how and never has been how encryption works, it's not a mission impossible letter that self destructs.

The point of E2E encryption is that you trust a recipient and don't trust the medium data is sent through to the recipient. Once the recipient has the information, how well you assessed your trust in the recipient is what matters regarding the security of the information you sent. Nothing has ever prevented the recipient from breaking that trust and sharing information sent to them.

There are of course ways of reducing access to the recipient of the information through a specific technology (view once, time expirations, "self destruction", highly controlled viewing areas, etc), making it more difficult for the recipient to "proove" you sent the information and show the information relying more on the recipients word, but even that has never been that secure (Snapchat is a simple example of such).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: