Meta’s biggest encryption message error is its promise

Since the 1990s, Governments around the world often use child welfare as an excuse for the excessive expansion of various Internet policies: encryption backdoors, centralized censorship mechanisms, and anti-anonymity measures.Therefore, when Meta faced pressure from the government and NGOs, it announced its decision last week Delay the rollout of end-to-end encryption It is understandable that privacy advocates feel uneasy and suspicious about messaging systems such as Instagram DM and Messenger (for reasons cited for child safety). But as someone who previously worked on safety and security at Facebook, I don’t think the delay is an arbitrary political decision. Concerns about the safety of young users are real, and problems are widespread, especially in social systems as complex as Meta.

Although it may be frustrating, the company’s delay may be reasonable.Some form End-to-end encryption It should be open to everyone to protect the right to private communications and prevent government intrusions. But end-to-end encryption is not just a problem or technology-it is a series of broad policy decisions and use cases with high-risk consequences. Therefore, creating a suitable environment for its use is a complex task. The requirements for end-to-end encryption and the conditions required for security implementation vary from platform to platform. Applications such as Facebook and Instagram still need to undergo major changes before being introduced without affecting functionality or introducing security risks. Meta’s biggest mistake is not the recent delay, but the schedule, and maybe even the result of its promise.

Back then-Facebook first Announcing a timetable for implementing interoperable end-to-end encryption in all of its assets in 2019, Its direct infeasibility very clear. The proposed timetable is so fast that even the production technology itself is almost impossible, and safety mechanisms are hardly involved.Systems like WhatsApp already have end-to-end encryption and Content forgotten A mechanism to detect a certain hazard, and assume that this can easily be translated into other Facebook attributes.

However, apps and websites like Facebook and Instagram are very different from WhatsApp in terms of architecture and dynamics. Both implement direct messaging with systems that try to proactively connect you to people. These systems are derived from reading a user’s phone book, using algorithms to determine similar accounts based on location, interests and friends, and general online activity. In the case of Facebook, large public or private groups can also help expand a person’s social graph, as well as global search of all accounts and grouping of institutions such as schools. Although apps such as WhatsApp and Signal are more like private direct messaging between known contacts, the growth-oriented design of Facebook and Instagram makes it easier for abusers to find new victims, accidental exposure of identities and relationships, and a large number of A situation where strangers are mixed together.

These fundamental differences mean that before Meta can safely switch all of its platforms to end-to-end encryption, some major changes must be made to its applications. First, the company must improve its existing content ignorance harm reduction mechanism. This involves using social graphs to detect users who are trying to quickly expand their network or targeting certain demographic data (for example, people with specific claims or inferred ages), and discover other potentially problematic patterns in the metadata. These mechanisms can work in conjunction with user reporting options and active messaging to provide users with safe messages, informing them of the options for reporting abuse, and an effective reporting process that enables them to report to the platform operator. Although these types of features are beneficial with or without end-to-end encryption, they become more important when the ability to inspect content is removed.

Source link

Leave a Reply

Your email address will not be published.