the sad reality of the encryption debate is that after 30 years it is finally over: dead at the hands of Facebook. If the company’s new on-device content moderation succeeds it will usher in the end of consumer end-to-end encryption and create a framework for governments to outsource their mass surveillance directly to social media companies, completely bypassing encryption.
In the end, encryption’s days are numbered and the world has Facebook to thank.
July 26, 2019
The Encryption Debate Is Over – Dead At The Hands Of Facebook
[Via email from Chet who referred me to Slashdot, which linked to Bruce Schneier, who linked to the article quoted above.
The article says WhatsApp will be, or perhaps already has been, compromised by Facebook. Moving to Signal is probably warranted but that is no guarantee of security. Furthermore, I think blaming Facebook for this is a little unfair.
Back when I was working for Pacific Northwest National Labs I suggested the government could add code to whatever O/S a particular set of terrorists were fond of using and then “upgrade” their phone to send duplicate copies of messages, phone calls, and even record conversations when the phone was believed to be “asleep”. To the best of my knowledge the suggestion went nowhere. But that doesn’t mean I was just very late to the game and there was no need to tell me it had already been done.
Similar things can be done to your Windows and/or Apple devices. You upgrade your computers and other communications devices all the time to guard against security vulnerabilities. But how do you know you aren’t also installing a custom version of the O/S dictated to Apple, Google, and/or Microsoft, by government spies?
If you want communication security you will need to make sure your O/S is secure as well as the applications and the channels it transmits over. It’s not an easy thing to ensure.—Joe]