One Week, Three Stories About Meta, Encryption, & Age Verification, and Why I’m Not Worried About (This Aspect of) Meta
“Meta ends End-to-End Encryption for Instagram DMs!”
“Meta lobbies for Age Verification in App Stores!”
“Moxie Marlinspike partners with Meta to build E2EE for AI Chats!”
The first story is a cause for mild disappointment & reflection, not outrage. The second is common sense for anyone who cares about privacy. The third should be celebrated. Here’s why:
Who am I? I’m a full time stay at home dad who has no axe to grind any more, but here are my relevant bona fides:
1. Ending E2EE for Instagram Direct Messages
In 2013-16 I worked for Facebook and amongst other projects I led the team which delivered the first version of end-to-end encryption (E2EE) for Facebook messenger.
I subsequently quit the company because of exhaustion and attempts to please the Chinese Government and enter China.
In 2019 Meta announced that they were intending to E2EE absolutely all of their messenger backends by default, which immediately led to digital rights civil society declaring this to be an evil ploy to reinforce monopoly power and to prevent Instagram being divested from Facebook via the FTC.
For some reason digital rights civil society has a tendency to be a turkey always voting for Christmas, because the announcement at the time was literally what we (including myself) had spent the previous 25 years screaming for everyone to do.
Now, Meta have controversially given up on some of that, and (worse) rather than manage the narrative properly they just posted about it on their support page.
Facts are starting to leak out:
- the feature was opt-in, which is suboptimal but given what happened shortly (“…but the FTC!“) after the announcement, I’m not surprised that it didn’t get entrenched
- only about 20,000 chats had enabled it (out of billions) because hardly anyone knew it was available as a feature
- cryptography greybeards opine that “it was lack of being by-default which made it fail”, and there’s some truth to that…
- …but there’s also a cost-benefit analysis to be made
At this point I cannot do better than to roughly quote myself from a recent chat-group conversation:
This is a very long thread by Jon Millican who was my #2 engineer on Messenger E2EE back in 2015 and subsequently guided building the full product and shipped it. I trust him absolutely:
https://bsky.app/profile/jonmillican.bsky.social/post/3mgycdhiqt22t
Long story short: WhatsApp and Messenger are Messenger apps, Instagram is for sharing your breakfast. They have a shitload of features which are not compatible with having private conversations due to various forms of enrichment and dynamism amongst the product development team, so it’s very hard to justify continuing E2EE development for Instagram when the direct-messenger aspects are only 10% of the product’s value.
In some ways it’s the same problem as public groups on Facebook: beyond a certain point centralisation and cleartext makes way more sense for feature value, than does the implicit decentralisation of content visibility [caused by e2ee] with the concomitant wrangling that engineers have to do to try and blind themselves to what the fuck the users are [otherwise quite obviously] actually doing.
Especially when there is a cost/benefit battle [of product velocity versus doing privacy “properly” in spite of users making it virtually impossible] to be fought.
I would still like to see more E2E as a default proposition for communications and to minimise the amount of plain text visibility / plain text availability for shit like legal subpoenas, but pragmatism does dictate that at some point you just give up unless you are starting from a wholly decentralised architecture in which case you have the converse problem of avoiding building a side-channel attack.
If my partner and I are typical we are using Instagram DM wholly to send links of pictures to each other which we both subsequently click and which both have engagement tracking IDs on them, which means that the messages are effectively in their entirety available to Instagram as-is in the E2EE flow. There is barely any benefit to E2EE in such user circumstances. It is just theatrics.
So I am not worried about Instagram losing E2EE Direct Messages. It would still be nice, but in a platform not wholly dedicated to messaging it’s really hard and trying to “get it back” is just going to waste effort which could be better-placed elsewhere.
2. Meta lobbying for App Stores to do all the Age Verification
The way that civil society has reacted to this lobbying “story” — which as far as I can tell is sourced from a random person who anonymously posted a bunch of inference to a previously non-existent Github account and then boosted it on Reddit, created a website and is now apparently begging cryptocurrency for doing all this — the way that civil society has reacted to this “story” is entirely wrongheaded.
GUYS, THIS IS ACTUALLY WHAT YOU WANT META TO BE DOING. AGE VERIFICATION SUCKS, BUT THIS SUCKS LESS.
There are a few tweets from people who actually understand beyond the “ZOMG META DID SOMETHING WE MUST NOW GO HATE ON THE ZUCKS” aspects, but for a really brief summary:
Privacy Wonks will hate it, but Mark Zuckerberg is correct that [a] proper place for prescriptive Age Verification is in the App Store of a mobile device; yes, that means Google and Apple will “find out more about you” but that can be minimised if they choose to implement a privacy-preserving protocol a-la what happened over COVID tracking.
The reason people are angry about this is that they don’t understand that the App-Store-and-Google/Apple-Account approach to AV is a degenerate form of what we should have been doing all along: age attestation, not age verification.
The user should be signed up with their own preferred provider of private age-attestation services which they can enmesh into whatever transactions they require an age test for; this puts the user in control of provider choice and information protection, and the reliant parties — vendors, porn sites, forums, whatever — should be obliged to accept attestation tokens.
But we don’t do that, probably because (a) it makes less money for the industry and (b) because Governments get more ID tracking metadata with the age verification approach.
App Stores are basically “Age Attestation v1.0” — either you get the app, or you don’t. The app developers have no need to learn anything about how old you are nor ever see sight of your face, nor your documents, and their costs and business risks are commensurately lower.
Linking App-Stores to Websites with Age Atteststion tokens would be the next step.
Again: THIS IS THE GENERAL MODEL OF WHAT WE SHOULD BE DOING. IT SHOULD NOT BE INCUMBENT UPON EVERY WEBSITE ONLINE TO IMPLEMENT DIGITAL-IDENTITY “KnowYourCustomer” ON THE OFF-CHANCE THAT THEY MIGHT SEE BOOBS.
Of course: to a first approximation everyone hates Meta, so the following statements are also true:
- Meta has a lot of money
- Meta are at ground-zero for lawsuits
- Meta need to go “above and beyond” to be seen to care for kids
- Therefore: Meta will throw money at this problem
- But at least they are throwing it in broadly the right direction
- Because Meta would be roasted if they suggested even slightly that Age Verification was a bad idea
So with this understanding, how could they be doing anything else?
Which brings us to story 3:
3. Moxie Marlinspike announces partnership with Meta to bring (some form of) E2EE to AI Chats
If you haven’t been paying attention you may be wondering “…what the hell is Moxie doing, announcing something of this magnitude rather than it coming from Meta?”
My suspicion: it gets the story out without triggering a major newspaper event and cycle of criticism. It’s a tactic I have used, myself. I suspect also that Meta are leaning on the Marlinspike “stamp of approval” to lend credibility to their ongoing work, especially compared to previous efforts.
[aside: surprise, the white paper just got updated!]
Some people in civil society hate AI even more than they hate Meta, so the newspaper coverage of this story as only ever going to be resolutely negative — just as when Instagram announced E2EE in 2019.
Not to mention the child safety (and adjacent activist) community are going to go absolutely nuts when they work out what this actually means.
So if you’re an E2EE Integrity and Privacy Activist like me:
It’s okay to be disappointed at the loss of instagram, but it’s no big thing and a long, hard, and largely pointless waste of money, brains and time to try and get it backStop complaining about “Meta and Age Verification for App Stores”, it’s actually a degenerate form of what you want, if you accept that some people will want age-gating at allGet ready to tell the media that people should be free to have private conversations with AIs to the extent which can be guaranteed by definitions of the Trusted Compute Base at either end.
#2 #ageVerification #endToEndEncryption #instagram #meta
Animal of Things
Digitale Overheid (geautomatiseerd account)
Juno 
karibu
ohryan.ca
alecm
informapirata
admin
