Towards privacy?

In his latest announcement, Facebook CEO Mark Zuckerberg embraces privacy and security fundamentals like end-to-end encrypted messaging. But announcing a plan is one thing. Implementing it is entirely another. And for those reading between the lines of Zuckerberg’s pivot-to-privacy manifesto, it’s clear that this isn’t just about privacy. It’s also about competition.At the core of Zuckerberg’s announcement is Facebook’s plan to merge its three messaging platforms: Facebook’s Messenger, Instagram’s Direct, and WhatsApp. The announcement promises security and privacy features across the board, including end-to-end encryption, ephemerality, reduced data retention, and a commitment to not store data in countries with poor human rights records. This would mean that your messages on any of these platforms would be unreadable to anyone but you and your recipients; could be set to disappear at certain intervals; and would not be stored indefinitely or in countries that are likely to attempt to improperly access your data. Even better, the announcement promises that Facebook will not store your encryption keys for any of these services, as is already the case with WhatsApp.This all sounds great, in theory. But secure messaging is not easy to get right at either the technical or policy level.Secure messaging is not easy to get right at either the technical or policy level. In technical terms, end-to-end encryption is only part of the story. In practice, the choices that undermine messaging security often lie far from the encryption engine. Strong authentication, for example, is necessary to ensure that you are messaging only with your intended recipients and not with any law enforcement “ghosts.” Automatic backups are another potential chink in the armor; if you choose to have WhatsApp back up your messages, it stores an unencrypted copy of your messages on iCloud (for iPhone) or Google Drive (for Android), essentially undermining the app’s end-to-end encryption.The prospect of merging WhatsApp, Instagram, and Messenger also raises concerns about combining identities that users intended to keep separate. Each of the three uses a different way to establish your identity: WhatsApp uses your phone number; Instagram asks for a username; and Messenger requires your ‘authentic name’. It’s not unusual for people to use each app for different parts of their life; therapists, sex workers, and activists, for example, face huge risks if they can no longer manage separate identities across these platforms.Zuckerberg’s announcement claims that merging the three apps “would be opt-in and you will be able to keep your accounts separate if you like”. An opt-in – not an opt-out – is an important safety valve and the right choice. Time will tell if a merged ‘Whatstamessenger’ can pull off this promise.Above all, Facebook needs to be transparent about its business model. For example, while end-to-end encryption protects the contents of your messages, it cannot protect the metadata: who the recipients are, when messages are sent, and even where you are. Will Facebook be tracking and retaining that metadata? What about the possibility of a ‘super-app’ model like WeChat’s? Without transparency about how Facebook will monetize its end-to-end encrypted services, users and advocates cannot scrutinize the various pressure points that business model might place on privacy and security.We could never get on board with a tool – even one that made solid technical choices – unless it was developed and had its infrastructure maintained by a trustworthy group with a history of responsible stewardship of the tool. Zuckerberg’s statement is vague about how Facebook will consult with “safety experts, law enforcement and governments on the best way to implement safety measures”, and what that will mean for how Facebook responds to government data requests.This has been excerpted from: ‘A Privacy-Focused Facebook? We’ll Believe It When We See It’.Courtesy: Commondreams.org

from The News International - Opinion https://ift.tt/2J6dVo1