I hear this all the time but I don't understand why it's true. The security of your encrypted messages already relies on the security of the company providing the service. Facebook (and any other messaging app) can read all of your messages in plain text. Otherwise they wouldn't be able to display them to you. Allowing the government to get a warrant to retrieve those messages changes nothing about the overall security of the messaging platform.
Facebook can't read the content of your messages. They can serve you an encrypted version of your messages that your device can decrypt. Look up end-to-end encryption for how exactly that works.
They can't read them in transit, but if you use Facebook's app to decrypt the message (which is the only option) then obviously Facebook can read your messages if it wants to.
While this is true, the app is a client whose code and behaviour can be analysed by end users to validate that it is not behaving nefariously. The same cannot be said for FB's servers or the data in transit, which is solved by E2EE.
Sure, but the facebook app doesn't do that (or at least no security researchers have noticed it doing that). The point facebook is making is that if they had a backdoor that let them read the messages that it could be used for other purposes.
Consider that right now to intercept end2end encrypted messages (and lets just assume facebook has that) a malicious actor has to get physical possession of your device, which implies that you have to be specifically targeted. With a backdoor malicious actors would then be able to target many other things, including for example facebook's servers, to access those messages (and all of them at once). I think simply avoiding the bad PR of "hackers downloaded everyone's messages between 2017 and now" is most of why they want this stuff end to end encrypted.
But there already is a backdoor that lets them read the messages. Facebook actually implementing the functionality to take advantage of that backdoor doesn't change anything. The security of your message relies on the security of Facebook's infrastructure either way.
If Facebook implements a switch in the app that would send your decrypted messages back to them, then a malicious actor would have to compromise Facebook to obtain those message. Right now, a malicious actor can obtain your messages by compromising Facebook and implementing that switch themselves. From a security standpoint that seems identical to me.
The app can bundle the message telemetry with the rest of the encrypted app telemetry when it phones home and even the best security researchers would not detect it. It can also process it locally for profiling and other advertising means.
They read the plaintext from the keyboard. Then the app can send it to them. The problem is how to prevent people to look into the network traffic (encryption?) and to decompile the app.
Since they control the plaintext -> encrypted transition, theoretically they could copy the plaintext payload in the encryption process. If this were hidden (say via steganographic means), it might not be detectable.
But it is true because all end-to-end encrypted messaging apps today have both ends being ... an app written by the service provider, which gets the public keys from ... the service provider.
Do you know WhatsApp encrypts your messages? Or do you just believe it because Facebook said so? How would you tell if the app was modified to disable it? Do you decompile and audit every binary sent to you by the Play Store? What abut the binaries your peers were sent? And what if their key directory served you a wrong key?
E2E encryption isn't useless, but I see a whole lot of technical people confused about why it's useful. Namely, it's a legal/political hack. The law says the government can make you hand over data you have. It doesn't say the government can force you to make arbitrary changes to your life or business to enable them to have whatever data they want. Obviously this would be two very different laws with very different impact: specifically, it would be a law enabling law enforcement to compel arbitrary action. Such laws are extremely rare and usually tightly limited.
But if such a law were to be passed, the technical infrastructure becomes useless. FB could just be forced to switch it off.
In the case where you’re using a centralized service provider with closed source clients written by the same company... sure. E2E crypto does not absolve you of the responsibility of ensuring you trust the client.
In an ideal E2E encrypted system the private keys should never be readable outside the systems you trust. The keys can be encrypted using personal credentials (like a password) and stored on the cloud. A simplified login flow looks like this: 1. download your encrypted keychain, 2. decrypt it using your personal credentials, 3. fetch encrypted data and decrypt it using your keychain.
But you still have to trust the application that does all this behind the screen to not leak your decrypted keychain or personal credentials. Facebook's messenger app is closed source so who knows that's happening there.
Facebook isn't the best example of anything really. There's plenty of services that encrypt messages end-to-end without the ability to "unlock" the message by the service itself. What I don't understand is the argument or case being made that giving anyone the ability to break encryption is a good thing. Smells to me more like ulterior motive to just get the backdoors put in. This isn't actually going to protect anyone any better. Governments have already long had tools to subvert things in various ways regardless of the need to actually break encryption. Why are we arguing for a larger surveillance state?
“Can” as in “I can change how my software is built so that in the future I will be able to” is different from “can” as in “there is nothing preventing me from doing this right now except the time it takes”.
Facebook “can” read messages in the former sense, but apparently not the latter.
I think the distinction is a meaningful one, legally.
That's why I'm confused about Facebook claiming it's impossible. It seems clearly possible without compromising anything about the current level of security on the platform. They would have to develop specific functionality for it, but it is possible.
Yes, and it’s possible for me to plant lettuce underneath my apple trees and deliver romaine to people in 10 weeks.
But the courts can’t force me to do that.
They can force me to turn over lettuce that’s already in the ground.
In both cases I “can” deliver a hundred pounds of lettuce to the courts. But the courts can only demand things I already possess. Not “whatever I am capable of collecting”.
What am I missing?