, 10 tweets, 2 min read Read on Twitter
This article seems pretty worrying. Thread. nytimes.com/2019/01/25/tec…
Of the three Facebook messaging services (WhatsApp, FB Messenger, Instagram), only WhatsApp has default end-to-end encryption. FBM has optional encryption, and Instagram has bubkis. 2/
The article says that Facebook is going to tightly integrate the three services, in the sense that you can send messages from a user on one service to a user on another one. This could be wrong, but let’s assume it isn’t. 3/
The real question is: does this mean that the encryption on all three services will get upgraded to the quality of WhatsApp? Or will WhatsApp’s encryption be downgraded to allow compatibility? The latter would be a huge risk. 4/
FB’s current encryption on WA and FBM is very limited. It only supports one client (plus an optional desktop, which is kind of funky) and has no “native web-only” mode. Whereas the non-e2e messages support all that stuff. 5/
I suppose it’s possible that FB is going to massively upgrade all of its services to have mandatory e2e and they’ll solve all these problems somehow. But that seems like a risky bet. 6/
The second problem is that the increased access to metadata. As the article points out, WA users register with a telephone and FB users don’t. I suspect FB has already done a lot to link these identifiers together, but cross-app comms will be even more effective. 7/
(As an aside, I’ve always assumed that FB used 2FA mobile numbers to link WhatsApp accounts to an existing Facebook user. If true, this is scummy and bad for security. I’d love to be proven wrong.) 8/
Anyway, the summary is: this move could be potentially be good or bad for security/privacy. But given recent history and financial motivations of Facebook, I wouldn’t bet my lunch money on “good”. Now is a great time to start moving important conversations off those services. 9/9
PS: A quick addendum — FBM does now support e2e on multiple devices, my info was out of date. So this is slightly more plausible, but still seems hard to get right with optional e2e.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Matthew Green
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!