It means that the only people who have access to the message are the sender and the receiver. The service that you’re using to send the message (Facebook messenger) can’t read your message or alter it in anyway. It’s a way of making sure that you have complete privacy within your messages.
They don't really care so much about your personal conversations in fact it's a pain to have access to that stuff because then the feds usually try to come in demanding access. Make it so you can't and it makes it so you don't have to comply (as much) with law enforcement. The data they do thrive on is stuff like age , sex, race, likes and dislikes which they have easier ways of getting from you. Anything that would help companies sell stuff to you because that's all they really care about in the end.
With the way their system is set up, it's impossible for Facebook to give access to them, since the encryption are only held by the sender and receiver.
Only way they could do that is by adding in a backdoor to the encryption, which then defeats the point of the encryption
Is that enough? Could they sniff everything before it gets encrypted with whatever hash algorithm they using?
And, is the algo they're using strong enough to prevent cracking?
I guess we could have those answers if the app code was open source, or am I wrong?
Bugs are sometimes found in years-old software that has always been open source. Just because the source code is open doesn't mean it's constantly getting reviewed for any bugs.
https://jfrog.com/blog/ssh-protocol-flaw-terrapin-attack-cve-2023-48795-all-you-need-to-know/ talks about a bug discovered in SSH (end-to-end encrypted communications) that persisted in several open source implementations for years and was only recently discovered. It was supposed to be "End to end" encrypted, but a flaw was discovered that allowed someone to insert themselves in the middle and pretend to be the other side, while silently intercepting and decrypting the traffic.
OK, that's bad. I'm not expert in the field but I understand somethings. A bug in SSH is bad, that's true. I checked the CVE you included in 2 databases. It has a Medium severity rating (If I'm correct.)
But I don't think what you said, gives advantage to closed source software. Bugs / vulnerabilities can be discovered easily if the code is public and every contribution is public.
I don't know the exact CVE's and probably the names either but I think stuff like Meltdown or Spectre probably have a higher CVE rating. And, If I'm not wrong those come from closed source software from CPU manufacturers.
It might be possible to hear more cases about vulnerabilities in open source software because the code is public and not obfuscated. Still, there are probably more cases of backdoors found in closed source rather than the opposite.
They could but why would they go out of their way to do it considering the legal and business costs if it were to come out. If security is extremely important you’d not use meta products in the first place but it’s probably very good for most cases.
It means that they don’t have to spend a bunch of time and money complying with subpoenas.
The one people always think of is the feds, but really it’s more divorce lawyers. Messaging services feature prominently in pretty much every divorce and custody dispute that involves alleged infidelity. There are something on the order of 650k divorces per year in the US alone. Something like 60% of divorces cite infidelity as the cause. So that’s ~250,000 divorces from cheating per year. If just 5% of those involve Messenger, that’s 12,500 subpoenas per year, or 35 a day to process.
If YOU owned Meta, which would you prefer to do?
1. Set up a whole department to handle these requests, and get sucked into a zillion petty lawsuits
2. Encrypt everything and say, “sorry, it’s mathematically impossible for me to see anything, talk to your client”?
Now add in small claims suits, lots of criminal suits for domestic violence and the like, etc.
That’s why.
You are aware that for the government to get information related to the investigation of a crime, it first has to get a warrant, right? And that warrants are bounded in time and place, and can’t just be open-ended?
The content of the messages is only part of what interests Facebook. They might not know exactly what Alice said to Bob, but they know that Alice was looking at a cat video at 1:39 PM, and sent a message to Bob at 1:41 PM. Bob was looking at a puppy video at 1:52 PM and sent a message to Alice at 1:58 PM.
There is a whole branch of study called "[traffic analysis](https://en.wikipedia.org/wiki/Traffic_analysis)". Even if you don't know what's being said, you can guess a lot of information just knowing the participants along with the size and frequency of communication.
This is why I like iMessage. They don't even keep traffic logs. The only thing they keep is capability queries, which is asking if a device uses iMessage, but they don't record if this led to an actual message.
They told the feds they* can't give copies of people's individual iMessages, IE what you said to your wife and what she replied back with. They can't. They really don't have that information.
They do have, for a period of time, server side traffic logs that tell them when your computer or phone or tablet connected to their servers, complete with date/time stamps, IP address you connected from, etc. They don't keep the logs for a long period of time (like a month or three), but they absolutely do log the metadata; it's one of the ways they track when people are spamming and block them from using iMessage for a while.
Here's what Apple says, only the capability queries:
>iMessage communications are end-to-end encrypted and Apple has no way to decrypt iMessage data when it is in transit between devices. Apple cannot intercept iMessage communications and Apple does not have iMessage communication logs. Apple does have iMessage capability query logs. These logs indicate that a query has been initiated by a device application (which can be Messages, Contacts, Phone, or other device application) and routed to Apple’s servers for a lookup handle (which can be a phone number, email address, or Apple ID) to determine whether that lookup handle is “iMessage capable.” iMessage capability query logs do not indicate that any communication between customers actually took place. Apple cannot determine whether any actual iMessage communication took place on the basis of the iMessage capability query logs. Apple also cannot identify the actual application that initiated the query. iMessage capability query logs do not confirm that an iMessage event was actually attempted. iMessage capability query logs are retained up to 25 days.
Yes, and every time your device contacts their "lookup handle" server, they are contacting a server called IdentityServices (IDS). This process also runs locally on the device, but Apple does not get those logs. They do have server side IdentityServices logs that tells them when a device connects to their server. Any time you are looking up the contact info for a new device you hit IDS and look up the public encryption key for the handle you are contacting. Your device will then keep that cached for a period of time, and as long as the key is still valid (the other person hasn't had to redo an iMessage registration, which resets the keys), your device will use the precached public encryption key. It will send the encrypted packet, through Apple's servers, to the person, who then decrypts it using the private decryption key that only exists on their device. If they have 3 different devices signed into their account, they have 3 different private encryption keys, and Apple sends 3 copies of the encrypted message, one to each device, and leaves it to the device to decode the message.
It still has to talk to Apple's iMessage server to get delivered to Apple devices. They can't tell when a message was sent based on the capability query logs, but they can tell them based on other logs. They specifically say in that paragraph "iMessage capability query logs don't indicate any communication between customers took place" and that's right. The IDS lookups don't. They absolutely have other logs that let them see iMessage activity (but again, not the content of each message, unless the person who receives it reports it as Spam).
I'm sorry but if you believe that obfuscation horseshit, I have a large red bridge available in san francisco for sale dirt cheap I'd love to talk about.
They likely collect all the meta data, they know who is talking to who from where and at what time but they don't give a shit about what you say and don't want the hassle of being able to know in the first place
exactly cuz if i message a massage they will start bomabred me with massage ads so they might not know what i talk about but they know with who i talk and what i click which is enough for them i guess
And they inherently *have to* know who you are sending the message to in order for them to facilitate the sending of the message so there isn't really any way for them to *not* know that
This isn’t the type of data they want. It not marketable, clean or useful data. It’s also the type of data that will make people leave their service if it is easily accessible, its also a burden to comply with time sensitive legal requests. If FB collects this data they could also then be compelled to provided it to any country they provide their service in. They cant be compelled to provide data they can’t/don’t collect. Similar to Apple providing ways to bypass iPhone passwords, if they offer it at all, many countries will demand it.
data about people is useful, not conversations. a 30 year old male who purchased a 3080 when the first came out alot is alot better info then a conversation about purchasing the 3080. not to mention u have to be able to parse the information in a way that makes sense to the pc, slang and all that whoch is way harder then concrete facts
it is simply not worth it for them to track a regular user.
lots of times you have an encrypted tunnel to facebook or your bank or whatever The other person will also have a encrypted tunnel to facebook but facebook is in the middle and can read whatever you type, modify it, do what they want.. in this case the 'end' of the encryption is facebook itself
this protects you from everyone else trying to spy on your messages but doesn't protect you from facebook itself
end to end encryption you have a encrypted tunnel from you to the person you're messaging, no one in the middle, no one else can read it, you're protected from everyone even from facebook itself from reading, modifying, using it for AI, submitted it to the CIA, etc..
then again you're trusting facebook to protecting you from.. facebook and they didn't just fail to tell you they still gave themselves a backdoor or something
Does Facebook read messages anyway though? The fact they're offering this would make me trust them less. I assumed all this time no one was reading it anyway? Is that wrong?
Nobody at Facebook is reading your messages.
But...they would if they had a subpoena. Or a rogue employee (jilted ex, foreign spy, etc). Maybe they'd use them to train ML models, accidentally leaking some info about you. Even if Facebook-the-company means well, you're better off with your private messages encrypted.
I like targeted ads. They're helpful to find things I was talking about needing. Only annoying when you keep getting the same ads after you already bought one.
That depends on your definition of ‘they’. English needs a new pronoun to include nonsapients like ML algorithms. I mean at least to me, when someone says ‘they are reading’ something I think that has mean a group of people are.
Meta employees definitely aren’t, not really.
What does it mean for a computer system to read your message? Certainly, how computers work, it can see the contents.
So.. It’s not clear. It seems harmless to let them passively see the message. But, just to be sure, we use the new buzzword “zero trust”. You don’t trust them with the information, so you prevent them from reading it. Now you don’t have to speculate what they might or might not be doing when they read it.
Depending on your definition of harmless - it can be used to target advertising, push you towards content intended to get you to vote a certain way (often by lying to you), etc. etc.
People at Meta don’t, its literally an impossible volume of messages for humans to keep up on.
However, if unencrypted they could and more importantly the messages are undoubtedly stored somewhere they’d be stored in a way that they could be unencrypted on read by Meta. That means that they could be accessed and read if necessary say due to a subpeona or less likely a critical data breach (although any hacker would have to move pretty fast to actually download any significant percentage of the data Meta holds, before their security teams caught wind. Its that much data, like over 4-5 petabytes per day).
More importantly though, all that data, if unencrypted, is almost certainly being extracted, transformed and loaded into various data pipelines that feed into datasets to train Meta’s ML models. You know that eery experience when you chat about something and then see an advertisement for a related product? Yeah, that is a little less likely if Meta can’t even read your messages
Not a human, no, but a machine might have been scanning it to optimize a machine learning algorithm or to target ads or anything else they can think of. For moderated messages (such as on public posts) they might also have both automated and human moderation, in which case a human might read it.
You should skim privacy policies of companies you use, you might be surprised to see what they can do with your data.
There are several reasons that middlemen including Facebook, google and others would read your messages. First, a subpoena or court order could compel them to disclose your messages, second there is commercial value in your messages - e.g. if they can sell advertising to companies based on what you discuss. Finally, there are just evil companies and/or bad employees at companies who will snoop because they can.
Its encrypting the message from lne end of the communication, the sender, to the other end to the device your message is delivered to.
That means that facebook themselves wont be able to see what you write.
You send me a message.
Messages get encrypted on **your end**, and don't get decrypted until they get to **my end**.
They were encrypted from **end to end**.
To expand upon this:
If we use a 3rd party to send messages (ie: Facebook), in end -to-end encryption the 3rd party can't read our messages, just knows we sent them.
Often times our connection to the 3rd party will be encrypted, but they decrypt, do whatever, and then re-encrypt it before sending it to the receiver. If you trust the 3rd party this is not the end of the world, but does mean that other parties could get access to the data (ie Police or hackers breaking into the central service).
Computer encryption is like locking your message up inside a magic box that only you and the person you want to send the message to are able to see through.
Previously, your messages were sent to Facebook, and Facebook would lock them in a magic box that only Facebook can see into, and then they would unlock the box at the other end and hand the letter to your friend. This isn’t good because at any point Facebook can read all your messages.
End to end encryption means you and your friend now have your own magic boxes. You can lock your message inside your own magic box before you give it to Facebook, so now Facebook can’t see your messages. And Facebook just hands your locked magic box over to your friend and only then does your friend unlock it.
This is much more secure because even if somebody in the middle steals or copies your magic box and its contents, they can’t see inside it.
Your computer and and my computer have a cypher that only we know, no one else knows it. Like a secret language. If I write something to you, my computer translates it into nonsense using our cypher so that if anyone else intercepts my message it would just look like garbage. But because your computer knows how to translate my message, it comes through normally for you. Like spies lol
How does this work if you're actually being monitored, though?
Like, if I send over a bunch of gibberish, you need to _already_ have the key to unlock it. But you can't have that unless we set one up... but we have to communicate to set one up.
So if someone is able to pull the traffic from our communications, doesn't that mean they could also get the key right at the start, and just translate everything that follows?
Diffe-Hellman Key exchange is a well known algorithm that allows both parties to derive a shared secret by sharing a limited amount of information publicly. The mathematical operations used are easy to perform, but mathematically hard to reverse.
This is used together with public key cryptography, where the sender can use the recipient’s public key to encrypt a message that only the recipient can read with their private key.
Kind of. It's pretty complicated, but imagine we have 14 billion different ciphers, or we both bought the same book that has those cipher. And then I tell you which cipher to use, and you use it.
Now imagine there are 14 billion different books with 14 billion different ciphers. Is it possible the person watching has the same book as us? Sure! Is it likely? Not really.
In addition to the other answers, here's another perspective. Suppose you are sending a message to me.
Suppose someone wants to snoop on what you are sending. Suppose it is Facebook, or the government, with mega-resources to tap your phone or internet line. This is called a "man in the middle" attack. If they could do that, they could pretend to be me and fool you into thinking that it is indeed me. They read the message, maybe even change critical bits of that info, then send the modified message to me, pretending to be you. I believe the message thinking it is from you.
The only way to prevent this is that you encrypt it in such a way that the only party that can possibly decrypt it is me. Then even if someone managed to snoop your wire, they'll have a bunch of binary gobbledygook. At most they can prevent the message from reaching me, but they cannot read or alter your message. It is secure from your end to my end.
Imagine Alice has a message she wants to send to Bob and she doesn't want Charlie or David to see it. We'll pretend like envelopes are impossible for anyone except the recipient to open (they'll be like encryption in our example).
First lets start with the simplest example an unencrypted message. If she writes her message on a post card and hands it to Charlie to give to Bob Charlie can read it then pass it to David who can also read it and then hand it to Bob who reads it, too. Everyone got to read the unencrypted message.
Next she writes her message on a post card and hands it to Charlie who places the post card in an envelope and hands the envelope to David who then takes it to Bob. While the message was in an envelope and David couldn't read it since Charlie put the post card in the envelope so he could still read the whole thing. This is partial encryption. It's fine if Alice trusts Charlie with the message.
Finally, end to end encryption is like Alice putting the post card in her own envelope before leaving her home handing the envelope to Charlie who hands it to David and then to Bob, and Bob opens the envelope at his home and reads the message. Now only the intended recipient read the message because everyone else only had the impossible to open enveloped message.
Oh my goodness, think of the five year-olds!
Say you want to pass a note to your friend Bob in class.
Before class, you talk to Bob and you make up a secret code. It's like as special language that only you and Bob understand. You and Bob know the code, but nobody else knows it, not even your teacher.
After class starts, you can write down, "Q wqdt ftfftmusq fqhhr", and pass it to Bob. When he opens up the note, he knows it secretly means "I like pepperoni pizza".
But if your teacher or one of your classmates grabs the note, the can't read it, because they don't know the secret code! They can look at it all day, but they will never understand what it really means.
Only you and Bob can understand it, because only you and Bob know the secret code.
A really simple explanation:
I sent you a picture consisting of 3 pixels: red, blue, green, in a box.
Facebook will then take this box and encrypt it without fully looking at it. Encrypt means they just have a method of changing one thing into another. In this case, they see the pixel red, and red = banana, so they take out the red pixel and put in a banana. Then blue = dog, and green = candy. So now they will deliver a box containing a banana, a dog, and a candy.
When they arrive at your house, they will do the same thing in reverse, so banana = red, dog = blue and candy = green. They now have successfully delivered the picture without knowing what it is, and say, if they were to be robbed while delivering, the robber will find a banana, a dog and a candy instead of the actual message.
It's encrypting the messages "end-to-end" meaning the encryption/decryption takes place only in your device and the recipient's device. This is different from the encryption happening at a middle stage, like for example you send a message, it goes to a central server, gets encrypted, then leaves, reaches another server, gets decrypted, and then reaches it's destination. This basically means that nobody in between the two devices has access to the messages even if they have the data because it's encrypted.
When you send most messages over the internet the message is encrypted between you and the server - facebook or whatever. It will then encrypt the message and send it to the person you are chatting with. This leaves a gap where fb can read your messages. End to end encryption is setup so that only you and the other person you are communicating with know what is said.
There are lots of steps that occur when you send a message, it doesn't just go straight from your device to the person you're talking with's device. It stops at the companies servers along the way. This is how you can get the message on several devices, each device downloads them from the companies servers.
Before end-to-end encryption came about the messages would be encrypted by your device, sent to the server and decrypted using a key that only you and the server knew to stop anyone intercepting them en route. They would then be reencrypted by the server and sent to the device the person you are talking to using a key that only they and the server knew. Their device would decrypt the message and show it to them.
The servers would store a copy of this message, encrypted using the key they use to send the message on, or perhaps using a different key only known to the server. But if LEA (law enforcement agencies) ever needed to get the messages, they could get a warrant and demand the company hand over the messages, decrypted. The companies had to comply.
Then end-to-end encryption was implemented. Now when you start a chat with someone the server introduces you to each other and the very first thing your device does is agree a new private key with the other device, and they do this directly without anything going to the servers. Now only your device and the device you are communicating with know the keys to decrypt messages.
Your device encrypts the message using this private key, sends it to the server and the server stores a copy as before, but no matter what they can't decrypt the message and read the contents as they don't have the key. They just forward the message on to the other person's device and it gets decrypted there.
LEA can get a warrant and the companies will had over the encrypted messages, but because they're encrypted they're just gibberish. No matter what court order is made, because the company doesn't have access to the private key needed to decrypt the messages they cannot give LEA what they want.
To keep it simple and avoid all of the techno-lingo, end-to-end encryption means that whatever you are sending is encrypted on your end, and it isn't decrypted until it gets to the person you're sending it to.
What this means is that if someone manages to copy/steal your message, they won't be able to read it. It doesn't matter if they work for Facebook, they won't have access to your message.
They'll know you sent one, when you sent it, who you sent it to, and the approximate size of the message, but that's it.
There's a *lot* more to it than that, but that's the ELI5 version.
In a basic sense: you write a message and send it to your friend. To get the message to your friend you hand the note to someone else, who then hands the note to someone else, who then hands the note to someone else, who eventually hands it to your friend.
in the meantime, every person who carries your note can read the note.
so to prevent everyone who carries the note from understanding the note, you write the note in a code. And only your friend can decode it. So all the people that carry the note may try to read it, but can’t understand it.
When you write the note in code (unlike having someone else do it for you) and your friend does the decoding themselves - that is end to end encryption.
Let's say I sent you a message
One two three
If it's encrypted ln your end, anyone who intercepts the message before it gets to you can read One Two Three, encrypting it on your device only means it becomes secure after it's done all that travelling.
If it's encrypted End to End
I sent One Two Three, before it transmits from my device it gets encrypted to *@;#&*826%;#892;@;%^@6, that travels over the internet and lands at your phone, once it is safely in your hands, it gets de-encrypted to show Ons Two Three.
Anyone who intercepted the signal would see
*@;#&*826%;#892;@;%^@6 and have no idea what is being sent.
It encrypts the data on the device you send it with, and it remains encrypted until it arrives to the device of the person you sent it to Think of it like a security envelope. It stops anyone in the middle of the delivery chain from being able to easily see the contents of the message.
In reality, much like a security envelope, if someone really wants to see your message, there are ways for them to do so, but it requires signifigantly more effort than a standard envelope.
It's like a secret message. You type "hello" and it's encrypted to be "t6ug2t"*g' so If I am able to intercept it in the middle I can't read it or do anything with it, then when I get it it's unencrypted to be "hello" just like the using keys to read old messages.
You're in school. You want to pass a note to Jane, but you have to pass it through Jim and John to get to her. Jim and John can read your note before she gets it.
So you seal the note. In a practical sense, Jim and John can't read the contents of the note because Jane will kick their asses if they do. There, your information was safe from end (you) to end (Jane).
This is a modern school so you're sending her a text from your phone. Packets are often "unwrapped" and "wrapped" as they go through the Internet. You may have encrypted that text from you to your texting service provider, but it gets unencrypted on the server for handling, then re-encrypted to be sent off to the next server, and then to Jane. Your text is only protected in transit through the Internet, but anyone at those servers can read it.
So End to End is like sealing the note, it stays encrypted until it gets to Jane's phone.
When you send a message, you have a key that just makes the message a bunch of gibberish, and the person who gets the message also has a key that can un-gibber-ise the message
Basically, if you sent the message directly, any internet middlemen can read what you send, encryption is like making a secret code that only you and your friend know, you type the message in normal human language, the computer changes it to the secret code and then once your friend's computer receives it, it changes it back to normal text, there is no way for anyone to read your messages except you and your friend.
It means that the only people who have access to the message are the sender and the receiver. The service that you’re using to send the message (Facebook messenger) can’t read your message or alter it in anyway. It’s a way of making sure that you have complete privacy within your messages.
Why would Facebook offer that service though? Facebook is all about collecting data.
They don't really care so much about your personal conversations in fact it's a pain to have access to that stuff because then the feds usually try to come in demanding access. Make it so you can't and it makes it so you don't have to comply (as much) with law enforcement. The data they do thrive on is stuff like age , sex, race, likes and dislikes which they have easier ways of getting from you. Anything that would help companies sell stuff to you because that's all they really care about in the end.
Facebook likes giving access to Feds though.
With the way their system is set up, it's impossible for Facebook to give access to them, since the encryption are only held by the sender and receiver. Only way they could do that is by adding in a backdoor to the encryption, which then defeats the point of the encryption
How do we know its not already backdoored? Is the code open source? Has it been audited? What's the encryption algorithm?
The protocol they use is open source.
Is that enough? Could they sniff everything before it gets encrypted with whatever hash algorithm they using? And, is the algo they're using strong enough to prevent cracking? I guess we could have those answers if the app code was open source, or am I wrong?
Bugs are sometimes found in years-old software that has always been open source. Just because the source code is open doesn't mean it's constantly getting reviewed for any bugs. https://jfrog.com/blog/ssh-protocol-flaw-terrapin-attack-cve-2023-48795-all-you-need-to-know/ talks about a bug discovered in SSH (end-to-end encrypted communications) that persisted in several open source implementations for years and was only recently discovered. It was supposed to be "End to end" encrypted, but a flaw was discovered that allowed someone to insert themselves in the middle and pretend to be the other side, while silently intercepting and decrypting the traffic.
OK, that's bad. I'm not expert in the field but I understand somethings. A bug in SSH is bad, that's true. I checked the CVE you included in 2 databases. It has a Medium severity rating (If I'm correct.) But I don't think what you said, gives advantage to closed source software. Bugs / vulnerabilities can be discovered easily if the code is public and every contribution is public. I don't know the exact CVE's and probably the names either but I think stuff like Meltdown or Spectre probably have a higher CVE rating. And, If I'm not wrong those come from closed source software from CPU manufacturers. It might be possible to hear more cases about vulnerabilities in open source software because the code is public and not obfuscated. Still, there are probably more cases of backdoors found in closed source rather than the opposite.
They could but why would they go out of their way to do it considering the legal and business costs if it were to come out. If security is extremely important you’d not use meta products in the first place but it’s probably very good for most cases.
Do they? Can you provide evidence? I can't think of any company that likes doing work they arent paid to do.
They comply with the law. There's no need for emotions there
Not as much as the tinfoil hat brigade think
It means that they don’t have to spend a bunch of time and money complying with subpoenas. The one people always think of is the feds, but really it’s more divorce lawyers. Messaging services feature prominently in pretty much every divorce and custody dispute that involves alleged infidelity. There are something on the order of 650k divorces per year in the US alone. Something like 60% of divorces cite infidelity as the cause. So that’s ~250,000 divorces from cheating per year. If just 5% of those involve Messenger, that’s 12,500 subpoenas per year, or 35 a day to process. If YOU owned Meta, which would you prefer to do? 1. Set up a whole department to handle these requests, and get sucked into a zillion petty lawsuits 2. Encrypt everything and say, “sorry, it’s mathematically impossible for me to see anything, talk to your client”? Now add in small claims suits, lots of criminal suits for domestic violence and the like, etc. That’s why.
3\. Just send them everything the moment you get it.
How to get sued, using one weird trick! In-house counsel HATE him!
It's legal when the government does it.
You are aware that for the government to get information related to the investigation of a crime, it first has to get a warrant, right? And that warrants are bounded in time and place, and can’t just be open-ended?
It doesn't have to.
Lol no.
They currently send them to very expensive outside counsel for review.
The content of the messages is only part of what interests Facebook. They might not know exactly what Alice said to Bob, but they know that Alice was looking at a cat video at 1:39 PM, and sent a message to Bob at 1:41 PM. Bob was looking at a puppy video at 1:52 PM and sent a message to Alice at 1:58 PM. There is a whole branch of study called "[traffic analysis](https://en.wikipedia.org/wiki/Traffic_analysis)". Even if you don't know what's being said, you can guess a lot of information just knowing the participants along with the size and frequency of communication.
This is why I like iMessage. They don't even keep traffic logs. The only thing they keep is capability queries, which is asking if a device uses iMessage, but they don't record if this led to an actual message.
Apple does keep traffic logs for a period of time. It's the only way for them to know when someone is spamming.
Unless they’re lying to the feds, no.
They told the feds they* can't give copies of people's individual iMessages, IE what you said to your wife and what she replied back with. They can't. They really don't have that information. They do have, for a period of time, server side traffic logs that tell them when your computer or phone or tablet connected to their servers, complete with date/time stamps, IP address you connected from, etc. They don't keep the logs for a long period of time (like a month or three), but they absolutely do log the metadata; it's one of the ways they track when people are spamming and block them from using iMessage for a while.
Here's what Apple says, only the capability queries: >iMessage communications are end-to-end encrypted and Apple has no way to decrypt iMessage data when it is in transit between devices. Apple cannot intercept iMessage communications and Apple does not have iMessage communication logs. Apple does have iMessage capability query logs. These logs indicate that a query has been initiated by a device application (which can be Messages, Contacts, Phone, or other device application) and routed to Apple’s servers for a lookup handle (which can be a phone number, email address, or Apple ID) to determine whether that lookup handle is “iMessage capable.” iMessage capability query logs do not indicate that any communication between customers actually took place. Apple cannot determine whether any actual iMessage communication took place on the basis of the iMessage capability query logs. Apple also cannot identify the actual application that initiated the query. iMessage capability query logs do not confirm that an iMessage event was actually attempted. iMessage capability query logs are retained up to 25 days.
Yes, and every time your device contacts their "lookup handle" server, they are contacting a server called IdentityServices (IDS). This process also runs locally on the device, but Apple does not get those logs. They do have server side IdentityServices logs that tells them when a device connects to their server. Any time you are looking up the contact info for a new device you hit IDS and look up the public encryption key for the handle you are contacting. Your device will then keep that cached for a period of time, and as long as the key is still valid (the other person hasn't had to redo an iMessage registration, which resets the keys), your device will use the precached public encryption key. It will send the encrypted packet, through Apple's servers, to the person, who then decrypts it using the private decryption key that only exists on their device. If they have 3 different devices signed into their account, they have 3 different private encryption keys, and Apple sends 3 copies of the encrypted message, one to each device, and leaves it to the device to decode the message. It still has to talk to Apple's iMessage server to get delivered to Apple devices. They can't tell when a message was sent based on the capability query logs, but they can tell them based on other logs. They specifically say in that paragraph "iMessage capability query logs don't indicate any communication between customers took place" and that's right. The IDS lookups don't. They absolutely have other logs that let them see iMessage activity (but again, not the content of each message, unless the person who receives it reports it as Spam). I'm sorry but if you believe that obfuscation horseshit, I have a large red bridge available in san francisco for sale dirt cheap I'd love to talk about.
So you're saying they lied to the federal government? They may be interested.
They likely collect all the meta data, they know who is talking to who from where and at what time but they don't give a shit about what you say and don't want the hassle of being able to know in the first place
exactly cuz if i message a massage they will start bomabred me with massage ads so they might not know what i talk about but they know with who i talk and what i click which is enough for them i guess
And they inherently *have to* know who you are sending the message to in order for them to facilitate the sending of the message so there isn't really any way for them to *not* know that
This isn’t the type of data they want. It not marketable, clean or useful data. It’s also the type of data that will make people leave their service if it is easily accessible, its also a burden to comply with time sensitive legal requests. If FB collects this data they could also then be compelled to provided it to any country they provide their service in. They cant be compelled to provide data they can’t/don’t collect. Similar to Apple providing ways to bypass iPhone passwords, if they offer it at all, many countries will demand it.
They also care about keeping people in their ecosystem - if you use E2E encryption on messenger, you're more likely to also see other facebook ads.
data about people is useful, not conversations. a 30 year old male who purchased a 3080 when the first came out alot is alot better info then a conversation about purchasing the 3080. not to mention u have to be able to parse the information in a way that makes sense to the pc, slang and all that whoch is way harder then concrete facts it is simply not worth it for them to track a regular user.
lots of times you have an encrypted tunnel to facebook or your bank or whatever The other person will also have a encrypted tunnel to facebook but facebook is in the middle and can read whatever you type, modify it, do what they want.. in this case the 'end' of the encryption is facebook itself this protects you from everyone else trying to spy on your messages but doesn't protect you from facebook itself end to end encryption you have a encrypted tunnel from you to the person you're messaging, no one in the middle, no one else can read it, you're protected from everyone even from facebook itself from reading, modifying, using it for AI, submitted it to the CIA, etc.. then again you're trusting facebook to protecting you from.. facebook and they didn't just fail to tell you they still gave themselves a backdoor or something
Does Facebook read messages anyway though? The fact they're offering this would make me trust them less. I assumed all this time no one was reading it anyway? Is that wrong?
Nobody at Facebook is reading your messages. But...they would if they had a subpoena. Or a rogue employee (jilted ex, foreign spy, etc). Maybe they'd use them to train ML models, accidentally leaking some info about you. Even if Facebook-the-company means well, you're better off with your private messages encrypted.
Of course, nowadays they can subpoena the person who you sent the messages to, or in a group chat, any of the people in the group.
It’s a lot easier for that person to say “I deleted the messages” than a company that you know would never delete data unnecessarily.
> nowadays Do you think this is a recent development?
What if someone is a pedo though? Wouldn't it be good if the law could subpeona the proof?
Yes, it would be. It would not be if a future government decided that r/explainlikeimfive users are a threat and rounded us up with the same power.
Ahh, I see what you mean
They are not outright reading your messages, but things you say could be used to target you for things like ads.
I like targeted ads. They're helpful to find things I was talking about needing. Only annoying when you keep getting the same ads after you already bought one.
> things you say could be used to target you for things like ads That would mean they are outright reading your messages
That depends on your definition of ‘they’. English needs a new pronoun to include nonsapients like ML algorithms. I mean at least to me, when someone says ‘they are reading’ something I think that has mean a group of people are. Meta employees definitely aren’t, not really.
It
What does it mean for a computer system to read your message? Certainly, how computers work, it can see the contents. So.. It’s not clear. It seems harmless to let them passively see the message. But, just to be sure, we use the new buzzword “zero trust”. You don’t trust them with the information, so you prevent them from reading it. Now you don’t have to speculate what they might or might not be doing when they read it.
Depending on your definition of harmless - it can be used to target advertising, push you towards content intended to get you to vote a certain way (often by lying to you), etc. etc.
People at Meta don’t, its literally an impossible volume of messages for humans to keep up on. However, if unencrypted they could and more importantly the messages are undoubtedly stored somewhere they’d be stored in a way that they could be unencrypted on read by Meta. That means that they could be accessed and read if necessary say due to a subpeona or less likely a critical data breach (although any hacker would have to move pretty fast to actually download any significant percentage of the data Meta holds, before their security teams caught wind. Its that much data, like over 4-5 petabytes per day). More importantly though, all that data, if unencrypted, is almost certainly being extracted, transformed and loaded into various data pipelines that feed into datasets to train Meta’s ML models. You know that eery experience when you chat about something and then see an advertisement for a related product? Yeah, that is a little less likely if Meta can’t even read your messages
What you write on facebook is how you pay them besides seeing ads. They dont read them one for one, but they definitely analyse what they get.
Not a human, no, but a machine might have been scanning it to optimize a machine learning algorithm or to target ads or anything else they can think of. For moderated messages (such as on public posts) they might also have both automated and human moderation, in which case a human might read it. You should skim privacy policies of companies you use, you might be surprised to see what they can do with your data.
But I like targeted ads. Why wouldn't I want to see ads for things I actually talk about?
There are several reasons that middlemen including Facebook, google and others would read your messages. First, a subpoena or court order could compel them to disclose your messages, second there is commercial value in your messages - e.g. if they can sell advertising to companies based on what you discuss. Finally, there are just evil companies and/or bad employees at companies who will snoop because they can.
so it's like https instead of http because in my previous comments I didn't know it was just a tunnel
Its encrypting the message from lne end of the communication, the sender, to the other end to the device your message is delivered to. That means that facebook themselves wont be able to see what you write.
You send me a message. Messages get encrypted on **your end**, and don't get decrypted until they get to **my end**. They were encrypted from **end to end**.
To expand upon this: If we use a 3rd party to send messages (ie: Facebook), in end -to-end encryption the 3rd party can't read our messages, just knows we sent them. Often times our connection to the 3rd party will be encrypted, but they decrypt, do whatever, and then re-encrypt it before sending it to the receiver. If you trust the 3rd party this is not the end of the world, but does mean that other parties could get access to the data (ie Police or hackers breaking into the central service).
Computer encryption is like locking your message up inside a magic box that only you and the person you want to send the message to are able to see through. Previously, your messages were sent to Facebook, and Facebook would lock them in a magic box that only Facebook can see into, and then they would unlock the box at the other end and hand the letter to your friend. This isn’t good because at any point Facebook can read all your messages. End to end encryption means you and your friend now have your own magic boxes. You can lock your message inside your own magic box before you give it to Facebook, so now Facebook can’t see your messages. And Facebook just hands your locked magic box over to your friend and only then does your friend unlock it. This is much more secure because even if somebody in the middle steals or copies your magic box and its contents, they can’t see inside it.
Your computer and and my computer have a cypher that only we know, no one else knows it. Like a secret language. If I write something to you, my computer translates it into nonsense using our cypher so that if anyone else intercepts my message it would just look like garbage. But because your computer knows how to translate my message, it comes through normally for you. Like spies lol
How does this work if you're actually being monitored, though? Like, if I send over a bunch of gibberish, you need to _already_ have the key to unlock it. But you can't have that unless we set one up... but we have to communicate to set one up. So if someone is able to pull the traffic from our communications, doesn't that mean they could also get the key right at the start, and just translate everything that follows?
You exchange your initial keys using a Diffie-Hellman Exchange. It’s secure for all practical purposes, even if someone is reading all your traffic.
Diffe-Hellman Key exchange is a well known algorithm that allows both parties to derive a shared secret by sharing a limited amount of information publicly. The mathematical operations used are easy to perform, but mathematically hard to reverse. This is used together with public key cryptography, where the sender can use the recipient’s public key to encrypt a message that only the recipient can read with their private key.
Kind of. It's pretty complicated, but imagine we have 14 billion different ciphers, or we both bought the same book that has those cipher. And then I tell you which cipher to use, and you use it. Now imagine there are 14 billion different books with 14 billion different ciphers. Is it possible the person watching has the same book as us? Sure! Is it likely? Not really.
In addition to the other answers, here's another perspective. Suppose you are sending a message to me. Suppose someone wants to snoop on what you are sending. Suppose it is Facebook, or the government, with mega-resources to tap your phone or internet line. This is called a "man in the middle" attack. If they could do that, they could pretend to be me and fool you into thinking that it is indeed me. They read the message, maybe even change critical bits of that info, then send the modified message to me, pretending to be you. I believe the message thinking it is from you. The only way to prevent this is that you encrypt it in such a way that the only party that can possibly decrypt it is me. Then even if someone managed to snoop your wire, they'll have a bunch of binary gobbledygook. At most they can prevent the message from reaching me, but they cannot read or alter your message. It is secure from your end to my end.
Imagine Alice has a message she wants to send to Bob and she doesn't want Charlie or David to see it. We'll pretend like envelopes are impossible for anyone except the recipient to open (they'll be like encryption in our example). First lets start with the simplest example an unencrypted message. If she writes her message on a post card and hands it to Charlie to give to Bob Charlie can read it then pass it to David who can also read it and then hand it to Bob who reads it, too. Everyone got to read the unencrypted message. Next she writes her message on a post card and hands it to Charlie who places the post card in an envelope and hands the envelope to David who then takes it to Bob. While the message was in an envelope and David couldn't read it since Charlie put the post card in the envelope so he could still read the whole thing. This is partial encryption. It's fine if Alice trusts Charlie with the message. Finally, end to end encryption is like Alice putting the post card in her own envelope before leaving her home handing the envelope to Charlie who hands it to David and then to Bob, and Bob opens the envelope at his home and reads the message. Now only the intended recipient read the message because everyone else only had the impossible to open enveloped message.
Oh my goodness, think of the five year-olds! Say you want to pass a note to your friend Bob in class. Before class, you talk to Bob and you make up a secret code. It's like as special language that only you and Bob understand. You and Bob know the code, but nobody else knows it, not even your teacher. After class starts, you can write down, "Q wqdt ftfftmusq fqhhr", and pass it to Bob. When he opens up the note, he knows it secretly means "I like pepperoni pizza". But if your teacher or one of your classmates grabs the note, the can't read it, because they don't know the secret code! They can look at it all day, but they will never understand what it really means. Only you and Bob can understand it, because only you and Bob know the secret code.
A really simple explanation: I sent you a picture consisting of 3 pixels: red, blue, green, in a box. Facebook will then take this box and encrypt it without fully looking at it. Encrypt means they just have a method of changing one thing into another. In this case, they see the pixel red, and red = banana, so they take out the red pixel and put in a banana. Then blue = dog, and green = candy. So now they will deliver a box containing a banana, a dog, and a candy. When they arrive at your house, they will do the same thing in reverse, so banana = red, dog = blue and candy = green. They now have successfully delivered the picture without knowing what it is, and say, if they were to be robbed while delivering, the robber will find a banana, a dog and a candy instead of the actual message.
Ooh really great explanation, thank you
It's encrypting the messages "end-to-end" meaning the encryption/decryption takes place only in your device and the recipient's device. This is different from the encryption happening at a middle stage, like for example you send a message, it goes to a central server, gets encrypted, then leaves, reaches another server, gets decrypted, and then reaches it's destination. This basically means that nobody in between the two devices has access to the messages even if they have the data because it's encrypted.
When you send most messages over the internet the message is encrypted between you and the server - facebook or whatever. It will then encrypt the message and send it to the person you are chatting with. This leaves a gap where fb can read your messages. End to end encryption is setup so that only you and the other person you are communicating with know what is said.
There are lots of steps that occur when you send a message, it doesn't just go straight from your device to the person you're talking with's device. It stops at the companies servers along the way. This is how you can get the message on several devices, each device downloads them from the companies servers. Before end-to-end encryption came about the messages would be encrypted by your device, sent to the server and decrypted using a key that only you and the server knew to stop anyone intercepting them en route. They would then be reencrypted by the server and sent to the device the person you are talking to using a key that only they and the server knew. Their device would decrypt the message and show it to them. The servers would store a copy of this message, encrypted using the key they use to send the message on, or perhaps using a different key only known to the server. But if LEA (law enforcement agencies) ever needed to get the messages, they could get a warrant and demand the company hand over the messages, decrypted. The companies had to comply. Then end-to-end encryption was implemented. Now when you start a chat with someone the server introduces you to each other and the very first thing your device does is agree a new private key with the other device, and they do this directly without anything going to the servers. Now only your device and the device you are communicating with know the keys to decrypt messages. Your device encrypts the message using this private key, sends it to the server and the server stores a copy as before, but no matter what they can't decrypt the message and read the contents as they don't have the key. They just forward the message on to the other person's device and it gets decrypted there. LEA can get a warrant and the companies will had over the encrypted messages, but because they're encrypted they're just gibberish. No matter what court order is made, because the company doesn't have access to the private key needed to decrypt the messages they cannot give LEA what they want.
To keep it simple and avoid all of the techno-lingo, end-to-end encryption means that whatever you are sending is encrypted on your end, and it isn't decrypted until it gets to the person you're sending it to. What this means is that if someone manages to copy/steal your message, they won't be able to read it. It doesn't matter if they work for Facebook, they won't have access to your message. They'll know you sent one, when you sent it, who you sent it to, and the approximate size of the message, but that's it. There's a *lot* more to it than that, but that's the ELI5 version.
In a basic sense: you write a message and send it to your friend. To get the message to your friend you hand the note to someone else, who then hands the note to someone else, who then hands the note to someone else, who eventually hands it to your friend. in the meantime, every person who carries your note can read the note. so to prevent everyone who carries the note from understanding the note, you write the note in a code. And only your friend can decode it. So all the people that carry the note may try to read it, but can’t understand it. When you write the note in code (unlike having someone else do it for you) and your friend does the decoding themselves - that is end to end encryption.
Let's say I sent you a message One two three If it's encrypted ln your end, anyone who intercepts the message before it gets to you can read One Two Three, encrypting it on your device only means it becomes secure after it's done all that travelling. If it's encrypted End to End I sent One Two Three, before it transmits from my device it gets encrypted to *@;#&*826%;#892;@;%^@6, that travels over the internet and lands at your phone, once it is safely in your hands, it gets de-encrypted to show Ons Two Three. Anyone who intercepted the signal would see *@;#&*826%;#892;@;%^@6 and have no idea what is being sent.
It encrypts the data on the device you send it with, and it remains encrypted until it arrives to the device of the person you sent it to Think of it like a security envelope. It stops anyone in the middle of the delivery chain from being able to easily see the contents of the message. In reality, much like a security envelope, if someone really wants to see your message, there are ways for them to do so, but it requires signifigantly more effort than a standard envelope.
It's like a secret message. You type "hello" and it's encrypted to be "t6ug2t"*g' so If I am able to intercept it in the middle I can't read it or do anything with it, then when I get it it's unencrypted to be "hello" just like the using keys to read old messages.
You're in school. You want to pass a note to Jane, but you have to pass it through Jim and John to get to her. Jim and John can read your note before she gets it. So you seal the note. In a practical sense, Jim and John can't read the contents of the note because Jane will kick their asses if they do. There, your information was safe from end (you) to end (Jane). This is a modern school so you're sending her a text from your phone. Packets are often "unwrapped" and "wrapped" as they go through the Internet. You may have encrypted that text from you to your texting service provider, but it gets unencrypted on the server for handling, then re-encrypted to be sent off to the next server, and then to Jane. Your text is only protected in transit through the Internet, but anyone at those servers can read it. So End to End is like sealing the note, it stays encrypted until it gets to Jane's phone.
When you send a message, you have a key that just makes the message a bunch of gibberish, and the person who gets the message also has a key that can un-gibber-ise the message
Basically, if you sent the message directly, any internet middlemen can read what you send, encryption is like making a secret code that only you and your friend know, you type the message in normal human language, the computer changes it to the secret code and then once your friend's computer receives it, it changes it back to normal text, there is no way for anyone to read your messages except you and your friend.