A 17-year-old from Nebraska and her mother are facing criminal charges including performing an illegal abortion and concealing a dead body after police obtained the pair’s private chat history from Facebook, court documents published by Motherboard show.
I thought messenger was end-to-end encrypted, at least according to Facebook. How were they able to hand over the chat logs? The messages should be encrypted with a key that is itself encrypted with user’s password, which Facebook doesn’t store.
Actually that page suggests that they can’t access it. They’d never passed the security on it if that page was lying and they don’t encrypt it. Clearly there must be some kind of mechanism they can use to decrypt it for law enforcement. The technicals of that are what I was actually interested in from my original comment.
EDIT: Oh my God I just figured it out. It’s not enabled by default. You have to explicitly turn it on per conversation. That’s terrible
Presumably they maintain full access because they control both ends. The encrypted part would stop others intercepting messages. At least that’s how I’ve always read it
Edit: I’m wrong, end to end does exclude even the app provider from seeing messages. So yeah, either not enabled or they lied
To add to other replies, proprietary apps like messenger can also have backdoor access to your messenger app, where the messages are stored decrypted. I.e. maliciously taking the chat history from either ends of the end-to-end encryption.
And on the official app it isn’t called end to end encryption or even a setting toggle. It’s called secret chat and clicking on it opens a chat from the original chat. The only difference I see is a little lock icon where an emoji usually is.
@linux_user_6967@Goun Telegram’s end-to-end encryption isn’t enabled by default. You have to specifically choose to start an encrypted chat. Assuming you trust MTProto though, there’s no indication they’re otherwise implemented poorly.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
I thought messenger was end-to-end encrypted, at least according to Facebook. How were they able to hand over the chat logs? The messages should be encrypted with a key that is itself encrypted with user’s password, which Facebook doesn’t store.
What am I missing?
End2End encryption is mostly a PR stunt. In practice it’s not hard to go around it. For example:
It reminds me of this XKCD: https://xkcd.com/538/
You’re not telling me Facebook LIED are you? No way I wouldn’t believe it /s
Actually that page suggests that they can’t access it. They’d never passed the security on it if that page was lying and they don’t encrypt it. Clearly there must be some kind of mechanism they can use to decrypt it for law enforcement. The technicals of that are what I was actually interested in from my original comment.
EDIT: Oh my God I just figured it out. It’s not enabled by default. You have to explicitly turn it on per conversation. That’s terrible
Even if you turn it on, they control the end points, so it’s not really any more secured.
Presumably they maintain full access because they control both ends. The encrypted part would stop others intercepting messages. At least that’s how I’ve always read it
Edit: I’m wrong, end to end does exclude even the app provider from seeing messages. So yeah, either not enabled or they lied
You’re missing the fact that they lied to get users
To add to other replies, proprietary apps like messenger can also have backdoor access to your messenger app, where the messages are stored decrypted. I.e. maliciously taking the chat history from either ends of the end-to-end encryption.
It’s not enabled by default
And on the official app it isn’t called end to end encryption or even a setting toggle. It’s called secret chat and clicking on it opens a chat from the original chat. The only difference I see is a little lock icon where an emoji usually is.
Sounds like Telegram, smh
wait, what ? can you elaborate, since I use telegram on daily bases
@linux_user_6967 @Goun Telegram’s end-to-end encryption isn’t enabled by default. You have to specifically choose to start an encrypted chat. Assuming you trust MTProto though, there’s no indication they’re otherwise implemented poorly.