• qprimed
    link
    fedilink
    English
    arrow-up
    27
    ·
    7 months ago

    lots of comments about e2e encryption (or the potential lack thereof)

    even if it is e2e encrypted (and I mostly believe it is), once its decrypted on your device (in their app) its in the clear. there is nothing technical preventing the app from then inspecting the data or forwardiing the data to another party for analysis - thats a “terms and conditions” issue.

    the article claims they are doing some on-device recognition - thats likely computationally non-trivial, with variable accuracy (false positives/negatives, anyone) and probably at least partially circumventable and perhaps even exploitable (more app surface area to attack).

    so, ok… its a lead-in to classifying content on your device. I have no idea what comes next, but I am pretty sure there will be a next and this is why I don’t intentially use any meta products.

    • Lutra@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      ·
      7 months ago

      Which is a end-game around E2E. Saying ‘the message is encrypted’, but yes, I look at all messages before and/or after violates the expectation of E2E.

      • BearOfaTime@lemm.ee
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        2
        ·
        7 months ago

        I’ve said this from the start, and people called me names, or “prove it”. Sigh.

        If the capability is there, that’s a problem.