E2E encrypted messaging on Instagram will no longer be supported after 8 May

Posted by mindracer 8 hours ago

E2E encrypted messaging on Instagram will no longer be supported after 8 May(help.instagram.com)

306 points | 165 commentspage 2

methuselah_in 4 hours ago|

It feels like it's time to move to lemon writing over paper on normal post. Only way you can no talk freely.

mvrckhckr 4 hours ago||

The only reason I can think of for this change is governmental pressure. I don’t see how it benefits the platform itself (nor its users).

paxys 2 hours ago||

There is a product reason - AI features are fundamentally incompatible with E2EE. If they want to bring more AI generated experiences and content into Instagram then the data needs to be accessible by them.

arlort 4 hours ago|||

I can think of a few reasons why a company built on profiling (and advertising to) user interests might be interested in the private conversations of their users

gzread 4 hours ago||

I can think of some. Less code complexity to support a feature that didn't work properly and nobody was using? More ability to detect spam?

kevincloudsec 5 hours ago||

the timeline for all of this is not a coincidence. meta spent millions lobbying for age verification laws that require content scanning. hard to scan content that's encrypted.

jonathantf2 5 hours ago||

This feature has never been available to me- it just threw an error each time. Wonder how far it actually got rolled out?

EmbarrassedHelp 3 hours ago||

In a sane world, removing E2E encrypted messaging would be worthy of huge fines.

CrzyLngPwd 5 hours ago||

Did they give a reason why are they doing this?

Bender 6 hours ago||

Never rely on a platform used by the masses to perform E2EE. It is far too easy to strip away E2EE for targeted users without their knowledge as they maintain the server and client code. This advise is to protect from corporations gobbling up and ultimately leaking sensitive data. Spooks can target the device itself via debug access for nation state level threats.

Consider instead using a code word or phrase to move sensitive conversations to something self hosted such as jabber using OMEMO XEP-0384 and XEP-0373 OpenPGP for XMPP and SASL SCRAM. OMEMO is an implementation of the Signal protocol on top of the XMPP protocol.

e.g. "_Expletive_! I stubbed my toe!" other-person: "lol geezer watch where you are walking." conversation quietly and temporarily moves to the pre-shared self-hosted Jabber server. Temporarily because going dark can draw attention. Feed the big chat platform boring garbage and misdirection.

impossiblefork 5 hours ago||

People catch the spooks and their exploits all the time though.

It is possible to defend against them. Maybe not on your phone though.

Bender 5 hours ago||

Agreed. I just mentioned that for the spooks who don't like I am suggesting moving sensitive conversations elsewhere using basic opsec. I assume the farm recruits on HN are probably just as concerned about AI taking their jobs. Surely someone has bought AI a coffee unprompted by now, maybe even flirted with the AI.

impossiblefork 5 hours ago||

I don't quite understand your comment. I also disagree with some implications of the final bit of your first comment: encryption is obviously basic privacy, but the interesting bit is who you're talking to.

So having a signal for switching mediums is something that I feel indicates thinking in the wrong direction.

Bender 5 hours ago||

So having a signal for switching mediums is something that I feel indicates thinking in the wrong direction.

It's not for everyone. I grew up with code phrases. My mom knew that if I said "I love you" to send in the cavalry. We had similar processes in the military. If I answered the phone a particular way they knew the remote site was under siege.

impossiblefork 5 hours ago||

That's an okay use, but in that use you're not attempting to achieving privacy.

Everyone knows you talk to your parents, but code phrases are not a way to get privacy.

Bender 4 hours ago||

It's not for privacy in the way you may be thinking. This was long before cell phones or the internet existed and the conversation would have been over the rotary phone and it is assumed someone is in the house with me that should not be. Goal being police have authorization to kick down the door and assist the person or people that are nutritionally deficient in lead.

Zak 5 hours ago||

Unless you're actually a spy, there's no reason to do this. Just use your secure solution all the time with those conversation partners who are willing to use it.

Bender 5 hours ago||

Unless you're actually a spy, there's no reason to do this. Just use your secure solution all the time with those conversation partners who are willing to use it.

Fundamentally I agree with you but people will stay on the platforms where their friends are. To change that the platform would have to do something really bad such as forcing age checks and even then I think many will just put up with it to stay connected to their friends.

alex1138 5 hours ago||

I don't use IG although they dearly want me to, giving me a popup every time I visit, but let me talk about FB for a second (and btw FB wanted to enable cross-platform messaging on the platforms they own - Meta - which seems anti-trust-y) - when they introduced encryption on FB, they made it mandatory. They opted everyone in, and it broke Messenger. If you delete cookies you might also delete messages. Isn't that convenient?

villgax 7 hours ago||

just waiting on whatsapp to rug pull as well & then bye bye privacy & meta from my life

dylan604 7 hours ago|

Wouldn't bye bye meta be hello privacy into your life?

j45 5 hours ago|

This could obviously tie to sending you more ads.

It could also tag people communicating about topics ig chat that it is actively suppressing.

They may be looking for an uproar to reverse the policy as so far, it's just words.

More comments...