TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

53% Positive

Analyzed from 3213 words in the discussion.

Trending Topics

#don#encryption#meta#apple#end#messages#privacy#instagram#siri#more

Discussion (117 Comments)Read Original on HackerNews

mandeepjabout 3 hours ago
> 'Very few people were opting in to end-to-end encrypted messaging in DMs,' Meta says.

Then why didn't you make the opt-in default like Signal and WhatsApp? :-)

milderworkaccabout 5 hours ago
I'm not sure if this meets the bar for substantive and thoughtful discussion, but this kind of corporate cowardice, enforced by unelected bureaucrats standing at the bully pulpit is only going to get worse as the noose tightens on the open web.

The combination of hardware attestation and walled garden "app stores" is the end goal of most policymakers in this area, and it happens to suit the monopolists in Google and Apple and Facebook down to the ground.

Perhaps a timely reminder that things do not always get better over time, and that we may have lived past the high point of secure communications in our lifetime.

SlinkyOnStairsabout 2 hours ago
It's not just "the death of the open web".

These decisions are made whilst America is falling to fascism. Meta may not intend for the abolition of E2E encryption to make fascist crackdown on free speech easier, but that is the reality of what abolishing E2E encryption does.

DHS is already subpoenaing tech companies for the information about users who criticize ICE. https://www.nytimes.com/2026/02/13/technology/dhs-anti-ice-s...

The "walled garden" isn't even that big a concern anymore. The gestapo reading every single digital communication you have and showing up to harass, threaten, or simply disappear you into a camp if the infraction is severe enough. That is what's at stake here.

chadgpt2about 4 hours ago
Do people expect that Instagram can't read their Instagram private messages? I don't think people expect that. And E2EE is not nearly as cheap as the HN crowd likes to pretend—how do those devices get those keys if not through a central service? Especially if one of them is a web browser?
torben-friisabout 3 hours ago
>Do people expect that Instagram can't read their Instagram private messages? I don't think people expect that.

A deeper question is why we reached a point where people can't reasonably expect their communication to not be spied on.

Slash65about 1 hour ago
People, or at least Americans, didn’t care in 2012 when the Snowden reveal happened. We’ve been at that point for over a decade now.
dmbcheabout 2 hours ago
PRISM?
ryandrakeabout 4 hours ago
I would expect any message facilitated by a company's software, and going through that same company's servers to be compromised.
mrexcessabout 4 hours ago
The answer to most everyone question you’re asking is just, “public key cryptography”. It’s kind of disheartening to me that such basic 1990s tech as implemented by Phil Zimmerman is now obscure enough to merit questions like this.

Both parties exchange public keys through the central service. Only the possessor of the respective (on device, Secure Enclave ideally) private keys can decrypt the messages encrypted to the public key. The process can also work in reverse, encrypting with the private key so only holders of the public key can decrypt: this is called “signing”.

feurioabout 4 hours ago
And how does one verify that the public key received belongs to the intended party, rather than a mitm?

If the answer is blind trust in a third party that runs the messaging service then I suspect that you can guess what the people asking those questions are really asking.

rileymat2about 4 hours ago
The fly in the ointment is that they control the software and updates to that closed software so can short circuit that with appropriate pressure.
onemoresoopabout 4 hours ago
Ok, so drop all pretense then and blatantly scavenge through private conversations? Then take whatever from there and maybe sell it to highest bidder?
tylerchildsabout 4 hours ago
Put simply:

I’ve talked to Apple engineers.

Siri fell behind due to how good Apple’s privacy is.

Everyone made fun of them for protecting them.

This is exactly the opposite of that, where Mark is throwing you and your children under the bus again because he’s unoriginal and doesn’t know how to make money any other way than by getting all up in your business, statistically.

al_borlandabout 4 hours ago
I usually defend Siri, because I’m perfectly fine trading a little functionality for security. I prefer it that way.
stego-techabout 4 hours ago
Same. The fact they're shoving AI into it and expanding it to providers who don't have privacy as a guiding principle is a key reason I'm sitting on a 14 Pro still, and why I'm exploring local alternatives with Home Assistant.

Besides, we just need to set verbal timers and control music. We don't need a full-blown verbal Oracle.

tyreabout 3 hours ago
They’re hosting their own Gemini, so they aren’t sacrificing to Google’s standards even if using their technology.
kypenabout 4 hours ago
Home Assistant is indeed quite nice and relatively simple to set up with the Docker images provided by the team. Device setup on iOS was a little inconsistent, but has been rock solid for over a year. Check out Homebridge as well. I run both.
amazingamazingabout 3 hours ago
Im curious what the threat model is that you're protecting against
linkregisterabout 3 hours ago
By disabling Apple "Intelligence" you bypass the risk of your prompts going to OpenAI.
fragmedeabout 3 hours ago
No. "You have to unlock your iphone first" is such a hindrance to using Siri for anything more than setting timers and alarms. If you're doing anything that involves gloves or a mask or getting your hands messy, like in a kitchen or something, it is just so frustrating. How about making a toggle so I can choose to be slightly less locked down for Siri, and I take full responsibility if I get hacked because of it.
glenngillenabout 3 hours ago
Settings > Apple Intelligence & Siri > Allow Siri When Locked
yalokabout 3 hours ago
building new features on top of E2EE is genuinely hard, and I've seen many companies struggle to keep innovating while staying strictly E2EE.

Having seen multiple leading messaging/VoIP stacks from inside, the amount of engineering spent to work around various limitations of E2EE in real prod scenarios is insane, and even for simple every-day-use features metrics don't compare to the metrics of the same feature running without E2EE.

garciasnabout 3 hours ago
Then a more reasonable response is: “we cannot as effectively monetize all of the data in our advertising platform disguised as another tool entirely unless we disable E2EE and we need to be able to allow not only ourselves but others to invade your privacy even more than we already do because it’s technologically difficult to do so when we encrypt your communications.”
yalokabout 2 hours ago
it doesn't necessarily have to be tied to monetization & privacy directly.

It may just be that ROI doesn't make sense: very few user out there truly care about (or even understand) E2EE, for quite some users it creates an inconvenience & support incidents (harder to move from device to device, forgot your passphrase - lost your history, new joiners to a group chat don't see previous history, etc), it requires a significant additional engineering effort to just maintain it, many new features get shipped much slower because of it...

wolvoleoabout 1 hour ago
I don't buy that. They could have done more with it despite the constraints. There's been a big lack of interest from Apple for a long time. Just like every few years they introduce a completely new Mac Pro with all the fanfare and then completely lose interest and let it wither and die for 5 years.
FireBeyond8 minutes ago
> Siri fell behind due to how good Apple’s privacy is.

Garbage. That's some good spin, though. Siri is a turd in a punch bowl for many reasons that have nothing to do with privacy.

"Siri, do X thing" "Done"

"Siri, do [extremely similar to X] thing" "I don't know what you mean"

Siri is connected to my Apple HomeKit. "Siri, turn off my Kitchen Lights" "I don't know what lights you mean."

Siri feels like it never evolved past a proof of concept.

alex1138about 4 hours ago
Do you know what Zuckerberg said in an interview? I think it was to Lex Fridman but I could be wrong

"Apple hasn't come up with anything new in 20 years"

Very likely in response to Apple's granularity. Poor Zuck can't steal people's credentials

thephyberabout 3 hours ago
I’m less impressed with Zuck every time I hear something new about him.

Apple has made incredible progress in the last 20 years, but almost none of that has been a brand new product. It has all been evolving the existing products and on building the world’s best supply chain and rearing incredible market share from Windows. To be clear, AirPods are a much bigger market than Nike shoes. Those, plus Apple Watch, iPad and Vision Pro are new in the last 20 years.

In the past 20 years, the Facebook website has evolved, but all of the other major investments by the company have been acquisitions. Instagram, WhatsApp, Oculus. Diem (or whatever that proprietary cryptocurrency was called) and the Metaverse were massive failures. I don’t know what to credit Meta for in the AI era except some of the LLAMA tooling and some open weights LLMs. CZI is doing cool things, but that’s Zuck’s private science company, not part of Meta.

jestersonabout 1 hour ago
Not a fan of zack (quite the opposite), but he isn't wrong here. Apple indeed didn't come up with anything new. Their PR stunts each year are more and more laughable as time goes by.

Neither did Meta, but that's a different discussion

dyauspitrabout 4 hours ago
Privacy is the reason I’m still on team Apple.
bramhaagabout 4 hours ago
Apple's response to the UK gov asking to see users' iCloud data says enough about where their priorities lie [1]. They do something far worse in China [2].

Don't fool yourself into believing Apple cares about your privacy. They care about money.

[1] https://www.bbc.com/news/articles/cgj54eq4vejo

[2] https://www.reuters.com/article/technology/apple-moves-to-st...

transcriptaseabout 2 hours ago
The UK public can still vote for governments that don’t demand backdoors into citizens’ private data. Instead, over the past century they’ve turned their country into an ineffectual nanny state of shrinking global relevance, while a fading aristocratic and old money class desperately cling to influence over a population that no longer cares about the old titles and prestige of having attended some ‘old boys’ boarding school nobody outside of GB has ever heard of.
thephyberabout 3 hours ago
Your links say that Apple complies with the laws of major countries. Which companies don’t do that?
dyauspitrabout 2 hours ago
They’re very clear about when they use e2e encryption and atleast I know when they don’t. There’s multiple reasons I don’t use iCloud.
jestersonabout 1 hour ago
Would you care to explain why do you think privacy with Apple is any better than other teams?
nothinkjustaiabout 4 hours ago
Apple feels like the only big tech company that remotely cares about its users. Thank god they make the best computer and OS too.

I’m sure this will not be a popular take on HN however.

dwedgeabout 4 hours ago
Android was originally enticing because of iOS locking everything down and controlling the ecosystem
esafakabout 3 hours ago
Android was designed to prevent Windows from dominating mobile:

I literally helped create Android to prevent Microsoft from controlling the phone the way they did the PC - stifling innovation. So it's always funny for me to hear Gates whine about losing mobile to Android.

— Rich Miner (https://x.com/richminer/status/1879004092602982765)

jestersonabout 1 hour ago
> I’m sure this will not be a popular take on HN however.

Precisely because it's your feelings, not objective observation.

No public company would care of their users, even remotely.

Indeed, during Jobs time it actually worked that way, but that time is long gone.

The OS is not nearly the best, just like laptops.

computablyabout 3 hours ago
"Best" is subjective. But "caring about their users"? Their response to RtR alone shows they care about their margins more than their users.
michaeltabout 3 hours ago
Apple care about their users like a farmer cares about a herd of dairy cows.

Whereas Microsoft and Google care about their users like a farmer cares about a herd of pigs.

throw1234567891about 4 hours ago
“But I want my freedom, I want to install whatever I want, bad Apple for locking down my devices away from me.”

They stay rather secure because of all these measures. But they’ll get dismantled, too. Because idiots push idiots in power to weaken Apple’s stance. Useful idiots is the right term.

b00ty4breakfastabout 3 hours ago
Being in a prison cell is a great way to avoid traffic accidents, I agree.
Handy-Manabout 4 hours ago
They were kinda forced to in the name of "think of the children". The New Mexico case that's been going on at the moment.
cyanydeezabout 4 hours ago
thats a generous view. The dystopian fascist view is he's aligning with the surveillance state's interests and instagram is seen as a breeding ground for anti-american-american activities.
zer0zzzabout 3 hours ago
People are bozos for wanting more from a glorified egg timer. I like Siri myself.
aucisson_masqueabout 5 hours ago
> Our messaging system has long been designed to balance user privacy with the ability to respond to scams, harassment, and other safety concerns when users report them or when required by law

TikTok about why they won’t put e2e for private messages.

I guess it’s reasonable to give up privacy to save the children, TikTok cares so much about our kids safety and wellbeing !

2ndorderthoughtabout 5 hours ago
This is awful. They are doing this so they can literally advertise to kids. I bet their dbs aren't encrypted at rest either. Complete foolishnes
chadgpt2about 4 hours ago
Can you steelman TikTok's argument?
airstrikeabout 3 hours ago
No, because it's terrible. There's no need to break encryption to allow you to report a user. You'd just report via a copy of an excerpt of the conversation and leave the rest of your communication private. If the user can't tamper with the extraction of that excerpt, you can trust it is correct. You could even extract hashes from both the reporting party and the reported party and compare them with zero knowledge of the actual conversation.

More sophisticated HNers can chime in with zero-knowledge proofs and whatnot to show that their argument is DOA.

ryandrakeabout 2 hours ago
It's too bad we fell so hard for centralization. In an alternate universe, messaging on the Internet could have been:

1. Alice's device has a publicly routable IP address with a domain name like alice.home.her.isp

2. Bob's device is has same qualities, using: bob.mobile.his.isp

Then Alice can just open her chat app up, add bob@bob.mobile.his.isp and off they go. I mean we had UNIX's "talk" for how long but instead of evolving/securing/fixing it, we blew it! And now we have all these companies 1. coming up with their own incompatible protocols and 2. inserting their stupid centralized servers as intermediaries. And now every chat message we send over the Internet has to be received and re-sent through a handful of amoral corporations.

nemothekid30 minutes ago
>In an alternate universe, messaging on the Internet could have been:

I don't think so, and I think the very reason is because the people who opt for these decentralized solutions never really sit down and try and design a product, they just want decentralization for the sake of decentralization. For them decentralization is the product. Your alternate universe evaporates when you ask the question "what happens if Alice's device is offline?".

If you squint, the exact system you are describing is e-mail, and that has become effectively centralized, and it happened long before we had tech mega corps.

tptacekabout 2 hours ago
Why is this any better? It doesn't solve any of the identity and end-to-end encryption problems centralized messengers do; it just changes the underlying connectivity model, which is the least interesting part of the system.
lwansbrough36 minutes ago
Decentralized cooperation and associated protocols is a lot harder than just inserting messages into a MySQL database and then displaying those messages.
bawolffabout 2 hours ago
If people spent half the time they do wishing for decentralized messaging working on the actual problems with it, we would have decentralized messaging.
B1FF_PSUVMabout 2 hours ago
> now every chat message

"It hurts when I do that."

"Don't do that."

jestersonabout 1 hour ago
Big question is how to put sgt.cia.gov or mayor.fbi.gov in the middle between alice.home.her.isp and bob.mobile.his.isp.

That is why centralised messengers are pushed hard.

And this is not to protect society from harm, as many would assume.

jezzamonabout 2 hours ago
People here like it, but end-to-end encryption is an objectively worse user experience for people that don't care about that feature
jestersonabout 1 hour ago
How is it "objectively worse"?
sam1rabout 1 hour ago
I don't understand why they would go in this inversely-progressive direction.

Shouldn't we be aiming to increase e2e encryption for the most regularly used communication platforms?

lo_fyeabout 1 hour ago
I didn’t even know it was available to opt-in to! Probably why adoption wasn’t great.
alex_youngabout 3 hours ago
Isn't this really about "protecting" minors using Instagram?

If they allow E2E encryption, they can't scan for CSAM or do other monitoring stuff effectively, so they can't provide a "safe" place for minors.

Obviously the right answer is kids shouldn't be exposed to social media at all, but more eyeballs is more important than our kids.

bntekeabout 2 hours ago
cmon bud this is never what it's really about
daft_pinkabout 4 hours ago
I'm not sure the value of end to end encryption for proprietary application chats. For emails and SMS messages, your messages are being sent between different multiple servers on the open internet and it opens you up to spying, but end to end encryption on instagram is only protecting your chats from Meta.

I find the end to end encryption on Facebook to be detrimental to ease of use, because you always have to use a pin code, etc for the web interface.

If you don't trust meta with your chats, you probably shouldn't be using their application to begin with.

shiandowabout 4 hours ago
I'm not sure I disagree, but I would summarise it slightly differently.

If you don't want Mark Zuckerberg to upload your private messages into his own chat AI, then stop using Instagram immediately.

ergocoderabout 4 hours ago
Actually, by doing e2e encryption, Meta can say to the authorities that Meta doesn't see any message and cannot be blamed for anything. We cannot snoop user's conversation, and that's generally a good thing.

The authority holds Meta responsible anyway; they don't care about the implementation detail. They want to catch a pedo, and Meta is unable to produce evidence that helps them. Everyone else will yell at Meta for helping pedos.

You can substitute "pedo" with any other heinous crime e.g. terrorism.

And this is how we arrive at the current situation.

mrexcessabout 4 hours ago
> The authority holds Meta responsible anyway

What form of accountability are you suggesting is even being leveraged, here? No law could force Meta to backdoor its encryption, afaik. Public pressure would be unlikely to work.

Is Meta afraid of anything real, or is this just blame shifting via ungrounded speculation?

ergocoderabout 4 hours ago
They can because Meta has chosen to implement e2e encryption. They could have chosen not to implement e2e encryption. All within their controls.

Australia already has this law in place where a company must hand over user's conversation. A company cannot make an excuse that they themselves implement e2e to prevent themselves from reading user's messages. Source: https://www.bbc.com/news/world-australia-46463029

UK has a proposal to ban encryption this year. It is still being discussed.

> Public pressure would be unlikely to work

Public pressure works to a certain degree. Do you think a product manager at Meta would want to be labeled as "protecting pedos"?

sedatkabout 4 hours ago
> but end to end encryption on instagram is only protecting your chats from Meta.

No. It protects your chats from Meta and all governments of the countries where Meta operates.

In fact, I expect Instagram to be more reachable globally now because these relaxed communication standards would be welcomed by oppressive governments as they can now retrieve messages as they please for whatever purpose they deem.

Barrin92about 4 hours ago
the entire point of encryption is that you don't trust the channel you communicate through, that's what it was invented for, communication across adversarial channels. Distrust is the only condition under which you need encryption.

In addition from a practical POV it's if anything the reverse is the case. Email encryption is larp security because plain text is the default, leaks metadata and its interfaces make it trivial for people to leak entire conversations. If there's one technology where you should just assume your messages are public, it's email before someone copy pastes or wrongly forwards your encrypted communication to fifty other people.

Private message encryption makes sense because it's now a default, information exchanged is usually personal, and the problem isn't just Meta but law enforcement extorting your data out of their hands, which encryption in the real world has prevented a few times now already.

ergocoderabout 4 hours ago
It's a governance.

The executives don't want anyone else to be able to use the messages in a malicious way, so they decide to cut it at the sources of the messages i.e. e2e encryption.

This is like: corporate emails being deleted after 6 months. When an authority asks for emails from the last year, they can say they don't have it.

Now the authority can ask for the emails not to be deleted at all but then that will be a different battle the authority has to fight.

Corporate emails often don't involve pedos/terrorism, so there's much less push to retain corporate emails forever.

ardit33about 3 hours ago
I worked at Instagram during this (not at the EeE, but saw enough of it, to see that it was a mess).

I think the reason for dropping it, is more of a technical issue and user experience, rather than a 'desire' issue or company will. From my understanding, Zuck wanted this. The implementation was a mess, and folks have different expectations about messages to appear at every platform. Having messages disappear between devices/web, or having to back up encryption, keys, etc... it was just a terrible user experience. Even employees, disliked this feature.

This was not something actually asked by users, but more of a feature done in order to thwart all the types of legal issues created when folks use the platform.

At some point, I counted, there were 64 'leads', just to make this happen. Each lead, had a certain area, or surface/views, which means we are talking about hundreds of folks involved to make this happen (across fb and ig).

It was a boodongle, and it was something that users didn't ask.

Ps. I know, many here at HN really care about this, but the average user was not willing to put up with the degradation of the user experience in order to make this happen. All workarounds, require weakening E2E, which made it pointless.

Ultimately, If you want a truly E2E, you will have to use a platform specifically made for it. IG/FB are just not it.

Even Telegram, doesn't have it enabled by default, unless you specifiy it.

silisiliabout 2 hours ago
I don't know all the details because I'm not a cryptologist, but Wire messenger seemed to have solved this in a way that wasn't annoying. I haven't used it since they pivoted, so can't speak much to its implementation, but I remember it working seamlessly across devices.
Advertisement
arealaccountabout 3 hours ago
So don’t use Meta products if you care about privacy?
K7PJP14 minutes ago
This is a reductive and frankly insulting response. People want to be able to communicate with other people they will use the tools that allow them to do it. Sometimes the person I want is on Instagram, that’s how I can reach out to them. I believe privacy ought to be a human right. I don’t just limit myself to tools used by a very narrow swath of arrogant nerds. Instead, we fight for privacy.
rustyhancockabout 3 hours ago
I think people feel this is the begining of the end.

Meta is part of the reason Signals E2EE spread and E2EE became ubiquitous in general.

Many governments have also turned against E2EE and I suspect it's gone from a shield where you can say we can't really help you get that data, to a constant pressure.

arealaccountabout 2 hours ago
Yea fine I see that, but their entire business model revolves around exposing people’s otherwise private lives, and they are making a lot of money doing so.

It’s like using a web browser distributed by a an ad company whose business model is all about tracking folks

josh-wraleabout 4 hours ago
How likely is this about collection of LLM training data?
alanceabout 3 hours ago
Perhaps they should phase out the encryption on WhatsApp as well?
2ndorderthoughtabout 5 hours ago
Instagram should be shut down. Not using encryption for social media and places where users expect any level of privacy is insanity.
ChrisArchitectabout 1 hour ago
Previously:

3 days ago https://news.ycombinator.com/item?id=48024160

mid-March https://news.ycombinator.com/item?id=47363922

alex1138about 4 hours ago
While encryption already ruined FB Messenger (no comment on IG encryption or lack of but people have hated Insta since Zuck took over)

While they ALREADY probably only have Messenger for nefarious reasons https://news.ycombinator.com/item?id=4151433

He's a bit of a... something. That might get a 'low effort comment' moniker attached to it. Rhymes with ociopath