Facebook Messenger adds end-to-end encryption.

John Young jya at pipeline.com
Sat Jul 9 02:58:20 PDT 2016

End-to-end encryption is reliable only if it begins and ends without
use of computers and networked transceivers and devices, operating
systems and systems administration, electromagnetism and
algorithms, ISPs and packets.

Each of these are vulnerabilities, not unlike Tor, anonymization,
VPN, OTR, any method widely promoted and recommended.

The more widely known and adopted the less like to be secure.
So Facebook fails the same way Crypto-AG failed, and those
developed in between.

Cybersecurity is on a roll, given extra boost by Snowden releases
(limited as they are by his "do no harm to the USA") and his
continuing boosterism from protection of the other world
policeman out to make sure no encryption is invulnerable.

Currently all states are promoting limited cybersecurity in various
see-through couture but never disclosing what the states use
for hiding most-secret comsec. Snowden, among many in
the ballooning cybersec field, never advocates full disclosure,
and in that ancient way, protect their state-sanctioned privileges,
in RU as in 5-Eyes.

Facebook is regulated by the USG and through it other nations
so not likely to place its survival above that of customers. But it
certainly uses the language of customer protection pretty much
identical to all the 74 amici which jumped on board Apple's
grandstanding fight against USG, settled secretly.

Official secrecy continues to be the primary vulnerability of
cybersecurity and public comsec. No nation can survive
without it, nor can any state-regulated entity.

Without top secret code word privilege nobody is secure.
And those with that privilege willingly harm the populace
by lying and cheating and disinforming. Snowden fits that,
probably entrapped to do so by his media handlers who
dare not challenge the states which privilege media.

At 01:37 AM 7/9/2016, you wrote:

>2016-07-09 7:46 GMT+03:00 jim bell 
><<mailto:jdb10987 at yahoo.com>jdb10987 at yahoo.com>:
>"Facebook Messenger wants to be your primary 
>messaging app. As people become more and more 
>concerned about security, being the best 
>messaging app means being the most secure. 
>That’s why Facebook is finally adding an 
>option for users to encrypt their chats in Messenger.
>Messenger will begin to offer an end-to-end 
>encryption feature to a limited test group of 
>users today. It’s a security option that’s 
>been a long time coming for Facebook, which has 
>considered making end-to-end encryption 
>available for several months. The so-called 
>“secret conversations” debuted today will be 
>only visible to the sender and the reader, which 
>means Facebook can’t enable some of the 
>chatbot and payment features that are normally a 
>part of the Messenger experience. However, 
>end-to-end encryption boxes out law enforcement 
>and even Facebook itself from reading users’ 
>chats, ensuring that their conversations remain private.
>Messenger has also taken steps to make sure that 
>chats remain secure, even if a user’s device 
>gets lost or stolen. In secret conversations, 
>Messenger will allow users to set an expiration 
>date for a message so that it won’t be visible 
>in the conversation forever. Once the time runs 
>out, the message will vanish from the devices of 
>all users in the conversation. Facebook released 
>technical details about its implementation of 
>secret conversations in a white paper 
>Secret conversation mode will only be available 
>on iOS and Android, not in Messenger.com, 
>Facebook chat, or the desktop Messenger app — at 
>least for now. Facebook’s vicce president of 
>messaging products David Marcus told TechCrunch 
>that the addition of end-to-end encryption is 
>intended to help Messenger become everyone’s go-to app."
>[end of portion quoted]
>Â  Â  Â  Â  Â  Â  Â  Â  Â  Â  Â Jim Bell
>Jim, everyone,
>is it just me, or.... but when i see/hear the 
>word "facebook" i get vomiting reflex and can't force myself reading further?
>I'm not talking about using/not using it 
>(facebook/their new secUUUre app), but talking 
>about trust. A total lack of trust toward them. 
>No matter what they write, say or "invent".
>Reminds me a saying on Russian towards a well known enemy which states,
>"you can kill me, but i won't believe you".
>* the same refers to google too, of course. I 
>use it, for example, 'cause i *have to* from 
>various of reasons, but do i trust them? NO WAY. 
>Do i use it for sensitive stuff? NO WAY. And 
>their "new encryption" or "goody goody 
>statements"Â  won't buy my trust after all the 
>revelations! And i don't need "new" revelations to keep that in my mind.
>But.... am i the only one? Do we need a Snowden 
>explosion every 3-5 years to keep in mind that 
>we are being fucked up all the time by the 
>googles-facebooks and alike? -> thus NOT to 
>trust them, no matter how they "sing"?
>I hope that we don't.

More information about the cypherpunks mailing list