cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Facebook to focus on privacy ...

Mark Zuckerberg, Facebook’s CEO, has announced that the social platform will focus more on encrypted communications rather than public posts.  OK, that sounds impressive, but the evolution is a bit more limited than that statement might imply.  The encrypted messages will apply to Facebook Messenger, Whatspp, and Instagram, and to "ephemeral" mess....  Sorta like what Snapchat promised.

 

First reaction: is this really a sea change for Facebook?  (Unlikely.)

 

Second reaction: anybody have any confidence that Facebook, with it's history of horking up any and all information it can gather and sell, is really going to pursue this as a corp?

 

Third reaction: anybody have any confidence that Facebook, with it's history of privacy related bugs, will do very complicated crypto right?

 

In the end, I suspect that this will be a momentary fad at Facebook, until they realize that providing this service is in direct conflict with their base model.  I don't see it as a major change, but a momentary media distraction to try and deflect attention from their ongoing privacy problems.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
1 Reply
Caute_cautim
Community Champion

However, this sows literally a lot of self doubt too, as to their real intentions given that Whatsapp, and Instagram is notoriously insecure anyhow and legislatively, they cannot use any cryptographic algorithm, which the authorities of the that particular country cannot actually crack or obtain for monitoring purposes.

 

So what is their real intent here?   Stay in business, or make amendments for their dysfunctional approach to data?   I also noticed an IAPP piece on whether encryption of private data would be acceptable or not. 

 

https://iapp.org/news/a/is-encrypted-data-personal-data-under-the-gdpr/?mkt_tok=eyJpIjoiWXpCaFpXRXpZ...

 

The argument is concluded by stating the following:  "Let’s hope that the supervisory authorities and European Data Protection Board see the light and officially conclude that, when processed by parties that do not have access to the encryption key, encrypted data should not be considered personal data under the GDPR."

 

How do they prove they do not have access to the encryption key, i.e. they may have the means to actually read the content, but not actually tell anyone about etc.

 

Regards

 

Caute_cautim