Excerpts from the article and another article by the Electronic Frontier Foundation (EFF) :

While Meta won’t collect messages themselves, there is nothing stopping them from collecting metadata on those very messages.

By design, Meta has access to a lot of unencrypted metadata, such as who sends messages to whom, when those messages were sent, and data about you, your account, and your social contacts. None of that will change with the introduction of default encryption.

Meta has a reputation for collecting its users’ data: a key part of its lucrative advertising business. In fact, last year, the company earned a US $1.3 billion fine from European Union regulators for transferring EU citizens’ Facebook data to the United States.

Meta’s documentation indicates the company will continue to process messages’ metadata: what time a message was sent, for example, and who sent it to whom. The company says it will use metadata to help identify bad actors. Privacy advocates see this use case as evidence metadata can make a double-edged sword.

This also demonstrates how much can be inferred from behaviors and metadata without needing access to the actual contents of messages themselves,” says Geraghty. “So we have to ask: What could Meta be using this data for additionally? It’s likely this metadata will be used to continuously enrich user profiles for targeted advertising purposes.”

    • hersh@literature.cafe
      link
      fedilink
      arrow-up
      6
      ·
      10 months ago

      Yeah, I wouldn’t be too confident in Facebook’s implementation, and I certainly don’t believe that their interests are aligned with their users’.

      That said, it seems like we’re reaching a turning point for big tech, where having access to private user data becomes more of a liability than an asset. Having access to the data means that they will be required by law to provide that data to governments in various circumstances. They might have other legal obligations in how they handle, store, and process that data. All of this comes with costs in terms of person-hours and infrastructure. Google specifically cited this is a reason they are moving Android location history on-device; they don’t want to deal with law enforcement constantly asking them to spy on people. It’s not because they give a shit about user privacy; it’s because they’re tired of providing law enforcement with free labor.

      I suspect it also helps them comply with some of the recent privacy protection laws in the EU, though I’m not 100% sure on that. Again, this is a liability issue for them, not a user-privacy issue.

      Also, how much valuable information were they getting from private messages in the first place? Considering how much people willingly put out in the open, and how much can be inferred simply by the metadata they still have access to (e.g. the social graph), it seems likely that the actual message data was largely redundant or superfluous. Facebook is certainly in position to measure this objectively.

      The social graph is powerful, and if you really care about privacy, you need to worry about it. If you’re a journalist, whistleblower, or political dissident, you absolutely do not want Facebook (and by extension governments) to know who you talk you or when. It doesn’t matter if they don’t know what you’re saying; the association alone is enough to blow your cover.

      The metadata problem is common to a lot of platforms. Even Signal cannot use E2EE for metadata; they need to know who you’re communicating with in order to deliver your messages to them. Signal doesn’t retain that metadata, but ultimately you need to take their word on that.

      • Endward23@futurology.today
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        10 months ago

        Yeah, I wouldn’t be too confident in Facebook’s implementation, and I certainly don’t believe that their interests are aligned with their users’.

        I’m quite sure, they arn’t. This statement doesn’t mean that I think they have bad intention or something. It’s just, at least for me, obivious that the interest of the users and these of the companies are highly different. This is also the case with other companies and their customers.

        Having access to the data means that they will be required by law to provide that data to governments in various circumstances.

        A more paranoid person than myself would suspect that any big enough gouverment world simply force the companies to collect and share data.

        The metadata problem is common to a lot of platforms.

        From the viewpoint of the cooperations, this is a good deal. Enough privacy to keep people on the plattform and still enough data for advertisment.