Read the original article
Comments
Isn't this actually improving safety by openly admitting how things always were in practice?
Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.
Truly safe e2e requires open source client provided by a trusted entity who is as much as possible independent from the one who provides the untrusted transport layer. Eg how pgp email works.
By john_strinlai 2026-03-1316:243 reply one thing to consider is how just the optics of major players using e2e was an overall benefit.
people who otherwise would have gone their entire lives without ever hearing about encryption were exposed to the term and the marketing convinced them that encryption and privacy was a valuable thing, even if they didnt fully understand the mechanisms or why e2e might not necessarily be very effective in specific circumstances.
later, when presented between option a and option b, where one has encryption and the other doesnt, they are more likely to choose the one with it ("well, if instagram and facebook use it and say it is good...")
By GoblinSlayer 2026-03-1319:20 And Big Brother realized this optics was a mistake.
If someone's given the choice between say Instagram and IRC, and chooses Instagram because they heard it has E2EE, that's a loss.
By john_strinlai 2026-03-1316:55 perfect is the enemy of good, etc etc.
between signal and plain text, it is easier to convince friends to use signal if they see positive marketing about encryption on other popular apps they use. it is easier to convince them to encrypt their backups before uploading them to their google drive. hell, its just a good conversation starter to introduce encryption/online privacy to people that never really think about it. that type of thing.
those same friends are not going to use irc regardless. not really a loss if it was never even on the table.
By inquirerGeneral 2026-03-145:00 [dead]
By iamthejuan 2026-03-1317:414 reply This happened to my girlfriend and me twice on Messenger. On two consecutive nights, we heard a male voice with an American accent speaking as if he were talking to someone else, almost like they were conducting some kind of operation. It seemed as though he suddenly realized that we could hear him, after which the voice abruptly disappeared. The following night, it happened again, but this time the voice sounded like that of an African American woman. The situation was similar to the previous night. From that night, we have not used it to communicate and used Signal instead.
By browsingonly 2026-03-1322:10 I work on products that feature live monitoring capabilities. There's no connection to the monitoring side's microphone (or camera) — why would there be? I'm not sure why there would be for their products.
Whatever the cause, it sure sounds like it was a strange and unnerving experience.
By RobRivera 2026-03-140:32 I understand this reference.
One time when I was in Hawaii I could swear there was a club playing dance music quite loudly somewhere a few blocks over: there was that muffled quality to it where I kept trying to pick out the song from inside my Airbnb.
Walking outside (after asking my wife if she could hear it): silence. Trees rustling, normal noises.
It was background noise. But inside the apartment that combination of different sounds was just right that it sounded like muffled music to me - but hence why I couldn't identify it, whatever was there was just me thinking I was hearing things.
Draw ones own conclusions about the relative technical plausibility of the events described by the OP (how would digital packet based audio experience a glitch which is structured as though you'd tuned into another analog radio station? It wouldn't: that doesn't happen and it isn't even a failure mode).
By root_axis 2026-03-1318:40 What do you imagine was going on here?
I don't disagree, but I think there is a distinction between "everything is e2ee, but specific conversations may be MiTM without detection" and "nothing is e2ee and can be retrospectively inspected at will" that goes a little beyond security theatre - makes it more analogous to old fashioned wiretaps in my mind.
Obviously it involves trust that it isn't actually "we say it's e2ee but actually we also MiTM every conversation"
By londons_explore 2026-03-1417:13 Even with closed source clients, MitMing every conversation would likely be detected by some academic soon enough - various people take memory dumps of clients etc and someone would flag it up soon enough.
One of the scary things is that not even this really works. Ignoring supply chain attacks, most people treat any client as effectively black box. When was the last time you read through the code of a messaging app? How do you know its safe? Maybe _you_ read through it, but 99% of people don't.
By londons_explore 2026-03-1417:15 And even if you did read through every line of code, it is super easy to hide a deliberate bug which entirely breaks encryption.
Eg. The Debian random number generator bug.
By dhblumenfeld1 2026-03-1321:551 reply wouldn't signal fall under this category (same entity control the client and server in between) but they have no way of peaking inside any envelopes?
By hsbauauvhabzb 2026-03-1323:06 Every e2e solution relies on trusting the application/tooling/crypto used. Open source is better than nothing, but is not a silver bullet for trust.
By chis 2026-03-1317:14 E2E encryption lets Meta turn down government subpoenas because they can say they truly don't have access to the unencrypted data.
I can't say I really mind this change by Meta that much overall though. Anyone who's serious about privacy probably knew better than to pick "Instagram chat" as their secure channel. And on the other hand having the chats available helps protect minors.
By slim 2026-03-147:15 the purpose of this move is to feed your private conversations to ai
By Synaesthesia 2026-03-1318:071 reply It's all about trust at the end of the day. And given that it was exposed that Apple, Microsoft, Meta, Google etc all collaborated with the US government to provide surveillance (PRISM) by Edward Snowden, how we can trust them ever again?
Did they collaborate? Google freaked out when Snowden revealed what the NSA was doing.
By Synaesthesia 2026-03-143:46 They definitely did collaborate with the NSA.
By JasonADrury 2026-03-1418:02 >Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.
You are no more capable of spotting a deliberately concealed backdoor in a binary than in source code, there's simply no meaningful difference.
Everyone is hypothesizing government backdoors and whatever else but to me there's a simpler and more obvious reason - AI.
Companies started pushing E2EE a few years ago because users' private messaging data used to be a liability. Now that the data can be fed into LLMs for training and inference its value has gone up significantly, and the privacy and security tradeoffs are suddenly worthwhile.
PMs across the industry are pushing product decks with "conversational AI assistants" to get their next promotion. I've been in more than one of these meetings myself. If the data is encrypted then there's no way to build this kind of stuff.
By Archonical 2026-03-1321:52 It's around the same time they announced their Applied AI org under Boz, which is responsible for data for Avocado/Mango/Watermelon training now. The timing certainly doesn't help.
By morpheuskafka 2026-03-1315:031 reply So apparently this was opt-in, much like Telegram's OTR chat feature, and thus completely different than WhatsApp where it has always been default. Not a good look regardless, but the few who went into chat settings for a specific person to turn this on in the first place will likely just switch to WhatsApp or another app rather than continue without it.
