Isn't this actually improving safety by openly admitting how things always were in practice?
Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.
Truly safe e2e requires open source client provided by a trusted entity who is as much as possible independent from the one who provides the untrusted transport layer. Eg how pgp email works.
iamthejuan 2 hours ago [-]
This happened to my girlfriend and me twice on Messenger. On two consecutive nights, we heard a male voice with an American accent speaking as if he were talking to someone else, almost like they were conducting some kind of operation. It seemed as though he suddenly realized that we could hear him, after which the voice abruptly disappeared. The following night, it happened again, but this time the voice sounded like that of an African American woman. The situation was similar to the previous night. From that night, we have not used it to communicate and used Signal instead.
prox 2 hours ago [-]
You mean like a voicecall on Messenger? That is creepy.
root_axis 1 hours ago [-]
What do you imagine was going on here?
mnahkies 1 hours ago [-]
I don't disagree, but I think there is a distinction between "everything is e2ee, but specific conversations may be MiTM without detection" and "nothing is e2ee and can be retrospectively inspected at will" that goes a little beyond security theatre - makes it more analogous to old fashioned wiretaps in my mind.
Obviously it involves trust that it isn't actually "we say it's e2ee but actually we also MiTM every conversation"
john_strinlai 4 hours ago [-]
one thing to consider is how just the optics of major players using e2e was an overall benefit.
people who otherwise would have gone their entire lives without ever hearing about encryption were exposed to the term and the marketing convinced them that encryption and privacy was a valuable thing, even if they didnt fully understand the mechanisms or why e2e might not necessarily be very effective in specific circumstances.
later, when presented between option a and option b, where one has encryption and the other doesnt, they are more likely to choose the one with it ("well, if instagram and facebook use it and say it is good...")
GoblinSlayer 39 minutes ago [-]
And Big Brother realized this optics was a mistake.
gzread 3 hours ago [-]
If someone's given the choice between say Instagram and IRC, and chooses Instagram because they heard it has E2EE, that's a loss.
john_strinlai 3 hours ago [-]
perfect is the enemy of good, etc etc.
between signal and plain text, it is easier to convince friends to use signal if they see positive marketing about encryption on other popular apps they use. it is easier to convince them to encrypt their backups before uploading them to their google drive. hell, its just a good conversation starter to introduce encryption/online privacy to people that never really think about it. that type of thing.
those same friends are not going to use irc regardless. not really a loss if it was never even on the table.
3 hours ago [-]
Synaesthesia 2 hours ago [-]
It's all about trust at the end of the day. And given that it was exposed that Apple, Microsoft, Meta, Google etc all collaborated with the US government to provide surveillance (PRISM) by Edward Snowden, how we can trust them ever again?
chis 3 hours ago [-]
E2E encryption lets Meta turn down government subpoenas because they can say they truly don't have access to the unencrypted data.
I can't say I really mind this change by Meta that much overall though. Anyone who's serious about privacy probably knew better than to pick "Instagram chat" as their secure channel. And on the other hand having the chats available helps protect minors.
paxys 36 minutes ago [-]
Everyone is hypothesizing government backdoors and whatever else but to me there's a simpler and more obvious reason - AI.
Companies started pushing E2EE a few years ago because users' private messaging data used to be a liability. Now that the data can be fed into LLMs for training and inference its value has gone up significantly, and the privacy and security tradeoffs are suddenly worthwhile.
PMs across the industry are pushing product decks with "conversational AI assistants" to get their next promotion. I've been in more than one of these meetings myself. If the data is encrypted then there's no way to build this kind of stuff.
morpheuskafka 5 hours ago [-]
So apparently this was opt-in, much like Telegram's OTR chat feature, and thus completely different than WhatsApp where it has always been default. Not a good look regardless, but the few who went into chat settings for a specific person to turn this on in the first place will likely just switch to WhatsApp or another app rather than continue without it.
4 hours ago [-]
treesknees 6 hours ago [-]
It could be a move to have parity with TikTok, where they claim it’s for safety reasons. I’ve been seeing advertisements for Instagram touting their child/teen protection features. Seems like they’re really trying to beat the allegations that Instagram is bad for children’s health.
Protecting kids and Terrorism, always the reason why nobody is allowed to have privacy on the internet.
nunobrito 6 hours ago [-]
Cars nowadays are packed with microphones and permanently connected to the internet on daily basis so that drivers can have remote assistance when the car breaks once every 5 years or so.
Which just shows that consumers don't care. Tesla's camera surveillance wasn't exactly secret.
mounram 11 minutes ago [-]
They care, but it is not in their top priorities
Sohcahtoa82 39 minutes ago [-]
Customers care, but not enough to actually change purchasing patterns.
nobodyandproud 4 hours ago [-]
Equating what companies get away with, as the clear signal to what consumers care about.
And billionaires and nine-day old alts wonder why they need a bunker.
Sayrus 5 hours ago [-]
I keep hearing this one. But at least for EU, the eCall system requires external communication to be disabled until activated during serious accident. It cannot be used for tracking the vehicle in real-time.
> 2. The personal data processed pursuant to this Regulation shall only be used for the purpose of handling the emergency situations referred to in the first subparagraph of Article 5(2).
> Manufacturers shall provide clear and comprehensive information in the owner's manual about the processing of data carried out through the 112-based eCall in-vehicle system. That information shall consist of:
> the fact that there is no constant tracking of the vehicle;
That vehicle nowadays are equipped with always-on internet and microphones is not related to remote assistance.
SV_BubbleTime 5 hours ago [-]
This is such misdirection.
Your car if new enough, IS reporting its diagnostics including GPS via cell. All the time. This isn’t exactly personally identifiable so they get away with it just fine.
This is unrelated to the microphones and assistance systems.
cluckindan 4 hours ago [-]
It becomes personally identifiable through correlations with other datasets.
That is the kind of thing people allow when they click accept or decline on those pesky ”we and our 195735 partners would like to…” dialogs.
Sayrus 5 hours ago [-]
Which is exactly my point. Cars are reporting on you, but tying that to remote assistance is disingenuous.
4 hours ago [-]
nobodyandproud 4 hours ago [-]
[flagged]
Sayrus 4 hours ago [-]
Happy to read your thoughts, can you elaborate on this?
nunobrito 3 hours ago [-]
Kindly read point number 2 slowly.
There are two definitions: a) Personal Data and b) Emergency Situations
What is an emergency situation and how can a car determine it is one? These are "smart" cars which aren't nowadays smart enough to process all your data locally, so that data is sent to servers elsewhere which process if either points a) or b) apply.
It is your choice to believe that voice data is ever deleted once acquired by governments and entities thirsty to benefit from that information.
For security experts this is just another "I told you so" within a few years.
officeplant 2 hours ago [-]
One of my favorite things about going EV is the forums tend to be full of paranoid nerds which means someone will be willing to try desoldering the cell modem off their boards to see what happens.
It's bad for EVERYONE's health. Try to limit your usage and you'll feel better. I promise you'll feel better.
maqp 5 hours ago [-]
The sad part is, Instagram is exceptionally damaging to kids for a disjoint set of reasons.
throwfaraway4 4 hours ago [-]
As is social media in general. I highly recommend reading the Anxious Generation
jszymborski 5 hours ago [-]
Protect your kids from whom? Surely not Meta, which is my main concern.
plagiarist 5 hours ago [-]
It certainly is unsafe for their AI training corpus. Win / win if they can also lie about protecting children as a motivation.
PunchyHamster 6 hours ago [-]
More like excuse
varispeed 6 hours ago [-]
How these protections are working when I get served literal porn every couple of shorts on Instagram?
jbverschoor 18 minutes ago [-]
Just make it an OS feature.
There’s no need for the application to know the exact contents.
Other than search, but for most messaging and other apps the device can easily do indexing
Textbox with attribute ”encrypted”. Keys in the enclave/keychain.
garbawarb 6 hours ago [-]
When Meta starting introducing E2E messaging it was a huge push. I wonder why they're doing away with it.
gmerc 6 hours ago [-]
It was for plausible deniability because of regulatory scrutiny. Regulator's dead now, so now there's no downside and only upsides to spying on your users.
dngray 5 hours ago [-]
They never did this for user privacy, and yes I think you're spot on. This was just to remove liability.
Now it just costs them the data and development cost to maintain. Any remaining problems they'll throw some crappy AI moderator at to fix.
gmerc 5 hours ago [-]
Not hard to be right about this when you worked there at the time ;)
infinitewars 5 hours ago [-]
Palantir
paxys 45 minutes ago [-]
Because they realized they need the data for AI
john_strinlai 6 hours ago [-]
i am guessing that they just dont really need to pretend to care anymore. e2e messaging was a big marketing push, not ever an ideological thing. i assume they no longer believe the marketing benefits outweigh the downsides.
varispeed 6 hours ago [-]
Probably Whatsapp is next, if it isn't quietly already.
garbawarb 5 hours ago [-]
I doubt it, E2E isba huge part of Whatsapp's selling point considering it's exclusively a messaging app. Instagram is primarily a social app with messaging features.
gzread 4 hours ago [-]
Normal people don't choose a messaging app based on E2EE but based on whether their friends use it.
deafpolygon 6 hours ago [-]
> Probably Whatsapp is next, if it isn't quietly already.
And I will be pushing to remove WhatsApp if that’s the case.
gzread 4 hours ago [-]
PR. They wanted to seem like the good guys, but they get your messages through backdoors like the automatic backup.
modeless 3 hours ago [-]
You're thinking of Apple. WhatsApp backups are not stored by Meta. Apple is the company that breaks their "end-to-end" encryption by backing up the encryption keys to their own servers.
topranks 25 minutes ago [-]
You can opt-in to encrypting those backups so Apple have no access.
gausswho 6 hours ago [-]
Is this legitimate? It's so incoherent to see this blurb at the top saying it's being retired while everything underneath is pitching the value of e2e.
dcliu 6 hours ago [-]
On the other hand Messenger has moved to only supporting e2ee chats, wonder why the difference.
paxys 26 minutes ago [-]
WhatsApp and Messenger are pure messaging apps. For Instagram, DMs are just a tiny part of the overall experience.
GuB-42 5 hours ago [-]
To me, Instagram is a public platform at its core, where people publish things for the whole world to see. Private messages are just a secondary feature.
It is like having a conversation in a restaurant, where the guy at the next table can listen to everything, but usually doesn't. Good enough for planning a surprise party, not for truly sensitive information. Kind of like private messages in Reddit, Discord, etc... a convenient feature, but don't expect real privacy.
Messenger has a higher expectation of privacy, Facebook is more at the "group of friends" level. While Instagram is a public restaurant, Facebook is more like a house party. WhatsApp has the highest expectation of privacy as it is designed for private, often one-to-one conversations first.
ajsnigrutin 4 hours ago [-]
Sure, but if you already have e2ee, it takes work to remove it... why invest the time to do that?
gzread 4 hours ago [-]
It also takes work to keep it working and it may have a lot of bugs already, that are hard to fix because of it. A non-E2EE chat app is very easy to make.
everdrive 5 hours ago [-]
There's a general trend right now against privacy and in a more general sense against freedom. More and more companies are on board with it. I'm not sure if anyone in HN has any useful advice in this regard. I feel like I don't know what to do about the internet for the next 5-10 years. Does this particular measure matter very much? No, but it's another brick in the wall.
Spooky23 4 hours ago [-]
The US is building out the infrastructure for a police state. The people who control the consolidated tech platforms are either spearheading or collaborating with that process. Privacy as a concept isn't even in the cards.
You need to be prepared to avoid saying naughty things on the internet. Otherwise, perhaps someone will figure out that you great-great grandfather didn't sign in the right spot in 1897 and you're presence in the United States is void, retroactive to your birth. Off to El Salvador with you, enemy of the people.
rurp 3 hours ago [-]
Just want to clarify that "naughty" doesn't at all mean "bad" or "immoral". It means "Anything any current ot future regime will dislike"
wolttam 3 hours ago [-]
Pretty safe to say that you pointing that out counts as naughty.
And so does my response to your comment.
But I do wonder if self-censure is really the best strategy.
query_demotion 3 hours ago [-]
>The US is building out the infrastructure for a police state.
A lot of our current privacy and liberty woes were exacerbated by 9/11. Can you imagine a Church Committee in 2026? Me neither.
Three letter agencies have way too much power and they've shaped our culture+laws for the worse. Osama Bin Laden has done way more damage to American citizens' lives than he could've ever dreamed of.
Spooky23 1 hours ago [-]
By design.
Just like the KGB and Putin's minions, Bin Laden correctly saw fault lines and weaknesses in the US an exploited them. He did what he did with a long-range context in mind. The "three letter agencies" were neutered in the 90s as part of the peace dividend which is why he was successful. The Russians used "active measures" with intelligence in the US 2016 among other times and Bin Laden chose terrorist violence. The Russian misinformation strategy is tried and true and corporate actors now use it successfully as well.
The whole thing sucks. This Iran adventure lays the vulnerability of the US military machine pretty bare. More, escalated conflict is probably in the world's future for decades to come.
mc32 3 hours ago [-]
It feels to me Europe and the UK, in the western world, are further ahead on the legal road to surveillance than the US.
Sohcahtoa82 3 hours ago [-]
Someone pointed out something to me and it's really struck a chord with me.
In the USA, we hate the government collecting information on us, but shrug our shoulders when corporations do it.
In Europe, it's the exact opposite. They created GDPR to restrict how corporations collect and share data about you, but they shrug their shoulders at government doing it.
Obviously, this is incredibly reductive and over-simplified, but the general idea of it feels pretty true.
toxik 3 hours ago [-]
Sorry, this is just not true. Stasi was a government agency, and it was from this kind of thing that European privacy advocacy sprung up.
ls612 3 hours ago [-]
[flagged]
messe 3 hours ago [-]
Who's we?
mikepurvis 3 hours ago [-]
Sure, but I think the point of this thread was (or should be) what can be done in the US to resist this. There's a lot of things the US resists doing because voters who never traveled outside of it can be convinced that what it is as implemented elsewhere is somehow flawed or worse than the status quo.
You see this exact pattern with real health care, common sense gun laws, investment in mass transportation, probably more that I'm not thinking of.
mp05 1 hours ago [-]
> Sure, but I think the point of this thread was (or should be) what can be done in the US to resist this.
I read that as "we're not going to sit with the uncomfortable implication that the places being held up as policy exemplars are also the places criminalizing speech."
gzread 3 hours ago [-]
What differentiates correct politics from incorrect politics?
3 hours ago [-]
3 hours ago [-]
caconym_ 3 hours ago [-]
> I'm not sure if anyone in HN has any useful advice in this regard.
Self host. It's still possible to buy computer hardware and install FOSS replacements for most/all of the services you need, and plumb it all through to your mobile devices using wireguard/tailscale. If you're behind a CGNAT you can proxy it through a cheap VPS that won't fuck you on bandwidth costs. Thanks to Proxmox, I probably have better uptime on my services than e.g. Github these days.
When it becomes impossible to get open PC hardware, I don't know. I like to think I will just stop using the internet for anything besides the bare minimum NPC type activities that are required to engage with the institutions of society.
abnercoimbre 3 hours ago [-]
If you don't know where to start check out the Linux Prepper [0] podcast. (I'm not affiliated, just a listener who enjoys the show.)
I wonder if promoting open-source tooling and best practices could make it easier for new apps to adopt security features like E2E encryption. For example, someone building a chat app might not add E2E encryption unless they have access to user-friendly tools and are encouraged to do so.
Startups that initially choose the more private implementation version often face a disadvantage. They may not see immediate benefits and instead experience drawbacks, such as caring a bit more than their competitors. For example, an AI plugin using local large language models for privacy might not be rewarded as much as a competitor who fully embraces cloud-based solutions.
starkparker 4 hours ago [-]
That's all fine and good but this is Meta removing an existing implementation. How would you stop decisions like that?
reactordev 4 hours ago [-]
If you’re a good boy then you have nothing to hide right? Not even your passwords…
john_strinlai 4 hours ago [-]
unfortunately, since the messaging/trend isnt "we are against privacy" (it is "we are protecting children, which reluctantly means we all have to sacrifice a wee bit of privacy"), it is really hard to fight back without being labelled as someone who is against protecting children.
but the advice is basically the same as it always has been:
- talk to your friends and family about it. do it with passion, but without hyperbole or conspiracy or aggression. any person you can convince to care is a win. organize with like-minded people.
- talk to your representatives in government. vote for representatives that are pro-privacy (when possible). convince your like-minded friends and family to do the same.
- to the greatest extent possible, dont purchase/use products/services which are facilitating the trend. (but, you also need to be realistic or you will burn out! and that is a bigger loss overall).
- if you are a decision-maker at work, or have any sort of input, leverage it as best as you can to make pro-privacy business decisions. however, similar to the above point, recognize that you still need to be realistic and dont get yourself fired arguing some decision. it is better to make 1,000 nudges in the right direction than it is to be fired/burn out trying to make 1 big nudge.
- support organizations that align with your beliefs. this can be monetarily, or by volunteering, or by spreading awareness of the organization itself. for example, many people have never heard of the electronic frontier foundation and have no idea what they do. lots of people dont know of the ACLU either (or, maybe they have heard the name, but dont know what they do or why it matters).
trinsic2 4 hours ago [-]
>unfortunately, since the messaging/trend isnt "we are against privacy" (it is "we are protecting children, which reluctantly means we all have to sacrifice a wee bit of privacy"), it is really hard to fight back without being labelled as someone who is against protecting children.
That's not what I am seeing on the ground. Many discord users I have seen talk about this issue frame this as an attack on freedom and privacy by hiding it behind the same narrative that has been used so many times before of protecting children. You can only push fake narratives so far until people start getting the message that people are hiding nefarious attacks on society behind fake movements.
john_strinlai 4 hours ago [-]
>Many discord users I have seen talk about this issue frame this as an attack on freedom
good! ideally, someone is helping them organize and action those thoughts and feelings outside of whatever discord channel you are in.
i am referring to how it is being framed by the people pushing the agenda. age verification laws (as an easy example) arent being advertised as "we want to spy on you", they are being advertised as "this will protect children from harms".
talk to debbie in accounting instead of babmorley420 in discord, and ask her opinion. she is not likely to frame it as an attack on privacy/freedom. she is likely to frame it as a necessary sacrifice for the greater good. and her opinion also matters, she also votes. we need to convince the debbies of the world -- they outnumber the babmorley420s
trinsic2 4 hours ago [-]
Agreed. What I meant to say is at least the younger generation are starting to see past this smoke screen more so now than maybe 20 years ago.
john_strinlai 4 hours ago [-]
that is very refreshing to hear.
i teach tech in college and just earlier today made a post about how i am not seeing the same when i compare my current students to students 5, 10, or 15 years ago. i hope that i am the one in the bubble.
On one hand, I think a lot of the larger issues and divisions we’ve seen in society over the last 20 years are a direct result of our primary means of communication, entertainment and information being one that allows such ease of impersonation. While most of us here understand just how much Internet content is created with influence as a goal, and the posted by accounts with false identities, a majority of people still don’t. (And many who do don’t understand just how prevalent it is). I also think that sadly we’ve demonstrated that when people feel they are anonymous and beyond consequence, they’re willing to say and advocate for some terrible things which they might otherwise not have, and seeing others say those things reinforces their willingness to say and do them. If social media and internet norms of today had held the original Facebook model of requiring verification of your actual identity (back in the day .edu email days), I truly think we would live in a much different and in many ways better world.
On the other hand, I fully acknowledge that many of the people pushing for the removal of privacy and encryption are not doing so for altruistic reasons, but so that they have a more data to mine and monetize, or have the ability to monitor to a frightening degree, and that these tools once available will be available to any regime or government, so even if the ones currently pushing do have naively good intentions, the next ones very well may not.
But, I also struggle with the knowledge that for sophisticated parties, the privacy that most people think they have is a sham to begin with. There are already many tools available to piece together information sources and build a horrifyingly complex and accurate picture of individuals activities and identities. So I wonder if the illusion of privacy isn’t worse than the public at least being forced to confront the fact that they have none in the first place, and therefore being able to truly see and address the issue, while the security minded and technical individuals will always find a way obfuscate their identity and activity, just as they always have.
nemomarx 3 hours ago [-]
Facebook accounts today still have identity verification (they often ask for scans of IDs, etc) and yet it doesn't seem to result in a noticeably improved discourse there compared to say, Twitter before Musks takeover. I don't think anonymity actually changes discourse that much.
everdrive 3 hours ago [-]
In my opinion anonymity is a great red herring. The worst offenders on the internet have verified accounts and are public figures. The problem is algorithmic content, prioritizing for engagement and outrage, and then connecting _everyone_. We had what was effectively anonymity in the 90s, but really had NONE of the crazy society-breaking extremism we see now. Getting rid of anonymity will really do NOTHING to halt the march of internet-fueled extremism.
abnercoimbre 3 hours ago [-]
Everything is a sliding scale. There would be improvement from verified identities (and doing so through a zero-trust network is feasible.) I agree the worst actors wouldn't care at all, and in that case we address the algorithmic amplification problem.
salawat 48 minutes ago [-]
This. People don't recognize that a tech company with an algorithmic feed is indistinguishable from a public awareness filter. It allows a couple hundred to 1000's of people to set the Overton window of millions/billions. When we actually didn't go algorithmic and went off more natural filtering (geographic, chronological, scope/impact based), it was a modality that one would be hard pressed to even find a schoolchild that couldn't end up being able to meaningfully navigate the space with due training. This is, of course, exactly why monied individuals foam at owning any of the few consolidated media outlets/tech companies. Societal scale leverage on the machine of public awareness.
wslh 3 hours ago [-]
I sometimes feel a bit weird about this. In the 90s it felt like "we" won the crypto wars: PGP, the fight over export controls, the Clipper Chip, etc. There was a strong sense that privacy and strong crypto had become settled questions.
fsflover 4 hours ago [-]
> I feel like I don't know what to do about the internet for the next 5-10 years.
Switch to decentralized, e2ee alternatives, support https://eff.org
trinsic2 4 hours ago [-]
I feel like e2ee on phones with OSes from the big two is a lost cause.
I'll bet this is the year where open hardware/bios starts getting more popular, hopefully. So we can have open hardware/software.
sisve 3 hours ago [-]
Even with e/os/ or another u
De-googled version of android?
Not directly to you but in general: I do not think (most) of Europe is going the same direction as US. I actually see a lot of hope in response to EU leaders about digital infrastructure, communication & security. we have started to stop realing on America, but it will take 10-20 years before you see the entire crash trump made
gzread 3 hours ago [-]
Is Google snooping your SimpleX chats?
fsflover 3 hours ago [-]
GNU/Linux phones already exist. See: Librem 5 and Pinephone.
vova_hn2 3 hours ago [-]
I find it really off putting, how weak is their hardware, compared to a normal Android phone in a similar price range.
fsflover 2 hours ago [-]
Weak hardware can work quite well with optimized and non-bloated software (which doesn't constantly phone home). For example, maps and Youtube work smoothly on Pinephone with SXMo. See also: https://puri.sm/posts/the-danger-of-focusing-on-specs/.
vova_hn2 2 hours ago [-]
I hope so, but I just don't understand what exactly causes such massive price difference.
Is it because this kind of phones are a very niche product so they can't benefit from the economy of scale?
Maybe android phone manufacturers can get better deals from chip manufacturers because they buy chips in large quantities?
There is no security in a vacuum. Security depends on your threat model. I use Firefox with NoScript and never run untrusted apps on my Librem 5.
dheera 4 hours ago [-]
E2EE on Instagram was never real, trustable E2EE. No open-source client, no way to verify that private key is never sent to server, and encryption of a key with a low-entropy PIN is effectively plaintext.
peyton 4 hours ago [-]
As a California resident I request to download my personal data from every service I can, and I’m constantly surprised. We each have scores for all kinds of things. The local power company keeps a “Green Ideology” score on me.
newsoftheday 4 hours ago [-]
When I see the word "score", it reminds me of the CCP social scoring system.
scarecrowbob 4 hours ago [-]
Weird... when I see something done by US-Based capitalist and attributed to communists half a world away, it makes me think of the Powell Memo.
newsoftheday 2 hours ago [-]
That is weird, the US didn't ask the CCP to invent social scoring.
johnisgood 4 hours ago [-]
It makes me curious what other scores (I would call them labels) there are.
wiether 4 hours ago [-]
How is that even legal?
natch 4 hours ago [-]
This is in the US. It’s a free country. Things are legal by default (that’s a good thing) until the system notices them and makes a law.
Having seen how things work where freedom is not the default, I much prefer freedom.
stackskipton 4 hours ago [-]
Because it's not illegal. Most data privacy laws just require that user can see data collected about them and prevent sale of said data in optout fashion.
There are rarely laws around preventing collection of said data or using said data for some new service.
wiether 3 hours ago [-]
But it's not any data, it's political orientation data!
Sometimes people talk about GDPR being only the cookie banner, but thanks to it, its forbidden to collect that kind of data.
How do they know your ideology? Are they scraping your social media or running sentiment analysis on your customer service chats?
_djo_ 2 hours ago [-]
It’s likely some customer segmentation label generated through PCA or some other clustering approach.
The qualifying criteria is probably just having picked an offer for renewable-sourced energy in the past, indicating that it has some importance to you. So you will be given more green energy offers in future.
Every company segments its customer base this way for marketing. Sometimes it’s even useful.
cucumber3732842 3 hours ago [-]
They probably don't care. It's probably a mostly BS number. But they probably have to have it and have it at least look like they're trying to be serious about generating it in order to qualify for preferential treatment on some sort of permitting or write off some class of investment in a slightly better way at tax time or something.
I'm not sure if this is better or worse than them doing it because they believe in it.
dfxm12 4 hours ago [-]
In this specific case you can avoid Meta. In general, if you're in the US, you probably have a primary election coming up soon and certainly have a general election in November. Ask your politicians what their thoughts are on these topics and make an informed vote. Continue to pressure the incumbents as well.
add-sub-mul-div 4 hours ago [-]
You're on a site with a surprisingly high amount of support among commenters for trading privacy and freedom for convenience and comfort where it aligns with their religion/other biases or desired consumer experiences. I don't know if this the best place to ask for advice.
pjc50 4 hours ago [-]
I'm not sure people realize that HN is already at the most libertarian end, and all the discourse spaces which are much closer to actual power and legislation are much less pro-privacy.
iamnothere 1 hours ago [-]
Reddit seems to have drifted back to more libertarian than HN on privacy issues. At least in technical subreddits. Not sure why that is, perhaps there are more users here whose salaries are tied to surveillance.
davorak 4 hours ago [-]
Historically, like 10-20 years ago, libertarian would be staunchly pro privacy. Is this no longer the case? If libertarians have dropped this stance, since it is so close to what was the core beliefs, I really have no mental model of the philosophy/politics for libertarians any more.
Any primer/link on what current libertarians believe is welcome.
natch 3 hours ago [-]
It’s possible to want something without wanting to live in a system where there is a nanny to enforce that thing. Other means of enforcement exist, such as free markets.
pjc50 3 hours ago [-]
Yes, but there's really not very many libertarians left who haven't cast their lot in for Republican support, resulting in the present situation. Not that there were many to begin with.
scarecrowbob 3 hours ago [-]
You might find it useful to distinguish between right and left libertarians.
All my anarchist (left libertarian) friends are pretty consistently opposed to state and corporate surveillance. There is plenty of theory in a canon of literature that goes back to the mid 19th century, even as there are many subgroups and spurs off that general line of thought all with their own sets of (usually somewhat) consistent lines.
If you want something short and brutal, I am a fan of "Desert" by anonymous, but "A Utopia of Rules" by David Graeber is not a bad thing to read and probably closer to a popular line. Or the CIA-Coded Yale academic James Scott has a lot to say, "Two Cheers for Anarchism" and "Seeing Like a State" both seem to have influenced a lot of people.
Historically "right libertarians" (the US Libertarian political party, for instance) have been, uh, "less consistent" in their thinking, so you might have a hard time finding anything that looks like a "philosophy" in that branch of "thought". Plenty of goofy-ass ideas, but little consistency except a strange ability to begrudgingly conform to GOP politics at the end of the day.
ls612 4 hours ago [-]
It's depressing to think that after the abuses people suffered during the lockdowns the response has been to embrace authoritarianism even more. It makes me fear how far this could go before people realize how bad it is.
Fundamentally I think that liberal democracy won't be able to survive compute, communication, and storage being cheap, combined with asymmetric encryption. I really think there should be an article illustrating just how much that last one is fundamental to making the apparatus of control cheap and effective in a way that 20th century regimes could only dream of.
Larrikin 4 hours ago [-]
What abuses?
krystalgamer 4 hours ago [-]
i don't understand this doomer mentality regarding the internet.
internet is a service that you choose what to engage and how. don't like a platform? find another, build it or stop using it altogether.
personally, i find these things really great has it helps nudge people into the more decentralized web. a few years ago those who were pushing for privacy respecting apps and platforms were deemed too paranoid.
ultratalk 4 hours ago [-]
Network effects will keep a person on a platform until a critical mass of their social circle decide to leave all at once. I'm no expert, but I suspect that that critical mass is pretty high, maybe more than 50% of a person's circle. So it's not exactly vanilla free-market competition. Entrenched players have a pretty big advantage.
krystalgamer 4 hours ago [-]
what does your social circle being on Instagram bring to you? seriously, this picture-sharing app has evolved into this content spread machine that brings very little value.
ultratalk 4 hours ago [-]
When most of your social circle exists on one platform, you tend to use that platform less for its specific features, and more because of the fact that all your friends are there. I don't personally use Instagram, and this is anecdotal information, but I know a lot of people who only use Instagram to see what their friends and family are up to, and to watch the occasional reel.
But you're absolutely right about Instagram's evolution. It's crazy.
krystalgamer 3 hours ago [-]
this is a very 21st century thing, the ability to know what everyone is doing at any time. extremely voyeuristic too.
the only social circle that truly matters is the geographically close one. no amount of E2EE or fancy chat app will replace being physically present.
tredre3 3 hours ago [-]
First you said that people should use decentralized platforms. Now you acknowledge that there's nobody of value on those platforms so now you say people should stop wanting to connect in the first place.
I mean, okay? Next time just say social media is a cancer, and don't waste our time moving goal posts.
happosai 4 hours ago [-]
Ah Network effect, That's why we all are still using Skype, microsoft messenger and ICQ.
You don't have to wait for everyone to switch, in fact it's pretty normal to reach different people on different chats.
Many people make their livings from these platforms. They cant leave without abandoning most of their income stream.
krystalgamer 3 hours ago [-]
find a different employer? what kind of argument is that.
Papazsazsa 4 hours ago [-]
Socials are caught in the innovator's dilemma.
Given the dependence our society now has on the internet, it's bonkers to me that more VCs aren't rethinking their investment strategy. Privacy is not some niche concern anymore, check out the response to Flock for example.
Cider9986 3 hours ago [-]
Some are. See simplex.chat, anytype.io.
methuselah_in 3 hours ago [-]
It feels like it's time to move to lemon writing over paper on normal post. Only way you can no talk freely.
mvrckhckr 3 hours ago [-]
The only reason I can think of for this change is governmental pressure. I don’t see how it benefits the platform itself (nor its users).
paxys 42 minutes ago [-]
There is a product reason - AI features are fundamentally incompatible with E2EE. If they want to bring more AI generated experiences and content into Instagram then the data needs to be accessible by them.
arlort 3 hours ago [-]
I can think of a few reasons why a company built on profiling (and advertising to) user interests might be interested in the private conversations of their users
gzread 3 hours ago [-]
I can think of some. Less code complexity to support a feature that didn't work properly and nobody was using? More ability to detect spam?
kevincloudsec 3 hours ago [-]
the timeline for all of this is not a coincidence. meta spent millions lobbying for age verification laws that require content scanning. hard to scan content that's encrypted.
jonathantf2 4 hours ago [-]
This feature has never been available to me- it just threw an error each time. Wonder how far it actually got rolled out?
EmbarrassedHelp 2 hours ago [-]
In a sane world, removing E2E encrypted messaging would be worthy of huge fines.
CrzyLngPwd 4 hours ago [-]
Did they give a reason why are they doing this?
Bender 5 hours ago [-]
Never rely on a platform used by the masses to perform E2EE. It is far too easy to strip away E2EE for targeted users without their knowledge as they maintain the server and client code. This advise is to protect from corporations gobbling up and ultimately leaking sensitive data. Spooks can target the device itself via debug access for nation state level threats.
Consider instead using a code word or phrase to move sensitive conversations to something self hosted such as jabber using OMEMO XEP-0384 and XEP-0373 OpenPGP for XMPP and SASL SCRAM. OMEMO is an implementation of the Signal protocol on top of the XMPP protocol.
e.g. "_Expletive_! I stubbed my toe!" other-person: "lol geezer watch where you are walking." conversation quietly and temporarily moves to the pre-shared self-hosted Jabber server. Temporarily because going dark can draw attention. Feed the big chat platform boring garbage and misdirection.
impossiblefork 4 hours ago [-]
People catch the spooks and their exploits all the time though.
It is possible to defend against them. Maybe not on your phone though.
Bender 4 hours ago [-]
Agreed. I just mentioned that for the spooks who don't like I am suggesting moving sensitive conversations elsewhere using basic opsec. I assume the farm recruits on HN are probably just as concerned about AI taking their jobs. Surely someone has bought AI a coffee unprompted by now, maybe even flirted with the AI.
impossiblefork 4 hours ago [-]
I don't quite understand your comment. I also disagree with some implications of the final bit of your first comment: encryption is obviously basic privacy, but the interesting bit is who you're talking to.
So having a signal for switching mediums is something that I feel indicates thinking in the wrong direction.
Bender 4 hours ago [-]
So having a signal for switching mediums is something that I feel indicates thinking in the wrong direction.
It's not for everyone. I grew up with code phrases. My mom knew that if I said "I love you" to send in the cavalry. We had similar processes in the military. If I answered the phone a particular way they knew the remote site was under siege.
impossiblefork 4 hours ago [-]
That's an okay use, but in that use you're not attempting to achieving privacy.
Everyone knows you talk to your parents, but code phrases are not a way to get privacy.
Bender 3 hours ago [-]
It's not for privacy in the way you may be thinking. This was long before cell phones or the internet existed and the conversation would have been over the rotary phone and it is assumed someone is in the house with me that should not be. Goal being police have authorization to kick down the door and assist the person or people that are nutritionally deficient in lead.
Zak 4 hours ago [-]
Unless you're actually a spy, there's no reason to do this. Just use your secure solution all the time with those conversation partners who are willing to use it.
Bender 4 hours ago [-]
Unless you're actually a spy, there's no reason to do this. Just use your secure solution all the time with those conversation partners who are willing to use it.
Fundamentally I agree with you but people will stay on the platforms where their friends are. To change that the platform would have to do something really bad such as forcing age checks and even then I think many will just put up with it to stay connected to their friends.
alex1138 4 hours ago [-]
I don't use IG although they dearly want me to, giving me a popup every time I visit, but let me talk about FB for a second (and btw FB wanted to enable cross-platform messaging on the platforms they own - Meta - which seems anti-trust-y) - when they introduced encryption on FB, they made it mandatory. They opted everyone in, and it broke Messenger. If you delete cookies you might also delete messages. Isn't that convenient?
villgax 6 hours ago [-]
just waiting on whatsapp to rug pull as well & then bye bye privacy & meta from my life
dylan604 5 hours ago [-]
Wouldn't bye bye meta be hello privacy into your life?
j45 4 hours ago [-]
This could obviously tie to sending you more ads.
It could also tag people communicating about topics ig chat that it is actively suppressing.
They may be looking for an uproar to reverse the policy as so far, it's just words.
yobid20 5 hours ago [-]
because they want to read your messages for training ai and for advertising
some_furry 6 hours ago [-]
I wonder if this is the start of a trend or just a one-off?
odo1242 5 hours ago [-]
Probably a one off? Instagram’s e2ee was opt-in from the start- and meanwhile Facebook Messenger is now “e2ee for everyone” and none of this is affecting the main e2ee messaging apps people use - WhatsApp, Signal, and iMessage
nunobrito 6 hours ago [-]
TikTok replied recently it wouldn't encrypt its messages either, citing user security as reason.
It's not only the united states of America. These tyrannical views have been brewing everywhere for years, and there was not enough public counter-narrative to these ideologies.
krystalgamer 4 hours ago [-]
because everyone is forced to use Instagram messaging, right?
chromic04850 4 hours ago [-]
[dead]
arunc 6 hours ago [-]
Wait, people trust communication via Instagram thinking they are secure?
blitzar 6 hours ago [-]
Facebook were at both ends, the encryption was between the ends.
Rendered at 19:59:21 GMT+0000 (Coordinated Universal Time) with Vercel.
Any e2e encryption provided by the same entity who fully controls both the blackbox clients, and the server in between, is just a security theatre that they can selectively bypass anytime with very little risk of detection. Not really much better than simple client to server encryption.
Truly safe e2e requires open source client provided by a trusted entity who is as much as possible independent from the one who provides the untrusted transport layer. Eg how pgp email works.
Obviously it involves trust that it isn't actually "we say it's e2ee but actually we also MiTM every conversation"
people who otherwise would have gone their entire lives without ever hearing about encryption were exposed to the term and the marketing convinced them that encryption and privacy was a valuable thing, even if they didnt fully understand the mechanisms or why e2e might not necessarily be very effective in specific circumstances.
later, when presented between option a and option b, where one has encryption and the other doesnt, they are more likely to choose the one with it ("well, if instagram and facebook use it and say it is good...")
between signal and plain text, it is easier to convince friends to use signal if they see positive marketing about encryption on other popular apps they use. it is easier to convince them to encrypt their backups before uploading them to their google drive. hell, its just a good conversation starter to introduce encryption/online privacy to people that never really think about it. that type of thing.
those same friends are not going to use irc regardless. not really a loss if it was never even on the table.
I can't say I really mind this change by Meta that much overall though. Anyone who's serious about privacy probably knew better than to pick "Instagram chat" as their secure channel. And on the other hand having the chats available helps protect minors.
Companies started pushing E2EE a few years ago because users' private messaging data used to be a liability. Now that the data can be fed into LLMs for training and inference its value has gone up significantly, and the privacy and security tradeoffs are suddenly worthwhile.
PMs across the industry are pushing product decks with "conversational AI assistants" to get their next promotion. I've been in more than one of these meetings myself. If the data is encrypted then there's no way to build this kind of stuff.
https://news.ycombinator.com/item?id=47241817
And billionaires and nine-day old alts wonder why they need a bunker.
Some parts of the legislation (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32...):
> 2. The personal data processed pursuant to this Regulation shall only be used for the purpose of handling the emergency situations referred to in the first subparagraph of Article 5(2).
> Manufacturers shall provide clear and comprehensive information in the owner's manual about the processing of data carried out through the 112-based eCall in-vehicle system. That information shall consist of:
> the fact that there is no constant tracking of the vehicle;
That vehicle nowadays are equipped with always-on internet and microphones is not related to remote assistance.
Your car if new enough, IS reporting its diagnostics including GPS via cell. All the time. This isn’t exactly personally identifiable so they get away with it just fine.
This is unrelated to the microphones and assistance systems.
That is the kind of thing people allow when they click accept or decline on those pesky ”we and our 195735 partners would like to…” dialogs.
There are two definitions: a) Personal Data and b) Emergency Situations
What is an emergency situation and how can a car determine it is one? These are "smart" cars which aren't nowadays smart enough to process all your data locally, so that data is sent to servers elsewhere which process if either points a) or b) apply.
It is your choice to believe that voice data is ever deleted once acquired by governments and entities thirsty to benefit from that information.
For security experts this is just another "I told you so" within a few years.
https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
Textbox with attribute ”encrypted”. Keys in the enclave/keychain.
Now it just costs them the data and development cost to maintain. Any remaining problems they'll throw some crappy AI moderator at to fix.
And I will be pushing to remove WhatsApp if that’s the case.
Messenger has a higher expectation of privacy, Facebook is more at the "group of friends" level. While Instagram is a public restaurant, Facebook is more like a house party. WhatsApp has the highest expectation of privacy as it is designed for private, often one-to-one conversations first.
You need to be prepared to avoid saying naughty things on the internet. Otherwise, perhaps someone will figure out that you great-great grandfather didn't sign in the right spot in 1897 and you're presence in the United States is void, retroactive to your birth. Off to El Salvador with you, enemy of the people.
And so does my response to your comment.
But I do wonder if self-censure is really the best strategy.
Take the Utah Data Center (https://en.wikipedia.org/wiki/Utah_Data_Center), combine it with the Disposition Matrix (https://en.wikipedia.org/wiki/Disposition_Matrix), informally known as a kill list for even US citizens, and it does seem like you're getting a Police State!
Three letter agencies have way too much power and they've shaped our culture+laws for the worse. Osama Bin Laden has done way more damage to American citizens' lives than he could've ever dreamed of.
Just like the KGB and Putin's minions, Bin Laden correctly saw fault lines and weaknesses in the US an exploited them. He did what he did with a long-range context in mind. The "three letter agencies" were neutered in the 90s as part of the peace dividend which is why he was successful. The Russians used "active measures" with intelligence in the US 2016 among other times and Bin Laden chose terrorist violence. The Russian misinformation strategy is tried and true and corporate actors now use it successfully as well.
The whole thing sucks. This Iran adventure lays the vulnerability of the US military machine pretty bare. More, escalated conflict is probably in the world's future for decades to come.
In the USA, we hate the government collecting information on us, but shrug our shoulders when corporations do it.
In Europe, it's the exact opposite. They created GDPR to restrict how corporations collect and share data about you, but they shrug their shoulders at government doing it.
Obviously, this is incredibly reductive and over-simplified, but the general idea of it feels pretty true.
You see this exact pattern with real health care, common sense gun laws, investment in mass transportation, probably more that I'm not thinking of.
I read that as "we're not going to sit with the uncomfortable implication that the places being held up as policy exemplars are also the places criminalizing speech."
Self host. It's still possible to buy computer hardware and install FOSS replacements for most/all of the services you need, and plumb it all through to your mobile devices using wireguard/tailscale. If you're behind a CGNAT you can proxy it through a cheap VPS that won't fuck you on bandwidth costs. Thanks to Proxmox, I probably have better uptime on my services than e.g. Github these days.
When it becomes impossible to get open PC hardware, I don't know. I like to think I will just stop using the internet for anything besides the bare minimum NPC type activities that are required to engage with the institutions of society.
[0] https://podcast.james.network/@linuxprepper/episodes
Startups that initially choose the more private implementation version often face a disadvantage. They may not see immediate benefits and instead experience drawbacks, such as caring a bit more than their competitors. For example, an AI plugin using local large language models for privacy might not be rewarded as much as a competitor who fully embraces cloud-based solutions.
but the advice is basically the same as it always has been:
- talk to your friends and family about it. do it with passion, but without hyperbole or conspiracy or aggression. any person you can convince to care is a win. organize with like-minded people.
- talk to your representatives in government. vote for representatives that are pro-privacy (when possible). convince your like-minded friends and family to do the same.
- to the greatest extent possible, dont purchase/use products/services which are facilitating the trend. (but, you also need to be realistic or you will burn out! and that is a bigger loss overall).
- if you are a decision-maker at work, or have any sort of input, leverage it as best as you can to make pro-privacy business decisions. however, similar to the above point, recognize that you still need to be realistic and dont get yourself fired arguing some decision. it is better to make 1,000 nudges in the right direction than it is to be fired/burn out trying to make 1 big nudge.
- support organizations that align with your beliefs. this can be monetarily, or by volunteering, or by spreading awareness of the organization itself. for example, many people have never heard of the electronic frontier foundation and have no idea what they do. lots of people dont know of the ACLU either (or, maybe they have heard the name, but dont know what they do or why it matters).
That's not what I am seeing on the ground. Many discord users I have seen talk about this issue frame this as an attack on freedom and privacy by hiding it behind the same narrative that has been used so many times before of protecting children. You can only push fake narratives so far until people start getting the message that people are hiding nefarious attacks on society behind fake movements.
good! ideally, someone is helping them organize and action those thoughts and feelings outside of whatever discord channel you are in.
i am referring to how it is being framed by the people pushing the agenda. age verification laws (as an easy example) arent being advertised as "we want to spy on you", they are being advertised as "this will protect children from harms".
talk to debbie in accounting instead of babmorley420 in discord, and ask her opinion. she is not likely to frame it as an attack on privacy/freedom. she is likely to frame it as a necessary sacrifice for the greater good. and her opinion also matters, she also votes. we need to convince the debbies of the world -- they outnumber the babmorley420s
i teach tech in college and just earlier today made a post about how i am not seeing the same when i compare my current students to students 5, 10, or 15 years ago. i hope that i am the one in the bubble.
On one hand, I think a lot of the larger issues and divisions we’ve seen in society over the last 20 years are a direct result of our primary means of communication, entertainment and information being one that allows such ease of impersonation. While most of us here understand just how much Internet content is created with influence as a goal, and the posted by accounts with false identities, a majority of people still don’t. (And many who do don’t understand just how prevalent it is). I also think that sadly we’ve demonstrated that when people feel they are anonymous and beyond consequence, they’re willing to say and advocate for some terrible things which they might otherwise not have, and seeing others say those things reinforces their willingness to say and do them. If social media and internet norms of today had held the original Facebook model of requiring verification of your actual identity (back in the day .edu email days), I truly think we would live in a much different and in many ways better world.
On the other hand, I fully acknowledge that many of the people pushing for the removal of privacy and encryption are not doing so for altruistic reasons, but so that they have a more data to mine and monetize, or have the ability to monitor to a frightening degree, and that these tools once available will be available to any regime or government, so even if the ones currently pushing do have naively good intentions, the next ones very well may not.
But, I also struggle with the knowledge that for sophisticated parties, the privacy that most people think they have is a sham to begin with. There are already many tools available to piece together information sources and build a horrifyingly complex and accurate picture of individuals activities and identities. So I wonder if the illusion of privacy isn’t worse than the public at least being forced to confront the fact that they have none in the first place, and therefore being able to truly see and address the issue, while the security minded and technical individuals will always find a way obfuscate their identity and activity, just as they always have.
Switch to decentralized, e2ee alternatives, support https://eff.org
Not directly to you but in general: I do not think (most) of Europe is going the same direction as US. I actually see a lot of hope in response to EU leaders about digital infrastructure, communication & security. we have started to stop realing on America, but it will take 10-20 years before you see the entire crash trump made
Is it because this kind of phones are a very niche product so they can't benefit from the economy of scale?
Maybe android phone manufacturers can get better deals from chip manufacturers because they buy chips in large quantities?
Having seen how things work where freedom is not the default, I much prefer freedom.
There are rarely laws around preventing collection of said data or using said data for some new service.
Sometimes people talk about GDPR being only the cookie banner, but thanks to it, its forbidden to collect that kind of data.
https://gdpr-info.eu/art-9-gdpr/
The qualifying criteria is probably just having picked an offer for renewable-sourced energy in the past, indicating that it has some importance to you. So you will be given more green energy offers in future.
Every company segments its customer base this way for marketing. Sometimes it’s even useful.
I'm not sure if this is better or worse than them doing it because they believe in it.
Any primer/link on what current libertarians believe is welcome.
All my anarchist (left libertarian) friends are pretty consistently opposed to state and corporate surveillance. There is plenty of theory in a canon of literature that goes back to the mid 19th century, even as there are many subgroups and spurs off that general line of thought all with their own sets of (usually somewhat) consistent lines.
If you want something short and brutal, I am a fan of "Desert" by anonymous, but "A Utopia of Rules" by David Graeber is not a bad thing to read and probably closer to a popular line. Or the CIA-Coded Yale academic James Scott has a lot to say, "Two Cheers for Anarchism" and "Seeing Like a State" both seem to have influenced a lot of people.
Historically "right libertarians" (the US Libertarian political party, for instance) have been, uh, "less consistent" in their thinking, so you might have a hard time finding anything that looks like a "philosophy" in that branch of "thought". Plenty of goofy-ass ideas, but little consistency except a strange ability to begrudgingly conform to GOP politics at the end of the day.
Fundamentally I think that liberal democracy won't be able to survive compute, communication, and storage being cheap, combined with asymmetric encryption. I really think there should be an article illustrating just how much that last one is fundamental to making the apparatus of control cheap and effective in a way that 20th century regimes could only dream of.
internet is a service that you choose what to engage and how. don't like a platform? find another, build it or stop using it altogether.
personally, i find these things really great has it helps nudge people into the more decentralized web. a few years ago those who were pushing for privacy respecting apps and platforms were deemed too paranoid.
But you're absolutely right about Instagram's evolution. It's crazy.
the only social circle that truly matters is the geographically close one. no amount of E2EE or fancy chat app will replace being physically present.
I mean, okay? Next time just say social media is a cancer, and don't waste our time moving goal posts.
You don't have to wait for everyone to switch, in fact it's pretty normal to reach different people on different chats.
https://xkcd.com/1810/
Given the dependence our society now has on the internet, it's bonkers to me that more VCs aren't rethinking their investment strategy. Privacy is not some niche concern anymore, check out the response to Flock for example.
Consider instead using a code word or phrase to move sensitive conversations to something self hosted such as jabber using OMEMO XEP-0384 and XEP-0373 OpenPGP for XMPP and SASL SCRAM. OMEMO is an implementation of the Signal protocol on top of the XMPP protocol.
e.g. "_Expletive_! I stubbed my toe!" other-person: "lol geezer watch where you are walking." conversation quietly and temporarily moves to the pre-shared self-hosted Jabber server. Temporarily because going dark can draw attention. Feed the big chat platform boring garbage and misdirection.
It is possible to defend against them. Maybe not on your phone though.
So having a signal for switching mediums is something that I feel indicates thinking in the wrong direction.
It's not for everyone. I grew up with code phrases. My mom knew that if I said "I love you" to send in the cavalry. We had similar processes in the military. If I answered the phone a particular way they knew the remote site was under siege.
Everyone knows you talk to your parents, but code phrases are not a way to get privacy.
Fundamentally I agree with you but people will stay on the platforms where their friends are. To change that the platform would have to do something really bad such as forcing age checks and even then I think many will just put up with it to stay connected to their friends.
It could also tag people communicating about topics ig chat that it is actively suppressing.
They may be looking for an uproar to reverse the policy as so far, it's just words.