As far as I know, no social media company’s posts are E2EE

Oh, sorry, I shoulda been specific. I meant cases like the Whatsapp class action. It hasn’t been proven in court yet, tho. The prosecution says they have evidence Whatsapp and Meta get access to E2EE messages since they control the client. But it’s also important to say that Meta is denying they do this. It will play out in court.

The 52-page privacy lawsuit contends that although Meta has pervasively marketed WhatsApp as a private, secure, end-to-end-encrypted messaging service where “[o]nly you and the person you’re talking to can read or listen to” messages, Meta employees, Irish consulting and tech firm Accenture and possibly other third parties, unbeknownst to users, can access messages via a “backdoor” in the WhatsApp source code. According to the complaint, the backdoor allows Meta and WhatsApp employees and/or third-party contractors to “circumvent the encryption in order to view users’ private messages.”

Whether it’s proven, or not, it’s possible to do it. The mesages have to be decrypted for view.

and there are no deliberate backdoors and such

Agree, but that condition is doing some heavy lifting. As in the alleged Whatsapp case.

First, I wanna say I appreciate your reply. It’s well made. I believe you, mathematically, about how ZKP’s work.

I just think that when rubber meet road, there will be potholes. Example, strong encryption cannot be broken, practically speaking. The social media companies make real E2EE. But they control the client. So they simply scrape post decryption from the user’s device. It’s true, the E2EE was secure. But that didn’t matter in the end. There was a way to circumvent.

We’ll see about ways like that with ZKP. I’m not smart enough to know how it may happen. Only that the incentives will be big. Encryption isn’t defeated by breaking the math. Neither ZKP. It’ll be some other way. Something sleazy.

the social media site will not discover anything about your identity beyond a binary “is above 18 years old” statement.

To discover anything else, they would BOTH have to collude in some significant way.

I would say, social media can already discover most ppl’s identity. Without having to collude at all. There’s a whole ass industry of identity resolution, even when ppl don’t mean to give their own identity. Would social medias stop doing that, just because now ZKPs? I’m afraid it may deliver a false feel of security.

My concern in the long run is that over time the newer generations arent going to ever learn/know how freeing personal computing used to be.

Oh absolutely! It becomes normalized for those who never knew any other way.

I lucked out, my pa was a techie and got me steered towards the importance of tech freedom. Not everyone is so fortunate. Tech is almost an extension of our minds now. How we remember. How we learn. How we communicate. When we give away control of our devices to big tech, it’s like giving away control of our thoughts and emotions. Even our culture.

and a pinky promise is not enough.

Yah that’s my sticking point too!

I believe that under good faith, Zero Knowledge Proof could work and guard privacy from both the gov and the sites.

But “good faith” is doing heavy lifting. The desire to corrupt the system in some way that turns ZKP into secretly non-ZKP is going to be huge. Even if it begins OK, we will all become locked into it. And if it gets corrupted years later, too bad so sad, because we’re locked into it!

We’ve already seen intelligence agencies trying to corrupt encryption standards, to look secure when they have a secret flaw. That’s the kind of corruption I worry about with ZKP age gates.

They allege it was to help protect accounts and personal data.

TBH it scares me that more and more things may go this way. You want online banking, or w/e? Well! You better use “trusted device”! What does “trusted device” mean? It means the device is locked down against its “owner”.

It’s like a relentless march where personal computing dies and corporate computing takes over. Ever more, our technology answers to big tech, not us.

its just getting vendors to actually do it.

Good ideas… and yeah… the browser vendors have a financial incentive to build mechanisms to collect anything and everything. Javascript itself exposes so much more fingerprinting possibilies.

That’s also why I think it’s so terrible for Google’s Chrome to have like practically all the market share. G can now drive the whole web in a way that’s good for them and bad for us.

Article talks about cookies still being set when user opts out of those.

That’s bad, sure. But TBH I worry so much more about fingerprinting. Cookies, easy to delete in your browser, easy to block. Fingerprinting is done behind the scenes on the server, you can’t block their attempt to. There are “resist fingerprinting” options in some browsers now like firefox, but limited in effect, and much of the fingerpinting is not even something the browser can stop. Things like TLS fingerprints, or exact timings between your system making a request, and the serving system. Or things you can spoof but which cause problems if you do. Even Tor Browser doesn’t spoof some of those things b/c it causes problems to do.

The identity broker companies have a massive financial incentive, and they employ very smart data scientists. Even “opting out” of cookies, I think it’s about 0% chance we have any way to opt out of these behind the scene techniques they use. They will use every shitty weasely trick in the book like the slimeweasels they are.

But those who I know who are into it, just do not care at all.

I have friends like that too. Which is why it’s so hard.

It’s not even a fair fight, b/c the big social medias employ psychologists to design their product to be as addictive as possible. So it pits Jane and Fred Doe of Main Street against a team of psychologist PhD who study every possible way to weaponize Jane and Fred’s normal human feelings and emotions. Jane & Fred doesn’t want to quit, so will find ways to rationalize a use of the products.

It’s a big damn problem. It impacts everyone. All of us. Not just the ones who use FB, IG, or X.

Sure… but the hard part is convincing 2 or 3 billion of my closest friends. Esp when faced with systems designed by teams of psychologits, to be highly addictive.

It’s also a lot more obvious when someone is using a phone to record in public.

Agree. Less obvious with glasses… AND easier to do it 24/7. People get tired holding up a phone. Or they have to put it down to use both hands for something. With glasses, some will record everyone around them, during every moment of their waking life.

True… paparazzi can get to people sometimes.

Totally with you on the idea, btw. I think the people destroying the privacy of everyone in society should feel that themselves, too. They shouldn’t get to hide behind infinite piles of money to guard their own privacy while they destroy ours.

It would be one thing if we could easily opt out. But we can’t. It’s not MY choice that puts me into this. It’s the choice of some other rando walking down the same sidewalk as me.

I kinda think [email protected] is right tho, it’d be hard. People like Zuck, they take private jets from here to there. They don’t fly commercial. They don’t go eat to normal restaurants with the plebs, he has high end privately catered. He don’t do his own shopping. Zuck bought 11 houses around his own mansion, for … privacy!

That goes into an observation. Zuck zealously guards his own privacy. He doesn’t want YOU to have privacy! But HE wants as much privacy as he can get.

XMPP with encryption extensions (OMEMO)

You can easily host a server yourself, no big tech. It’s light weight. Open standard so lots of client to pick from, no lockin. Supports sending pictures, videos if you want.

stones in my fucking shoes it is then.

Everybody says this… but I’m afraid it won’t help or for very long. Gate recog algos measures physical characteristics. Things that are not changed by a shoe stone, like the length of your femur and tibia. The way your hips move as your leg does. Ratio of hip width to other measures. Things things are more fingerprint-ish like that.

It’s a lot like… how facial recog looks at distances between your pupils. Or the exact position of your cheekbones and structure of the face. Making it hard to fool in some ways.

It can all be fooled to a degree. Anyway it’s all probabilities. Maybe it works 95% and fails 5% or w/e, but that’s “good enough” for advertizers and data brokers.

It’s all just an exhausting uphill battle :(

Like in Myanmar

It was horrific, what hapened there with Facebook. Viral rumors would spread, the Rohingya were putting sterilization pills into the food supply. People would believe it. Then they would torture or kill those the rumors were about. They would burn down their businesses and homes. There were mass scale murder and rape, whole viliages burned. Because Facebook had displaced local news. What was on Facebook became the reality for so many people. It became an anti-Rohingya echo chamber, the hate would feed on itself.

I think this effect is playing out in western democracies today. Slower, because the US, Canada, or Europe altogether, are much larger than Myanmar. The big ship turns slower than the small. But the same dynamics are here. Viral social media posts make their own twisted “reality”. It’s not just Facebook, neither. It’s lots of others too.

I don’t know how to stop it.

It is a valid approach and good idea. But also ppl who do it should know… it ties all the accounts together through a domain no one else uses. With a privacy mail provider there could be millions of others on the domain. With a prvate domain, not so much. It’s one more piece of data that helps identity brokers deduce that account A on site A is the same person as account B on site B.

Some might not care about it. Or, they might. Threat models etc.

Very well said. Everything you said I agree about 100%.

We need to get better at convincing non-nerds.

I’m doing my best. It’s hard tho. They just… don’t care. They don’t understand why it is important. Important for their future, and for all of our future. They don’t seem to grasp why it matters so much, and what price we have to pay when we get it wrong.

I try to find concrete examples for them. But when people are invested already in some big tech ecosytem, it’s easy to discount the examples. “That wouldn’t apply to me”.

I’m trying so hard, but it is an up hill fight :(.