Mark Zuckerberg’s F8 privacy-focused vision for Facebook: Encryption experts react
On April 30th, Mark Zuckerberg took the stage at Facebook’s annual F8 developer conference to unveil his ‘privacy-focused’ vision for the company. After years of high-profile data breaches and privacy scandals including Cambridge Analytica and most recently March’s revelation that Facebook left hundreds of millions of user passwords unprotected, this pivot won’t come as a huge surprise to anyone.
Seemingly in an effort to win back shaky user trust, Mark kicked off the show by announcing a series of shiny new features to promote community, connect more directly and privately with loved ones, and get people back out into the real world. That being said – with every new feature encouraging engagement with the platform, comes the opportunity for Facebook to harvest more data on its users. It will be interesting to see how Zuckerberg aims to deliver on his promise that the ‘Future is Private’, while simultaneously collecting more information about users than ever before.
To get more insight on what’s to come, we checked in with our favourite privacy experts at Tresorit, István Lám (Co-founder and CEO) and Péter Budai (VP of Product Development) to see what they made of Zuckerberg’s announcements at F8 regarding the topic.
Mark Zuckerberg: Today, we’re going to talk about building a privacy-focused social platform. Privacy gives us the freedom to be ourselves. So, it’s no surprise that the fastest ways that we’re all communicating online are private messaging, in small groups, and in stories. This is the next chapter for our services.
István Lám: Hang on, a privacy-focused social platform? Will Facebook totally change their business model? How can they focus on privacy if they are making money from selling user data to advertisers?
Péter Budai: It’s kind of a 180 degree turn, but let’s see, it’s getting interesting.
Mark Zuckerberg: I get that a lot of people aren’t sure that we’re serious about this. (Laughs lightly to crowd)
István Lám: Even he is laughing about it!
Mark Zuckerberg: I know that we don’t exactly have the strongest reputation on privacy right now, to put it lightly.
Péter Budai: That’s right. At least he’s aware of it.
István Lám: How many times has Mark Zuckerberg made similar promises in the past? After the Cambridge Analytica scandal, they promised to make safeguarding user data their priority. Then last October, we found out that Facebook was using phone numbers provided by users for two factor authentication [an e-security technique] to actually target them with ads. Then this March, we learned that they had also been storing hundreds of millions of user passwords unencrypted and that Facebook employees could easily search and access them. So it’s no wonder people are having a hard time trusting Facebook.
Mark Zuckerberg: First, we’re committed to working more openly. Second, we’re taking a more proactive role in making sure that all of our partners and developers use our services for good.
István Lám: I would be interested to know how Mark Zuckerberg defines ‘good’.
Péter Budai: Yeah I know, what he means by ‘good’ could refer to quite a few things here. Does he mean good for the investors, good for him, good for Facebook employees, good for their customers and users?
István Lám: A company should really serve its customers and make sure the product works well for them. But I think people forget that in this case Facebook users are commodities, and the real customers are the advertisers purchasing their information.
Péter Budai: And sorry, but how do they actually plan to achieve that? By checking all their advertisers, partners, even what they do with their data? Will they investigate all their partners code and customer databases? It’s not easy, I can’t even imagine how they would attempt it.
István Lám: They just keep saying that privacy is the vision and privacy is the future. Will they stop using metadata to monitor user browsing on the platform and third-party websites? They can even continue monitoring user behavior after they log out of the platform, which is concerning. And when a Facebook like button is embedded on an external page, they can observe user browsing behavior there too.
Asha Sharma: Over the next year, we plan to make Messenger the fastest private communication app on the entire planet…The future is private. So, we have begun to the journey to make Messenger end-to-end encrypted by default.
Péter Budai: At least that’s something. End-to-end encryption is good. Before, you could just turn it on manually for conversations but now they’re making it default.
István Lám: That’s good. I have to admit, this is the first thing I hear in this video which really addresses how they will actually make something more private. For those not familiar with end-to-end encryption, I think it’s important to understand a key point here. When a message is sent to someone else, it travels through Facebook servers, then those servers push it to the other user’s phone. So far, these messages were encrypted on the way to Facebook’s servers and then another encryption was used to download it onto the receiver’s end. Now what they’re saying is that they can’t see what is transferred not only in transit, but also through their servers.
Péter Budai: At least for our conversations. However, it’s worth mentioning that it’s not just the content of our conversations that’s their main source of revenue – they’re not only selling what we’re talking about, but also what we’re browsing, what we’re clicking on, who we’re following, all of our likes, so our conversations are just a really, really small part of what Facebook knows about us. But it’s a good step.
István Lám: It’s a great step. I mean, end-to-end encryption is crucial nowadays, and it’s the first thing I see that Facebook is doing right. But people should not underestimate that Facebook at the same time is still harvesting information through graph data, which is basically how many times you are sending messages, who you’re interacting with – even if the content is now encrypted, they know that, they see that. They can make conclusions about who you have a strong relationship with, who you have a weaker relationship with, and so on.
Péter Budai: Exactly.
Fidji Simo: With Facebook Dating, you can find matches based on things you have in common, like your shared groups and events. Your dating profile is separate from your main profile and your activity there is only visible to other people who have opted in. We’re also introducing something called Secret Crush. Secret Crush lets you create a private list of friends that you might be interested in.
Péter Budai: Oh, they created a Tinder from my Facebook friends.
István Lám: Wow, just imagine if that information leaks out. It’s great, because that could be the last straw for Facebook, because then people would care [if their Secret Crush list is leaked] and I’m pretty sure it will, at some point.
Fidji Simo: And if a friend also puts you on their list, you match. If not, no problem. No one will know who’s on your list or even that you’ve opted into Facebook dating.
István Lám: Except Facebook.
Péter Budai: So your data is ‘only’ visible to other people who have opted in…but how do I know who has opted in? If I can’t see those details and I can’t choose who gets to see mine, then it doesn’t seem like I have much control over that information at all.
Mark Zuckerberg: I’m excited to announce that we’re going to roll out Portal internationally. Now you’re going to be able to make video calls on both Whatsapp and Messenger on Portal, and you know what that means? That means that we are bringing end-to-end encryption to all video calls on Portal.
István Lám: This Portal thing… I mean, they’re bringing in end-to-end encryption for video calls, which is good. The way they do end-to-end encryption has been criticized but it’s a genuine improvement compared to what they had before. But, just imagine, you have a portal to Facebook servers –
Péter Budai: Not just Facebook servers, Portal runs Alexa!
István Lám: So, they will be listening to everything that you do. Imagine you’re talking to your friend about your Secret Crush, and Alexa asks you ‘Would you like to list this person as your Secret Crush on Facebook as you were discussing them in the kitchen, and also send them a box of chocolates?’ Creepy.
Péter Budai: Yeah, really, really creepy.
István Lám: Would you allow Facebook inside your house like that? That’s not for me, for sure.
Mark Zuckerberg: So that’s how we’re starting to build out this privacy-focused vision across everything we do.
István Lám: To be honest, the only real progress I see here is that they delivered end-to-end encryption to messaging.
Péter Budai: And Messenger already had end-to-end encryption, it was just not turned on by default.
István Lám: So basically, they claim that the ‘Future is Private’ but I don’t think that Facebook will actually drive this vision. Although it’s a nice tagline, they are not delivering a tangible roadmap to achieve it. I do believe that the future should be private but with the new features they are introducing here, it’s not something they are really planning to or able to deliver.
Curious to know more about the status quo of user trust in online services? Click here to check out our recent survey results on the topic.