Facebook is reportedly trying to analyze encrypted data without decrypting it

Shawn Knight

Posts: 13,436   +132
Staff member
A hot potato: Facebook is reportedly building a team that’ll be tasked with learning how to analyze encrypted data without decrypting it. Given the company's rocky history with user privacy, this seems like the last sort of thing they'd want to have anything to do with, yet here we are.

The social networking giant confirmed as much to The Information (paywalled), and is apparently one of several tech companies interested in a field known as homomorphic encryption. Outside experts told the publication that Facebook could be interested in studying encrypted messages on its WhatsApp messaging platform for targeted advertising purposes.

Optionally, Facebook might want to further encrypt information it has on its users without impacting its ad-targeting capabilities.

Regardless of intent, the whole thing feels disgustingly immoral and could potentially open up a whole new can of worms. If Facebook or others (Amazon, Google and Microsoft were named specifically by The Information) can glean actionable information from encrypted data, can you still technically label it encrypted?

And what sort of legal grounds are we stepping on here? If the companies in question technically aren’t trying to crack the encryption, is the practice illegal? And if tech companies are able to gather information from encrypted data, what would stop a government agency or even a nefarious third party from doing the same?

Permalink to story.

 

psycros

Posts: 3,559   +4,336
A company that built a truly secure, ad-free messaging service could charge $0.99 a month and get absurdly wealthy. If only a million people got on board that would more than support the early development and infrastructure. Sure, a lot of countries would ban and firewall their service but would only represent a small portion of the global market.
 

Aceseven

Posts: 62   +119
A company that built a truly secure, ad-free messaging service could charge $0.99 a month and get absurdly wealthy. If only a million people got on board that would more than support the early development and infrastructure. Sure, a lot of countries would ban and firewall their service but would only represent a small portion of the global market.
no they wouldnt, because people are cheap af, and that 0.99 a month would just be too much.

most of the biggest companies have gotten where they are because of peoples laziness, as long as they dont have to "pay" pay for fb or whatever else they dont give a s**t what happens to their online data.
 

BadThad

Posts: 615   +656
no they wouldnt, because people are cheap af, and that 0.99 a month would just be too much.

most of the biggest companies have gotten where they are because of peoples laziness, as long as they dont have to "pay" pay for fb or whatever else they dont give a s**t what happens to their online data.


Sad but true! I've heard it over and over "I don't care". This even after I explain the batteries in the Matrix thing.
 

Shadowboxer

Posts: 1,717   +1,322
I support a free market like 99% of the time. But it’s absurd that almost the entire digital space, the digital town square as it were is owned by a small group of rather shady executives whom are apparently trying to find a legal way to spy on its users personal messages.

It’s time Facebook is manhandled by government. They need to be regulated into check. If it were up to me, I would start by creating a digital bill of rights for all citizens.
 

Richard M

Posts: 16   +61
A company that built a truly secure, ad-free messaging service could charge $0.99 a month and get absurdly wealthy. If only a million people got on board that would more than support the early development and infrastructure. Sure, a lot of countries would ban and firewall their service but would only represent a small portion of the global market.

That would be Signal except it is free as well.

The problem is that most people just do not care. If most people actually cared about privacy they would stop doing business with companies that vacuum up all their info.
 

Satish Mallya

Posts: 197   +186
TechSpot Elite
Y'know, with the small size of messages, the size of a message might reveal it's contents.

Or the size and cadence of a series of often-exchanged messages (e.g. what to do about dinner with a spouse, for example) may reveal information about the contents.

Timing can reveal information - both status indicators as they change, and typing indicators.

Basically, you can extract a good bit of information out of metadata without breaking encryption.
 

kiwigraeme

Posts: 471   +365
Y'know, with the small size of messages, the size of a message might reveal it's contents.

Or the size and cadence of a series of often-exchanged messages (e.g. what to do about dinner with a spouse, for example) may reveal information about the contents.

Timing can reveal information - both status indicators as they change, and typing indicators.

Basically, you can extract a good bit of information out of metadata without breaking encryption.
I agree - that's why studies where the participants are anonymise are misleading - Studies are shown you can take say the medical data - and attach names to most of the participants .
something obvious - we have 12 people in a room with one male - then we look at the results - oh the men like beer over wine - even a 3 year old could figure out who that person is
 

Theinsanegamer

Posts: 2,654   +4,130
And this will drive stronger encryption. Good. Zuckerberg can suck it, along with the government and anyone else who wants to pry into your life for a sociopathic level of control.
 

kiwigraeme

Posts: 471   +365
And this will drive stronger encryption. Good. Zuckerberg can suck it, along with the government and anyone else who wants to pry into your life for a sociopathic level of control.
I think the think here is padding messages out with noise and false data .
So very small messages are made to look all a std size .
people used to hide messages in photos etc - but now DRM removal techniques can find & strip such data out of IP media .
The aim is to make the cost/benefit ratio just not worth it .

Anyway as slow as I am - I just realised how to get rid of those pop up cookie accept banners - Black list the url in cookie settings - then click yes to accept cookies ha ha ha - Just have to click yes every time you visit that website - normally I'd just close the tab.
 

brucek

Posts: 856   +1,235
Can we get a little more detail on exactly what encrypted data FB wants to analyze, and where it is getting that data from? FB has plenty of data legally, that its users "opted-in" to sharing with them, that is shared with FB in non-encrypted form. I'm interested in what this extra data is, why it is only available to FB in encrypted form, and how they are getting it. Are they installing a packet sniffer on devices running their apps? Paying for it from telcos or other network providers? ???
 

Austinturner

Posts: 276   +325
Can we get a little more detail on exactly what encrypted data FB wants to analyze, and where it is getting that data from? FB has plenty of data legally, that its users "opted-in" to sharing with them, that is shared with FB in non-encrypted form. I'm interested in what this extra data is, why it is only available to FB in encrypted form, and how they are getting it. Are they installing a packet sniffer on devices running their apps? Paying for it from telcos or other network providers? ???
All the whatsapp data is end to end encrypted, meaning they never see the unencrypted data server side, but they store and transmit the encrypted messages. I imagine that is what the article had in mind.

The head of WhatsApp has denied this rumour by the way.
 

Austinturner

Posts: 276   +325
Probably 99.99999% of companies will always deny any report that makes them look bad. A denial from any company does not mean that they are not doing it.
Sometimes its because they decide to stop doing it, sometimes they were never doing it snd someone misunderstood what they told the media, sometimes they thought of doing it but didn’t and sometimes they are lying, its hard to know which.
But lying is dangerous, you might end up the fall guy!
 
Last edited:

captaincranky

Posts: 17,196   +5,943
"Viewing encrypted data without decrypting it", just sounds oxymoronic. Either that, or just plain bullsh!t.

I can hear the Facebook faithful's heads rattling from here....."Wow, if they can do that, it's like magic".
 

hwertz

Posts: 65   +28
"Given the company's rocky history with user privacy, this seems like the last sort of thing they'd want to have anything to do with"
But Facebook don't care... their reputation is horrible, but their users still feed them all the valuable private information they can handle. A bunch of their users don't care about privacy at all, and a bunch of others claim to care about privacy (in so far as they complain about privacy violations) but will not actually take the next step of NOT USING FACEBOOK.

Given they don't care about privacy, yes, I could absolutely see them try to mine encrypted Whatsapp for data... and don't be surprised if some update to Whatsapp comes out and suddenly some "new and improved" algorithm is used that is then found to have "surprising" weaknesses (after all, if you're still using it, you have agreed to Facebooks "you have no privacy" privacy policy.)

There was a demo a few years back showing encrypted bitmaps still showed info from the bitmap (using block cypher, the Linux penguin was encrypted and you could still see the penguin, since the info within each block was encrypted but you still had regions of solid black (0s) and solid white (1s), these regions when encrypted still came out darker and lighter). This wouldn't work on JPEGs and PNGs (... I don't think), but you might infer things from the lengths of messages, the pacing, etc... if someone sent a message, and I sent back "Thanks!", they might be able to infer that from the length of the message and timing for instance. (I doubt someone saying "Thanks" is commercially useful but that's just an example.)