Welcome back to LT3. Hope you’re enjoying the sunshine!

Meta makes it two weeks a row in our top story. This time we take a look at their decision to remove end-to-end encryption from Instagram DMs. As ever, there are pros and cons.

We also look at how your running around trying to capture a Venomoth on Pokémon Go is helping train delivery robots, and rejoice at the government making an uncharacteristically smart decision about AI... sort of.

And our blog spotlight this week looks at.

Let's dig in...

Top Story

🔓 Meta are removing end-to-end encryption for Direct Messages on Instagram

A quick summary

From May, Meta are removing the option to encrypt your messages from the Instagram app. Direct messages that you send will be visible to Meta.

Take a look at this Guardian article, this from Mashable, or Platformer's take for more info.

What is end-to-end encryption?

It comes up all the time - especially in news about our online privacy. But what actaully is end-to-end encryption (or, E2EE, to its friends)?

E2EE basically means that when you write a message - say on WhatsApp to your mum - that message gets scrambled into code. Only two devices have the key that will unlock the code and turn the message back into readable text. Those two devices are your phone, and your mum's phone.

E2EE is important because that "Goodnight mum xx" message actually travels through a lot of hands before it gets to her phone. Your network provider, half a dozen relay servers, Meta's servers of course, and also her network provider. There are a lot of opportunities for that message to get intercepted. But, without the specific code to unscramble that message, it can't be read.

Wait, so WhatsApp already has this? Why are people talking about Signal and Telegram as being more secure?

What a delightful little sidebar. It's true - WhatsApp, Signal, and Telegram all use E2EE in their messages. (In fact, if you want to get extra nerdy about it, WhatsApp and Signal have the exact same level of encryption, because Meta uses Signal's protocol to do the encryption.)

But there's more to your privacy than then contents of your messages. And while it can't read those messages, there's plenty else that Meta can learn about you. It can, for instance, still see who you are talking to (we'll come back to that in a sec), as well as how often you talk to them. There are also other bits of "metadata" that they collect, including your location, what device you're on, and your contact list. This last one is "hashed" (a type of - very unsecure - encryption), so while they can't see "Jo Bloggs, phone number 07999111222" if another Meta user is also talking to that same number, they can build a picture of what your social network looks like. If you're interested in this, you can read more from the Ayan Rayne website.

OK, so why are they removing it from Instagram?

If you believe Zuckerberg's statement on the matter, it's because "very few people" were making use of the E2EE feature. The thing is, almost no one believes that's the reason. Yes, E2EE is comparatively expensive to implement compared to not doing anything. But there are bigger things at play here.

Governments the world-over are trying desperately to get platforms to remove end-to-end encryption. They don't usually say that - what they actually tend to ask for is a "backdoor" or the ability to decrypt certain messages when they see fit. But from a technical perspective, that is the same thing.

The thing is there's a reasonable case for it, especially on a platform like Instagram. Social media is an exceptionally good way to find and groom people. And that is only made easier when your actions can go unchecked by any kind of authority. E2EE means that you can say whatever you want in a message, and unless one of the parties chooses to share, the only two people who know what is said are the sender and the recipient.

This feels very deja-vu...

Preventing online harms to children is also the argument the ICO made in their issuing of a fine to Reddit. Only here there's a much greater potential for harm. In the Reddit case, the online harms that could befall children were (mostly) in the open. They could be seen and responded to. This just isn't possible when E2EE is involved.

"This is the first time a major platform has ever rolled back encryption protections" - Casey Newton, Platformer

So this is a good thing?

Yes and no.

It should go without saying that moves to protect children are good. Removing E2EE from Instagram messages means that Meta can read through any and all the messages on the platform and flag any that are concerning, and alert the relevant authorities where necessary.

And there's the rub. They can read through any and all messages on the platform. Just like in our Reddit story from a couple of weeks ago, there are people and groups who use Instagram to communicate about things that aren't grooming children, but are things that should stay protected. Perhaps you're in a support group chat about your sexuality in a hostile environment, or you're a whistleblower or journalist exchanging information. Or even if you're none of those things and you just value the ability to have a private conversation.

"Well then don't use Instagram for that" is a fair response, to which I have two of my own:

1. In a lot of scenarios where you want and need privacy, the people involved are not in a position to go about downloading apps like Signal. It could be that they don't want the additional technical barriers. Or it could be that (for example) they're in an abusive situation and while the Instagram app isn't going to raise alarm bells, an app with the major selling point of being secure probably won't fly.

2. This sets a precedent. Never before has a major communications platform removed something that makes communication more secure. Do I think we're weeks away from WhatsApp doing the same? No, I don't. But I do think this does represent the combined pressure of world governments, who will on May 8th be a little happier with themselves.

One final thought on this

This move is particularly interesting from Meta, given that Instagram specifically has come a long way in providing other protections for children. Things like Teen Accounts, and relatively robust parental controls. There are ways of keeping children safe online without removing the protection of others.

There is one other audience who can read your messages once E2EE goes - the data crawlers that, among other things, can package your information to sell to advertisers, and that feed into Meta's AI training algorithms. Imagine the fun things Meta can know about you once it pairs up those messages with that metadata we talked about earlier.

What else is happening in the world of tech?

🎵 Government backtracks on AI Copywright proposals

A little while back, we looked at some dissent in the ranks of MPs who were nervous about the noise artists and creators were making against the proposal to have a "default opt-in to allowing your content to train AI".

Now it seems that position has become official, with Technology Secretary Liz Kendall claiming that they "have listened" to the sector.

While this is undoubtedly good news for artists of all ilks, the new problem is that the government have not made it at all clear what they are now doing about this. Watch this space, I guess.

🚛 Makers of Pokémon Go are using your data to train delivery robots - because making Pikachu run realistically is the same problem

In one of my favourite recent examples of "if the service is free, you're the product", it's been revealed that Niantic, the makers of the once ubiquitous now still quite popular Pokémon Go game, have been using videos of real-world locations (marked in-game as Gyms or PokéStops) to improve the navigation of "last-mile" style delivery robots. Typically these would use GPS, but getting it to reliably be reliable to that level of detail is tricky.

It's an innovative way of solving the problem, and something that Niantic are quite familiar with doing. Back in the mists of time (2014), Niantic's first product was a game called "Ingress" - a similar AR style that allowed you to essentially play Capture the Flag with local points of interest. Part funded by Google at the time, the player data was used to build what is now the algorithm that sits under Google Maps' walking routes.

Its not all fun and games though. While the news story doesn't point to this explicitly, one of the things better AR integration might help with, is the worrying trend in delivery robots running over dogs...

Blog spotlight

📷 Fuck Up Your Images With Databending

This week we head over to Sage's Sanctum for a lesson on some of the weird ways you can manhandle files. Data is, at its core, just a series of zeros and ones, so you can technically open any file with any program. Most just won't let you.

But when they do, you can do some pretty fun things. Such as put some weird image overlays on a photo using an audio manipulation tool.

I love tech.

And that's it for another LT3!

I do love getting feedback, so let me know what you think of this week's newsletter. Also, are there any stories you've read that you found interesting? Send them over!

Hope you're managing to enjoy the sunshine (I know I said that already, but it's the first sun of the year, so it's extra exciting), and I'll see you back here next week!

Will