In the past couple weeks, I saw word going around the internet about Instagram removing optional encryption in direct messages starting May 8, and this being a concern for users’ privacy. As I sifted through the discussion, I realized that there were many, including myself, wondering how encryption worked in the first place, and why it was important.
As explained by Instagram’s help centre, every device that has an end-to-end encrypted chat has a special key that’s used to protect the conversation. When you send a message in an end-to-end encrypted chat, that message and its content — whether it be text, images, or video — is locked and can only be opened by a device with the correct key for it. End-to-end encryption ensures that chats and calls are only visible to the people that you are directly communicating with and no one else, not even the host companies like Meta, can access the conversation’s content.
On Instagram, end-to-end encryption has never been the default, instead, users could opt-in manually on each chat they wanted secured. But in May, this option will disappear. Meta’s initial justification was low-uptake, with the company saying only a small number of users ever enabled the feature, though it was also never marketed, so many were not aware of this option. After the removal of encryption on Instagram, all messages will be stored on the apps servers as plain text, which allows Meta to scan for harmful content. This was a concern for several law enforcement agencies and child safety groups who had criticized Meta for including the feature initially, arguing that it could weaken the ability to keep children safe online.
Due to its social media products being free to users, a majority of Meta’s revenue comes from advertising. Meta already uses conversations with AI and content posted on Meta products to train generative AI models.
The head of Digital Rights Watch, Tom Sulston, told The Irish Examiner that money could be a factor for Meta potentially being able to use messages to train chatbots and for advertising purposes.
“They may not be doing that now, but the commercial pressure to do it is huge, so it feels inevitable that they will if they’re not already,”
Meta advised users looking for messaging with end-to-end encryption to opt for apps like WhatsApp, which has encryption on by default. Although WhatsApp’s former security chief’s lawsuit against the company citing user security concerns was dismissed, the chat app remains a more secure messaging platform than places like Instagram.
I believe we can ensure our conversations are more secure by remembering that communication online is at risk of privacy breaches, and that it may be best to take personal issues offline into conversations in person.
But what if we have nothing to hide? Why should we still be concerned about privacy? In Chapter 14 of On Tyranny (2017), Timothy Snyder writes:
“We are free only insofar as we exercise control over what people know about us, and in what circumstances they come to know it.”
Protecting privacy and freedom go hand in hand.
Saying you don’t need to protect your right to privacy because you have nothing to hide is, in my view, akin to saying that you don’t need to protect your right to free speech because you have nothing to say. This right must be maintained and practiced for everyone, for the moment when you do need it and when it will protect you. So let’s take a second look at the privacy policies and practices of the technology that we use, and make sure that you know who has access to your information and conversations.
