Originally reported by Schneier on Security, WIRED Security
TL;DR
Privacy-focused services face new pressures as Proton Mail confirms data sharing with law enforcement and Meta discontinues end-to-end encryption for Instagram DMs citing low adoption. Meanwhile, Signal's Moxie Marlinspike is helping encrypt Meta's AI conversations.
Meta's decision to abandon end-to-end encryption for Instagram DMs affects millions of users and could signal broader industry retreat from privacy protections. Combined with Proton Mail's data sharing disclosure, this represents significant privacy ecosystem changes.
This week delivered a series of developments highlighting the ongoing tensions between privacy, law enforcement, and user adoption in digital communications platforms.
Proton Mail, the privacy-focused email service, shared subscriber metadata with Swiss authorities, who subsequently passed the information to the FBI, according to reporting by 404 Media. The disclosure involved payment information related to a specific account rather than email content.
Bruce Schneier notes this type of cooperation "happens, even to privacy-centric companies like Proton Mail." While Proton Mail's end-to-end encryption protects message content, metadata including payment details and account information remains accessible to the company and subject to legal requests.
The incident underscores the distinction between content protection and metadata privacy, even among services marketed for their privacy protections.
Meta discontinued end-to-end encryption for Instagram direct messages, citing low user adoption rates as justification for the decision. The company had offered E2EE as an opt-in feature, which privacy experts say contributed to minimal usage.
Security researchers express concern that Meta's decision could trigger broader industry retreat from encryption technologies. The move affects millions of Instagram users whose DM conversations will no longer benefit from end-to-end protection.
Experts warn this could represent "the first major domino to fall for end-to-end encryption tech worldwide," potentially influencing other platforms to reconsider their own encryption implementations.
The US Justice Department announced the takedown of four major botnets: Aisuru, Kimwolf, JackSkid, and Mossad. The combined network had compromised over 3 million devices, with many infections occurring within home networks.
The operation represents one of the largest botnet disruptions in recent years, targeting infrastructure commonly used for distributed denial-of-service attacks and other malicious activities. The takedown involved coordination between multiple federal agencies and international partners.
Moxie Marlinspike, creator of the Signal messaging protocol, announced that encryption technology from his AI chatbot Confer will be integrated into Meta AI. The partnership aims to provide end-to-end encryption for AI conversations across Meta's platforms.
Marlinspike's involvement suggests Meta remains committed to encryption in some contexts, even as it retreats from protecting Instagram DMs. The integration could protect AI interactions for millions of users across Facebook, Instagram, and WhatsApp.
The development creates an interesting contrast with Meta's Instagram DM decision, showing the company's selective approach to encryption implementation.
Originally reported by Schneier on Security, WIRED Security