I love how WIRED keeps their privacy section of their website labeled “Security”, when basically all the stories I see on there are privacy related.
I think calling it E2EE isn’t accurate, it’s using TEEs. Proper E2EE would use homomorphic encryption but that’s not quite fast enough yet for AI. Still that’s a genuine privacy improvement.
WIRED folks appear to be conflating one for the other. Someone who can get their attention should correct them.
Not for the first time. Signal >> Blog >> WhatsApp's Signal Protocol integration is now complete & Signal >> Blog >> Facebook Messenger deploys Signal Protocol for end-to-end encryption
There is a thread running through a lot of Moxie’s writings and actions that reveals a very personal desire to make mass surveillance more difficult. I admire the vision, even if it doesn’t always succeed:
- Certificate Authority vigilance → failure! (Convergence)
- Messaging → success! (Textsecure/Signal, FB Messenger, Skype, Allo.. )
- Peer-to-Peer Payments → failure! (MobileCoin)
- Private Inference → to be determined! (Confer/Meta AI)
Interestingly Apple have gone down a similar path (iMessage/Private Cloud Compute). I think some in the privacy community would much rather people stopped using services from corporations with bad track records, but I like this if only so that companies like Proton, DuckDuckGo and company have no excuse when it comes to minimum standard privacy-enhancing tech.
For the sake of the uninitiated here I’ll state TEE means trusted execution environment. Reflecting on your comment, the end-to-end encryption (E2EE) phrase used in this way reminds me of when Zoom falsely advertised its videoconferencing is end-to-end encrypted.
Lacking understanding of TEEs and this specific setup myself I don’t have a clear picture of how this will work. I assume TEEs and encryption will prevent Meta’s AI from collecting AI prompts and responses, and possibly more data. But I would assume Meta would still collect metadata, as it does for WhatsApp.
Speaking of WhatsApp, the article cites WhatsApp as an example of E2EE messaging. For privacy and security reasons, everyone should stop saying WhatsApp is end-to-end encrypted until the claims in the lawsuit that WhatsApp can access all users’ messages (thread, article, video) turn out to be false.
I disagree WIRED conflated privacy and security. First, the article discusses E2EE and AI, thus the “security” tag is more than appropriate. Second, privacy and security are not the same but they are so closely intertwined that you can’t have one without the other.
Basically you’re reducing your trusted computing base to be as small as possible. The data is still decrypted and processed in the clear but it’s in a part of the chip that’s not accessible to the rest of the CPU and the memory is encrypted as well, so the idea is it’s very difficult to get access to it. But there have been multiple successful attacks against TEEs and likely more in the future.
I have only a limited understanding, but in addition to what you’ve said, I believe that part of the advantage is that it also makes it possible for you as an end user to verify that what they claim is running in the TEE is actually running in the TEE.
So compared with a non-TEE implementation,
- Your queries are processed in a secure enclave that is isolated from the rest of the system
- AND an end user can verify that the code running in the TEE, is what the provider claims is running in the TEE.
Does this align with your own understanding, or have I misunderstood something?
But there have been multiple successful attacks against TEEs and likely more in the future.
Are you aware if any of those attacks have been done without (1) specialized hardware tools, and (2) physical access to the running server?
That’s true yes although I’ve never actually tried to do this so I don’t know how it works.
I’m not aware of any. Although the whole point of E2EE is that you don’t have to trust the owners of the server even with physical access so I still think calling it E2EE is a misnomer.
Offtopic
I disagree. The burden of proof is on the people making claims that WhatsApp can access users’ messages, which, as far as I am aware, no proof has been given.
so I still think calling it E2EE is a misnomer.
Agreed.
I’m simply trying to assess the degree of privacy/security that a proper TEE implementation can provide, and where it is limited.
To me, there is a very substantial difference between something that can be done remotely compared to something that requires physical access, specific effort, and specialized hardware. In most contexts, I think that significantly raises the bar of difficulty (and in many cases cost) to the point that it could be consider an acceptable theoretical risk if your threat model is mostly concerned with surveillance capitalism, or low-effort dragnet surveillance.
Does that seem like a reasonable takeaway to you? If I’m not fully appreciating the risk, I’d like to know understand it.
The way I understand it is there is technically no E2EE because the communication is between Meta AI (the service) and the user, not between users at the exclusion of the service, and TEE’s goal is to fill the gap by denying the service access to content. However the weak point of encrypting Meta AI appears to be the TEE due to its security issues.
I would add Meta, as a mass surveillance corporation, cannot be trusted to provide privacy-preserving services. Unless my understanding is wrong, the ostensibly end-to-end encrypted WhatsApp, owned by Meta, still collects vast metadata on its users.
Off topic: WhatsApp E2EE
I agree with you on the point AFAIK no proof has been given, and in the lawsuit the burden of proof is on the plaintiffs and not on WhatsApp.
To protect people’s privacy and security, everyone should stop saying WhatsApp is end-to-end encrypted. If WhatsApp’s E2EE claim turns out to be false, saying WhatsApp supports E2EE may cause people to adopt or continue to use WhatsApp with a false sense of security.
If there’s room for nuance, I would also mention there is a lawsuit against WhatsApp that disputes its E2EE claim.