Content Moderation and Regulation

By pjain      Published Jan. 12, 2021, 7:16 p.m. in blog Programming   

Encryption, E2E in ChatApps

Overview, Comparison

App Encrypt Moderation Privacy
Skype web,no E2E No Most Insecure
LINE web,no E2E No Insecure
------------------ ---------------- ----------------- ---------------
SnapChat web,no E2E No
Twitter web,noE2E No
Discord web,noE2E No
LinkedIn web,noE2E No
Slack web,noE2E No
Zoom web,noE2E No
------------------ ---------------- ----------------- ---------------
FB=Messenger Transit2Svr, Optional In Server
FB-Instagram No E2E ?
------------------ ---------------- ----------------- ---------------
Apple iMessage E2E Full No Very High
FB-WhatsApp E2E Full,NoSvr ? Very High
Signal E2E No Highest
Parler E2E ? Highest

E2E 101

  • Higher Security and Privacy apps are true End to End with no server in between.

Usually the only people with the 'key' to decipher an end-to-end encrypted message are the sender and the intended recipient.

SnapChat

Snapchat doesnt have E2E and its websites dont suggest messages on the app are completely encrypted. Its support page does say that most messages are deleted from its servers after a maximum 30 days.

Twitter

Twitter doesn't have E2E,

Skype from Microsoft

Microsoft has no information on end-to-end encryption on its website. But it has been trialling a "private conversation" option with some users.

FB-Messenger

Messenger app doesn't have E2E by default. You have to specifically enable something called "secret conversation" within the app in order for your conversations for E2E.

Everything you send on Messenger passes through Facebook servers to which it has access. … Facebook “spies” on this content. [It] downloads your private content to its own servers without any warning.

But only Facebook’s platforms were seen [downloading] massive files, beyond the size needed for a preview.

FB plans to merge 3 messaging systems, and make this entire messaging infrastructure entirely end-to-end encrypted. This would render it impossible for Facebook Inc. to read private conversations between users and run advertising based on the content of those conversations.

But right now, only Facebook’s platforms were seen [downloading] massive files, beyond the size needed for a preview.

FB-Instagram

It does not use end-to-end encryption on the photo-sharing app, which introduced private messaging in 2013.

FB plans to merge 3 messaging systems, and make this entire messaging infrastructure entirely end-to-end encrypted.

But right now, only Facebook’s platforms were seen [downloading] massive files, beyond the size needed for a preview.

Apple iMessage

Seen as highly committed Apple defied both US FBI and China's CCP to keep its phones fully E2E encrypted for its core iMessage service.

Its 'approach to privacy' document says it "uses end-to-end encryption to protect your iMessage and FaceTime conversations" across all devices.

LOOPHOLE EXPLOITED BY GOVT SNOOPERS. Apple allows users to send messages as a text if the iMessage won't go through, and text messages are not end-to-end encrypted.

A lot of messaging services, like iMessage, allow you to back up to the cloud, which gives those cloud services access to your messages.

iMessage, generates link previews on the sender-side is a fairly safe security bet.

FB-WhatsApp

Whatsapp, which is owned by Facebook, added end-to-end encryption by default in 2016, with Facebook saying that protecting private communication was one of its "core beliefs".

WhatsApp generates link previews on the sender-side a fairly safe security bet.

But its native Facebook Messenger doesn't have the same levels of security.

Signal

Signal Messenger is funded by the non-profit Signal Foundation. They are concerned by burdensome US regulation like EARN IT act, “it would not be possible for a small nonprofit like Signal to continue to operate within the United States.”

In the Covid-19 pandemic “Signal traffic has gone through the roof. New users are signing up at unprecedented rates, and we’ve expanded our server capacity faster than we ever anticipated.”

Parler

The President and a bunch of his supporters have hyped it up. Right wing die-hards have hyped up the misleading claim that Parler supports free speech unlike Twitter.

Senator Ted Cruz (and Rep. Devin Nunes) have recently joined it and may have abused it to reach right wing protestors.

Parler was implicated in the riots.

  1. Apple and Google has removed today Parler, a social media networking app for right-wing supporters, from the official Play Store after evidence surfaced online that its members were openly planning acts of violence against law enforcement members and in preparation for the upcoming Biden inauguration ceremony.
  2. Parler was kicked off AWS hosting after the Washington DC Capital riot. It has sued Amazon for loss.

Moderation, End User Agreements, Terms of Service

r

Hate Speech

Inciting Violence and Riots

  • Google kicked Parler off its Play App Store claiming: "We're aware of continued posting in the Parler app that seeks to incite ongoing violence in the US. We recognize that there can be reasonable debate about content policies and that it can be difficult for apps to immediately remove all violative content, but for us to distribute an app through Google Play, we do require that apps implement robust moderation for egregious content.

No Spam is standard Clause

  • From Parler guidelines

  • Spam is repetitive content that does not contribute to the conversation. It often comes in the form of multiple posts of repeating content that offer little to no value to the community and platform at large.

  • Avoid repetition in the comment section of posts. Spam applies more heavily to comments then posts.
  • Do not use language/visuals that are meant to take advantage of others on Parler.
  • Avoid language/visuals that solicits advertisements on other’s posts.

TOS give Lots of Leeway to delete Content

  • Supreme Court has standards that allow posting critical content
  • "fighting words" doctrine
  • Newspapers need to "validate" and confirm source before printing critical content

Sites like Parler ban sharing content which exceed court orders. - "rumors about other users/people you know are false" as an anti-defamation protection. However actual court precedents and legal standards for defamation go way beyond that. - Banning "rumors about other users/people you know are false" will create judgment calls by Parler in determining what stands and what doesn't. - Any direct and very personal insult with the intention of stirring and upsetting the recipient

1st Amendment - no commitment, can be taken down so not really allowed

Pornography is an excuse and overreach

  • Standard Legal doctrine only excepts child-pornography and indecent exposure to minors, not pornography by adult consent.

Content sites routinely have terms that ban pornography claiming falsely - Pornography is considered indecent according to clauses defined by the FCC.

Exploits, Hacks in Encryption

Ad Signals - Anti-Piracy in SNs, Chat Apps

  1. Ignoring privacy has been a good growth strategy for SNs like FB.

  2. Facebook’s newsfeed replaced the "wall" by default to boost viral SN. All status updates and photos started appearing on friends’ feeds without the users opting into the change.

  3. News/Feed Algos to insert Ads.

Facebook has always had a poor reputation for users’ privacy. It amassed a user base of 2.7b maus. In January 2010, CEO Mark Zuckerberg stated publicly that the age of privacy as a “social norm” is over.

POLITICIANS, huge media backlash.

BUT DO USERS CARE? FB users especially internationally like India don’t seem to care much about privacy or the company’s privacy scandals, even today. In terms of actual user behavior, though, as Facebook’s then-product manager of newsfeed stated in a video, engagement doubled.

Keys held by Government Entities

Block encrypted - force Clear text

LOOPHOLE EXPLOITED BY GOVT SNOOPERS. Apple allows users to send messages as a text if the iMessage won't go through, and text messages are not end-to-end encrypted.

Backup can be insecure

A lot of messaging services, like iMessage, allow you to back up to the cloud, which gives those cloud services access to your messages.

Many messaging apps do link previews insecurely - worst are Facebook’s Messenger. Instagram and LINE. Also criticized are Discord, LinkedIn, Slack, and Zoom—among others. Link previews often even break E2EE. Other services actually run untrusted JavaScript on their servers!

  1. SERVER SIDE Better end-to-end encrypted messengers, including WhatsApp and iMessage, generate link previews on the sender-side, [which] is a fairly safe security bet.

  2. Receiver-side link previews. The weaker and dangerous approach is receiver-side link previews as it might disclose your IP address, which presents an attack vector to discover target locations.

  3. Server-side link previews is worst and a potential security nightmare. Facebook Messenger, Instagram, LinkedIn, Slack, Twitter, Zoom and Google Hangouts use this. But only Facebook’s platforms were seen [downloading] massive files, beyond the size needed for a preview.

  4. Link Previews in Messenger apps: A security nightmare to haunt SecOps | TechBeacon

Politics and Regulation of E2E

Police and Anti-Terrorist Want Access to Message Contents

End-to-end encryption causes problems for policing, anti-money laundering and anti-terror groups.

Child sexual exploitation materials to law enforcement - Is it really that Prevalent in era of Free Porn?

US Regulation trying to force open privacy

1996 Section 230 Safe Haven for Tech and Social Networks

Law since 1996, Section 230 states that “no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

In other words, a website like Facebook or a messaging platform like Signal is not responsible for what its users post.

Both its critics and its defenders agree that Section 230 is responsible for much of our current social media ecosystem.

Section 230 helped usher in a system where users can upload the content they want without a second thought, and it is up to the companies hosting them to moderate under “Good Samaritan” policies.

"It urges companies to filter and to block offensive content .. Congress wanted to let companies filter dirty words and shield kids, without being held responsible for doing it incompletely. The idea that 230 requires neutrality is to fundamentally misunderstand it." - Danielle Citron, a law professor at the University of Maryland, 2018

Dec 2020 Trump wants end of Sec 230 or won't sign Defense Bill

2018 FOSTA-SESTA law

This cited child sex trafficking for encroaching on websites,

That legislation had the support of major industry players like Facebook - which saw it giving them a safe-harbor for extreme liabilities reduction.

It has been criticized by the ACLU and others for its potential harm to sex workers.

2021? EARN IT act

The EARN IT Act seeks to alter the relationship between tech companies and an influential segment of the Communications Decency Act known as Section 230.

The EARN IT act would fundamentally change Section 230.

Now techies would have to “earn” a certification allowing them to take full advantage of Section 230, showing that they would following with best practices in detecting and reporting child sexual exploitation materials to law enforcement.

This is moving its way through Congress with bipartisan support. Signal threatens to exit USA as it would threaten the app's sheer existence due to what it deems overly burdensome oversight.

Claims E2E not affected by EARN IT - But BPR-committe makes E2E impossible

  • “This EARN IT bill says nothing about encryption .." - Senator Richard Blumenthal, a Democrat from Connecticut, co-sponsor of Earn It
  • End-to-end encryption must be able to exist with robust law enforcement and I’m not going to support anything that does not protect the integrity of encryption for users, I can promise you that,” - Republican Sen. Josh Hawley of Missouri, also a co-sponsor.

EARN IT Act would create a 19-person panel to decide these best practices, one seat of which would be permanently reserved for the Attorney General. Four seats would be reserved for representatives of tech companies, although the legislation does not stipulate the size of these companies.

EARN IT will deal with an even broader swath of content than FOSTA-SESTA law child sexual abuse material, which is a grave concern, and we should be finding ways to adequately address. These best practices will go far beyond that: there will be best practices relating to any potential interaction with youth. There will be best practices relating to age-gating and age-rating, which has nothing to do with any illegal content."

Signal says the best practices that EARN IT would demand as “designed-by-committee” and warns that they are “extraordinarily unlikely to allow end-to-end encryption,” which Signal currently guarantees its users.

E2E makes Content Moderation Impossible

Yahoo, MSN, Google "Open-Sesame" - free access to governments!

Apple - Claims Never gives Keys

USA

UK

In his UK attack, Khalid Masood accessed WhatsApp moments before he killed four people in the Westminster terror attack. He also used iMessage and SMS. After the attack, Home Secretary Amber Rudd called it "completely unacceptable" that the security services couldn't access some of the content - and said "there should be no place for terrorists to hide".

Apps Held Responsible for Hate Speech, Offensive Posts

China - surveillance State

India


0 comments

There are no comments yet

Add new comment

Similar posts

Menus and Appbar actions

Outbound,Sending Customer UX Marketing

Cb Events, Buttons in Flutter

Cu Custom Widgets for Flutter