Former Facebook chief security officer Alex Stamos has criticised Instagram for extending direct messages support to the web. Stamos said the move goes against Facebook’s goal of bring end-to-end encrypted compatibility between Facebook, Instagram, and WhatsApp.
“This is fascinating, as it cuts directly against the announced goal of E2E encrypted compatibility between FB/IG/WA. Nobody has ever built a trustworthy web-based E2EE messenger, and I was expecting them to drop web support in FB Messenger. Right hand versus left?,” said Stamos in a tweet.
Stamos further explained that the security researchers haven’t yet figured out a secure way to store cryptographic secrets in JavaScript on which Instagram’s website runs on.
https://twitter.com/alexstamos/status/1217126032488034305?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1217126032488034305&ref_url=https%3A%2F%2Fwww.hindustantimes.com%2Ftech%2Fformer-facebook-security-chief-alex-stamos-criticises-instagram-for-extending-dms-to-web%2Fstory-oVnqb04LeLsq36ztwMfhEP.html
“The second major issue is the model by which code on the web is distributed, which is directly from the vendor in a customizable fashion. This means that inserting a backdoor for one specific user is much much easier than in the mobile app paradigm,” he said.
Facebook last year had revealed plans to unify the underlying messaging feature on its three instant messaging apps including Messenger, Instagram, and WhatsApp. The company had said it was working to bring end-to-end encryption, which would make it difficult for anyone other than sender and recipient to access the messages exchanged. Facebook’s plans to unify these platforms, however, had stirred privacy concerns.
