If you’re one of the 1.3 billion people using Facebook Messenger, then you have already been warned of significant delays to critical security enhancements. That upgrade has been described by company executives as “essential,” even as they confirm serious slippage. Now the situation has become much worse, with two critical developments.
“We need to find a balance of safety, privacy, and security,” Facebook says of its hyper-scale Messenger app, which is second only to WhatsApp in popularity. The issue is that Messenger has become center stage in the fight between law enforcement and big tech over privacy, and that has left more than a billion users in a security limbo-land.
Unlike WhatsApp, your content is not fully secured on Facebook Messenger—the company itself has admitted to spying on your content and we recently exposed them for “secretly” downloading private links and files sent between users.
Facebook says it wants to fix this—albeit Facebook says a lot of things. It promises to widen the end-to-end encryption that secures WhatsApp to protect Messenger as well as messages sent over Instagram. That promise was made two-years ago—and what we have thus far is delay after delay. Messenger and Instagram have seen some integration, nothing, though, that enhances any user’s security or privacy.
If you’re a Facebook Messenger user, then this shift to end-to-end encryption is critical. As I’ve said multiple times before, don’t just take my word for it—Facebook says the same, admitting, in fact, that such security stops the company itself snooping on your messages. And, again, remember it has admitted to doing exactly that.
The idea of Facebook extending encryption to its billion-plus Messenger users as well as its billion-plus Instagram users has caused something of a meltdown among hawkish lawmakers and security agencies.
The latest to add their voice to this mix is Ken McCallum, the relatively new head of Britain’s MI5, who says that by widening default end-to-end encryption, Facebook would in effect be giving a “free pass” to “some of the worst people in our society,” including terrorists and those organizing child sexual abuse, “where they know that nobody can see what they’re doing.”
When WhatsApp pushed the big red button in 2016, end-to-end encrypting all messages for all users, there wasn’t the focus on encryption that there is now. It passed under the radar. Suddenly hundreds of millions (now two billion) users were able to use a secure mainstream platform, leaving lawmakers in the “dark.” If WhatsApp can’t see your content, neither can a law enforcement agency—even with a warrant.
We’ve known for some weeks now that Facebook has delayed its Messenger security upgrade until next year, “at the earliest,” and while this has been painted as a technical issue given the sprawling nature of the platform, the clever money is on it being more complex than that. Let’s see how fast Facebook works out compensatory tech to deal with Apple’s new App Tracking Transparency, by way of comparison.
If MI5’s boss sounding a warning was the first piece of new news aimed at Facebook’s Menlo Park HQ, then the second was the quite extraordinary backtrack the company was forced into over WhatsApp’s controversial change of terms.
The contrast between Facebook Messenger and its WhatsApp stablemate has been fascinating this year—and, in reality, sends a very clear message to those 1.3 billion Messenger users that it’s now time to jump ship.
WhatsApp used its default and-to-end encryption as its primary (some might say only) defense against the accusation that Facebook was encroaching on the privacy of its users. WhatsApp’s boss even penned an opinion piece giving all the reasons such security was “essential” albeit under threat from lawmakers and regulators.
The irony in WhatsApp insisting end-to-end encryption is needed, while Messenger users go without, is stark enough on its own. But the opinion piece also provides multiple examples—medical, financial, etc., where users don’t want their content open to interception from shadowy big brother characters. The opinion piece suggests governments, foreign and domestic, but Facebook itself is a more likely foe.
“Surrendering our privacy would paralyze us,” Cathcart warns. “The power of technology is that it lets us connect at extraordinary speed and scale and democratizes information better than anything ever invented. But if we choose to erode our privacy and security, it will do the opposite. Instead of sharing our ideas, it will shut them down. Instead of bringing us closer together, it will keep us apart. Instead of giving everyone in the world a voice, it will silence us.”
The WhatsApp backtrack over changed terms was a game-changer. Not because it resolves a particularly critical here and now issue for its users, many of whom have already accepted the new terms, but because it showed how governmental pressure could be brought to bear on Facebook in the new environment to change its course.
It became clear that Facebook would hit governmental blockers. The move was blocked in Germany and challenged elsewhere, and while India’s digital security law, which would compromise WhatsApp’s security in different ways, is under challenge, it sends a clear message to Facebook that it shouldn’t be crossing any red lines.
According to Burcu Kilic, Director of the Digital Rights Program at Public Citizen, the attempt to change WhatsApp’s user terms “is further proof that Facebook is abusing its dominant market power.” She says that the retreat came after “regulators in Turkey, India, South Africa, Brazil, Germany, and Colombia heard our call.”
And so, the ultimate irony here is that WhatsApp came under so much international pressure over user privacy that it had to change its plans, even as international pressure continues to intensify on WhatsApp to compromise user privacy with backdoors to allow law enforcement a window on user content. “We cannot take end-to-end encryption for granted,” WhatsApp’s Will Cathcart has said, calling out Europe, India and Brazil. “There remains serious pressure to take it away.”
Forcing WhatsApp to break its encryption will have a huge impact on secure communications worldwide. And many in the government security community recognize that while this will help its own investigators, it will also put at risk the hundreds of millions around the world that rely on WhatsApp (and Signal and iMessage and Telegram’s secret messages) to stay safe from their own authorities.
But preventing an expansion of this encryption is a different matter—especially when you consider the critical differences between WhatsApp and Messenger, which is multi-platform, doesn’t require a phone number or even a phone to use, and so is easier to use anonymously and by minors.
And so, there are some sensible arguments for keeping Messenger outside the default end-to-end encryption used by WhatsApp. It’s used by many more minors, and it’s easy to jump from Facebook’s mainstream platform into Messenger, and thus there is a clear danger that it can be used to groom the vulnerable. That’s not the same with WhatsApp—you can’t prowl the platform for other users and contact them at will.
Facebook doesn’t need to know much about WhatsApp users—it doesn’t link to a profile. Integrating with its profile-drive social media platforms, Instagram and Facebook itself, breaks this model and invites privacy risks. Adding commercial and financial features potentially does the same.
We need to recognize the difference between social media and messaging, one invites personal information to be shared quasi-publicly, while the other does the opposite. The debate has shone a light on this difference. No-one is suggesting terrorism and other serious crimes are plotted en masse on Messenger in full view, but it is part of the world’s largest social media platform, inviting different risks.
Remember, we’re not just talking plotting here—this is about dangerous interest groups, outreach, radicalization, grooming, recruitment. WhatsApp began life as a point-to-point messenger, an upgrade over SMS. And while groups have complicated this, and Facebook seems determined to evolve it into more of a social media platform, it’s still used primarily as a close-contact messenger.
As such, tapping into that content would simply push it to other messaging options. With Messenger you’re looking to flag threads, behaviors, people of interest, and then follow those threads to see where they lead. Shutting off the comms between all those people would, in law enforcement’s view, prevent such flags from being raised and investigators from looking into those “rooms” to see what might be there.
The case for terrorism and serious and organized crime is harder to make—certainly beyond outreach, recruitment and radicalisation. But threads lead to new places.
And so, let’s game this out. Facebook cannot afford to compromise WhatsApp’s encryption for one absolutely critical reason—this has been that primary defense against the data sharing backlash that has hammered the platform this year.
Don’t worry, WhatsApp has said over and over—we can’t see your content, and neither can Facebook. Take away end-to-end encryption and that argument collapses. It’s no surprise that WhatsApp is now suing the Indian government to prevent it from having to identify “the first originator of information,” a short hop from breaking encryption.
But if/when Facebook has Messenger encryption ready, you can expect a huge backlash from governments around the world to stop it switching over. And it is highly likely that some form of compromise will be needed. That could be kicking Messenger encryption down the road even further or changing the model. And the risk in changing the model, in weakening the security, is that this would likely apply to WhatsApp as well—they will fall under the same umbrella, after all.
“Our plans to encrypt Facebook Messenger and Instagram Direct Messaging will follow the WhatsApp model,” the company maintains. “WhatsApp uses a combination of other signals—including user reports, unencrypted account-level information, account-level metadata and, critically, in this context, certain pieces of traffic data—to help keep users safe and to prevent our services being misused to cause harm.”
The argument is made as a carve-out from user privacy directives to enable Facebook to enable it to mine metadata in order to flag dangerous behaviors. But metadata can only go so far, and it won’t be enough for lawmakers and security agencies.
And so, take WhatsApp’s advice and insist on default end-to-end encryption, but don’t want for Facebook Messenger to possibly deliver its update—make the switch instead, certainly for your personal messaging. Assume that anything sent over Messenger is open to monitoring and review.
You don’t need to delete Messenger, which is hard to do anyway if you remain a Facebook user, but you should switch your personal chats and certainly anything sensitive over to WhatsApp—or, even better, to Signal.
Now people can share directly to Instagram Reels from some of their favorite apps
More people are creating, sharing and watching Reels than ever before. We’ve seen the creator community dive deeply into video content – and use it to connect with their communities. We’re running a limited alpha test that lets creators share video content directly from select integrated apps to Instagram Reels. Now, creators won’t be interrupted in their workflow, making it easier for them share share and express themselves on Reels.
“With the shift to video happening across almost all online platforms, our innovative tools and services empower creativity and fuel the creator economy and we are proud to be able to offer a powerful editing tool like Videoleap that allows seamless content creation, while partnering with companies like Meta to make sharing content that much easier.”- Zeev Farbman, CEO and co-founder of Lightricks.
Starting this month, creators can share short videos directly to Instagram Reels from some of their favorite apps, including Videoleap, Reface, Smule, VivaVideo, SNOW, B612, VITA and Zoomerang, with more coming soon. These apps and others also allow direct sharing to Facebook , which is available for any business with a registered Facebook App to use.
We hope to expand this test to more partners in 2023. If you’re interested in being a part of that beta program, please fill out this form and we will keep track of your submission. We do not currently have information to share about general availability of this integration.
Learn more here about sharing Stories and Reels to Facebook and Instagram and start building today.
Q. What is the difference between the Instagram Content Publishing API and Instagram Sharing to Reels?
A: Sharing to Reels is different from the Instagram Content Publishing API, which allows Instagram Business accounts to schedule and publish posts to Instagram from third-party platforms. Sharing to Reels is specifically for mobile apps to display a ‘Share to Reels’ widget. The target audience for the Share to Reels widget is consumers, whereas the Content Publishing API is targeted towards businesses, including third-party publishing platforms such as Hootsuite and Sprout Social that consolidate sharing to social media platforms within their third-party app.
Q: Why is Instagram partnering with other apps?
A: Creators already use a variety of apps to create and edit videos before uploading them to Instagram Reels – now we’re making that experience faster and easier. We are currently doing a small test of an integration with mobile apps that creators know and love, with more coming soon.
Q: How can I share my video from another app to Reels on Instagram?
A: How it works (Make sure to update the mobile app you’re using to see the new Share to Reels option):
- Create and edit your video in one of our partner apps
- Once your video is ready, tap share and then tap the Instagram Reels icon
- You will enter the Instagram Camera, where you can customize your reel with audio, effects, Voiceover and stickers. Record any additional clips or swipe up to add an additional clip from your camera roll.
- Tap ‘Next’ to add a caption, hashtag, location, tag others or use the paid partnerships label.
- Tap ‘Share’. Your reel will be visible where you share reels today, depending on your privacy settings.
Q: How were partners selected?
A. We are currently working with a small group of developers that focus on video creation and editing as early partners. We’ll continue to expand to apps with other types of creation experiences.
Q: When will other developers be able to access Sharing to Reels on Instagram?
A: We do not currently have a date for general availability, but are planning to expand further in 2023.
Q: Can you share to Facebook Reels from other apps?
A: Yes, Facebook offers the ability for developers to integrate with Sharing to Reels. For more information on third-party sharing opportunities, check out our entire suite of sharing offerings .
First seen at developers.facebook.com
What to know about Presto SQL query engine and PrestoCon
The open source Presto SQL query engine is used by a diverse set of companies to navigate increasingly large data workflows. These companies are using Presto in support of e-commerce, cloud, security and other areas. Not only do many companies use Presto, but individuals from those companies are also active contributors to the Presto open source community.
In support of that community, Presto holds meetups around the world and has an annual conference, PrestoCon, where experts and contributors gather to exchange knowledge. This year’s PrestoCon, hosted by the Linux Foundation, takes place December 7-8 in Mountain View, CA. This blog post will explore some foundational elements of Presto and what to expect at this year’s PrestoCon.
What is Presto?
Presto is a distributed SQL query engine for data platform teams. Presto users can perform interactive queries on data where it lives using ANSI SQL across federated and diverse sources. Query engines allow data scientists and analysts to focus on building dashboards and utilizing BI tools so that data engineers can focus on storage and management, all while communicating through a unified connection layer.
In short, the scientist does not have to consider how or where data is stored, and the engineer does not have to optimize for every use case for the data sources they manage. You can learn more about Presto in a recent ELI5 video below.
Caption: Watch the video by clicking on the image above.
Presto was developed to solve the problem of petabyte-scale, multi-source data queries taking hours or days to return. These resources and time constraints make real-time analysis impossible. Presto can return results from those same queries in less than a second in most cases, allowing for interactive data exploration.
Not only is it highly scalable, but it’s also extensible, allowing you to build your own connector for any data source Presto does not already support. At a low level, Presto also supports a wide range of file types for query processing. Presto was open sourced by Meta and later donated to the Linux Foundation in September of 2019.
Here are some Presto resources for those who are new to the community:
What is PrestoCon?
PrestoCon is held annually in the Bay Area and hosted by the Linux Foundation. This year, the event takes place December 7-8 at the Computer History Museum. You can register here. Each year at PrestoCon, you can hear about the latest major evolutions of the platform, how different organizations use Presto and what plans the Technical Steering Committee has for Presto in the coming year.
Presto’s scalability is especially apparent as every year we hear from small startups, as well as industry leaders like Meta and Uber, who are using the Presto platform for different use cases, whether those are small or large. If you’re looking to contribute to open source, PrestoCon is a great opportunity for networking as well as hearing the vision that the Technical Steering Committee has for the project in the coming year.
Explore what’s happening at PrestoCon 2022:
Where is Presto used?
Since its release in November of 2013, Presto has been used as an integral part of big data pipelines within Meta and other massive-scale companies, including Uber and Twitter.
The most common use case is connecting business intelligence tools to vast data sets within an organization. This enables crucial questions to be answered faster and data-driven decision-making can be more efficient.
How does Presto work?
First, a coordinator takes your statement and parses it into a query. The internal planner generates an optimized plan as a series of stages, which are further separated into tasks. Tasks are then assigned to workers to process in parallel.
Workers then use the relevant connector to pull data from the source.
The output of each task is returned by the workers, until the stage is complete. The stage’s output is returned by the final worker towards the next stage, where another series of tasks must be executed.
The results of stages are combined, eventually returning the final result of the original statement to the coordinator, which then returns to the client.
How do I get involved?
We would love for you to join the Presto Slack channel if you have any questions or need help. Visit the community page on the Presto website to see all the ways you can get involved and find other users and developers interested in Presto.
Where can I learn more?
To learn more about Presto, check out its website for installation guides, user guides, conference talks and samples.
First seen at developers.facebook.com
How to Interpret Webhook Components in the WhatsApp Business Platform
The ways customers want to connect are changing. The WhatsApp Business Platform gives businesses an integrated way to communicate with customers right where they are. In order to integrate properly when using the Cloud API, hosted by Meta, you’ll need to leverage webhooks so applications have a way to respond to events. Webhooks allow your application to monitor three primary events on WhatsApp so you can react with different functionality depending on your goals.
This article looks at these three components, goes through the information they carry, and provides some use-case scenarios to give you an idea of the possibilities.
Interpreting Different Webhook Components
To send and receive messages on WhatsApp, it’s critical to keep track of statuses and errors to help ensure you’re communicating effectively with your customers, which you can do with webhooks.
With webhooks, the WhatsApp Business Platform monitors events and sends notifications when one occurs. These events are one of three components: messages, statuses, and errors.
Let’s explore each of these and examine examples of how you can use them.
The messages component is the largest of the three event types and contains two core objects:
Contacts — which contain information about the message’s sender.
Messages — which provide information about a message’s type and contents.
These two event types allow your application to manage and respond to people that interact with your application. The contacts object contains two pieces of information: name and WhatsApp Id. The contact’s name allows your application to use their name without further lookups. In contrast, the contact’s WhatsApp ID lets you keep track of these contacts or use the contacts/ endpoint to add additional functionality.
For instance, you can verify the customer and start the opt-in process within the customer-initiated conversation, which allows you to message them outside the initial 24-hour response window. It’s important to note that only the text, contacts, and location message types provide contact information.
The message object is where the bulk of the information is stored, including the message contents, type of message, and other relevant information. Depending on the message type, the actual payload of the message component can vary widely. It’s crucial to determine the message type to understand the potential payload. Message types include:
Text: a standard text-only message
Contact: contains a user’s full contact details
Location: address, latitude, and longitude
Unknown: unsupported messages from users, which usually contain errors.
Ephemeral: disappearing messages
Media message types: contain information for the specified media file. These types include:
These different data types can have very different uses, from reviewing images and screenshots from concerned customers to collecting information about where to ship goods and send services. To use these different data types most effectively, you can create applications to handle different forms of communication, with functionalities such as:
Ask your customers to provide a shipping or mailing address. You can use the location-based message feature to capture your users’ location to determine where to send their goods and services.
Show customers products and communicate product details through a message. You can use the referred_product field within messages to offer your users specific product details. Using this field develops a more personal, conversational shopping experience and customer interactions.
Build support functionality that allows customers to take and send images and videos of product concerns, and submit those for a support case. Once the user has submitted a support ticket, the app can track the case — including steps taken towards resolution and conversations between support teams and the customer through WhatsApp — using a unique case identifier.
These are just some potential features you can build using the interactivity provided by webhooks and the message object. These features extend your current communication channels and provide additional options for customers.
Where the messages component provides your application with insight into events that originate directly from your customers, the statuses component keeps track of the results of messages you send and the conversation history. There are six status components:
- Sent: the application sent your message and is in transit.
- Delivered: the user’s device successfully received the message.
- Read: the user has read your message.
- Deleted: a user deleted a message that you sent.
- Warning: a message sent by your application contains an item that isn’t available or doesn’t exist.
- Failed: a message sent by your application failed to arrive.
Status components also contain information on the recipient ID, the conversation, and the pricing related to the current conversation. Conversations on WhatsApp are a grouping of messages within a 24-hour window that are either user-initiated or business-initiated. Keeping track of these conversations is vital, as a new conversation occurs when you send additional responses after the 24-hour period ends.
Some functionality you may want to add to your application based on status events includes:
- Ensuring your application has sent generated messages, they arrived, and the recipient potentially read them by using a combination of these status types and timestamps within the status object. This information allows your application to follow up with customers if they didn’t engage.
- Keep analytical information about your application’s messages, especially regarding business-initiated conversations. For example, if your application uses a WhatsApp customer contact list to send offer messages, the status component helps you understand how many were sent, delivered, read, responded to, or failed to measure your campaign’s success.
Finally, the errors component allows your application to receive any out-of-band errors within WhatsApp that affect your platform. These errors don’t stop your application from compiling or working but are typically caused when your application is misusing specific functionality. The following are some typical errors.
Error Code 368, Temporarily Blocked for Policy Violations
If your application violates WhatsApp Business Messaging or Commerce policy, your account may be temporarily banned. You can monitor this and pause your application while troubleshooting.
Error 506, Duplicate Post
If your workflows unintentionally generate duplicate messages, you can monitor this to find the source.
Error 131043, Message Expired
Sometimes, messages are not sent during their time to live (TTL) duration. Use this code to know which messages to schedule for resending if needed.
Error handling is a broad, complex subject, and there are many other use cases for which you should be implementing error handling. The errors component helps extend your error handling on the WhatsApp Business Platform for greater consistency.
This article took a high-level look at messages, statuses, and errors returned by webhooks and explored ways you can use these three components to expand your application’s functionality.
Messages provide information on customer interactions, statuses give insight into messages your app sends, and error notices enable you to increase your application’s resilience. Webhooks are critical to ensuring your app interacts with customers seamlessly.
The WhatsApp Business Platform’s webhooks provide your applications with real-time data, enabling you to build better experiences as you interact with customers. Ready to know more? Dive deeper into everything the WhatsApp Business Platform has to offer.
First seen at developers.facebook.com
Twitter Stops Enforcing COVID-19 Misinformation Policy, Experts Express Concerns Over False Claims
TikTok SEO in 5 Steps: How To Make Sure Your Videos Show Up in Search
What to know about Presto SQL query engine and PrestoCon
Now people can share directly to Instagram Reels from some of their favorite apps
TopicGC: How LinkedIn cleans up unused metadata for its Kafka clusters
Elon Musk Hints at Plans to Increase Character Limit for Tweets in Response to Twitter User
Sending Messages via WhatsApp in Your Node.js Application
(Re)building Threat Detection and Incident Response at LinkedIn
Access Levels for Gaming Apps
How LinkedIn Ditched the “One Size Fits All” Hiring Approach for InfoSec and Won
Introducing the Product Tagging API for Reels to the Instagram Platform
Introducing the ‘Instagram Explore home’ Ads Placements via the Instagram Marketing API
FACEBOOK2 weeks ago
Dynolog: Open source system observability
FACEBOOK1 week ago
How to Send Interactive Messages with the WhatsApp Business Platform
FACEBOOK1 week ago
Hermit: Deterministic Linux for Controlled Testing and Software Bug-finding
OTHER6 days ago
Elon Musk Urged by US Senator to Better Protect US Users’ Data After Whistleblower Testimony
FACEBOOK1 week ago
Building Intuitive Interactions in VR: Interaction SDK, First Hand Showcase and Other Resources
OTHER6 days ago
Twitter, Other Social Media Apps Fail to Remove Hate Speech, Says EU Review
OTHER2 weeks ago
Twitter Sued by Disabled Employee Over Elon Musk’s Ban on Remote Work
OTHER2 weeks ago
Elon Musk Says Twitter Managers Can Approve Remote Work for Staff at Their Own Risk