Thursday, January 28, 2021
  • Four Steps to Protect Strategic Information
  • App Security Takes a Back Seat in the Drive to Digital Transformation
  • Babuk Locker: Mediocre, But Gets the Job Done
  • APIs Exposed by Manual Penetration Testing
  • The Right to Privacy: Navigating Personal, Physical and Digital Safety

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Endpoint SBN News Security Bloggers Network 

Home » Security Bloggers Network » Facebook Announces Messenger Security Features that Don’t Compromise Privacy

Facebook Announces Messenger Security Features that Don’t Compromise Privacy

by Bruce Schneier on May 29, 2020

Note that this is “announced,” so we don’t know when it’s actually going to be implemented.

Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provide tips and suggest you block the offenders. The feature, which Facebook started rolling out on Android in March and is now bringing to iOS, uses machine learning analysis of communications across Facebook Messenger’s billion-plus users to identify shady behaviors. But crucially, Facebook says that the detection will occur only based on metadata­ — not analysis of the content of messages­ — so that it doesn’t undermine the end-to-end encryption that Messenger offers in its Secret Conversations feature. Facebook has said it will eventually roll out that end-to-end encryption to all Messenger chats by default.

That default Messenger encryption will take years to implement.

More:

Facebook hasn’t revealed many details about how its machine-learning abuse detection tricks will work. But a Facebook spokesperson tells WIRED the detection mechanisms are based on metadata alone: who is talking to whom, when they send messages, with what frequency, and other attributes of the relevant accounts — essentially everything other than the content of communications, which Facebook’s servers can’t access when those messages are encrypted. “We can get pretty good signals that we can develop through machine learning models, which will obviously improve over time,” a Facebook spokesperson told WIRED in a phone call. They declined to share more details in part because the company says it doesn’t want to inadvertently help bad actors circumvent its safeguards.

The company’s blog post offers the example of an adult sending messages or friend requests to a large number of minors as one case where its behavioral detection mechanisms can spot a likely abuser. In other cases, Facebook says, it will weigh a lack of connections between two people’s social graphs — a sign that they don’t know each other — or consider previous instances where users reported or blocked a someone as a clue that they’re up to something shady.

One screenshot from Facebook, for instance, shows an alert that asks if a message recipient knows a potential scammer. If they say no, the alert suggests blocking the sender, and offers tips about never sending money to a stranger. In another example, the app detects that someone is using a name and profile photo to impersonate the recipient’s friend. An alert then shows the impersonator’s and real friend’s profiles side-by-side, suggesting that the user block the fraudster.

Details from Facebook


Recent Articles By Author
  • SVR Attacks on Microsoft 365
  • Sophisticated Watering Hole Attack
  • Injecting a Backdoor into SolarWinds Orion
More from Bruce Schneier

*** This is a Security Bloggers Network syndicated blog from Schneier on Security authored by Bruce Schneier. Read the original post at: https://www.schneier.com/blog/archives/2020/05/facebook_announ.html

May 29, 2020May 29, 2020 Bruce Schneier encryption, facebook, machinelearning, metadata, securityengineering
  • ← Sandworm Team Exploiting Vulnerability in Exim Mail Transfer Agent
  • Detecting Bad OpenSSL Usage →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Sonrai Security Marketing

AWS Checklist for 2021: Expert Advice on Security and Risk Priorities

Pam Sornson, JD – Contributed Writer

IAM Best Practices For DevOps

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Building Cognitive Resilience for Crisis Response
Insider Risk Threatens Digital Enterprise
Remote Work Needs a More Secure Cloud
How Educational Institutions can Disrupt Ransomware Attackers
Human and Software Flaws Leave Remote Workers Vulnerable
Parler’s Return, Pelosi’s Stolen Laptop, Vaccination Passports
2020 Data Breaches Point to Cybersecurity Trends for 2021
DEF CON 28 Safe Mode IoT Village – Sanjana Sarda’s ‘Kicking Devices, Taking CVEs: Zoomer Guide To Hacking’
DEF CON 28 Safe Mode IoT Village – Netspooky’s ‘Hella Booters, Why IoT Botnets Aren’t Going Anywhere’
Is Biden’s Peloton Bike an IoT Cybersecurity Risk?

Upcoming Webinars

Thu 28

Protecting Cloud-Native Apps and APIs in Kubernetes Environments

January 28 @ 1:00 pm - 2:00 pm
Feb 03

Too Close to the Sun(burst): A Supply Chain Compromise

February 3 @ 11:00 am - 12:00 pm
Feb 04

Lessons from the FinTech Trenches: Securing APIs at Finastra

February 4 @ 3:00 pm - 4:00 pm
Feb 09

How 2020’s Top 5 Attacks Reveal the Coming Cyberthreats in 2021

February 9 @ 1:00 pm - 2:00 pm
Feb 10

Finding Vulnerabilities in Your Cloud Native Applications Before They Find You!

February 10 @ 11:00 am - 12:00 pm
Feb 11

How to Merge AppSec and DevOps Effectively for the Good of Software

February 11 @ 3:00 pm - 4:00 pm
Feb 16

Security Policy Management in Hybrid Cloud Environment

February 16 @ 11:00 am - 12:00 pm
Feb 16

How Vertical Change Secures Sensitive Data Using Open Source Tools

February 16 @ 1:00 pm - 2:00 pm
Feb 17

Finding and Preventing Secrets in Code

February 17 @ 3:00 pm - 4:00 pm
Feb 18

Protecting Sensitive Customer Data in the New Remote Agent Environment

February 18 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Four Steps to Protect Strategic Information
Cloud Security Cybersecurity Data Security Endpoint Featured Identity & Access Industry Spotlight Malware Mobile Security Security Boulevard (Original) 

Four Steps to Protect Strategic Information

January 28, 2021 Rick Vanover | 1 hour ago 0
Why Enterprises Must Take Ransomware Attacks Seriously
Cybersecurity Data Security Endpoint Featured Incident Response Industry Spotlight Malware Security Boulevard (Original) Threats & Breaches 

Why Enterprises Must Take Ransomware Attacks Seriously

January 27, 2021 Matthew Rogers | Yesterday 0
How Educational Institutions can Disrupt Ransomware Attackers
Cybersecurity Data Security Endpoint Identity & Access Industry Spotlight Network Security Security Awareness Security Boulevard (Original) Social Engineering 

How Educational Institutions can Disrupt Ransomware Attackers

January 26, 2021 Tony Cole | 2 days ago 0

Top Stories

App Security Takes a Back Seat in the Drive to Digital Transformation
Cybersecurity Network Security News Security Awareness Security Boulevard (Original) Threats & Breaches 

App Security Takes a Back Seat in the Drive to Digital Transformation

January 28, 2021 George V. Hulme | 2 hours ago 0
ADT Installer Hacks Home Cams for Sexual Thrills
Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Identity & Access IoT & ICS Security Network Security News Security Awareness Security Boulevard (Original) Spotlight Threats & Breaches 

ADT Installer Hacks Home Cams for Sexual Thrills

January 27, 2021 Richi Jennings | Yesterday 0
TetherView Unveils Digital Bunker Service for Virtual Desktops
Application Security Cloud Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

TetherView Unveils Digital Bunker Service for Virtual Desktops

January 26, 2021 Michael Vizard | 1 day ago 0

Security Humor

via     the comic delivery system monikered   Randall Munroe   resident at   XKCD  !

XKCD ‘Trash Compactor Party’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.