Yesterday Facebook and Google made two seemingly huge announcements about privacy. Facebooklaunched a new featurethat allows users to add encryption keys to their profiles. Using these keys, the company can now send users who opt in encrypted notifications. This means that external snoopers will not be able to see the notification messages being sent to the users’ emails.
Google announced new features to ensure users privacy settings are where they want them to be.
On the one hand, big technology companies are responding to mounting fears of widespread privacy invasion. Hacking is no longer a fringe concern. On the other hand, privacy experts don’t think either of these initiatives will amount to much.
What are these new features really?
Facebook is using a well-known technique that was once relegated to the techiest of the techies to secure the content being sent from individual to individual. The problem is, this technique — called PGP — is only being used for notifications.
Seth Schoen, the Electronic Frontier Foundation’s senior staff technologist, explained to Business Insider in an email, “Facebook’s announcement is about better protecting its communications with users — in the form of email notifications — from spying by other parties. [But], it doesn’t limit or control what Facebook knows about its users in any new way.”
The same can be said for Google, Schoen says. “[Google] didn’t announce any new privacy features or any new abilities to control how it collects or uses data,” Schoen wrote.
What are tech companies actually doing?
Google’s privacy steps, however, are interesting. Google Hangoutss are not totally encrypted, which has led to widespread criticism from the privacy community. But last year it announced a pilot program that will end-to-end encrypt emails (a practice that attempts to make all email communications virtually snoop-proof). This pilot, however, is still only being tested by a few partners.
What’s interesting here is that both Facebook and Google are making public steps to show that they care about privacy, whether or not the announcements are actually fostering much change.
When asked whether he thought these announcements indicated an inflection point for big companies taking privacy seriously, Schoen wrote, “The key point for me against the ‘inflection point’ notice is that neither company here is protecting users in any new way against the company’s own data collection.”
Until those practices change, he and others feel like things haven’t really moved forward.