A few days ago Facebook founder and CEO Mark Zuckerberg shared a lengthy post laying out the vision that will be driving his company’s implementation of private messaging going forward. There was a lot to like in that message from a privacy point of view, but the scope was limited — this was not a revolutionary vision for transforming all of Facebook, just for evolving their private messaging offerings.

Big-picture-wise the post laid out six principles that will drive the evolution of private messaging on all Facebook-owned platforms — private interactions, encryption, reducing permanence, safety, interoperability, and secure data storage. Note that the interoperability Zuckerberg describes is between Facebook-owned services, not between Facebook services and services from competitors, so that’s not actually good news from a privacy point of view. This refers to Facebook’s plans to merge private messaging within all its products into a single messaging architecture. This is a privacy loss not a privacy gain, but there is a silver lining — the post promises the merging will be opt-in, and users will be able to choose to keep separate identities on the separate services if they wish. Obviously encryption is good, as is not keeping privately shared stuff for ever.

But, does any of this change the fundamental problem, Facebook’s business model? Nope!

Facebook will continue to make its money by offering users a free service in exchange for their personal information — Facebook remains freepi (and creepy)!

Facebook is a very successful for-profit company. Their latest earnings report (Q4 2018) shows healthy profits on revenues of $16.91Bn, and that’s up over 30% year-on-year.

Where is this money coming from? Facebook’s services are free to use, so the users are not the customers. Then who are these obviously happy customers? Advertisers!

This updated vision for private messaging doesn’t change Facebook’s business model in any way — they still sell user attention to advertisers. They get to charge advertisers good money for that attention because they can offer highly specific targeting based on detailed user profiles built up over years.

So, the customer remains the advertisers, and the product remains users attention. None of the incentives driving Facebook’s actions have changed. Facebook will continue to track users all over the web with their like buttons, they will continue to harvest data from every source they can, and they’ll continue to store public posts in perpetuity.

Remember, Facebook are, and remain, strongly incentivised to give users the least amount of privacy they can get away with. Thanks to an awful lot of bad press, that least acceptable amount has shifted, and Facebook are responding, but that’s all this is — a small re-calibration around the edges. Since the core incentives remain the same, we can expect to continue to see them do privacy hostile things going forward. To illustrate the point, these news stories broke in the days leading up to this post:

  1. FFS, Facebook is abusing 2FA… again — www.imore.com/… & Now Facebook is allowing anyone to look you up using your security phone number — www.fastcompany.com/…
  2. Facebook apps secretly sending sensitive data back to the mothership — nakedsecurity.sophos.com/… & These apps are stealing your most private data and it should be a crime — www.imore.com/…
  3. Turnaround Time on Facebook’s Spying: 12 Hours — daringfireball.net/…]

Does anything in Zuckerberg’s post convince me that we won’t continue to see stories like these in the coming months and year? Nope!

As nice as it is, making private messaging more private doesn’t address the fundamental problem, so why should we expect anything to really change?