查看原文
其他

扎克伯格最新愿景:将Facebook打造成“关注隐私的社交网络“

DPO社群 网安寻路人 2020-02-27


编者按:


3月6日,扎克伯格在Facebook上发布一个帖子——“A Privacy-Focused Vision for Social Networking”。这是他面对近年来Facebook一系列“隐私事件”缠身后的思考和对Facebook的重新定位,非常值得大家关注。对Facebook近年来隐私事件感兴趣的读者,可参阅本公号如下文章:


  1. 因插件问题,Facebook再度“陷入旋涡”

  2. 案件摘要:德国反垄断监管机构对Facebook数据收集融合行为裁决

  3. 德国联邦反垄断局审查Facebook数据收集融合行为的背景情况(DPO沙龙出品)

  4. 德国联邦反垄断局对Facebook数据收集和融合行为提出严格限制(DPO沙龙出品)

  5. "美国华盛顿哥伦比亚特区诉Facebook“起诉书全文翻译(DPO沙龙出品)

  6. Facebook时代的合并政策(竞争法研究笔记二)

  7. 【时事五】微软、Facebook、谷歌和Twitter联合推出数据迁移项目:数据可移植性的开源计划

  8. Facebook参与到66个国家的政治选举

  9. Facebook事件多层次影响 及中美欧三地监管展望

  10. 透析Facebook事件,对AI行业数据合规的思考

  11. 假如Facebook数据丑闻发生在中国

  12. Facebook在英美主流媒体刊登承诺

  13. Facebook事件发生是用户太无知无畏了?!

  14. 因隐私政策不合规,西班牙对Facebook开出巨额罚单



以下是扎克伯格的文章全文:



A Privacy-Focused Vision for Social Networking


Mark Zuckerberg·2019年3月6日周三


My focus for the last couple of years has been understanding and addressing the biggest challenges facing Facebook. This means taking positions on important issues concerning the future of the internet. In this note, I'll outline our vision and principles around building a privacy-focused messaging and social networking platform. There's a lot to do here, and we're committed to working openly and consulting with experts across society as we develop this.


•••


Over the last 15 years, Facebook and Instagram have helped people connect with friends, communities, and interests in the digital equivalent of a town square. But people increasingly also want to connect privately in the digital equivalent of the living room. As I think about the future of the internet, I believe a privacy-focused communications platform will become even more important than today's open platforms. Privacy gives people the freedom to be themselves and connect more naturally, which is why we build social networks.


Today we already see that private messaging, ephemeral stories, and small groups are by far the fastest growing areas of online communication. There are a number of reasons for this. Many people prefer the intimacy of communicating one-on-one or with just a few friends. People are more cautious of having a permanent record of what they've shared. And we all expect to be able to do things like payments privately and securely.


Public social networks will continue to be very important in people's lives -- for connecting with everyone you know, discovering new people, ideas and content, and giving people a voice more broadly. People find these valuable every day, and there are still a lot of useful services to build on top of them. But now, with all the ways people also want to interact privately, there's also an opportunity to build a simpler platform that's focused on privacy first.


I understand that many people don't think Facebook can or would even want to build this kind of privacy-focused platform -- because frankly we don't currently have a strong reputation for building privacy protective services, and we've historically focused on tools for more open sharing. But we've repeatedly shown that we can evolve to build the services that people really want, including in private messaging and stories.


I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won't stick around forever. This is the future I hope we will help bring about.


We plan to build this the way we've developed WhatsApp: focus on the most fundamental and private use case -- messaging -- make it as secure as possible, and then build more ways for people to interact on top of that, including calls, video chats, groups, stories, businesses, payments, commerce, and ultimately a platform for many other kinds of private services.


This privacy-focused platform will be built around several principles:

Private interactions. People should have simple, intimate places where they have clear control over who can communicate with them and confidence that no one else can access what they share.

Encryption. People's private communications should be secure. End-to-end encryption prevents anyone -- including us -- from seeing what people share on our services.


Reducing Permanence. People should be comfortable being themselves, and should not have to worry about what they share coming back to hurt them later. So we won't keep messages or stories around for longer than necessary to deliver the service or longer than people want them.


Safety. People should expect that we will do everything we can to keep them safe on our services within the limits of what's possible in an encrypted service.


Interoperability. People should be able to use any of our apps to reach their friends, and they should be able to communicate across networks easily and securely.


Secure data storage. People should expect that we won't store sensitive data in countries with weak records on human rights like privacy and freedom of expression in order to protect data from being improperly accessed.


Over the next few years, we plan to rebuild more of our services around these ideas. The decisions we'll face along the way will mean taking positions on important issues concerning the future of the internet. We understand there are a lot of tradeoffs to get right, and we're committed to consulting with experts and discussing the best way forward. This will take some time, but we're not going to develop this major change in our direction behind closed doors. We're going to do this as openly and collaboratively as we can because many of these issues affect different parts of society.


Private Interactions as a Foundation


For a service to feel private, there must never be any doubt about who you are communicating with. We’ve worked hard to build privacy into all our products, including those for public sharing. But one great property of messaging services is that even as your contacts list grows, your individual threads and groups remain private. As your friends evolve over time, messaging services evolve gracefully and remain intimate.


This is different from broader social networks, where people can accumulate friends or followers until the services feel more public. This is well-suited to many important uses -- telling all your friends about something, using your voice on important topics, finding communities of people with similar interests, following creators and media, buying and selling things, organizing fundraisers, growing businesses, or many other things that benefit from having everyone you know in one place. Still, when you see all these experiences together, it feels more like a town square than a more intimate space like a living room.


There is an opportunity to build a platform that focuses on all of the ways people want to interact privately. This sense of privacy and intimacy is not just about technical features -- it is designed deeply into the feel of the service overall. In WhatsApp, for example, our team is obsessed with creating an intimate environment in every aspect of the product. Even where we've built features that allow for broader sharing, it's still a less public experience. When the team built groups, they put in a size limit to make sure every interaction felt private. When we shipped stories on WhatsApp, we limited public content because we worried it might erode the feeling of privacy to see lots of public content -- even if it didn't actually change who you're sharing with.


In a few years, I expect future versions of Messenger and WhatsApp to become the main ways people communicate on the Facebook network. We're focused on making both of these apps faster, simpler, more private and more secure, including with end-to-end encryption. We then plan to add more ways to interact privately with your friends, groups, and businesses. If this evolution is successful, interacting with your friends and family across the Facebook network will become a fundamentally more private experience.


Encryption and Safety


People expect their private communications to be secure and to only be seen by the people they've sent them to -- not hackers, criminals, over-reaching governments, or even the people operating the services they're using.


There is a growing awareness that the more entities that have access to your data, the more vulnerabilities there are for someone to misuse it or for a cyber attack to expose it. There is also a growing concern among some that technology may be centralizing power in the hands of governments and companies like ours. And some people worry that our services could access their messages and use them for advertising or in other ways they don't expect.


End-to-end encryption is an important tool in developing a privacy-focused social network. Encryption is decentralizing -- it limits services like ours from seeing the content flowing through them and makes it much harder for anyone else to access your information. This is why encryption is an increasingly important part of our online lives, from banking to healthcare services. It's also why we built end-to-end encryption into WhatsApp after we acquired it.


In the last year, I've spoken with dissidents who've told me encryption is the reason they are free, or even alive. Governments often make unlawful demands for data, and while we push back and fight these requests in court, there's always a risk we'll lose a case -- and if the information isn't encrypted we'd either have to turn over the data or risk our employees being arrested if we failed to comply. This may seem extreme, but we've had a case where one of our employees was actually jailed for not providing access to someone's private information even though we couldn't access it since it was encrypted.


At the same time, there are real safety concerns to address before we can implement end-to-end encryption across all of our messaging services. Encryption is a powerful tool for privacy, but that includes the privacy of people doing bad things. When billions of people use a service to connect, some of them are going to misuse it for truly terrible things like child exploitation, terrorism, and extortion. We have a responsibility to work with law enforcement and to help prevent these wherever we can. We are working to improve our ability to identify and stop bad actors across our apps by detecting patterns of activity or through other means, even when we can't see the content of the messages, and we will continue to invest in this work. But we face an inherent tradeoff because we will never find all of the potential harm we do today when our security systems can see the messages themselves.


Finding the right ways to protect both privacy and safety is something societies have historically grappled with. There are still many open questions here and we'll consult with safety experts, law enforcement and governments on the best ways to implement safety measures. We'll also need to work together with other platforms to make sure that as an industry we get this right. The more we can create a common approach, the better.


On balance, I believe working towards implementing end-to-end encryption for all private communications is the right thing to do. Messages and calls are some of the most sensitive private conversations people have, and in a world of increasing cyber security threats and heavy-handed government intervention in many countries, people want us to take the extra step to secure their most private data. That seems right to me, as long as we take the time to build the appropriate safety systems that stop bad actors as much as we possibly can within the limits of an encrypted service. We've started working on these safety systems building on the work we've done in WhatsApp, and we'll discuss them with experts through 2019 and beyond before fully implementing end-to-end encryption. As we learn more from those experts, we'll finalize how to roll out these systems.


Reducing Permanence


We increasingly believe it's important to keep information around for shorter periods of time. People want to know that what they share won't come back to hurt them later, and reducing the length of time their information is stored and accessible will help.


One challenge in building social tools is the "permanence problem". As we build up large collections of messages and photos over time, they can become a liability as well as an asset. For example, many people who have been on Facebook for a long time have photos from when they were younger that could be embarrassing. But people also really love keeping a record of their lives. And if all posts on Facebook and Instagram disappeared, people would lose access to a lot of valuable knowledge and experiences others have shared.


I believe there's an opportunity to set a new standard for private communication platforms -- where content automatically expires or is archived over time. Stories already expire after 24 hours unless you archive them, and that gives people the comfort to share more naturally. This philosophy could be extended to all private content.

For example, messages could be deleted after a month or a year by default. This would reduce the risk of your messages resurfacing and embarrassing you later. Of course you'd have the ability to change the timeframe or turn off auto-deletion for your threads if you wanted. And we could also provide an option for you to set individual messages to expire after a few seconds or minutes if you wanted.


It also makes sense to limit the amount of time we store messaging metadata. We use this data to run our spam and safety systems, but we don't always need to keep it around for a long time. An important part of the solution is to collect less personal data in the first place, which is the way WhatsApp was built from the outset.


Interoperability


People want to be able to choose which service they use to communicate with people. However, today if you want to message people on Facebook you have to use Messenger, on Instagram you have to use Direct, and on WhatsApp you have to use WhatsApp. We want to give people a choice so they can reach their friends across these networks from whichever app they prefer.


We plan to start by making it possible for you to send messages to your contacts using any of our services, and then to extend that interoperability to SMS too. Of course, this would be opt-in and you will be able to keep your accounts separate if you'd like.


There are privacy and security advantages to interoperability. For example, many people use Messenger on Android to send and receive SMS texts. Those texts can't be end-to-end encrypted because the SMS protocol is not encrypted. With the ability to message across our services, however, you'd be able to send an encrypted message to someone's phone number in WhatsApp from Messenger.


This could also improve convenience in many experiences where people use Facebook or Instagram as their social network and WhatsApp as their preferred messaging service. For example, lots of people selling items on Marketplace list their phone number so people can message them about buying it. That's not ideal, because you're giving strangers your phone number. With interoperability, you'd be able to use WhatsApp to receive messages sent to your Facebook account without sharing your phone number -- and the buyer wouldn't have to worry about whether you prefer to be messaged on one network or the other.


You can imagine many simple experiences like this -- a person discovers a business on Instagram and easily transitions to their preferred messaging app for secure payments and customer support; another person wants to catch up with a friend and can send them a message that goes to their preferred app without having to think about where that person prefers to be reached; or you simply post a story from your day across both Facebook and Instagram and can get all the replies from your friends in one place.


You can already send and receive SMS texts through Messenger on Android today, and we'd like to extend this further in the future, perhaps including the new telecom RCS standard. However, there are several issues we'll need to work through before this will be possible. First, Apple doesn't allow apps to interoperate with SMS on their devices, so we'd only be able to do this on Android. Second, we'd need to make sure interoperability doesn't compromise the expectation of encryption that people already have using WhatsApp. Finally, it would create safety and spam vulnerabilities in an encrypted system to let people send messages from unknown apps where our safety and security systems couldn't see the patterns of activity.


These are significant challenges and there are many questions here that require further consultation and discussion. But if we can implement this, we can give people more choice to use their preferred service to securely reach the people they want.


Secure Data Storage


People want to know their data is stored securely in places they trust. Looking at the future of the internet and privacy, I believe one of the most important decisions we'll make is where we'll build data centers and store people's sensitive data.


There's an important difference between providing a service in a country and storing people's data there. As we build our infrastructure around the world, we've chosen not to build data centers in countries that have a track record of violating human rights like privacy or freedom of expression. If we build data centers and store sensitive data in these countries, rather than just caching non-sensitive data, it could make it easier for those governments to take people's information.


Upholding this principle may mean that our services will get blocked in some countries, or that we won't be able to enter others anytime soon. That's a tradeoff we're willing to make. We do not believe storing people's data in some countries is a secure enough foundation to build such important internet infrastructure on.


Of course, the best way to protect the most sensitive data is not to store it at all, which is why WhatsApp doesn't store any encryption keys and we plan to do the same with our other services going forward.


But storing data in more countries also establishes a precedent that emboldens other governments to seek greater access to their citizen's data and therefore weakens privacy and security protections for people around the world. I think it's important for the future of the internet and privacy that our industry continues to hold firm against storing people's data in places where it won't be secure.


Next Steps


Over the next year and beyond, there are a lot more details and tradeoffs to work through related to each of these principles. A lot of this work is in the early stages, and we are committed to consulting with experts, advocates, industry partners, and governments -- including law enforcement and regulators -- around the world to get these decisions right.


At the same time, working through these principles is only the first step in building out a privacy-focused social platform. Beyond that, significant thought needs to go into all of the services we build on top of that foundation -- from how people do payments and financial transactions, to the role of businesses and advertising, to how we can offer a platform for other private services.


But these initial questions are critical to get right. If we do this well, we can create platforms for private sharing that could be even more important to people than the platforms we've already built to help people share and connect more openly.


Doing this means taking positions on some of the most important issues facing the future of the internet. As a society, we have an opportunity to set out where we stand, to decide how we value private communications, and who gets to decide how long and where data should be stored.


I believe we should be working towards a world where people can speak privately and live freely knowing that their information will only be seen by who they want to see it and won't all stick around forever. If we can help move the world in this direction, I will be proud of the difference we've made.



以下是机器翻译成的中文,大家凑合看吧


A Privacy-Focused Vision for Social Networking


Mark Zuckerberg·2019年3月6日周三



过去几年我一直关注的是理解和解决Facebook面临的最大挑战。这意味着就有关互联网未来的重要问题采取立场。在本文中,我将概述围绕构建以隐私为中心的消息传递和社交网络平台的愿景和原则。这里有很多事要做,我们致力于在我们开发这项工作时公开合作并与社会专家进行协商。


•••


在过去的15年中,Facebook和Instagram帮助人们与城市广场的数字相当的朋友,社区和兴趣联系起来。但人们越来越希望私密地连接起居室的数字等效物。当我想到互联网的未来时,我相信以隐私为中心的通信平台将变得比今天的开放平台更重要。隐私赋予人们自由自由和自然联系的自由,这就是我们建立社交网络的原因。


今天我们已经看到私人消息,短暂故事和小团体是迄今为止增长最快的在线交流领域。有许多的原因。许多人更喜欢与一对一或几个朋友进行沟通的亲密关系。人们更加谨慎地记录他们所分享的内容。而且我们都希望能够私下安全地进行支付。


公共社交网络将继续在人们的生活中非常重要 - 与您认识的每个人建立联系,发现新的人,想法和内容,并为人们提供更广泛的发言权。人们每天都发现这些有价值的东西,并且仍然有许多有用的服务可以建立在它们之上。但现在,通过人们也希望私下互动的所有方式,还有机会建立一个更加注重隐私的简单平台。


据我所知,很多人并不认为Facebook可以或甚至不想构建这种以隐私为重点的平台 - 因为坦率地说,我们目前在构建隐私保护服务方面并不具备良好的声誉,而且我们历来专注于更开放共享的工具。但我们一再表明,我们可以发展以构建人们真正想要的服务,包括私人消息和故事。


我相信通信的未来将越来越多地转向私人加密服务,人们可以确信他们对彼此说的话保持安全,他们的信息和内容不会永远存在。这是我希望我们将帮助实现的未来。


我们计划以我们开发WhatsApp的方式构建它:关注最基本和私有的用例 - 消息 - 尽可能保证安全,然后为人们构建更多方式进行交互,包括调用,视频聊天,群组,故事,企业,支付,商业,并最终成为许多其他类型的私人服务的平台。


这个以隐私为中心的平台将围绕以下几个原则构建:


私人互动。人们应该拥有简单,亲密的地方,他们可以清楚地控制谁可以与他们沟通,并相信没有其他人可以访问他们共享的内容。


加密。人们的私人通信应该是安全的。端到端加密可以防止任何人(包括我们)看到人们分享我们服务的内容。


减少持久性。人们应该很自在地做自己,不应该担心他们分享的东西会在以后伤害他们。因此,我们不会将消息或故事保留的时间超过提供服务所需的时间或超过人们想要的时间。


安全。人们应该期望我们将尽我们所能在加密服务可能的范围内保证我们的服务安全。


互操作性。人们应该能够使用我们的任何应用程序与他们的朋友联系,他们应该能够轻松,安全地跨网络进行通信。


安全的数据存储。人们应该期望我们不会将敏感数据存储在隐私和言论自由等人权记录薄弱的国家,以保护数据不被不正当地访问。


在接下来的几年里,我们计划围绕这些想法重建更多的服务。我们在此过程中将面临的决定将意味着就有关互联网未来的重要问题采取立场。我们知道有很多权衡可以做到正确,我们致力于咨询专家并讨论最佳前进方向。这将需要一些时间,但我们不会在闭门造车的方向上发展这一重大变化。我们将尽可能公开和协作地做到这一点,因为其中许多问题影响着社会的不同部分。


私人互动作为基础


要让服务感到私密,绝对不能怀疑您与谁沟通。我们努力为所有产品构建隐私,包括公共共享产品。但是,消息传递服务的一个重要特性是即使您的联系人列表增长,您的个人线程和组仍然是私有的。随着您的朋友随着时间的推移而发展,消息传递服务会优雅地发展并保持亲密。


这与更广泛的社交网络不同,在社交网络中,人们可以积累朋友或关注者,直到服务更加公开。这非常适合许多重要的用途 - 告诉所有朋友关于某些事情,在重要主题上使用您的声音,找到具有相似兴趣的人的社区,关注创作者和媒体,买卖东西,组织募捐活动,发展业务,或者在一个地方让你认识的每个人都受益的许多其他事情。尽管如此,当你将所有这些体验结合在一起时,感觉更像是一个城市广场,而不是像客厅那样更私密的空间。


有机会建立一个专注于人们想要私下互动的所有方式的平台。这种隐私和亲密感不仅仅与技术特性有关 - 它深深地融入了整体服务的感觉。例如,在WhatsApp中,我们的团队致力于在产品的各个方面创造一个亲密的环境。即使我们已经建立了允许更广泛共享的功能,它仍然是一种不那么公开的体验。当团队建立团队时,他们会设置一个大小限制,以确保每个互动都是私密的。当我们在WhatsApp上发布故事时,我们限制了公共内容,因为我们担心它会侵蚀隐私感,看到很多公共内容 - 即使它实际上没有改变你与谁分享的内容。


几年后,我预计Messenger和WhatsApp的未来版本将成为人们在Facebook网络上进行通信的主要方式。我们专注于使这两个应用程序更快,更简单,更私密,更安全,包括端到端加密。然后,我们计划添加更多与您的朋友,群组和企业进行私密互动的方式。如果这种演变成功,那么通过Facebook网络与您的朋友和家人进行互动将成为一种基本上更私密的体验。


加密和安全


人们期望他们的私人通信是安全的,只有被他们发送给他们的人才能看到 - 而不是黑客,犯罪分子,影响深远的政府,甚至是他们正在使用的服务人员。


人们越来越意识到,有权访问您的数据的实体越多,有人滥用它或者网络攻击暴露它的漏洞就越多。一些人越来越担心技术可能将权力集中在政府和像我们这样的公司手中。有些人担心我们的服务可以访问他们的消息,并将其用于广告或其他他们不期望的方式。


端到端加密是开发以隐私为中心的社交网络的重要工具。加密是分散的 - 它限制了像我们这样的服务,看不到流经它们的内容,并使其他人更难以访问您的信息。这就是为什么加密是我们在线生活中越来越重要的一部分,从银行业务到医疗保健服务。这也是我们在收购WhatsApp之后为WhatsApp构建端到端加密的原因。


在过去的一年里,我和那些告诉我加密的持不同政见者谈过他们是自由,甚至还活着的原因。政府经常对数据提出非法要求,虽然我们在法庭上推迟并反对这些要求,但我们总是存在风险,我们将失去一个案例 - 如果信息未加密,我们要么必须交出数据或者如果我们没有遵守规定,我们的员工会被逮捕。这可能看起来很极端,但我们有一个案例,我们的一名员工因为没有提供访问某人的私人信息而被判入狱,即使我们无法访问它,因为它已被加密。


同时,在我们可以跨所有消息传递服务实现端到端加密之前,需要解决真正的安全问题。加密是一种强大的隐私工具,但其中包括做坏事的人的隐私。当数十亿人使用服务进行联系时,他们中的一些人会滥用它来处理真正可怕的事情,如剥削儿童,恐怖主义和勒索。我们有责任与执法部门合作,并尽可能帮助预防这些问题。我们正在努力通过检测活动模式或通过其他方式来提高我们识别和阻止不良应用程序的能力,即使我们无法看到消息的内容,我们将继续投资这项工作。但我们面临着一种固有的权衡,因为当我们的安全系统能够看到消息本身时,我们永远不会发现我们今天所做的所有潜在危害。


找到正确的方法来保护隐私和安全是社会历史上一直在努力解决的问题。这里仍有许多悬而未决的问题,我们将就实施安全措施的最佳方式与安全专家,执法部门和政府进行磋商。我们还需要与其他平台合作,以确保作为一个行业我们做到了这一点。我们越能创造一种共同的方法,就越好。
总的来说,我认为努力为所有私人通信实施端到端加密是正确的。消息和电话是人们最敏感的私人谈话,在许多国家网络安全威胁日益严重和政府干预严重的世界中,人们希望我们采取额外措施来保护他们最私密的数据。这对我来说似乎是正确的,只要我们花时间建立适当的安全系统,尽可能在加密服务的范围内阻止坏人。我们已经开始基于我们在WhatsApp中所做的工作开发这些安全系统,我们将在2019年及以后与专家讨论这些安全系统,然后再完全实施端到端加密。随着我们从这些专家那里了解更多信息,我们将最终确定如何推出这些系统。


减少永久性


我们越来越相信将信息保持在较短的时间内非常重要。人们想知道他们分享的东西以后不会再回来伤害他们,减少信息存储和访问的时间长度也会有所帮助。


构建社交工具的一个挑战是“永久性问题”。随着时间的推移,我们建立了大量的邮件和照片,它们既可以成为一种负担,也可以成为一种资产。例如,许多在Facebook上待了很长时间的人都会看到他们年轻时可能会感到尴尬的照片。但人们也非常喜欢记录他们的生活。如果Facebook和Instagram上的所有帖子都消失了,人们将无法获得其他人分享的大量宝贵知识和经验。


我相信有机会为私人通信平台设定新标准 - 内容会自动过期或随着时间的推移而存档。故事已经在24小时后过期,除非您将它们存档,这样可以让人们更自然地分享。这种理念可以扩展到所有私人内容。


例如,默认情况下,可以在一个月或一年后删除邮件。这样可以降低您的邮件重新铺设的风险,并在以后让您感到尴尬。当然,如果您愿意,您可以更改时间范围或关闭线程的自动删除功能。如果您愿意,我们还可以为您提供一个选项,让您可以在几秒钟或几分钟后将单个邮件设置为过期。
限制我们存储消息传递元数据的时间也是有意义的。我们使用这些数据来运行我们的垃圾邮件和安全系统,但我们并不总是需要将其保留很长时间。解决方案的一个重要部分是首先收集较少的个人数据,这就是WhatsApp从一开始就构建的方式。


互通性


人们希望能够选择他们用来与人沟通的服务。然而,今天如果你想在Facebook上给人们发消息你必须使用Messenger,在Instagram上你必须使用Direct,而在WhatsApp上你必须使用WhatsApp。我们希望为人们提供一个选择,以便他们可以通过他们喜欢的任何应用程序在这些网络中与朋友联系。


我们计划首先使您可以使用我们的任何服务向您的联系人发送消息,然后将该互操作性扩展到SMS。当然,这将是选择加入,如果您愿意,您可以将您的帐户分开。


互操作性具有隐私和安全优势。例如,许多人在Android上使用Messenger来发送和接收SMS文本。这些文本不能进行端到端加密,因为SMS协议未加密。但是,通过在我们的服务中发送消息的能力,您可以通过Messenger向WhatsApp中的某人的电话号码发送加密消息。


这也可以提高许多体验的便利性,人们使用Facebook或Instagram作为他们的社交网络,WhatsApp作为他们的首选消息服务。例如,很多在Marketplace上销售商品的人都会列出他们的电话号码,以便人们可以向他们发送购买信息。那不太理想,因为你给陌生人你的电话号码。通过互操作性,您可以使用WhatsApp接收发送到您的Facebook帐户的邮件,而无需共享您的电话号码 - 买家也不必担心您是希望在一个网络上发送消息还是在另一个网络上发送消息。


您可以想象许多这样的简单体验 - 一个人在Instagram上发现一项业务,并轻松过渡到他们首选的消息应用程序,以获得安全支付和客户支持;另一个人想要赶上一个朋友,可以向他们发送一条消息,发送到他们喜欢的应用程序,而不必考虑该人更喜欢的地方;或者你只需在Facebook和Instagram上发布一天的故事,就可以在一个地方收到你朋友的所有回复。


您现在已经可以通过Android上的Messenger发送和接收短信,我们希望将来进一步扩展,可能包括新的电信RCS标准。但是,在可行之前,我们需要解决几个问题。首先,Apple不允许应用程序在其设备上与SMS进行互操作,因此我们只能在Android上执行此操作。其次,我们需要确保互操作性不会影响人们已经使用WhatsApp进行加密的期望。最后,它会在加密系统中产生安全和垃圾邮件漏洞,让人们从我们的安全和安全系统无法看到活动模式的未知应用程序发送消息。


这些都是重大挑战,这里有许多问题需要进一步的咨询和讨论。但是,如果我们能够实现这一点,我们可以让人们有更多的选择来使用他们的首选服务来安全地接触他们想要的人。


安全数据存储


人们希望知道他们的数据安全地存储在他们信任的地方。看看互联网和隐私的未来,我相信我们将做出的最重要的决定之一是我们将建立数据中心并存储人们的敏感数据。


在一个国家提供服务和在那里存储人们的数据之间存在重要区别。当我们在全球建立基础设施时,我们选择不在有侵犯人权的记录的国家建立数据中心,如隐私或言论自由。如果我们在这些国家建立数据中心并存储敏感数据,而不仅仅是缓存非敏感数据,那么这些政府可以更容易地获取人们的信息。


坚持这一原则可能意味着我们的服务将在某些国家被封锁,或者我们将很快无法进入其他国家/地区。这是我们愿意做出的权衡。我们不相信在一些国家存储人们的数据是建立这样重要的互联网基础设施的足够安全的基础。


当然,保护最敏感数据的最佳方法是不存储它,这就是为什么WhatsApp不存储任何加密密钥,我们计划对我们未来的其他服务做同样的事情。但是,将数据存储在更多国家也是一个先例,它鼓励其他政府寻求更多地访问其公民的数据,从而削弱对全世界人民的隐私和安全保护。我认为对于互联网和隐私的未来而言,我们的行业继续坚持不要将人们的数据存储在不安全的地方。


下一步


在接下来的一年及以后,与这些原则相关的细节和权衡有很多。很多这项工作都处于早期阶段,我们致力于与世界各地的专家,倡导者,行业合作伙伴和政府(包括执法部门和监管机构)进行磋商,以便做出正确的决策。


同时,完成这些原则只是构建以隐私为中心的社交平台的第一步。除此之外,重要的思想需要深入到我们在此基础之上构建的所有服务 - 从人们如何进行支付和金融交易,到企业和广告的角色,到我们如何为其他私人服务提供平台。


但这些最初的问题对于做到正确至关重要。如果我们做得好,我们就可以创建私人共享平台,这对人们来说比我们已经建立的平台更重要,以帮助人们更公开地分享和联系。


这样做意味着就互联网未来面临的一些最重要问题采取立场。作为一个社会,我们有机会确定我们的立场,决定我们如何评价私人通信,以及由谁决定数据的存储时间和位置。


我相信我们应该努力建立一个人们可以私下说话并自由生活的世界,因为他们知道他们的信息只会被他们想要看到的人所看到,并且不会永远存在。如果我们能够帮助这个世界朝这个方向发展,我将为我们所取得的成就感到自豪。(完)




关于DPO沙龙活动的有关情况,请见:


DPO社群成果

  1. 印度《2018个人数据保护法(草案)》全文翻译(中英对照版)(DPO沙龙出品)

  2. 巴西《通用数据保护法》全文中文翻译(DPO沙龙出品)

  3. 美国联邦隐私立法重要文件编译第一辑(DPO沙龙出品)

  4. 《非个人数据在欧盟境内自由流动框架条例》全文中文翻译(DPO沙龙出品)

  5. 第29条工作组《对第2016/679号条例(GDPR)下同意的解释指南》中文翻译(DPO沙龙出品)

  6. 第29条工作组“关于减轻对处理活动进行记录义务的立场文件”(DPO沙龙出品)

  7. 第29条工作组《第2/2017号关于工作中数据处理的意见》(DPO沙龙出品)

  8. “美国华盛顿哥伦比亚特区诉Facebook“起诉书全文翻译(DPO沙龙出品)

  9. 第29条工作组《关于自动化个人决策目的和识别分析目的准则》(DPO沙龙出品)

  10. 法国数据保护局发布针对与商业伙伴或数据代理共享数据的指南

  11. 第29条工作组《数据可携权指南》全文翻译(DPO沙龙出品)

  12. 德国联邦反垄断局对Facebook数据收集和融合行为提出严格限制(DPO沙龙出品)

  13. 德国联邦反垄断局审查Facebook数据收集融合行为的背景情况(DPO沙龙出品)

  14. EDPB《关于GDPR适用地域范围(第3条)的解释指南》全文翻译(DPO沙龙出品)

  15. 案件摘要:德国反垄断监管机构对Facebook数据收集融合行为裁决(DPO沙龙出品)


线下沙龙实录见:

  1. 数据保护官(DPO)沙龙第一期纪实

  2. 第二期数据保护官沙龙纪实:个人信息安全影响评估指南 

  3. 第三期数据保护官沙龙纪实:数据出境安全评估

  4. 第四期数据保护官沙龙纪实:网络爬虫的法律规制 

  5. 第四期数据保护官沙龙纪实之二:当爬虫遇上法律会有什么风险

  6. 第五期数据保护官沙龙纪实:美国联邦隐私立法重要文件讨论

  7. 数据保护官(DPO)沙龙走进燕园系列活动第一期

  8. 第六期数据保护官沙龙纪实:2018年隐私条款评审工作

  9. 第八期数据保护官沙龙纪实:重点行业数据、隐私及网络安全

  10. 第九期数据保护官沙龙纪实:《个人信息安全规范》修订研讨


线上沙龙见:

  1. DPO社群对数据堂事件的精彩点评

  2. DPO社群线上讨论第二期:“出售 & 提供” 个人信息之法律与实务对话

  3. 用户授权第三方获取自己在平台的数据,可以吗?不可以吗?(DPO沙龙线上讨论第三期)


时评见:

  1. 数据安全事件时评第一期

  2. 数据安全事件时评第二期

  3. 【时事五】微软、Facebook、谷歌和Twitter联合推出数据迁移项目:数据可移植性的开源计划

  4. 【时事六】 星巴克、阿里巴巴牵手“新零售”之数据合规深度评论

  5. 【时事七】美国通过《NIST小企业网络安全法》

  6. 【时事八】国际数据流动:欧盟委员会启动对日本的充分性决定流程

  7. 【时评九】加州IoT设备网络安全法对物联网法律之影响(附法案翻译)

  8. 【时评十】五问五答《具有舆论属性或社会动员能力的互联网信息服务安全评估规定》

  9. 【时评十一】社交网络平台,需要多点爱还是多点管?


DPO社群成员观点

  1. 个人信息委托处理是否需要个人授权?(DPO社群成员观点)

  2. 企业如何告知与保护用户的个人信息主体权利(DPO社群成员观点)

  3. GDPR“首张”执行通知盯上AlQ公司的前期后后(DPO社群成员观点)

  4. 隐私条款撰写调研报告(DPO社群成员观点)

  5. 我看到的数据安全(DPO社群成员观点)

  6. 数据爬取的法律风险综述(DPO社群成员观点)

  7. 银行业金融数据出境的监管框架与脉络(DPO社群成员观点)

  8. 解析公安机关《互联网个人信息安全保护指引(征求意见稿)》(DPO社群成员观点)

  9. 详解GDPR向Google亮剑缘由(DPO社群成员观点)

  10. 从生产安全体系视角看数据安全(DPO社群成员观点)

  11. "数据千万条 合规第一条"——京东金融侵犯用户隐私风波之鉴(DPO社群成员观点)

  12. 因插件问题,Facebook再度“陷入旋涡”(DPO社群成员观点)

Modified on

    您可能也对以下帖子感兴趣

    文章有问题?点此查看未经处理的缓存