Ya, I mean Instagram is no bastion of privacy, I’m sure - but most managers wouldn’t be thrilled to learn their employees were accessing the production database for fun. It’s less a “but you violated our customer’s trust” and more a “you idiot, why you tempting fate, we are generally one typo away from the whole thing crumbling down anyway!”. And surely no company bothered to build a nice tool that’ll let their employees peruse the DM list of a random user - we can barely get them to build us actual monitoring infrastructure till something breaks! So one would have to put in some effort into gathering this information. Running background checks for some random friend - the risks and effort doesn’t feel like it would be worth it. It seems more likely the girlfriend peeked at OP’s Instagram client herself, or just took a guess, and made up “a source working at Instagram” as a plausible excuse.
Ehhhhh… Having database access like this is fairly common, and it’s very plausible that a nice tool exists for this for moderation purposes. I’m not saying this actually happened, but it’s at least plausible, and frankly you should assume that this is happening behind the scenes at every company. It might be rare, and you might ultimately conclude that it’s worth the risk, but it’s probably good to consider (especially if you’re in any way connected to an employee at such a company).
Yes, access to production database is fairly common (for certain job functions, at least). Unaudited and unfettered database access is much less common. Sure, it happens, but it is rare - especially for something at the scale (& attractiveness to hackers) of Instagram. And yes, an audit trail doesn’t mean your manager will be immediately alerted, and there are people who won’t think of the audit trail and go snooping in prod anyway - so it is possible, but I just don’t think it’s very probable ¯\_(ツ)_/¯
And a moderation tool for direct messages? Which are E2E encrypted? That doesn’t make much sense to me. What moderation function would a “list of people they have DMed in the last 2 years” serve? I guess it could be used to determine if somebody has been harassing someone else - but the block feature exists, why would it reach a moderator in the first place?
and frankly you should assume that this is happening behind the scenes at every company.
Look, I operate under the principle of “anything that I put online, will be eventually public and linked to me” (which is why I would never answer the original question, even with an anonymous account that isn’t linked to my email) and “everybody sucks at infosec” - but that doesn’t mean Instagram employees have a handy way to access a human readable list of people I have DMed.
Occam’s razor is in favour of the girlfriend getting the info the old fashioned way - snooping on the OP’s phone
Unaudited and unfettered database access is much less common. Sure, it happens, but it is rare - especially for something at the scale (& attractiveness to hackers) of Instagram. And yes, an audit trail doesn’t mean your manager will be immediately alerted, and there are people who won’t think of the audit trail and go snooping in prod anyway - so it is possible, but I just don’t think it’s very probable ¯_(ツ)_/¯
It’s hard to say what Instagram does behind closed doors, so who knows. Having write access to the production database is almost certainly in the hands of a select few, but it’s not unexpected for developers to have read access / access to a replicated database for testing, and to help compile reports that more business-focused individuals in the company might be interested in, or just to understand the impact certain changes they might introduce could have. I wouldn’t entirely be surprised if companies like Instagram that deal with more sensitive data are a little more careful about what every random developer has access to, but I also wouldn’t be surprised if there were a decent number of people with this level of access, and I would probably be more surprised if they were watched carefully than if they weren’t. Regardless, in some sense I don’t think it’s particularly relevant – you should assume that your DMs on platforms like Instagram and Twitter and whatever are accessible to people working on those platforms, so I think the concerns that the original comment here brings up are perfectly valid, even if it happens to not be the case in this particular instance. This is certainly a company secret for MANY companies, e.g.:
I think it’s worth being aware. I’m pretty sure the average person doesn’t really think about this and just assumes their DMs are completely private, or maybe it’s seen by Facebook or Google in some automated way for advertising… But it is also possible for employees to do problematic things, or for the information to be leaked if the service is compromised. I really don’t think the average person really realizes that it’s probably just sitting as plain text in a database and can be read pretty trivially if you have access to it.
And a moderation tool for direct messages?
Yeah, absolutely? You have a user sending questionable messages to people / potential spam, you check the rest of their history for more context. That sounds perfectly sensible to me.
Which are E2E encrypted? That doesn’t make much sense to me. What moderation function would a “list of people they have DMed in the last 2 years” serve? I guess it could be used to determine if somebody has been harassing someone else - but the block feature exists, why would it reach a moderator in the first place?
I don’t use Instagram, so I’m not super aware of this particular case. It looks like the e2e encrypted chats are a very recent feature (seems like September 2022? Looks like it also wasn’t a feature at some point in 2021), so it’s possible this supposed incident happened prior to that feature rolled out, and it’s unclear to me if it’s the default? Either way, the feature seems recent enough that it might not be relevant to the original situation. It would make a difference in the future, though!
If they’re truly end-to-end encrypted then, sure, there probably wouldn’t be too much use for moderation tools specifically to keep track of the metadata, but it might be useful to help determine if somebody is harassing / spamming people en mass (plus that seems like real good data for advertising). It looks like they do have some moderation tools for encrypted messages:
But it sounds like it’s intentional from a user (i.e., when they report a DM it will send the message + some context to Instagram that Instagram otherwise wouldn’t be able to read). Who knows if there’s anything about metadata.
Bit of a tangent, but of course end-to-end encryption can also only go so far. You still trust Instagram about these claims, and you trust that they implement it correctly. I’d probably believe them, but there’s a lot of places to play tricks on users, especially when you don’t know what code they’re running on your device. It may not be particularly hard for them to push an update that tells them what your private keys are, for instance, and there’s often some security sacrifices for convenience (maybe your phone will automatically share encryption keys with a new browser login so you can read your message archive or something).
Occam’s razor is in favour of the girlfriend getting the info the old fashioned way - snooping on the OP’s phone
I would agree with this regardless, of course :). There’s plenty of ways to glean this information without a rogue Instagram employee behind the scenes.
Ya, I mean Instagram is no bastion of privacy, I’m sure - but most managers wouldn’t be thrilled to learn their employees were accessing the production database for fun. It’s less a “but you violated our customer’s trust” and more a “you idiot, why you tempting fate, we are generally one typo away from the whole thing crumbling down anyway!”. And surely no company bothered to build a nice tool that’ll let their employees peruse the DM list of a random user - we can barely get them to build us actual monitoring infrastructure till something breaks! So one would have to put in some effort into gathering this information. Running background checks for some random friend - the risks and effort doesn’t feel like it would be worth it. It seems more likely the girlfriend peeked at OP’s Instagram client herself, or just took a guess, and made up “a source working at Instagram” as a plausible excuse.
Ehhhhh… Having database access like this is fairly common, and it’s very plausible that a nice tool exists for this for moderation purposes. I’m not saying this actually happened, but it’s at least plausible, and frankly you should assume that this is happening behind the scenes at every company. It might be rare, and you might ultimately conclude that it’s worth the risk, but it’s probably good to consider (especially if you’re in any way connected to an employee at such a company).
Yes, access to production database is fairly common (for certain job functions, at least). Unaudited and unfettered database access is much less common. Sure, it happens, but it is rare - especially for something at the scale (& attractiveness to hackers) of Instagram. And yes, an audit trail doesn’t mean your manager will be immediately alerted, and there are people who won’t think of the audit trail and go snooping in prod anyway - so it is possible, but I just don’t think it’s very probable ¯\_(ツ)_/¯
And a moderation tool for direct messages? Which are E2E encrypted? That doesn’t make much sense to me. What moderation function would a “list of people they have DMed in the last 2 years” serve? I guess it could be used to determine if somebody has been harassing someone else - but the block feature exists, why would it reach a moderator in the first place?
Look, I operate under the principle of “anything that I put online, will be eventually public and linked to me” (which is why I would never answer the original question, even with an anonymous account that isn’t linked to my email) and “everybody sucks at infosec” - but that doesn’t mean Instagram employees have a handy way to access a human readable list of people I have DMed.
Occam’s razor is in favour of the girlfriend getting the info the old fashioned way - snooping on the OP’s phone
It’s hard to say what Instagram does behind closed doors, so who knows. Having write access to the production database is almost certainly in the hands of a select few, but it’s not unexpected for developers to have read access / access to a replicated database for testing, and to help compile reports that more business-focused individuals in the company might be interested in, or just to understand the impact certain changes they might introduce could have. I wouldn’t entirely be surprised if companies like Instagram that deal with more sensitive data are a little more careful about what every random developer has access to, but I also wouldn’t be surprised if there were a decent number of people with this level of access, and I would probably be more surprised if they were watched carefully than if they weren’t. Regardless, in some sense I don’t think it’s particularly relevant – you should assume that your DMs on platforms like Instagram and Twitter and whatever are accessible to people working on those platforms, so I think the concerns that the original comment here brings up are perfectly valid, even if it happens to not be the case in this particular instance. This is certainly a company secret for MANY companies, e.g.:
I think it’s worth being aware. I’m pretty sure the average person doesn’t really think about this and just assumes their DMs are completely private, or maybe it’s seen by Facebook or Google in some automated way for advertising… But it is also possible for employees to do problematic things, or for the information to be leaked if the service is compromised. I really don’t think the average person really realizes that it’s probably just sitting as plain text in a database and can be read pretty trivially if you have access to it.
Yeah, absolutely? You have a user sending questionable messages to people / potential spam, you check the rest of their history for more context. That sounds perfectly sensible to me.
I don’t use Instagram, so I’m not super aware of this particular case. It looks like the e2e encrypted chats are a very recent feature (seems like September 2022? Looks like it also wasn’t a feature at some point in 2021), so it’s possible this supposed incident happened prior to that feature rolled out, and it’s unclear to me if it’s the default? Either way, the feature seems recent enough that it might not be relevant to the original situation. It would make a difference in the future, though!
If they’re truly end-to-end encrypted then, sure, there probably wouldn’t be too much use for moderation tools specifically to keep track of the metadata, but it might be useful to help determine if somebody is harassing / spamming people en mass (plus that seems like real good data for advertising). It looks like they do have some moderation tools for encrypted messages:
https://help.instagram.com/753893408640265?helpref=faq_content
But it sounds like it’s intentional from a user (i.e., when they report a DM it will send the message + some context to Instagram that Instagram otherwise wouldn’t be able to read). Who knows if there’s anything about metadata.
Bit of a tangent, but of course end-to-end encryption can also only go so far. You still trust Instagram about these claims, and you trust that they implement it correctly. I’d probably believe them, but there’s a lot of places to play tricks on users, especially when you don’t know what code they’re running on your device. It may not be particularly hard for them to push an update that tells them what your private keys are, for instance, and there’s often some security sacrifices for convenience (maybe your phone will automatically share encryption keys with a new browser login so you can read your message archive or something).
I would agree with this regardless, of course :). There’s plenty of ways to glean this information without a rogue Instagram employee behind the scenes.