Excerpts from the article and another article by the Electronic Frontier Foundation (EFF) :
While Meta won’t collect messages themselves, there is nothing stopping them from collecting metadata on those very messages.
By design, Meta has access to a lot of unencrypted metadata, such as who sends messages to whom, when those messages were sent, and data about you, your account, and your social contacts. None of that will change with the introduction of default encryption.
Meta has a reputation for collecting its users’ data: a key part of its lucrative advertising business. In fact, last year, the company earned a US $1.3 billion fine from European Union regulators for transferring EU citizens’ Facebook data to the United States.
Meta’s documentation indicates the company will continue to process messages’ metadata: what time a message was sent, for example, and who sent it to whom. The company says it will use metadata to help identify bad actors. Privacy advocates see this use case as evidence metadata can make a double-edged sword.
“This also demonstrates how much can be inferred from behaviors and metadata without needing access to the actual contents of messages themselves,” says Geraghty. “So we have to ask: What could Meta be using this data for additionally? It’s likely this metadata will be used to continuously enrich user profiles for targeted advertising purposes.”
Even if they open the source code, the server can run something different
Thats the thing about e2e. The server does not matter.
Initially I wanted to include the app as well but somehow I didn’t. If facebook would open its source code for the app, it doesn’t mean that you could build it and use it that way without additional keys and facebook wouldn’t want that which would mean they still publish an app you don’t know the exact source code of.
AGPL v3