clock menu more-arrow no yes

Filed under:

Facebook is testing end-to-end encryption for Messenger

New, 9 comments

But it will be opt-in — not on by default

Facebook

Facebook is trialling a new feature named "secret conversations" its Messenger app that offers users end-to-end encryption. The company says the feature is accessible right now for a certain people, and will become more widely available this summer. Facebook says activating end-to-end encryption for select conversations will give users more privacy when discussing sensitive topics such as health issues and financial information. "We've heard from you that there are times when you want additional safeguards," said the company in a blog post.

Facebook's end-to-end encryption will be opt-in

By introducing end-to-end encryption to Messenger, Facebook joins the growing ranks of messaging apps offering stronger safeguards against surveillance. Facebook-owned WhatsApp already introduced this sort of encryption back in April, but applied it to all messages, rather than on the conversation-by-conversation basis preferred by Messenger. (Like WhatsApp, Messenger's encryption will be based on Open Whisper System's Signal Protocol.) This tactic can be seen as less antagonistic to law enforcement and governments, as making the extra security opt-in rather than default-on means many users will simply ignore it.

Facebook's "secret conversations" will only work from one phone, tablet, or computer selected by the user. This way the company won't have to distribute unique encryption keys to multiple devices. Messages sent using end-to-end encryption will also be limited in format, and won't cover the likes of GIFs and videos, at least not initially. Users will have the option of setting self-destruct timers on messages, though, just like in Snapchat.

End-to-end encryption does not guarantee a message's integrity, but to intercept a conversation protected in this way would require a significant amount of cooperation with law enforcement. This level of collaboration could lead to a legal fight, in the same way that Apple objected to the FBI's demands to unlock an iPhone belonging to one of the San Bernardino shooters. The encryption might also get Messenger banned in some countries — as happened to WhatsApp in Brazil earlier this year.

This encryption isn't 100% secure, but bypassing it takes a very sophisticated attack

The new feature comes after Facebook received criticism for scanning and retaining links shared in private messages. Earlier in May, a lawsuit certified for class action was filed against the social network, alleging that the company scans links shared in Messenger to create marketing data. And in June, a security researcher noted that Messenger's link-scanning protocol are relatively easy for third-party Facebook developers to snoop on. (That allegation has also been leveled against Twitter's link-shortening service.) However, any functional end-to-end encryption would make this sort of link-skimming impossible.

These caveats aside, Facebook's introduction of end-to-end encryption (even as an option) is significant. The app has some 900 million users as of this April, and combined with WhatsApp processes a mammoth 60 billion messages every day. Facebook has also positioned Messenger as a platform in its own right, adding functions such as chatbots designed to keep users coming back. Adding extra encryption to such a widely-used platform will be a boon for user privacy worldwide.