Meta rolls out end-to-end encryption in Messenger
This week, Facebook and Instagram parent company Meta announced the rollout of end-to-end encryption for personal conversations in Messenger.
Meta's two main goals were to ensure that private conversations in Messenger are protected from third-parties and that the authenticity of sender and receiver is guaranteed.
The encryption upgrade applies to one-to-one chats and voice calls in Messenger and on Facebook only at the time of writing. The rollout will take several months to complete before it has reached the 1 billion users on Facebook and Messenger.
Meta introduced an end-to-end encrypted chat feature in 2016 in Messenger. This feature, which the company called Secret Conversations, allowed users to enable end-to-end encryption for specific chats. Several other messaging applications, including Signal and Threema, at the time supported end-to-end encryption already.
Messenger's end-to-end encrypted chat functionality relies on a modified version of Signa's protocol. This is the same protocol that Whatsapp uses as well for end-to-end encryption.
Meta plans to introduce new features to Messengers that improve user control over chats. This includes support for backing up encrypted messages securely, disabling read receipts or supporting temporary messages.
Chat backups need to be encrypted as well. The default option stores encrypted messages on Facebook servers using the user's private key. Options to set a 6-digit PIN for extra protection and storing encrypted backups on Google or Apple cloud infrastructure are provided as well according to the EFF.
The organization notes that these backups break forward secrecy. This is a trade-off between privacy and convenience. Most users expect their messages to work on any device that they use. They sign-in to Facebook or Messenger and expect al their chats to be visible right away.
Meta created an encrypted storage system for that purpose. Called Labyrinth, it stores encrypted data uploaded by clients to provide users with the data when they use Messenger functionality on existing or new devices.
The Meta announcement includes links to whitepapers that describe the cryptographic protocols in detail.
Closing Words
End-to-end encrypted one-to-one messages on Messenger and on Facebook are a major step for users of the service. Meta plans to introduce end-to-end encryption for group messages in the future as well.
The EFF notes that it has "significant concerns about metadata". Meta has access to this data, which includes information about sender and recipient. It recommends that Internet users who are concerned about privacy or security use different products for their conversations because of that.
Now You: do you use messaging apps or services?
