Facebook Experiments With End To End Encryption In Messenger

from the good-to-see dept

It’s encrypted messages, end-to-end, so that in theory no one—not a snoop on your local network, not an FBI agent with a warrant, not even Facebook itself—can intercept them. For now, the feature will be available only to a small percentage of users for testing; everyone with Facebook Messenger gets it later this summer or in early fall.

“It’s table stakes in the industry now for messaging apps to offer this to people,” says Messenger product manager Tony Leach. “We wanted to make sure we’re doing what we can to make messaging private and secure.”

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

This has been rumored before, and perhaps isn't a huge surprise due to Whatsapp's use of end to end encryption, but Facebook has launched a trial of end to end encryption in Facebook messenger , under a program it's calling "Secret Conversations" (which also allows for expiring conversations).What's good to see is that Facebook is directly admitting that offering end to end encryption is aif you're in the messaging business today.This is a good sign. For years, tech companies more or less pooh-poohed requests for encryption, basically suggesting it was only tinfoil hat wearing paranoids who really wanted such things. But now they're definitely coming around (something you can almost certainly thank Ed Snowden for inspiring). And, not surprisingly, Facebook is using the Signal protocol, which is quickly becoming the de facto standard for end to end encrypted messaging. It's open source, well-known and well-tested, which doesn't mean it's perfect (nothing is!), but it's at least not going to have massively obvious encryption errors that pop up when people try to roll out their own.Some security folks have been complaining, though, that Facebook decided to make this "opt-in" rather than default. This same complaint cropped up recently when Google announced that end to end encryption would be an "option" on its new Allo messaging app. Some security folks argue -- perhaps reasonably -- that being optional rather than default almost certainly means that it won't get enough usage, and some users may be fooled into thinking messages are encrypted when they are not.Facebook's Chief Security Officer, Alex Stamos (who knows his shit on these things) took to Twitter (not Facebook?) to explain why its optional , and makes a fairly compelling set of arguments (which also suggest that there's a chance that end to end encryption will eventually move towards default). A big part of it is that because of the way end to end encryption works (mainly the need to store your key on your local device) that makes it quite difficult to deploy on a system, like Facebook Messenger, that people use from a variety of interfaces. Moxie Marlinspike, the driving force behind Signal has already pointed out that Signal protocol support multi-device , so hopefully Facebook will figure it out eventually. But in the short term, it would definitely change the way people use Messenger, and it's at least somewhat understandable that Facebook would be moderately cautious in deploying a change like this that would end up removing some features, and potentially confusing/upsetting many users of the service. Over time, hopefully, end to end encryption can be simplified and rolled out further.As some cryptogrphers have noted , this is a good start for a company with hundreds of millions of users on an existing platform in moving them towards encryption. A ground up solution probably should have end to end enabled by default, but for a massive platform making the shift, this is a good start and a good move to protect our privacy and security.Anyway, anyone have the count down clock running on how long until someone from the FBI or Congress whines about Facebook doing this?

Filed Under: encryption, end to end encryption, messenger, signal protocol

Companies: facebook