Facebook Messenger will soon get end-to-end encryption feature with new Secret Conversations mode, the company has confirmed. Facebook Messenger is following WhatsApp when it comes to end-to-end encryption.
For starters, end-to-end encryption means the messages, videos, photos, calls made over the app can’t be read by anyone; not Facebook, not third-parties like the government or cyber-criminals or hackers. End-to-end encryption means device level encryption, and the data is not stored on the company’s servers.
However, WhatsApp’s end-to-end encryption is enabled across the app by default, while on Facebook Messenger it will only be activated during the ‘secret conversations’ mode. This is similar to the mode in messaging app Telegram, where only ‘secret chats’ are end-to-end encrypted, and users can set a timer to make these chats disappear.
Facebook Messenger will also let users set a timer on these ‘secret conversations,’ and the messages will disappear after the allocated time, once the other users has read them.
To start a secret conversation, a user will have to tap on their friend’s name and once you scroll down, this option will appear. Facebook Messenger is at present testing the end-to-end encryption, and so you won’t see it for now, but the company has promised a roll out soon.
Like WhatsApp, Facebook is using “The Signal Protocol”, designed by Open Whisper Systems, for its end-to-end encryption. Facebook has also put out a white paper explaining how the secret chat will work on the app.
For starters, “Secret Conversations” will use a “different transport protocol and specialised on-device storage and separate back-end infrastructure. The white paper also notes that each secret conversation will generate metadata like “delivery and read receipts”, which is not end-to-end encrypted and won’t contain message plain text.
Facebook Messenger also use the 256-bit encryption to secure these messages, which are sent out by users.
If you or your friend switch devices during a secret conversation, then the existing messages or cryptographic keys are not transferred to the new preferred device, and users will have to explicitly resend messages to the new devices, in case of bounced messages.
WhatsApp with over 1 billion users has end-to-end encryption and as we noted earlier that makes it a really big deal. Facebook Messenger has 1 billion downloads on the Google Play Store as well, and close to 900 million monthly active users. With the secret conversations option rolling out, this means another large chunk of users and a part of their chats will get secured.
Google also launched an instant messaging app called Allo, which has an end-to-end encrypted chat mode. Incognito chats in Google’s Allo will have a message expiration time as well as private notifications.
Privacy experts point out that by not making end-to-end encryption as default mode, apps are not really protecting user privacy. In fact, when Allo was first announced by Google, NSA whistleblower Edward Snowden criticised the app, saying the company’s decision to disable end-to-end encryption was dangerous.
Experts also argue that most people won’t end up using the ‘secret’ chat mode. In case of Telegram, Allo, etc the end-to-end encrypted mode comes with a time-limit, and thus ensures the message disappear from the device and can’t be read by anyone else. WhatsApp has end-to-end encryption across the board, but there’s no concept of disappearing messages, which means they can still be read or accessed if the device is compromised.
We’ll have to wait and see how soon Facebook Messenger rolls out end-to-end encryption for all and how.