Facebook is testing end-to-end encryption for all Messenger conversations

Meta, Facebook’s parent company, is testing new features to boost security and privacy on its Messenger app.

Starting with end-to-end encryption (E2EE) by default in Messenger chats. In addition, Meta has launched a new online E2EE storage service, called “Secure Storage, to save chat histories.

The social media giant will also test a feature to unsend a message – similar to the “delete for all” option in WhatsApp group chats.

Privacy by default

End-to-end encryption has actually been available on Messenger since 2016. But in order to take advantage of it, users need to enable it. Soon, this security measure will be enabled by default.

End-to-end encryption, or E2EE, means that all messages are encrypted, both when they are sent and when they are stored, on the user’s device or on a remote server. Currently, every encryption-protected chat in Messenger is only stored on each user’s device. But if all the chats were kept on one device, it would require a large amount of storage space. This is why Meta plans in the future to store all E2EE chats on its servers by default, in its Secure Storage service.

Moving to end-to-end encryption by default in Messenger is in line with Meta’s plans. Last November, the company announced that it would postpone this measure for Messenger and Instagram from the end of 2022 to 2023. The reason? Méta explained that it had to assess the balance between users’ privacy and public safety, particularly regarding collaborations with law enforcement.

A new way to store encrypted messages

But Messenger’s secure storage feature is new and will become “the default way to protect your end-to-end encrypted conversation history on Messenger,” said Sara Su, director of Messenger Trust product management in a blog post. Blog. “As with end-to-end encrypted conversations, the secure storage feature means that we won’t have access to your messages unless you choose to report them to us,” says Sara Su.

Since encrypted Messenger conversations are stored in Meta’s data centers and not on the user’s device, users who lose their device can still access the conversation history. But it also means that all encrypted chats are now transferred to Meta’s servers.

End-to-end encryption will make it more difficult for law enforcement to access content such as photos and chats, but they will still be able to access capabilities such as location, device IDs and creation timestamps. accounts.

Coming soon encrypted calls

Facebook began testing Secure Storage on Android and iOS this week, but it’s not yet available on the Messenger website, Messenger desktop app, or chats that aren’t protected by E2EE.

To access Secure Storage backups, users must create a PIN or generate a code that they must save in order to access backups in the future. The private key can be saved in services like Apple’s iCloud Keychain. But Sara Su points out that the key, if stored by Apple’s password manager, will not be protected by Messenger’s end-to-end encryption.

The latter adds that Facebook plans to introduce end-to-end encrypted calls in the Calls tab of Messenger in the future.

The fleeting mode will disappear

Facebook is also releasing Code Verify, a browser extension for Chrome, Firefox, and Microsoft Edge. This last automatic failure of the authenticity of the code when using the web version of Messenger.

“This will allow you to confirm the security effectiveness of our end-to-end encryption by showing that your web code has not been tampered with or modified,” explains Sara Su.

However, the implementation of end-to-end encryption has other consequences on the operation of Messenger. For example, the fleeting mode will disappear. Ephemeral messages (which will disappear after a specified time) will be kept in end-to-end encrypted chats. Ephemeral Mode will still be available on Instagram, but it’s not E2EE.

To conclude, Sara Su indicates that the Meta deserves to “inform you of our progress towards the global deployment of end-to-end encryption by default for messages and personal calls in 2023”.

Source: ZDNet.com

Leave a Comment