Social media company Meta said it will begin testing end-to-end
encryption (E2EE) on its Messenger platform this week for select
users as the default option, as the company continues to slowly add
security layers to its various chat services.
“If you’re in the test group, some of your most frequent chats
may be automatically end-to-end encrypted, which means you won’t
have to opt in to the feature,” Sara Su, product management
director of Messenger Trust, said[1].
The incremental development comes a year after it turned on E2EE[2]
for audio and video calls on the messaging service as well as for
one-on-one chats in Instagram, and enabled encrypted chat backups[3]
for WhatsApp on Android and iOS.
E2EE is a secure communication mechanism that scrambles data in
transit and prevents third-parties from unauthorizedly accessing
information sent from one endpoint to another, including Meta.
“This is because with end-to-end encryption, your messages are
secured with a lock, and only the recipient and you have the
special key needed to unlock and read them,” Meta-owned WhatsApp
explains[4]
in its documentation.
It’s worth pointing out that Meta flipped the switch on E2EE chats in Messenger[5]
in January 2022 on an opt-in basis, meaning it requires users to
explicitly turn it on to avail the privacy and security
guarantees.
End-to-End Encrypted Chat Backups
What’s more, the encrypted backup feature is being ported over
to Messenger too in the form of a feature it calls Secure Storage
that allows users to create a PIN or a code, which can then be used
to restore the chats on a new device.
Further changes encompass an expansion of E2EE trials on
Instagram and the removal of vanish mode[6]
in Messenger while retaining disappearing messages[7], which lets messages be
automatically erased after a chosen time period.
In addition, it’s extending the Code Verify[8]
safeguards it introduced earlier this March to ensure the integrity
of WhatsApp Web to include the desktop web version[9]
of Messenger.
The updates arrive ahead of a global rollout[10] of default end-to-end
encryption for personal messages and calls across Instagram and
Messenger in 2023. As it stands, WhatsApp is the only Meta product
to be end-to-end encrypted out of the box.
They also come in the immediate aftermath of news that Meta
shared[11] Messenger chats[12] with law enforcement in
a criminal case concerning a 17-year-old’s abortion in the U.S.
state of Nebraska, something that was made possible only because
conversations on Messenger are still stored in cleartext.
The company, which is facing significant blowback[13], has since sought to
emphasize[14] that the “warrants did
not mention abortion at all” and that “police were at that time
investigating the alleged illegal burning and burial of a stillborn
infant.”
The encryption barriers have also been a point of contention[15] with governments who
say the system hinders[16] their ability[17] to counter serious
crime like child sexual abuse harms.
References
- ^
said
(about.fb.com) - ^
turned
on E2EE (thehackernews.com) - ^
encrypted chat backups
(thehackernews.com) - ^
explains
(faq.whatsapp.com) - ^
E2EE
chats in Messenger (messengernews.fb.com) - ^
vanish
mode (www.facebook.com) - ^
disappearing messages
(www.facebook.com) - ^
Code
Verify (thehackernews.com) - ^
desktop web version
(www.messenger.com) - ^
global
rollout (thehackernews.com) - ^
shared
(www.forbes.com) - ^
Messenger chats
(www.vice.com) - ^
significant blowback
(twitter.com) - ^
emphasize
(about.fb.com) - ^
contention
(thehackernews.com) - ^
hinders
(www.theregister.com) - ^
ability
(www.theregister.com)
Read more https://thehackernews.com/2022/08/facebook-testing-default-end-to-end.html