Facebook Messenger app to offer end-to-end encryption option
Users of Facebook's photo and text messaging app Messenger may soon have the ability to engage in "secret conversations." The opt-in feature is currently being tested.
On Friday, Facebook said that it is exploring ways to offer direct "one-to-one secret conversations in Messenger that will be end-to-end encrypted and which can only be read on one device of the person you’re communicating with" and out of the reach of the social media behemoth.
To enable "secret conversations" among users, Facebook said it will employ the Signal Protocol, a widely-respected encryption method.
The Signal encryption protocol used by WhstsApp, Google Allo, and Facebook Messenger was developed with US taxpayer Internet Freedom funds.
— Christopher Soghoian (@csoghoian) July 8, 2016
However, the encrypted Messenger feature falls short of the messaging service WhatsApp, owned by Facebook, which began encrypting all messages by default as of earlier this year.
Cyber security experts have said that many users of messaging apps often believe encryption has been turned on by default, when the feature is often actually an opt-in and therefore easy to overlook.
“There are many Telegram users who think they are communicating in an encrypted way, when they’re not because they don’t realize that they have to turn on an additional setting,” Christopher Soghoian, principal technologist at the American Civil Liberties Union, told Gizmodo last month.
End-to-end encryption
— Kontra (@counternotions) July 8, 2016
Google Allo: opt-in
Facebook Messenger: opt-in
Apple iMessage, FaceTime: by default.
(The year is 2016.)
Facebook avoided initially offering default encryption on Messenger, saying it would like to improve how such security will impact non-mobile user experience, among other reasons, according to Facebook's chief security officer Alex Stamos.
Reason #1: FBM is multi-device, and we'd like to see E2E usability improve to support this. For now, pick one device and keys never leave it
— Alex Stamos (@alexstamos) July 8, 2016
As of now, "secret conversations can only be read on one device and we recognize that experience may not be right for everyone," Facebook said in its announcement, referring to how users currently employ Messenger through a variety of devices.
The company said secret conversations are now available only on a "limited test basis right now." Wider availability will materialize later this summer, it said.
"During this test, we will gather feedback about the functionality, measure performance and introduce tools to enable you to report objectionable content to us."
Decrypt or else: Draft encryption bill says tech companies must comply with court orders https://t.co/Q25eDAt1snpic.twitter.com/mQJDWsem4O
— RT America (@RT_America) April 8, 2016
Developing legislation in the US Senate would jeopardize end-to-end encryption capabilities, however. A leaked draft of the Compliance with Court Orders Act of 2016 indicated that lawmakers are seeking a strict policy for tech companies that would require compliance with court orders and a possible ban on end-to-end encryption.