Facebook has long been criticized for not using end-to-end encryption as a default option for its messaging service, but that may soon change.
Facebook announced this week that it has begun testing end-to-end encryption by default among some users of its Messenger app. The company plans to roll out the messaging and calling feature globally next year.
With end-to-end encryption, Facebook and its parent company Meta cannot view their users’ private conversations—only senders and recipients can. This is an important security feature that protects users from cybercriminals and hackers, as well as law enforcement agencies who may require social media platforms to provide private chat history as part of an investigation.
Facebook’s announcement comes amid backlash from privacy advocates after the company turned over private messages between a mother and daughter to a Nebraska police department in an abortion-related case. Facebook said its security update was unrelated to the Nebraska case.
So far, WhatsApp is the only Meta-owned service that uses end-to-end encryption by default.
Last year, Meta began testing end-to-end encryption with the ability to include Instagram messages and calls. In February, it expanded the test to include adults in Ukraine and Russia. Meta said it wants to expand this test to include people from more countries and different age groups.
Facebook already offers users end-to-end encryption for so-called “secret chats” that must be enabled. It’s unclear what percentage of Facebook’s 3 billion users actually encrypt their chats.
Making end-to-end encryption the default option would be a significant step, especially given concerns since the Supreme Court overturned Roe v. Wade that posts and private messages could be used to stalk women seeking reproductive health.
While digital privacy advocates support the Meta security update, they said the move should have come sooner because the issue of end-to-end encryption has been debated for years.
“The requirement is simple: every messaging service must be end-to-end encrypted by default, as soon as possible. Anything less is dangerous,” said Evan Greer, director of digital rights nonprofit Fight for the Future.
Facebook security updates
In addition to standard end-to-end encryption, Facebook is also testing a new secure storage feature to back up users’ messages in case they lose their mobile phone or computer and decide to restore their message history on another device.
With end-to-end encryption, Facebook will not have access to these messages unless a user is reported for violating Facebook’s policies.
To access these backups, users must either create a PIN or generate a code known only to them. Another option is to use a cloud service like iCloud to store a secret key that allows users to access backups. The latter method is secure but not protected by Messenger’s end-to-end encryption, Facebook said.
Over the next few weeks, the company will be rolling out more tests and updates to its end-to-end encrypted chats. For example, deleted messages will sync across devices and users will be able to unsend messages or replies to Facebook stories.
Darina Antonyuk is a freelance reporter for The Record based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe, and the state of the cyber war between Ukraine and Russia. Previously, she was a technical reporter for Forbes Ukraine. Her work has also been published in Sifted, The Kyiv Independent and The Kyiv Post.
Add Comment