Facebook Messenger E2E encryption has been available to some users for some years now, but a full rollout has taken longer than expected.
The company says it is now expanding end-to-end encrypted messaging to “millions” more people, and promises that it will be standard for everyone by the end of the year …
Encryption versus end-to-end encryption
Currently, everything you send via Facebook Messenger is encrypted – but not using end-to-end (E2E) encryption.
This means that Facebook owner Meta has a copy of the encryption key. Anyone in the company with the necessary access rights could read your private messages, as could any hacker who managed to gain the same access.
E2E encryption is different. With this, only the sender(s) and recipient(s) have the keys needed to decrypt the messages. Nobody at Meta could read your messages even if they had total access to all the company’s systems.
E2E encryption has for some time now been the expected standard, used by iMessage, FaceTime, WhatsApp, Signal, Telegram (when enabled), and more. But while Meta has Secret Conversations as an option in Facebook Messenger – which does use E2E encryption – normal messages don’t.
Facebook Messenger E2E encryption challenges
The company has been working on the problem since 2019, but says it proved more complicated than expected.
However, it quickly became apparent that transitioning our services to E2EE would be an incredibly complex and challenging engineering puzzle. We would have to rewrite almost the entire messaging and calling code base from scratch […]
This means upgrading trillions of active conversations with E2EE, without disrupting people’s expectations of the speed in which they can communicate or the reliability of their messages being delivered. We also had to develop new ways for people to manage their message history, like setting up a PIN. To maintain E2EE with this PIN approach, we also built out a new infrastructure of Hardware Security Modules (HSM).
In particular, Meta didn’t want to sacrifice features like embedded previews of videos – which required the company to change the way it handles these, from server-based to device-based.
In the old model, the server would go and retrieve that information from Youtube, and show you an image of the video as a preview. That’s why it sometimes takes a brief second to load. In an E2EE chat, however, the app on your phone will go to Youtube. It will get the rich preview for you, and when you hit send, your app encrypts the whole package and sends it to the recipient.
Millions more people today, all by the end of the year
Meta says that millions more people will get the feature from today, and that it will be standard for everyone by the end of the year.
Starting today, millions more people’s chats on Messenger will be upgraded to stronger encryption standards as part of our ongoing end-to-end encryption (E2EE) testing. We remain on track to launch default E2EE for one-to-one friends and family chats on Messenger by the end of the year.
You’ll know you have it when you update the app and are alerted to a security upgrade that includes E2E encryption.
FTC: We use income earning auto affiliate links. More.
Comments