Facebook offers end-to-end encrypted chat – if you find the right setting
There's always a catch
Facebook is rolling out end-to-end encryption for its messaging service to bring it in line with competitors, including its own WhatsApp.
But as ever with Facebook, there's a catch: you'll have to actively select the encrypted version each time, and the service will be limited to a single device. You also won't be able to use it to send things like pictures or videos.
Facebook has called the new service "Secret Conversations," betraying its not-so-subtle efforts to offer the service while hoping that no one actually does so. Why? Because Facebook relies on reading and storing everything you do through its service in order to sell you ads.
While other messaging apps such as WhatsApp, Viber and Apple's iMessages have simply turned on end-to-end encryption by default, meaning that no one except the sender and recipient can access the content of the messages, that "new norm" is not being accepted by the two biggest online names: Google and Facebook.
Both companies recognize they need to offer a secure form of messaging, but it also goes against their business models and incurs the displeasure of the US authorities, who are determined to gather as much data as possible by whatever means necessary.
As such, both Facebook's Messenger and Google's upcoming Allo messaging apps will provide the option for secure messaging, but it will not be a default and users will have to actively decide to send something in a secure mode. Facebook has taken that default-rigging a step further by limiting the functions on the secure mode of its messaging app.
It is a calculated gamble aimed at preventing users from using competing products while ensuring as many of them as possible continue to use the unsecure version. Expect to see those parameters tweaked – as Facebook has done many times in the past – if users vote with their feet and move away from the service.
Facebook has put out some technical details [PDF] on how it is doing Secret Conversations.
It uses the Signal protocol created by Open Whisper Systems, which is rapidly becoming the industry standard and is incorporated into WhatsApp, Allo and Signal's own messaging app.
"Secret" messages will be stored on a user's device, ensuring they cannot be pulled by Facebook or handed over in response to a warrant. They will also reportedly offer a self-destruct feature with a variable time limit ranging from five seconds to 24 hours.
Critically, Facebook's implementation of the protocol has been given the thumbs up by Open Whisper Systems' founder, Moxie Marlinspike, who wrote in a blog post that the integration had been "done appropriately."
Marlinspike also noted that it was far from ideal that encryption was not a default, but nonetheless argued that "it's still a big step, and we hope that Messenger will continue to iterate on this deployment to make end-to-end encryption more pervasive throughout their product."
So while you will have to navigate Facebook's interface in order to get what you want rather than what is most beneficial to Facebook, the service is there and has been implemented well. How very Facebook. The service is currently in beta to a small number of users and will be rolled out in full later this year. ®
Sponsored: Becoming a Pragmatic Security Leader