Facebook testing end-to-end encryption as a default on Messenger
Facebook has long been criticized for not using end-to-end encryption as a default option for its messaging service, but that might change soon.
This week Facebook announced that it has started testing default end-to-end encryption among some users of its Messenger app. The company plans to roll out the feature for messages and calls globally next year.
With end-to-end encryption, Facebook and its parent company Meta cannot view its users’ private conversations — only the senders and recipients can. This is an important security feature that protects users from cybercriminals and hackers, as well as law enforcement, which may require social media platforms to provide a private chat history as part of an investigation.
Facebook’s announcement comes amid backlash from privacy advocates after the company handed over private messages between a mother and daughter to a Nebraska police department in an abortion-related case. Facebook said that its security update is unrelated to the Nebraska case.
So far, WhatsApp is the only Meta-owned service that uses default end-to-end encryption.
Last year, Meta began testing the opt-in end-to-end encryption of messages and calls on Instagram. In February, it broadened the test to include adults in Ukraine and Russia. Meta has said it wants to expand this test and include people from more countries and different age groups.
Facebook already offers users end-to-end encryption for so-called “secret chats,” which need to be enabled. It’s unclear what percentage of Facebook’s 3 billion users actually encrypt their chats.
Making end-to-end encryption the default option would be a significant step, especially given fears in the wake of the reversal of the Supreme Court’s Roe v. Wade decision that posts and private messages could be used to prosecute women seeking reproductive healthcare.
While digital privacy advocates support Meta’s security update, they said the move should have come earlier, as the issue of end-to-end encryption has been discussed for years.
“The demand is simple: every messaging service should be end-to-end encrypted by default, as soon as humanly possible. Anything less is dangerous,” said Evan Greer, director of digital rights nonprofit Fight for the Future.
Facebook security updates
In addition to default end-to-end encryption, Facebook is also testing a new secure storage feature to back up users’ messages in case they lose their mobile phone or computer and decide to restore their message history on another device.
With end-to-end encryption, Facebook won’t have access to these messages unless a user is reported for violating Facebook policies.
To access these backups, users need to either create a PIN or generate a code only known to them. Another option is to use a cloud service like iCloud to store a secret key that allows users to access backups. This last method is secure, but not protected by Messenger’s end-to-end encryption, Facebook said.
Over the next few weeks the company will roll out more tests and updates of its end-to-end encrypted chats. For example, deleted messages will sync across devices, and users will be able to unsend messages or replies to Facebook stories.