Facebook Messenger joins WhatsApp in end-to-end encryption5 min read . Updated: 12 Jul 2016, 03:04 PM IST
The aim is to secure messages and safeguard conversations that are otherwise readable by Facebook itself
Encryption is the latest buzzword for messaging apps and devices. The latest to join the bandwagon is Facebook Inc., which has begun testing end-to-end encryption on its popular Messenger app, similar to what it did with WhatsApp in April. The aim is to secure messages and safeguard conversations that are otherwise readable by Facebook itself. “We’ve heard from you that there are times when you want additional safeguards—perhaps when discussing private information like an illness or a health issue with trusted friends and family, or sending financial information to an accountant. To enable you to do this we are starting to test the ability to create one-to-one secret conversations in Messenger that will be end-to-end encrypted and which can only be read on one device of the person you’re communicating with," wrote the company in a blog post announcing this move.
As more and more users around the world log in to messaging apps to not only chat with friends but also to connect with brands, browse merchandise, and watch content, they are looking for privacy and encryption is the most important technology for safeguarding online security and privacy. Globally, a debate is under way over the extent to which technology companies should give law enforcement agencies access to encrypted data.
So what is end-to-end encryption?
It is a method of secure communication that prevents third-parties from accessing data while it’s transferred from one device to another, especially as they travel across the social web. In other words, it is designed to keep eavesdroppers out of the conversation. Even companies that own the messaging platform cannot decrypt the files. The data is encrypted on the sender’s system or device and only the recipient is able to decrypt it. Nobody in between, be it cyber criminals, anyone snooping, anyone with a motive to hack, telecom service providers, Internet companies, third-party apps and even government agencies cannot read encrypted communications. It’s important to note that not all apps install end-to-end encryption by default. Some require users to set chats in certain modes or enable specific functions before the messages are kept off the record.
Facebook-owned WhatsApp rolled out full end-to-end encryption to its 1 billion and growing users in April which meant that every message sent, photo or video shared, documents and files sent to friends or colleagues and WhatsApp voice calls have now been made completely secure. Apple Inc. has also used a form of end-to-end encryption in its messaging app iMessage for years; Viber, a mobile app that allows users to make calls and text messages, added the protection to its 700 million users’ messages just weeks after WhatsApp, while cloud-based instant messaging service Telegram uses two levels of encryption: server-client encryption is used in private and group ‘cloud chats’, while its ‘secret chats’ use end-to-end encryption and “leave no trace on our servers, support self-destructing messages and don’t allow forwarding", according to the company. These chats are not part of the Telegram cloud and can only be accessed on their devices of origin. Encryption is optional in Google’s new messaging app Allo. Like in Chrome, Google has created an Incognito mode in Allo and all chats in Incognito mode will have end-to-end encryption.
So how will encryption work on Messenger?
Encryption took some time coming to Messenger primarily because users aren’t tied to one device when using it. Unlike WhatsApp, Messenger works differently. It is designed in such a way that while users are logged in with the same Facebook account, conversations can happen across multiple devices and browsers which makes it technologically very difficult to achieve end-to-end encryption.
Facebook has branded this device-to-device conversation mode “secret conversations," where the messages will be locked to two devices and thus accessible only from the two devices which participate in a conversation. To use secret conversations, users would need to designate a preferred device upon which their secret conversations will be available, e.g. their primary phone. Secret conversations will be stored permanently only on the devices that participate in each conversation. Within a secret conversation, you can also choose to set a timer to control the length of time each message remains visible within the conversation. Disappearing messages ensure that messages are no longer visible within a selected time after they are sent or received. Both devices automatically hide messages that specify a timeout once the message timeout has elapsed.
However, unlike WhatsApp, secret conversations are opt-in, requiring users to actively decide to take the stealth route. According to Facebook:“Starting a secret conversation with someone is optional. That’s because many people want Messenger to work when you switch between devices, such as a tablet, desktop computer or phone. Secret conversations can only be read on one device and we recognize that experience may not be right for everyone. It’s also important to note that in secret conversations we don’t currently support rich content like GIFs and videos, making payments, or other popular Messenger features."
This also means that Facebook Messenger is not as foolproof as WhatsApp, which offers full end-to-end encryption, by default, without requiring the user to do anything about it and implying that all the messages exchanged on WhatsApp can only be viewed by the sender and the recipient.
What does encryption mean for Messenger chat bots?
There are currently over 11,000 chat bots that have been launched on Messenger. There are bots for helping you pray, love, eat and even sleep. Yet, they are still in that awkward development phase where developers and users are both figuring out their exact utility. But the implication is that over time, chatbots could become our confidants and friends and even our trusted advisers doling out advice on business or even legal issues. “A potential employee could chat with a bot in a secure environment, one that will never show up on any other device and will automatically disappear, to ask about employment opportunities without worrying whether your boss will see the chat (or whether a human on the other end will whisper about it to your brother-in-law who works at the firm)," tech writer John Brandon says.
In this scenario, encryption would become all-important. Facebook’s secret conversations are available on a test basis currently and expected to become available to all Messenger users over the course of the summer.