2 min read

Finally! Facebook and Messenger are getting default end-to-end encryption. And not everyone is happy...


December 07, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Finally! Facebook and Messenger are getting default end-to-end encryption. And not everyone is happy...

It's taken a while, but it finally looks like end-to-end encrypted conversations are going to become a reality for users of Facebook and Messenger.

In a blog post, Loredana Crisan, Meta's Head of Messenger, announced that the company has begun to roll out end-to-end encryption (E2EE) for personal chats and calls.

The good news?  Meta is turning on the privacy-preserving encryption, which is built upon the highly-regarded Signal protocol as well as its own Labyrinth protocol, by default.

This means is that only you (the sender) and the intended recipient will be able to access the contents of a message.  No-one else (including law enforcement or Facebook parent company Meta itself) will be able to see what you have sent, and nor will they be able to forge messages to appear as if they have been sent from someone else's account.

Facebook, of course, has a long history of making dubious decisions when it comes to the safety of its users - often enabling features that weaken users' privacy without their informed consent, and requiring those who do realise they have been put at risk to disable features.

This time, however, they seem to be doing the right thing - and taking Messenger a step closer to the full end-to-end conversation encryption offered by its stablemate WhatsApp as well as rival Signal.

"We worked closely with outside experts, academics, advocates and governments to identify risks and build mitigations to ensure that privacy and safety go hand-in-hand," said Crisian.

For now, encryption for group chats remains a feature that will require you to opt-in.  One hopes that this may change in the fullness of time.

For now, though, everyone should be happy about Meta rolling out end-to-end encryption - right?

Well, don't assume that too quickly. The UK Government, for instance, has been publicly applying pressure on social media and secure messaging firms to not deploy secure end-to-end encryption - arguing that it will make it hard to investigate the sharing of child sexual abuse content and allow paedophiles to groom victims.

Signal and WhatsApp have already said that they will refuse to comply with demands to weaken encryption, saying that the technology shields journalists, human rights lawyers, marginalised groups from rogue regimes, and preserves the privacy of everybody.

For its part, Meta says "when E2EE is default, we will also use a variety of tools, including artificial intelligence, subject to applicable law, to proactively detect accounts engaged in malicious patterns of behaviour instead of scanning private messages."

The company has previously described some of the measures it takes to identify suspicious adults on its networks.

The message is clear.  You should buckle up, as an almighty fight is just around the corner between the tech companies rolling out end-to-end encryption for their messaging services and the governments who are furious they will no longer have a route to snoop on private messages.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like