Meta starts rolling out end-to-end encryption in Facebook Messenger
Surfing the cryptographic wave
Meta is pressing ahead with default end-to-end encryption on chats and calls in Messenger, with the rollout beginning today.
End-to-end (e2e) encryption has been an option on the platform since 2016, but Meta's announcement means it will become the default. However Meta's head of Messenger, Loredana Crisan, noted that it might take some time to update Messenger chats.
"Because there are over a billion Messenger users, not everyone will get default end-to-end encryption right away. It will take a number of months to complete the global rollout," Crisan said.
Users receiving the upgrade will be prompted to set up a recovery method to restore messages if a device is changed or lost.
The update also means that users will be able to edit messages for up to 15 minutes after sending and also have them "disappear." Existing functionality, such as themes and custom reactions, will still be supported.
The upshot is that nobody, not even Meta, can see what's sent or said unless a user reports a message. While Crisan said the company had worked closely with interested parties and governments in the implementation, making encryption the default rather than an opt-in will cause more headaches for authorities – such as Ofcom – should they seek ways to look at messages.
However, only private chats and calls across Messenger have end-to-end encryption set as a default. It remains an opt-in for group chats at present.
- UK Online Safety Bill to become law – and encryption busting clause is still there
- Element users are asking for protection against government encryption busting
- Egad, did Apple do something right? End-to-end encryption for (most) iCloud services
- Meta, Twitter, Apple, Google urged to up encryption game in post-Roe America
Matthew Hodgson, CEO of Element, told The Register: "If you look at the evolution of social media over the past decade, it was inevitable Meta would encrypt Messenger. However, their announcement in 2019 prompted a knee-jerk reaction from governments around the world to try to regulate something that is unregulatable.
"The future of the internet is encrypted and decentralized - safeguarding therefore relies on organizations coming together and educating and empowering users to filter content rather than sabotage encryption, punishing everyone with blanket surveillance."
As part of its announcement, Meta published a pair of papers regarding its approach to cryptography, specifically its Labyrinth protocol [PDF] and an overview of its e2e implementation [PDF].
Hodgson told us: "Labyrinth looks very interesting, but it seems Meta have released the whitepaper purely for transparency rather than expecting or encouraging anyone to independently implement it - it's not designed to be an open standard, or support third parties in any way.
"We're analyzing it currently, and the main novelty appears to be the Oblivious Revocable Function (ORF) used to restrict access to attachments without tracking which attachments are associated with which message. This sort of approach could be very interesting for open protocols such as Matrix in [the] future." ®