This week, Meta announced that it’s getting closer to having end-to-end encryption (E2EE) on all its messaging platforms, including Messenger and Instagram.
WhatsApp has had E2EE since 2016, so those who use Meta’s other apps to chat have had to wait a very long time for Messenger and Instagram to catch up.
E2EE is important because it means that your messages are always encrypted: first on your device, during their journey to the other person’s device, and remain encrypted on any web servers.
Without E2EE, your messages should still be encrypted while they’re sent to the recipient, but can be vulnerable if any servers they’re stored on are hacked, or even accessed by employees who have access to the server.
Meta said on Tuesday that it has “started gradually expanding testing default end-to-end encryption for Messenger.” In other words, you don’t have to opt in to benefit: it happens automatically.
As for when you can expect to see a notification that your Messenger chats have E2EE, Meta said the process will be relatively slow and that it will be enabled at random.
“Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption. We will notify people in these individual chat threads as they are upgraded. We know people will have questions about how we select and upgrade individual threads, so we wanted to make clear that this is a random process. It’s designed to be random so that there isn’t a negative impact on our infrastructure and people’s chat experience. This also ensures our new end-to-end encrypted threads continue to give people the fast, reliable and rich experience on Messenger.”
“Building a secure and resilient end-to-end encrypted service for the billions of messages that are sent on Messenger every day requires careful testing. We’ll provide updates as we continue to make progress towards this goal over the course of 2023.”
Given that E2EE has been available for group chats and calls on Messenger for almost a year, you’d be forgiven for wondering why it has taken so long for it to be fully rolled out as the default for all chats, including between individuals.
The simple fact is that it is not simple to do it. You might assume because Meta owns Facebook, WhatsApp and Instagram, it can just take the encryption from WhatsApp and bolt it onto the other services. Unfortunately, it doesn’t work like that, and it takes a lot of work.
It isn’t just messages that have to be encrypted, either. Any media you send: photos, voice recordings, videos, GIFs, also have to be encrypted.
Meta has said that it is now adding more features to encrypted chats including custom emojis and reactions, chat themes, previews for links, group profile photos, Android chat bubbles and active status, so people can see when you’re using Messenger.
Although it hasn’t said so, we expect the usual E2EE loopholes to exist in Messenger – and eventually Instagram – so it’s always worth bearing those in mind rather than assuming that anything you send to someone is completely private.
One of those is the fact that the recipient can take screenshots, photos or videos of the conversation and share those with anyone. They might also be able to flag it to Meta in the same way WhatsApp users can if they ‘Report’ a message sent to them. This is forwarded to WhatsApp moderators who can read it.
However, that’s not to say E2EE isn’t a valuable feature to have. Only in August last year, a 17-year old and her mother were prosecuted for aborting a baby when a court ordered Facebook to turn over messages they sent. Those were then used as the basis for a search warrant where laptops and phones were seized, containing plenty more data.
If the Messenger chat had been encrypted with E2EE, it wouldn’t have been possible for Meta, a court or anyone else to read what had been said.
Of course, this is the drawback of E2EE: it affords privacy for everyone, whether they’re having an innocent conversation, or planning a crime.
Meta is slowly rolling out E2EE on Instagram as well. Currently it’s available in a few countries including Russia and Ukraine and isn’t the default: you have to tap the padlock icon next to Start end-to-end-encrypted chat. You can read more on Meta’s blog.