Facebook has officially rolled out end-to-end encryption to all users of its Messenger platform through a new feature called Secret Conversations. This feature will allow the nearly 1 billion users of the platform to protect their chats from outside eyes, and set them to self-destruct.
If this news sounds familiar, it’s because Facebook began beta testing the feature among select users back in July. Facebook-owned WhatsApp began offering encryption in April 2016, and Apple’s iMessage and Google’s Allo also offer the service. Facebook posted a Help Center list of tips here.
The new feature is based on the Signal Protocol developed by Open Whisper Systems, which is also what powers the encryption behind WhatsApp and Google Allo. However, Allo recently came under fire from Edward Snowden, who took to Twitter to urge his followers not to use the messaging platform.
SEE: Enterprise encryption: Trends, strategic needs, and best practices (Tech Pro Research)
It’s important to note that, while encryption is available to all users, it is an opt-in feature. That means that it won’t be turned on by default; rather, the user will have to enable it. Thankfully, it’s a pretty simple process.
First, it’s important to understand how it works. Both the sender and the recipient will have a device key to verify the encryption. But, just because you have sent the message with encryption doesn’t mean that the recipient won’t share it with others via a screenshot or by other methods. Make sure it is someone you trust.
To turn on Secret Conversations, start from the home screen on the Messenger app, and tap the icon to compose a new message. In the top right corner of the screen, you will see the word “Secret,” which you should tap. Then choose who you want to send it to, and compose your message. If you want to set a timer, tap the clock icon in the text box portion of the message and set it for the amount of time you want the message to be accessible by the recipient.
Currently, the feature is only available on the iOS and Android versions of the app, and the encrypted messages will only show up on the devices used to create and open the messages, according to the Facebook Help Center.
When you are looking at your conversations, the ones with a padlock icon next to the name of the person you’re communicating with are the Secret Conversations. But, these conversations have some limitations.
According to Facebook, “With secret conversations, you can send messages, pictures and stickers. Secret conversations don’t support group messages, gifs, videos, voice or video calling or payments.”
What’s interesting is how easy it is to bypass the encryption. According to Facebook, a user can report an encrypted message if they believe it goes against Facebook’s Community Standards. And, if a message thread is reported, “recent messages from that conversation will be decrypted and sent securely from your device to our Help Team for review. We won’t tell the person you’re talking to that you reported it.”
Those violations can include “bullying or harassment, threats, and sexual violence or exploitation.” Also, even if a conversation has been set to self destruct or disappear, Facebook can still access it if it is reported. This is an interesting take on encryption and privacy, to say the least.
The 3 big takeaways for TechRepublic readers
- Facebook Messenger enabled end-to-end encryption for all users with Secret Conversations, but it has some interesting loopholes.
- Secret Conversations have device keys to verify encryption, and can be set to disappear after a certain time, but Facebook can still access and decrypt them if they are reported.
- Facebook Messenger follows companies like WhatsApp, Apple’s iMessage, and Google Allo in offering encryption, which seems to be more in demand with users.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays