Facebook Starts Testing End-to-End Encryption in Messenger ⇥ newsroom.fb.com

Facebook PR:

We put people first in everything we do at Messenger, and today we are beginning to roll out a new option within Messenger to better support conversations about sensitive topics. Your messages and calls on Messenger already benefit from strong security systems — Messenger uses secure communications channels (just like banking and shopping websites) as well as Facebook’s powerful tools to help block spam and malware. We’ve heard from you that there are times when you want additional safeguards — perhaps when discussing private information like an illness or a health issue with trusted friends and family, or sending financial information to an accountant.

To enable you to do this we are starting to test the ability to create one-to-one secret conversations in Messenger that will be end-to-end encrypted and which can only be read on one device of the person you’re communicating with. […]

Given that their entire business model is built on exploiting users’ privacy, Facebook has been making some significant investments in securing some aspects of what they do. Last year, they introduced PGP-encrypted emails; now, they’ve added end-to-end encrypted conversations in Messenger.

I have a problem with the naming of this feature: “secret conversations”. This phrase is repeated throughout their press release, so it doesn’t seem like a throwaway remark. It implies that there isn’t an expectation of privacy within a regular conversation. Enabling end-to-end encryption is not “secretive”, nor does it indicate that one is hiding something — it should be expected that a chat is private.

Starting a secret conversation with someone is optional. That’s because many people want Messenger to work when you switch between devices, such as a tablet, desktop computer or phone. Secret conversations can only be read on one device and we recognize that experience may not be right for everyone. It’s also important to note that in secret conversations we don’t currently support rich content like GIFs and videos, making payments, or other popular Messenger features.

iMessages are end-to-end encrypted, sync between devices,¹ and support GIFs and videos. I’m not sure why Facebook couldn’t make this work, though it might have something to do with iMessage being hardware-integrated — a given Apple device’s UDID can register up to five iMessage accounts, for example, so there might reasonably be deeper-level verification at play. Facebook has released a full technical whitepaper (PDF) if you’d like to learn more.