End-to-End Encryption

Social media company Meta said it will begin testing end-to-end encryption (E2EE) on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services.

“If you’re in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won’t have to opt in to the feature,” Sara Su, product management director of Messenger Trust, said.

The incremental development comes a year after it turned on E2EE for audio and video calls on the messaging service as well as for one-on-one chats in Instagram, and enabled encrypted chat backups for WhatsApp on Android and iOS.

CyberSecurity

E2EE is a secure communication mechanism that scrambles data in transit and prevents third-parties from unauthorizedly accessing information sent from one endpoint to another, including Meta.

“This is because with end-to-end encryption, your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them,” Meta-owned WhatsApp explains in its documentation.

It’s worth pointing out that Meta flipped the switch on E2EE chats in Messenger in January 2022 on an opt-in basis, meaning it requires users to explicitly turn it on to avail the privacy and security guarantees.

End-to-End Encrypted Chat Backups

What’s more, the encrypted backup feature is being ported over to Messenger too in the form of a feature it calls Secure Storage that allows users to create a PIN or a code, which can then be used to restore the chats on a new device.

Further changes encompass an expansion of E2EE trials on Instagram and the removal of vanish mode in Messenger while retaining disappearing messages, which lets messages be automatically erased after a chosen time period.

In addition, it’s extending the Code Verify safeguards it introduced earlier this March to ensure the integrity of WhatsApp Web to include the desktop web version of Messenger.

The updates arrive ahead of a global rollout of default end-to-end encryption for personal messages and calls across Instagram and Messenger in 2023. As it stands, WhatsApp is the only Meta product to be end-to-end encrypted out of the box.

CyberSecurity

They also come in the immediate aftermath of news that Meta shared Messenger chats with law enforcement in a criminal case concerning a 17-year-old’s abortion in the U.S. state of Nebraska, something that was made possible only because conversations on Messenger are still stored in cleartext.

The company, which is facing significant blowback, has since sought to emphasize that the “warrants did not mention abortion at all” and that “police were at that time investigating the alleged illegal burning and burial of a stillborn infant.”

The encryption barriers have also been a point of contention with governments who say the system hinders their ability to counter serious crime like child sexual abuse harms.

Source: thehackernews.com/