Meta rolls out default end-to-end encryption on Messenger, Facebook

Meta has announced that the immediate availability of end-to-end encryption for all chats and calls made through the Messenger app, as well as the Facebook social media platform.

End-to-end encryption (E2EE) protects clear data by ensuring that it is readable only to the parties involved in the exchange. Anyone else accessing it would get scrambled information.

It works by encrypting the data on the sender’s device using a unique encryption key so that it travels safely over the internet in a form that cannot be decoded by intermediaries.

The recipient of the message decrypts it locally on their device using a private key that is only available to them.

Communication exchange between two clients
Communication exchange between two clients (Meta)

E2EE has been available in the Messenger app as an optional feature called “Secret Conversations” since 2016 but Meta says it now enables it by default for all users as an additional layer of security.

“The extra layer of security provided by end-to-end encryption means that the content of your messages and calls with friends and family are protected from the moment they leave your device to the moment they reach the receiver’s device” – Meta

The company further explains that “nobody, including Meta, can see what’s sent or said, unless you choose to report a message to us.”

In a separate post with additional details about the underlying technology of the implemented E2EE mechanism, Meta explains that communications and media exchanged through Messenger will be stored in encrypted form on Meta’s servers to maintain availability across all user devices.

For this purpose, Meta’s engineers created a new encrypted storage and on-demand cyphertext retrieval system named Labyrinth, with details available in this whitepaper.

The new E2EE mechanism introduced to Messenger is based on the open-source Signal protocol, according to the Messenger End-to-End-Encryption Overview paper.

For those who use the browser-based version of Instagram, WhatsApp, or Facebook, Meta released earlier this year a browser extension called Code Verify that checks if the JavaScript libraries used by the services are up-to-date and have not been modified.

If the libraries are altered or tampered, it could prevent E2EE from working and thus reduce the security of communications. If you are a web user of these apps, you can install the Code Verify extension to confirm that the libraries are secure before sending any messages.

Finally, Meta says E2EE in group messaging on the Messenger app is currently being tested and is scheduled for future releases.

Another feature announced in Meta’s E2EE update is the ability to edit sent messages. The action is possible within 15 minutes from the moment it was sent.

Additionally, the company also introduced “disappearing messages,” which last for 24 hours after being sent.

Source: www.bleepingcomputer.com