Meta, Facebook’s parent company, is testing new features to boost security and privacy on its Messenger app.
Starting with end-to-end encryption (E2EE) by default in Messenger chats. In addition, Meta has launched a new online E2EE storage service, called “Secure Storage, to save chat histories.
The social media giant will also test a feature to unsend a message – similar to the “delete for all” option in WhatsApp group chats.
Privacy by default
End-to-end encryption has actually been available on Messenger since 2016. But in order to take advantage of it, users need to enable it. Soon, this security measure will be enabled by default.
End-to-end encryption, or E2EE, means that all messages are encrypted, both when they are sent and when they are stored, on the user’s device or on a remote server. Currently, every encryption-protected chat in Messenger is only stored on each user’s device. But if all the chats were kept on one device, it would require a large amount of storage space. This is why Meta plans in the future to store all E2EE chats on its servers by default, in its Secure Storage service.
Moving to end-to-end encryption by default in Messenger is in line with Meta’s plans. Last November, the company announced that it would postpone this measure for Messenger and Instagram from the end of 2022 to 2023. The reason? Meta explained that he had to assess the balance between user privacy and public safety, particularly regarding collaborations with law enforcement.
A new way to store encrypted messages
But Messenger’s Secure Storage feature is new and will become “the default way to protect your end-to-end encrypted conversation history on Messenger,” said Sara Su, director of Messenger Trust product management in a blog post. blog. “As with end-to-end encrypted conversations, the secure storage feature means that we won’t have access to your messages unless you choose to report them to us,” says Sara Su.
Since encrypted Messenger conversations are stored in Meta’s data centers and not on the user’s device, users who lose their device can still access the conversation history. But it also means that all encrypted chats are now stored on Meta’s servers.
End-to-end encryption will make it harder for law enforcement to access content like photos and chats, but they will still be able to access metadata, like location, device IDs, and creation timestamps. accounts.
Coming soon encrypted calls
Facebook began testing Secure Storage on Android and iOS this week, but it’s not yet available on the Messenger website, Messenger desktop app, or chats that aren’t protected by E2EE.
To access Secure Storage backups, users must create a PIN or generate a code that they must save in order to access backups in the future. The private key can be saved in services like Apple’s iCloud Keychain. But Sara Su points out that the key, if stored by Apple’s password manager, will not be protected by Messenger’s end-to-end encryption.
The latter adds that Facebook plans to introduce end-to-end encrypted calls in the Calls tab of Messenger in the future.
The fleeting mode will disappear
Facebook is also releasing Code Verify, a browser extension for Chrome, Firefox, and Microsoft Edge. The latter automatically verifies the authenticity of the code when using the web version of Messenger.
“This will allow you to confirm the security effectiveness of our end-to-end encryption by showing that your web code has not been tampered with or modified,” explains Sara Su.
However, the implementation of end-to-end encryption has other consequences on the operation of Messenger. For example, the fleeting mode will disappear. Ephemeral messages (which disappear after a specified time) will be retained in end-to-end encrypted chats. Ephemeral Mode will still be available on Instagram, but it’s not E2EE.
In conclusion, Sara Su says that Meta will continue to “update you on our progress towards the global rollout of end-to-end encryption by default for messages and personal calls in 2023”.
Source: ZDNet.com