Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger
7.12.23 Social The Hacker News
Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the "most significant milestone yet."
"This isn't a routine security update: we rebuilt the app from the ground up, in close consultation with privacy and safety experts," Loredana Crisan, vice president of Messenger at Meta, said in a post shared on X (formerly Twitter).
CEO Mark Zuckerberg, who announced a "privacy-focused vision for social networking" back in 2019, said the update comes "after years of work" redesigning the platform. It's worth noting that E2EE for group messaging in Messenger is still in the testing phase.
Encrypted chats were first introduced in Messenger as an opt-in feature called "secret conversations" in Messenger in 2016. Meta's Instagram also has support for E2EE for messages and calls but it's "only available in some areas" and not enabled by default.
"The extra layer of security provided by end-to-end encryption means that the content of your messages and calls with friends and family are protected from the moment they leave your device to the moment they reach the receiver's device," Crisan said.
In August 2023, the social media giant said that it was on track to widely enable the feature by the end of the year but emphasized that it had to re-architect Messenger to ensure that its servers cannot process or validate messages passing through them.
To that end, it not only upgraded over 100 features to incorporate encryption, but also developed new ways for users to manage their message history between devices, like setting up a PIN, by building a new encrypted storage system called Labyrinth.
The PIN is used as a recovery method post the chat upgrade in Messenger so as to help users restore their messages should they lose, change, or add a device to their account.
"Labyrinth – a novel encrypted message storage protocol – aims to address a number of these challenges by enabling users to store their messages server-side, while also maintaining strong privacy," the company said in a whitepaper.
"It is designed to protect messages against non-members (devices and entities which are not enrolled in a user's Labyrinth mailbox), including preventing new messages from being decryptable on revoked devices which may have previously had access to earlier messages, while achieving low operational overheads and high reliability."