Facebook is planning to begin a test of end-to-end encryption for its Messenger service, which could eventually bring encrypted conversations to the company’s more than 1.5 billion users.
The test is due to begin today, according to reports, and will involve a small fraction of the Facebook user base at the beginning. Facebook Messenger is the company’s text messaging app, and it has nearly a billion active users. The company is now testing an option called “secret conversations” for Messenger, which will enable the end-to-end encryption capability.
However, the encryption option is not turned on by default. Users will have to opt-in to the encrypted mode, something that makes the Messenger security different from that of secure messaging apps such as Signal. In Signal, built by Open Whisper Systems, the encryption is on at all times, as is the case in WhatsApp, a separate messaging app owned by Facebook. Apple’s iMessage also employs default end-to-end encryption. Facebook is implementing the Signal protocol for its encryption, an important decision as Signal is considered in the security community to be among the more secure and well-designed protocols.
“While this release does not enable end to end encryption for all conversations by default like you’d find in WhatsApp or Signal, it’s still a big step, and we hope that Messenger will continue to iterate on this deployment to make end to end encryption more pervasive throughout their product,” Moxie Marlinspike, the creator of Open Whisper Systems, said in a post.
“The Secret Conversations threat model considers the compromise of server and networking infrastructure.”
Right now, the secret conversation mode will only be available on one device per user, due to key distribution limitations. There also is a mode that allows users to set expiration times for messages, and those messages are always encrypted. In a technical paper on the new system, Facebook engineers said the plaintext of the messages are only ever stored on the individual devices, not on Facebook’s servers.
“Secret Conversations plaintext messages are stored permanently only on the devices that participate in each conversation. Plaintext messages are protected using on-device symmetric-key encryption and optional Disappearing Messages functionality. On-device encryption ensures that messages stored permanently on a particular device are only accessible while a user is authenticated to Facebook,” the paper says.
“Messenger allows users to switch accounts. While a second user is logged in to particular device messages of the first user should not be accessible. However, when the first user returns to the same device they should find their messages intact.”
Facebook’s move is a major one, as it brings encrypted messaging to nearly a billion people, once the rollout is completed later this year. iPhone users have had encrypted iMessage for years, and users of other smartphones have had options too, including Signal on Android. But there is still a large swath of people who spend much of their time in Facebook, so the encrypted messaging option is key. In its paper, Facebook said the encryption option in Messenger is meant to protect users against compromises anywhere along the route.
“The Secret Conversations threat model considers the compromise of server and networking infrastructure used by Messenger — Facebook’s included. Attempts to obtain message plaintext or falsify messages by Facebook or network providers result in explicit warnings to the user,” the paper says.