Meta adopts default end-to-end encryption on Messenger

Meta has announced that end-to-end encryption of one-on-one chats and calls would be the default on Messenger moving forward.

Meta adopts default end-to-end encryption on Messenger
People are seen behind a logo of Meta Platforms, during a conference in Mumbai, India, September 20, 2023. REUTERS/Francis Mascarenhas/File Photo

The backstory: Data encryption is a process that makes text and other data unreadable by scrambling it so that only authorized people can view it. Encryption in transit is when the data is scrambled only during its transfer, so it can still be read by third parties, like those storing the data on either end. The term “end-to-end” encryption (E2EE) refers to an even more secure level of encryption, meaning a message sent will stay secure on both ends of the communication, and even third parties won’t be able to read it.

More recently: In 2016, Meta (Facebook, at the time) introduced encrypted chats as a feature users could opt into. Then in 2019, CEO Mark Zuckerberg promised to have data privacy protection as default on all of Meta’s messaging apps. But it’s been a slow process because of technical and political challenges. Privacy advocates mostly see encryption as a way to ensure the privacy that people expect. But, law enforcement and victim advocacy groups often argue that strong encryption is an obstacle to tackling crimes involving child predators, terrorists and other bad actors. 

The development: Meta has announced that E2EE one-on-one chats and calls would be the default on Messenger moving forward. Encryption on group chats won’t be the default just yet, but there is still an opt-in setting for that. Meta said this move is part of a bigger shift toward making Messenger more like other messaging platforms, like Apple’s iMessage and Meta’s WhatsApp. It also plans to start encrypting Instagram messages soon. The company said E2EE won’t compromise people’s favorite chat features, like themes, reactions and stickers. But it does mean that Meta won’t be able to access the data, and it can’t hand it over to law enforcement, either.

Key comments:

“This has taken years to deliver because we’ve taken our time to get this right,” Loredana Crisan, VP of Messenger, said in a statement. “Our engineers, cryptographers, designers, policy experts and product managers have worked tirelessly to rebuild Messenger features from the ground up.”

“The extra layer of security provided by end-to-end encryption means that the content of your messages and calls with friends and family are protected from the moment they leave your device to the moment they reach the receiver’s device. This means that nobody, including Meta, can see what’s sent or said unless you choose to report a message to us,” wrote Crisan in the statement. 

“It looks just like Messenger, except that under the hood it has really strong encryption,” said Matt Green, a Johns Hopkins cryptographer who previewed the launch. “Getting things to work on the web seems like it was the hard part, but they pulled it off.”

"On Instagram, we are currently testing 'disappearing messages' for one-to-one Instagram Direct conversations in select countries," said Meta engineers Jon Millican and Reed Riley in a blog post.

“I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever,” CEO Mark Zuckerberg wrote in a Facebook post in 2019. “This is the future I hope we will help bring about.”