Meta has announced that the immediate availability of end-to-end encryption for all chats and calls made through the Messenger app, as well as the Facebook social media platform.
End-to-end encryption (E2EE) protects clear data by ensuring that it is readable only to the parties involved in the exchange. Anyone else accessing it would get scrambled information.
It works by encrypting the data on the sender’s device using a unique encryption key so that it travels safely over the internet in a form that cannot be decoded by intermediaries.
The recipient of the message decrypts it locally on their device using a private key that is only available to them.
E2EE has been available in the Messenger app as an optional feature called “Secret Conversations” since 2016 but Meta says it now enables it by default for all users as an additional layer of security.
The company further explains that “nobody, including Meta, can see what’s sent or said, unless you choose to report a message to us.”
In a separate post with additional details about the underlying technology of the implemented E2EE mechanism, Meta explains that communications and media exchanged through Messenger will be stored in encrypted form on Meta’s servers to maintain availability across all user devices.
For this purpose, Meta’s engineers created a new encrypted storage and on-demand cyphertext retrieval system named Labyrinth, with details available in this whitepaper.
The new E2EE mechanism introduced to Messenger is based on the open-source Signal protocol, according to the Messenger End-to-End-Encryption Overview paper.
If the libraries are altered or tampered, it could prevent E2EE from working and thus reduce the security of communications. If you are a web user of these apps, you can install the Code Verify extension to confirm that the libraries are secure before sending any messages.
Finally, Meta says E2EE in group messaging on the Messenger app is currently being tested and is scheduled for future releases.
Another feature announced in Meta’s E2EE update is the ability to edit sent messages. The action is possible within 15 minutes from the moment it was sent.
Additionally, the company also introduced “disappearing messages,” which last for 24 hours after being sent.