What Is End-to-End Encryption in Messenger?
End-to-end encryption, in simple terms, is encrypting or scrambling messages in such a way that they cannot be decrypted unless by the recipient. So the recipient receives the message in an encrypted form and decrypts it.
Messenger has brought about a lot of privacy and safety tools in the past year. Some of these are app locks, disappearing messages, privacy settings, and message forwarding limits. However, the end-to-end encryption feature is still being worked on. Gail Kent, Messenger's policy director, confirmed that in 2022, the feature might be fully available at the earliest.
For a while now, the idea of using end-to-end encryption has become a worldwide phenomenon. The concept is so easy yet so helpful when it comes to improving privacy in communications. Before, any message that anyone sent had a risk of being viewed by a third party. The third-party could be hackers, malicious government elements, or even companies that enable the network service. So, what is an end to end encryption?
End-to-End Encryption in Detail
End-to-end encryption, in simple terms, is encrypting or scrambling messages in such a way that they cannot be decrypted unless by the recipient. So the recipient receives the message in an encrypted form, and then it's interpreted back to the original state that the recipient can understand.
As it was previously named, encryption, or cryptography, was used by ancient Egyptians to privatize their hieroglyphs. It prevented the lower class from making sense of what the higher class folks are communicating. Modern encryption came during the middle ages and was first written by Al-Kindi, an Arab mathematician. Nazi communications over World War 2 were encrypted as the technology level had gone higher by then.
On to applications, the first end-to-end encryption came from Germany, namely Telegram and Threema, among others.
In Messenger, the developer Mark Zuckerberg promised a while back to add end-to-end encryption by default. However, it has been put out there that this process may take years to come to reality. Meanwhile, you can opt for the manual setup to add the encryption until Zuckerberg's promise comes to fulfillment.
Setting Up E2EE on Messenger
By default, Messenger keeps the encrypted keys in a local space. Therefore, it codes the conversations by default as it comes from the owner, the sender, to its server. Then, it encrypts them again from the server to whom the message has been sent. Hence, this leaves only the sender and the receiver with the key to encode the message. The messenger application cannot read the message.
First, go to any Messenger conversation and click on it. Look for a circle that bears an "i" at the upper left of the page.
Next, choose the Secret Conversation toggle from the Setting menu. You will then see a popup asking you to turn on Secret Conversations.
Press Turn On so that it will load
Alternatively, you can access Home and press the +. Then open the lock icon to select the recipient. By enabling encryption, your messages are now coded, but to work, you will set it up manually for all conversations.
How Messenger Encryption Works
When you use the Secret Conversations option, plaintext messages are kept on the participating devices permanently, the sender and the receiver. Plaintext messages use on-device symmetric-key encryption.
Symmetric-key encryption is an encryption type that uses just one key to encrypt and decode the information that has been sent. The information gets converted to a form whereby a third party will not decode the message unless one can access the key.
By using on-device encryption, the conversations are permanently stored on the devices involved, and the only way to access them is through Facebook authentication.
Increasing Conversation Security
There are two ways in which you can add security to the Secret Conversation option:
Through Disappearing Messages
You can increase message security on your device by using the Secret Conversation timer option. Click at the clock icon that you will find in the message box and then select how much time you want to view the message. It can be one day, five minutes, five seconds, depending on what you prefer.
Once that time is done, the Messenger application gets rid of the messages, and they disappear.
By Deleting Secret Conversations
Instead of using the above timer method, there is an option to delete a conversation. The way to go around this is to delete the conversation thread and begin a completely new one without repeating the encryption option.
Here's how:
- Go to a person's icon.
- Click at the “Secret Conversations”.
- Proceed to the Delete and select the Delete All option.
You can now start a new Secret Conversation without manually setting it up again.
Verifying Encryption in Messenger
Messenger's secret conversations are coded, and whether or not you compare keys, they will remain coded. The sender and the recipient both have device keys to verify whether your messages are encrypted or not.
Opening a Conversation Device Key
First, click on a chat that you have encrypted. Next, click on the displayed name and then on the Your Keys section.
To verify, compare that key on your device that you have seen to the keys on their device to make sure they match. By matching, it shows that the messages are encrypted.
Multiple Devices
For secret conversation, you are allowed to use more than a single device. To add a new device, go to the application store on your device and download the Messenger application. Next, sign in to Messenger on that device.
However, note that you cannot see the prior secret conversations on the device. Instead, you will get a notice in past private conversations that lets you and other participants know that you are using a new device.
When you add the device, you can view messages that you sent on secret conversations on all active devices.
Is it End-to-End?
When you receive a message originating from a secret conversation on Messenger, you will tell that the message is private. A black message bubble will appear whereby it is usually blue. There will also be an image stating that the message is encrypted from one device to another, letting the recipient know about the secret chat.
However, it doesn't mean that you cannot have a normal conversation with the same person and have a secret one. When you message them in secret mode, there is a padlock icon displayed to this effect. Notably, just like the regular Messenger conversations, you can report or block users.
Why Opt for End-to-End Encryption?
The most significant advantage you get from end-to-end encryption is that information from a sender to recipient cannot be intercepted and decrypted. It is like sending a mail that no one cannot open unless by a key from the sender, given to the recipient. With end-to-end encryption, you can be sure that what you send remains confidential and private.
Notably, when you send a message, a third party cannot distort the message before getting to the recipient. But, using modern encryption forms, it is instantly detectable when anyone changes the message because it becomes distorted of some sort.
When you get a decrypted message, know that it has not in any way faced distortion, and it is what the person sent to you.
Limits to End-to-End Encryption on Messenger
Knowing the advantages that end-to-end encryption brings along, you might get carried away with the idea that it is the solution to all information transfer issues. Let's see how it's not;
In as much as end-to-end encryption allows you to keep what you share with others a secret, a third party can still acknowledge that the exchange took place. They can tell the time of the day that you sent the message. It could gather attention if the communication were with a person of interest.
Also, even though you have kept all your devices safe and all the data behind passwords, the person you communicated with might not be so careful. If their devices are accessible, that means that what you discussed can be leaked. So, end-to-end encryption definitely does not cover this aspect.
Lastly, if a person can access any of the involved devices, i.e., the sender's or recipient's, they can read all messages as long as they can access the Messenger application. It's not just that; they can reply and send texts on behalf of the owner. It is the reasoning behind implementing extra protection such as a PIN code, fingerprint detection, and passwords. In this way, even when someone steals any of the involved devices, they have no way of impersonating the sender.
Messenger's E2EE in the Future
Even though end-to-end encryption has some limitations, it has still proven to be the most secure way to transfer confidential data. Also, more people have shown interest in a messaging application that does not present any form of advertisement, free from scams.
Messenger identifies the need to balance message security for users and privacy while keeping the platform safe. All this in sync with law enforcement efforts to access data in case of suspicious activity that could cause harm in the world.
In areas like the UK, Messenger receives requests to maintain the platform's messages in an unencrypted form. It will see that the government can tackle abuse, incitements, and the like on the forum. Still, no major conclusion has arrived yet that balances all these elements. Consequently, they are doing more consultations effectively. As of now, the Secret Conversations feature is only available for iOS and Android users.