Last week Facebook announced that it would begin the testing process of a widely anticipated end-to-end encryption capability for its Messenger app. This new level of security would make it possible for Facebook users to send messages that are only visible to senders and recipients, removing the ability for Facebook employees to read any messages.
Image may be NSFW.
Clik here to view.
Facebook users will even be able to set a timer limit for the amount of time that a message can be readable during a conversation. In order to offer this and many other new security features, Facebook as used Open Whisper Systems’ Signal Protocol technology.
While one major caveat is that the encrypted conversation will not make it possible to view single messages on multiple mobile systems simultaneously, the fact that people would want to do this is sort of weird anyway. That said, the encrypted feature is optional and if users deem it more convenient to go without the service, that will be possible too.
Users that want to switch devices in the midst of a conversation may come up against a wall in that the conversations will only be able to be read on one device. If that device is lost or damaged, this could be come increasingly problematic. Encryption will also not enable GIFs, video or payments.
Alex Stamos, chief security officer at Facebook, sent a series of tweets in response to concerns shared by Messenger users.
“All secret messages are encrypted in local storage with two keys and the remote key can be revoked,” he explained. “Further, it’s unlikely that an update to end-to-end encryption will allow it to support multidevice use, which is how millions of Facebook Messenger users currently operate.
Stamos went on to posit that millions of Messenger users speak Web-to-Web, but there will be no way to store code or verify keys without using mobile technology.
Tim Mulligan, senior analyst at Midea Research, stated that end-to-end encryption posits two important users for Facebook given the debate around consumer privacy and security protocols that is picking up steam at a global level:
Image may be NSFW.
Clik here to view.
“First, it would help Facebook appear to be on the side of the digital consumer; and secondly, it allows the company to inhabit the same ethical high ground that has hitherto been the preserve of Apple regarding the privacy of its users.”
That said, Nate Cardozo of The Electric Frontier Foundation believes that Facebook’s dual approach that enables both encrypted and unencrypted messages is a “fundamentally unsafe design choice.”
“It’s just plain too easy to send an unencrypted message when the tool has two options,” he explained. That said, Cardozo conceded that it would have likely caused problems were Facebook to make all messages encrypted. It could have risked losing millions of users who appreciated the Web-to-Web option for Messenger, plus it would have required a huge amount of engineering work, both outcomes likely costing Facebook a huge amount of revenue.
The choice is one of many interesting outcomes of the highly publicized argument between Apple and the US federal government surrounding consumer privacy.
