Facebook Will Begin Testing End-To-End Encryption As Default On Messenger App

Facebook announced on Thursday it will begin testing end-to-end encryption as the default option for some users of its Messenger app on Android and iOS. The Guardian reports: Facebook messenger users currently have to opt in to make their messages end-to-end encrypted (E2E), a mechanism that theoretically allows only the sender and recipient of a message to access its content. Facebook spokesperson Alex Dziedzan said on Thursday that E2E encryption is a complex feature to implement and that the test is limited to a couple of hundred users for now so that the company can ensure the system is working properly. Dziedzan also said the move was "not a response to any law enforcement requests." Meta, Facebook's parent company, said it had planned to roll out the test for months. The company had previously announced plans to make E2E encryption the default in 2022 but pushed the date back to 2023. "The only way for companies like Facebook to meaningfully protect people is for them to ensure that they do not have access to user data or communications when a law enforcement agency comes knocking," Evan Greer, the director of the digital rights group Fight for the Future, said. "Expanding end-to-end encryption by default is a part of that, but companies like Facebook also need to stop collecting and retaining so much intimate information about us in the first place."

It's bullshit

[rtkluttz]

If you, as the owner, don't control the encryption algorithm and encrypt BEFORE an application sees it, then you have to assume it isn't encrypted. The company can get to your data regardless of what they say.

Re:It's bullshit

[rtkluttz]

Also, forgot to mention... Apple successfully pulled the wool over everyone's eyes and turned something that is bad into good publicity when they fooled public into believing they care about your security back when they were not giving police access to the iphone for the suspected terrorist in California. Not one person in the media asked the question that should have been asked.... "why is it even possible for Apple to give up the keys to the kingdom in the first place". It's not that they DIDN'T do it, it is the fact that it is even possible. Device owners should be able to encrypt using the algorithm and encryption tools of their choice that are out of the control of the device maker... it should even be possible to double encrypt from two different vendors, so that if one caves or has malware you can still rest assured that liklihood of both systems being compromised is extremely low. But regardless, it should not even be possible for Apple to give up your data and not a single person caught on to that and called them on it.

Re:It's bullshit

[Mousit]

Not one person in the media asked the question that should have been asked.... "why is it even possible for Apple to give up the keys to the kingdom in the first place". ...... But regardless, it should not even be possible for Apple to give up your data and not a single person caught on to that and called them on it.

Your statement simply isn't true, but apparently no one caught on to that and called you on it. Sad that such an easily-debunked claim is modded insightful.

Apple doesn't have the ability to "give up the keys to the kingdom", and can't unlock/decrypt an iPhone (they CAN however provide iCloud data, and they do so when presented with a warrant; they have never hidden this fact). What Barr and the FBI were trying to force Apple to do was help them literally hack the phone [vox.com], and crack the security. Apple refused to do this, and refused to help in the creation of a backdoor. They did NOT have the ability to simply unlock the phone. Never did.

Barr and the FBI tried forcing them again with the Pensacola shooter [vox.com] and Apple again publicly noted they don't have the ability to unlock/decrypt the phone. And again, what they refused to do was help with the creation of tools to crack the security and/or backdoor it.

Re:

[thegarbz]

If you, as the owner, don't control the encryption algorithm and encrypt BEFORE an application sees it, then you have to assume it isn't encrypted.

If you as the owner didn't completely from the ground up design and build your own hardware and program your own OS, then you have to assume it isn't encrypted.

Never let perfect be the enemy of good enough. Most of us are not being targeted by the CIA's best and brightest.

If they do it then it'll be End to End

[rsilvergun]

this is about abortion. An 18 year old girl is currently being prosecuted based on info they got from Facebook. She had the abortion before Roe v Wade was overturned, so they're not charging her with murder, instead using laws designed to work around Roe when it was in place. But now that Roe is dead the next time a girl is charged it'll be murder 1.

FB doesn't want the bad press, so they're trying to figure out how to keep that info out of law enforcement's hands. Trouble is, they want to be able to rea

Really?

[haus]

Does anyone trust Facebook?

Anyone?

I'm marking my own words

[sentiblue]

What's the point for FB to develop E2E encryption? The whole idea is to protect messages so that only the sender and the receiver can read the messages. The way it'd work is that each device generates its own private/public keys. When A adds B to his friend list, A's public key will be offered to B which B uses to encrypt messages for A, and vice versa.

During the generation/offering of the trust process, how much are you willing to bet that FB will intercept that private key and send it to themselves? Maybe not right at that moment to avoid detection, but will in a discreet/creepy way at a later time, using an encryption that only they have the private key for. When they want to read a message, all they need is the private key of the receiver. I'm going to remember date/time that I wrote this msg and will dig it up in the future when FB is caught red-handed stealing people's messages.

Re: I'm marking my own words

[alvian]

Iâ(TM)m also skeptical but feel Facebook is really doing this to cover their own ass in the future. Recently Nebraska filed a subpoena to gather evidence for illegal abortion and disposal of fetus. Accused was asking her mother for help on Facebook messenger. That became the key evidence against her.

Re:

[thegarbz]

how much are you willing to bet that FB will intercept that private key and send it to themselves?

I'll take that bet, partially. One of the biggest defences companies have against law enforcement requests is a lack of access, and it's a defence Facebook has used many times already with E2E messaging on WhatsApp. Not complying with court orders isn't a finable offense, it's the kind of offense where people go to jail. I will happily wager you that the decision makers won't open themselves up to that kind of liability.

Now that said Facebook does need to implement some form of ability to extract the key, o

Re:

[sentiblue]

I forgot another easy method: When the device generates a pair of keys, FB can simply make that key trust FB's existing key... which allows them to decrypt without even having access to the user's key. That way, a stored message can be viewed by them and nobody can prove it.

Intimate

[markdavis]

>"but companies like Facebook also need to stop collecting and retaining so much intimate information about us in the first place."

Or perhaps users should stop using Facebook, or at least stop giving them "intimate information" in the first place?

Why would you want Messenger app on iOS ?

[bsdetector101]

Why would you even want FB Messenger app on iOS ? Anything from FB on iPhone. Wife has FB on her iPad, but won't have anything Fb on iPhone.

they will just pull your data to sell

[Growlley]

before they encrypt it and just before they display it at the other end. Its face book the only safe way is to nuke them from orbit then shove the entire planet through a worm hole.