top of page
Writer's pictureSergiu Marias

Meta to enable default end-to-end encryption on Messenger by year-end



Meta has reiterated its intention to enable end-to-end encryption (E2EE) by default for one-to-one friends and family chats on Messenger by the end of the year.


As part of that endeavour, the social media giant announced that it will upgrade "millions more people's chats" on August 22, 2023, exactly seven months after it began progressively expanding the function to more users in January 2023.


The revisions are part of CEO Mark Zuckerberg's "privacy-focused vision for social networking" that was unveiled in 2019, however it has since met substantial technical obstacles, prompting it to postpone its plans by a year.


Cybersecurity

"Like many messaging services, Messenger and Instagram DMs were originally designed to function via servers," said Timothy Buck, Messenger's product manager. "Meta's servers serve as a bridge between the message sender and receiver, which we refer to as clients."


The installation of an encryption layer, on the other hand, meant that the entire system had to be reconfigured so that the servers could not process or authenticate the message content while also ensuring fast delivery of the messages.


The Menlo Park-based company stated that it established a new infrastructure of Hardware Security Modules (HSM) to preserve E2EE and allow users to access their message history via security measures such as a PIN.


Meta added that it rebuilt over 100 Messenger capabilities, including sharing links to external sites like as YouTube, without breaching encryption standards.


Cybersecurity

Unlike in the pre-E2EE scenario, where the server would go directly to YouTube and display an image of the video as a preview to the user, the Messenger app now fetches this information from the service and generates a preview, which is then encrypted as a whole and sent to the recipient.


While law enforcement has pushed back against platforms that enable encrypted conversations by default because it introduces new barriers to gathering evidence of criminal behaviour, E2EE is considered as an important deterrent against unwanted leaks or surveillance on personal communications.


"As we continue to scale up our tests and prepare to roll out the upgraded service," Buck explained, "people will need to update their app to a recent build to access default E2EE." "This is why transitioning all messages to E2EE will take longer than we anticipated."


2 views0 comments

Comments


bottom of page