End-to-End Security for Facebook Messenger

Jon Millican and Reed Riley (Hacker News):

• We are beginning to upgrade people’s personal conversations on Messenger to use end-to-end encryption (E2EE) by default.
• Meta is publishing two technical white papers on end-to-end encryption:
  • Our Messenger end-to-end encryption whitepaper describes the core cryptographic protocol for transmitting messages between clients.
  • The Labyrinth encrypted storage protocol whitepaper explains our protocol for end-to-end encrypting stored messaging history between devices on a user’s account.

It even works in the Web interface. Advanced Data Protection for iCloud requires manually opting in, and you can only do that if all your devices are new enough. So, ironically, this may mean that Facebook Messenger will be effectively E2EE for most users before iMessage is.

Tim Hardwick:

As things stand, end-to-end encryption for group Messenger chats remains opt-in, and Meta previously said that Instagram messages will be encrypted “shortly after” the rollout of default encryption for Messenger chats.

Previously:

• iCloud Advanced Data Protection Uptake
• Standalone Beeper Mini Brings iMessage to Android
• iMessage Contact Key Verification
• Nothing’s iMessage App Was a Security Catastrophe
• Apple to Add RCS Messaging in iOS 17 Update
• U.K. Proposal to Weaken Messaging Security
• Advanced Data Protection for iCloud
• Rewriting Facebook Messenger

Update (2023-12-11): Mike Masnick:

It’s extremely rare that I’d offer kudos to Meta, but this is a case where it absolutely deserves it. Even if some of us kept pushing the company to move faster, they did get there, and it looks like they got there by doing it carefully and appropriately (rather than the half-assed attempts of certain other companies).

Update (2023-12-12): See also: Bruce Schneier.

Facebook Messenger iOS iOS 17 iOS App Privacy Web

Comments RSS · Twitter · Mastodon

Leave a Comment

Name

E-mail (will not be published)

Web site

Δ