Facebook rolls out opt-in encryption for 'secret' Messenger chats

Facebook's new Secret Conversations feature for Messenger uses similar end-to-end encryption model as Google's Allo chat app.
Written by Liam Tung, Contributing Writer

Facebook Messenger chats can now be encrypted, just like WhatsApp and Google Allo conversations.

Image: ZDNet

As of today, all of Facebook's 900 million Messenger users should be able to choose to have specific chat threads end-to-end encrypted, protecting a message from all eyes except the sender and recipient. Called Secret Conversations, the feature also allows users to set messages to self-destruct anywhere between five seconds to one day.

Once a Secret Conversation is initiated, Facebook's app says that the conversation has been "encrypted from one device to the other". Encrypted conversations can be started from the home page by tapping a new message and then tapping the Secret button on the top right corner of the page, followed by the contact you want to start a secret chat with.

The new privacy feature follows the completion of Facebook's end-to-end encryption rollout for the billion users of its other chat app, WhatsApp, earlier this year.

Facebook has published a support page explaining the new privacy feature in Messenger. In July it also published a technical paper detailing how it's encrypting messages.

Like WhatsApp, Messenger Secret Conversations uses the Signal Protocol for end-to-end encryption. The protocol was developed by Open Whisper Systems, the maker of Signal, the go-to messaging app for NSA whistleblower Edward Snowden.

Google also settled on Signal for its Incognito mode in the new Allo chat app, the first app to feature Google's new AI-powered Assistant. Messenger Secret Conversations is similar to Allo in that end-to-end encryption is not enabled by default, unlike Signal and WhatsApp.

Google was sharply criticized for that decision by privacy advocates and Snowden, even though the company had made encryption extremely simple to use for millions of people.

As Wired reports, having encryption opt-in may help Facebook avoid the legal run-ins that WhatsApp has recently faced in Brazil after contending it was impossible to assist authorities in a criminal case.

One aspect of communications that end-to-end encryption does not shield is metadata, such as subscriber information, location, and the time of communications.

American Civil Liberties Union revealed yesterday it is providing legal counsel to Open Whisper Systems over a US government subpoena demanding metadata from several Signal accounts. It was also served a national security gag order of the type Microsoft is currently fighting in the courts.

Rights group Electronic Frontiers Foundation (EFF) also criticized Google this week for Allo's opt-in sending the wrong message about the purpose of encryption, since it only draws attention to which messages an attacker should target.

"Allo encourages users to encrypt when they want to send something 'private' or 'secret', which we fear users will interpret as sensitive, shady, or embarrassing," EFF wrote. "And if end-to-end encryption is a feature that you only use when you want to hide or protect something, then the simple act of using it functions as a red flag: 'Look here! Valuable, sensitive information worth hiding over here!'"

EFF suggested Google split Allo into two apps: one that offered secure end-to-end encryption by default, and another that supported its machine intelligence features Smart Reply and Assistant.

At least in Facebook's case, WhatsApp does fit that model.

Facebook notes that Secret Conversations supports messages, pictures, and stickers, but not group messages, gifs, videos, voice, video calling, or payments.

Read more about secure chat

Editorial standards