Facebook Starts Testing End-to-End Encryption and More on Messenger

Facebook announced it will begin testing end-to-end encryption on individual Messenger chats as well as a secure backup feature for end-to-end encrypted chats. Facebook Messenger chats are currently unencrypted as a default, but users can opt in to make their messages end-to-end encrypted in their Facebook settings.

This move comes shortly after Facebook received public backlash for handing over user data, including Messenger chats, to Nebraskan authorities for evidence in a case.

What is end-to-end encryption? End-to-end encryption (E2EE) is a type of secure communication where data is encrypted on one device and decrypted on the recipient device. It’s normally used for instant messaging to ensure only you and whoever you’re talking to can access the messages and media you send or receive. Encryption scrambles your data, which prevents outsiders from seeing what’s actually there.

A Limited Test Case

While Facebook doesn’t have the best reputation for privacy measures, its end-to-end encryption is theoretically secure and keeps both the company and outsiders from seeing your private messages. Facebook spokesperson Alex Dziedzan said the move was “not a response to any law enforcement requests” or, presumably, the resulting backlash stemming from it.

Dziedzan also said the process to implement E2EE is complicated and that this test will be limited to a couple of hundred users for now. That way, the company can make sure that its systems are working properly. Apparently Facebook’s parent company, Meta, had planned on releasing the E2EE update in 2022, but the full release has been pushed into 2023.

Facebook Messenger PIN for end-to-end encrypted chats
Secure your chats with a PIN when the new feature launches.

Facebook Messenger also currently stores your message history on your device. Facebook is looking into providing a secure cloud-based backup solution so you can restore your message history if you lose it or switch devices. The company maintains that it won’t have access to encrypted private messages through the secure backup storage.

Facebook hasn’t disclosed the full extent of information it handed over to authorities in the Nebraska case. The details of the warrant (first published by Motherboard), however, reveal that Facebook handed over the account’s private messages, photos, wall postings, friend list with Facebook IDs, and profile contact information.

Facebook handing over user data to the police is yet another reminder that people don’t own their personal data, companies do. It’s caused a renewed effort from experts and human rights organizations in calling for more limits on the data companies can collect and what they can do with it.

Experts Call For Limits on Data Stored by Tech Companies

“The only way for companies like Facebook to meaningfully protect people is for them to ensure that they do not have access to user data or communications when a law enforcement agency comes knocking,” Evan Greer, the director of the digital rights group Fight for the Future, told The Guardian.

That’s a philosophy we adopted at CyberGhost VPN with our No Logs policy. If we don’t collect any user data (and privacy-friendly Romania, where our offices are, doesn’t force us to) then we can’t hand any data over to the authorities.

In theory, end-to-end encryption would have prevented Facebook from handing over that account’s private messages. Unfortunately, most users don’t opt in to have encryption turned on, but there’s no reason why it shouldn’t automatically be on from the start. 

While this is a good move on Facebook’s part, experts point out that the company still collects a host of other personal data it can hand over to authorities. That’s why digital rights groups are advocating for more significant limits on the data companies collect and retain. Until companies are held in check, people won’t have control over who gets access to their private information, messages, and media.

It’s possible to limit data collection, though, by only using encrypted messengers, private browsers, turning on privacy settings, and using CyberGhost VPN to encrypt your connection. 

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*