Facebook today began a test program rolling out opt-in end-to-end encryption for its Messenger service called Secret Conversations.
The end-to-end encryption is based on the Signal protocol developed by Open Whisper Systems, the same protocol that stands up the crypto in the Signal and WhatsApp messaging applications.
The Facebook version of the encryption service is not on by default and is available only on one device at a time.
“Starting a secret conversation with someone is optional. That’s because many people want Messenger to work when you switch between devices, such as a tablet, desktop computer or phone,” Facebook said in its announcement. “Secret conversations can only be read on one device and we recognize that experience may not be right for everyone.”
CSO Alex Stamos sent out a series of tweets further explaining the company’s rationale, attempting as well to quell criticism that end-to-end encryption is not on by default:
> Reason #1: FBM is multi-device, and we'd like to see E2E usability improve to support this. For now, pick one device and keys never leave it > > — Alex Stamos (@alexstamos) July 8, 2016
> Reason #2: Secret conversations don't currently support popular features like searching message history, switching devices, voice/video, etc > > — Alex Stamos (@alexstamos) July 8, 2016
> Reason #3: Hundreds of millions use Messenger from a web browser. No secure way to verify code or store keys without routing through mobile. > > — Alex Stamos (@alexstamos) July 8, 2016
Facebook also today published a white paper that delivers technical details and explains how Secret Conversations was designed to be a device-to-device interaction. That differs from Facebook Messenger which is designed to allow individuals or groups to have the same conversation across multiple devices regardless of whether the chat was initiated in a browser or mobile app. Users will have to designate a preferred device for Secret Conversations, Facebook said, adding that keys are generated on and managed by the device, and the keys are never shared with Facebook. Messages are encrypted with AES-CBC and authenticated using HMAC-SHA256.
While users may designate new preferred devices, Facebook said that existing messages and crypto keys are not transferred to the new preferred device.
“Facebook responds with a message-bounced error to any future messages sent to the old preferred device by users with pre-established secret conversations. Senders that receive such bounces initiate a new secret conversation with the new preferred device and display identity-key-changed warnings to the user,” Facebook said in its white paper. “Messenger does not automatically resend bounced messages to the new preferred device — an explicit resend action from the user is required.”
Close to a billion people use Messenger, and despite the availability of end-to-end encryption as an option, some privacy and civil liberties advocates aren’t ready to pat Facebook on the back.
> Opt-in encryption favors educated users who have the time to learn about obscure security settings. Not cool Facebook. > > — Christopher Soghoian (@csoghoian) July 8, 2016
“While this release does not enable end to end encryption for all conversations by default, like you’d find in WhatsApp or Signal, it’s still a big step, and we hope that Messenger will continue to iterate on this deployment to make end to end encryption more pervasive throughout their product,” said Signal developer Moxie Marlinspike.