Following a high-profile incident in which Facebook messages were submitted to a 17-year-old girl and her mother in a Nebraska abortion case, Meta on Thursday said it would expand testing of end-to-end encryption in Messenger . of a planned global rollout.
This week, the company will begin automatically adding end-to-end encryption to Messenger chats for more people. In the coming weeks, it will also increase the number of people who can start using end-to-end encryption on Direct Messages in Instagram.
Meanwhile, the company has started testing a feature called “secure storage” that will allow users to restore their chat history when they install Messenger on a new device. Backups can be locked by a PIN, and this feature is designed to prevent the company or anyone else from being able to read their contents.
The global rollout is expected to be completed next year.
Meta told Wired that she had long planned to make these announcements, and the fact that they came so quickly after the abortion case came to light was a coincidence. However, compared to the practical challenges of making encrypted messaging the default for millions of people, I’m less interested in timing. In a recent conversation with Meta employees, I’ve come to understand more about how time-consuming — and how consumer apathy toward encryption — has created challenges for the company as it tries to build a secure messaging app. Works for what the user base will actually use.
It’s now been three years since Mark Zuckerberg announced that, going forward, the company’s products will embrace encryption and privacy, amid the ongoing shift from public feeds to private chats. At that time, WhatsApp was already end-to-end encrypted; The next step was to bring the same level of security to Messenger and Instagram. Doing so requires that the apps be rebuilt almost from scratch – and teams have faced many obstacles along the way.
The first is that using end-to-end encryption can be a pain. This is often the tradeoff we make in exchange for more security, of course. But average people may be less inclined to use a messaging app that requires them to set a PIN to restore old messages, or displays information about the security of their messages that confuses them. Or seems off-putting.
The second, related challenge is that most people don’t know what end-to-end encryption is. Or, if they’ve heard of it, they may not be able to distinguish it from other, less secure forms of encryption. Gmail, among many other platforms, encrypts messages only when a message is in transit between Google’s servers and your device. This is known as transport layer security, and it provides good protection for most users, but Google – or law enforcement – can still read the contents of your messages.
Only a minority are identified as being significantly concerned about their privacy.
Meta’s user research has shown that people get worried when you tell them you’re adding end-to-end encryption, one employee told me, because it scares them away that the company is using them before now. Will be reading messages. Users also sometimes assume that new features have been added for the benefit of Meta, not their own – which is why the company has labeled the archived messaging feature “secure storage” rather than “automatic backup”. , so as to emphasize safety in branding.
When he company surveyed users earlier this year, only a minority were identified as being significantly concerned about their privacy, I’m told.
On Tuesday, I wrote that companies like Meta should consider going beyond end-to-end encryption to make messages disappear by default. An employee told me this week that the company is considering doing so, but so far use of the feature in Messenger — where it’s available as an option — has been so low that making it the default has generated little enthusiasm internally. Has happened.
Conversely, I’m told, access to older messages is a high priority for many Messenger users. Messing around with it too much can leave users scrambling for communication apps like the ones they’re used to – the kind where your chat history is stored on servers where law enforcement might be able to make requests and read it. Is.
A third challenge is that it can be difficult to maintain end-to-end encryption, even within Facebook, I’m told. Messenger is integrated into the product in a way that can break encryption — Watch Together, for example, lets people message each other while watching live video. But it inserts a third person into the chat, which makes encryption more difficult.