Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the “most significant milestone yet.”
“This isn’t a routine security update: we rebuilt the app from the ground up, in close consultation with privacy and safety experts,” Loredana Crisan, vice president of Messenger at Meta, said in a post shared on Twitter.
CEO Mark Zuckerberg, who announced a “privacy-focused approach to social networking” in 2019, said the update comes after “years of work” on redesigning the platform. One thing to note is that E2EE for group messaging in Messenger is still in the testing phase.
Encrypted chats were first introduced in Messenger as an opt-in feature called “secret conversations” in Messenger in 2016. Meta’s Instagram also has support for E2EE for messages and calls but it’s “only available in some areas” and not enabled by default.
“The extra layer of security provided by end-to-end encryption means that the content of your messages and calls with friends and family are protected from the moment they leave your device to the moment they reach the receiver’s device,” Crisan said.
In August 2023, the social media giant said that it was on track to widely enable the feature by the end of the year but emphasized that it had to re-architect Messenger to ensure that its servers cannot process or validate messages passing through them.
To that end, it not only upgraded over 100 features to incorporate encryption, but also developed new ways for users to manage their message history between devices, like setting up a PIN, by building a new encrypted storage system called Labyrinth.
PIN is used as a recovery method after a chat upgrade in Messenger to help users restore their messages if they are lost, changed, or add a device to their account.
“Labyrinth – a new encrypted message storage protocol – aims to address these challenges by enabling users to store their messages server-side while maintaining strong privacy,” the company said in a white paper.
“It is designed to protect messages against non-members (devices and entities which are not enrolled in a user’s Labyrinth mailbox), including preventing new messages from being decryptable on revoked devices which may have previously had access to earlier messages, while achieving low operational overheads and high reliability.”
Meta’s latest encryption announcement is likely to reignite the ongoing debate over privacy and its ability to help law enforcement investigate and obtain evidence of criminal activity. A September 2023 campaign by the UK government claimed that Meta’s plans to encrypt its platforms would allow child abusers to “hide in the dark”.