Meta has once again confirmed its plans to introduce support for end-to-end encryption (E2EE) by default for one-to-one friends and family chats on Messenger by the end of the year.
As part of that effort, the social media giant said it’s upgrading “millions more people’s chats” effective August 22, 2023, exactly seven months after it started gradually expanding the feature to more users in January 2023.
The changes are part of CEO Mark Zuckerberg’s “privacy-focused vision for social networking” that was announced in 2019, although it has since encountered significant technical challenges, causing it to delay its plans by a year.
“Like many messaging services, Messenger and Instagram DMs were originally designed to function via servers,” said Timothy Buck, product manager for Messenger. “Meta’s servers act as gateways between message senders and recipients, whom we call clients.”
However, adding an encryption layer meant that the entire system had to be redesigned so that servers could not process or validate message content and, at the same time, ensure timely delivery of messages.
The Menlo Park-based company said it has installed a new infrastructure of hardware security modules (HSM) to maintain E2EE and allow users to access their message history through PIN-like security.
Meta further explained that it has rebuilt over 100 features into Messenger, including sharing links to external sites such as YouTube without breaking encryption security measures.
Unlike in the pre-E2EE scenario, where the server would go and retrieve information directly from YouTube and display to the user an image of the video as a preview, the Messenger app now fetches this information from the service and generates a preview, which is then encrypted as a whole and sent to the recipient.
While law enforcement agencies have sought to push back on platforms enabling encrypted messages by default since it creates new hurdles for obtaining evidence of criminal activity, E2EE is seen as a crucial deterrent against unwanted leaks or spying on personal communications.
“As we continue to increase the scale of our tests, and prepare to roll out the upgraded service, people will need to update their apps to the latest builds in order to access the default E2EE,” Buck said. “That’s why it will take longer than we expected to convert all messages to E2EE.”
