Facebook Messenger Lets You Go Stealth with Secret Conversations
Social media giant Facebook announced that it is testing end-to-end encryption on its Messenger app through a feature called Secret Conversations. The encryption will be powered by the Signal Protocol developed by Open Whisper Systems. But the way Facebook has chosen to deploy the feature may undercut its usefulness.
That's because Secret Conversations is being offered as an opt-in feature, rather than being enabled by default as with WhatsApp, Facebook’s other messaging platform. So users will have to manually set their conversations to "secret" at the beginning of each session. Facebook said it chose to make implementation optional to allow people to use Messenger on multiple devices such as tablets, phones, or desktops, something that isn’t possible when encryption is enabled.
Playing Catch-Up With the Competition
Raul Castanon-Martinez, senior analyst for enterprise mobility at 451 Research, told us that the decision to add encryption to Messenger was something Facebook needed to do to catch up with the other messaging apps on the market. "While FB Messenger is the most popular messaging app, it is not always the most innovative," Castanon-Martinez said. "Encryption has become a 'must-have' and a feature FB Messenger needed to keep up."
The encryption capability should help Facebook better monetize the Messenger app, Castanon-Martinez said. "Facebook has made it clear that they want to be the preeminent platform for users to interact with the companies they do business with," he told us. "Privacy and security could become critical for users that might need to exchange sensitive information over FB messenger with their banks for example. This will become increasingly relevant given the push that FB is giving to smart bots for conversational commerce."
Secret Conversations will function as a new conversation mode within the Messenger app, according to a white paper Facebook produced about the new feature. It will, however, use a different transport protocol from Messenger as well as specialized on-device storage and a separate backend infrastructure, the company said. Any attempts by a malicious hacker to obtain message plaintext or falsify messages from Facebook or network providers will result in explicit warnings to the user, Facebook added.
Metadata Not Included
Secret Conversations will also differ from Messenger conversations in that the feature is explicitly a device-to-device conversation mode, meaning that users will have to designate preferred devices, typically their primary cell phones, that they want to use for the encrypted communications.
Since the encryption keys will only be available on the device a user designates, third parties, including Facebook, government spy agencies, and hackers will be unable to access the contents of the conversations. But that also means users will not be able to use Secret Conversations across multiple devices as they can with Messenger.
However, Facebook said the metadata generated by the conversations, such as delivery and read receipts, will not be end-to-end encrypted, creating another potential way for third parties to gain access to private information.
Facebook should have plenty of time to work the kinks out over the next few months. The company said that Secret Conversations will be available on a limited test basis starting immediately, with plans to make the option more widely available this summer. During this test, Facebook will gather feedback about the feature's functionality, measure performance and add tools to enable users to report objectionable content.