After several years of experiments and tests, Meta is almost ready to launch default end-to-end encryption (E2EE) for Facebook Messenger chats. The company says that it’s on track to reach this goal by 2024, and it’s currently rolling out the E2EE test for more users. Going forward, you will receive an E2EE notice when opening some conversations, and Facebook may ask you to create a PIN for your chat history.
One of the difficult realities of Facebook Messenger (and other chat services) is that your conversation history must be saved to a server. So, Facebook Messenger employs traditional encryption techniques to protect your private data—it turns your conversations into gibberish that can only be understood with the correct decryption key. The problem, of course, is that Facebook itself owns the decryption keys. It can read your conversations whenever it wants, and in the event of a data breach, a hacker may steal the decryption keys in order to access users’ conversations.
End-to-end encryption takes the decryption keys away from Facebook. When a conversation is protected by E2EE, only the sender and recipient own the correct keys. That’s why this is such an important development. By implementing E2EE, Facebook Messenger is greatly increasing your privacy and potentially shielding you from the worst parts of a data breach (identity theft, harassment, etc).
Here’s the funny thing; Facebook took a “backwards” approach when implementing end-to-end encryption for Messenger. Instead of starting with basic one-on-one conversations, Facebook’s E2EE debuted as part of the Secret Conversations feature in 2016. It later rolled out to video calls and group chats. Old-fashioned direct messages are late to the E2EE party.
But it’s hard to criticize Facebook’s approach, as direct chats on Messenger are very robust and present some unique challenges. Meta explains that it had to rebuild the entire direct messaging system, as it previously relied on servers to validate that user statuses, themes, reaction images, and other features were correctly displayed for the sender and recipient. Validating this information through a server isn’t really an option with E2EE. (For what it’s worth, many of the aforementioned features gained E2EE chat support in January of 2023, one year after Facebook began testing E2EE for one-on-one conversations.)
You should see more E2EE notices in Facebook Messenger over the coming months. The implementation of this feature shouldn’t have a noticeable impact on Messages, though there may be some growing pains as Facebook continues its rollout (the company may also ask you to set a PIN for message history). Again, Meta believes that it will fully deploy E2EE for direct messages by the end of the year.