Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Messenger To Get End-To-End Encryption

Posted by msmash on from the affinity-for-privacy dept.

Reader wiredmikey writes: Facebook announced Friday it would roll out optional "end to end encryption" for its Messenger application, following a trend aimed at stronger security and protection against snooping. The new feature will be known as "secret conversations" which can be read only by the sender and recipient. Facebook shared technical details about its implementation of the security in a technical white paper (PDF). Facebook earlier this year began implementing this end-to-end encryption on its WhatsApp messaging service.ZDNet's Zack Whittaker, however, warns about a catch in Facebook's effort. He writes: But already the company has faced some criticism for not encrypting messages by default, instead making the service opt-in, like Apple's iMessage, or even Facebook's other chat app, WhatsApp, which recently switched on default end-to-end encryption earlier this year. Cryptographer and Johns Hopkins professor Matthew Green, who reviewed an early version of the system, said in a tweet that though you "have to turn on encryption per thread," he added that providing encryption to almost a billion people makes it hard to "put that genie back in the bottle."

3 of 99 comments (clear)

  1. Re:Translation: by cryptizard · · Score: 3, Informative

    End-to-end specifically means that Facebook can't read it, if it is implemented as they say. The ends in question are both users.

  2. Re:Breaks reading messages on phone and desktop by cryptizard · · Score: 3, Informative

    That's true, but you do need some "anchor" device for this to work or else there is nothing to bind together the many browser you may have across many devices. Without of course just giving Facebook the key like you said. In practice, most people have the phone's on and connected to cellular internet most of the time. I have used WhatsApp a lot and it really isn't an issue.

  3. Re:Translation: by Fnord666 · · Score: 3, Informative

    No they haven't, read the description of their implementation.

    No thanks, I would rather read their actual implementation (ie open source). The only way you can even begin to trust such a communications system is if it is open source and you can build the client from the provided source. Insert oblig reference to Ken Thompson's "Reflections on Trusting Trust" here. At any rate, the description of the implementation is not the implementation itself.

    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables