Meta has announced that the immediate availability of end-to-end encryption for all chats and calls made through the Messenger app, as well as the Facebook social media platform.
End-to-end encryption (E2EE) protects clear data by ensuring that it is readable only to the parties involved in the exchange. Anyone else accessing it would get scrambled information.
It works by encrypting the data on the sender’s device using a unique encryption key so that it travels safely over the internet in a form that cannot be deoded by intermediaries.
The recipient of the message decrypts it locally on their device using a private key that is only available to them.
E2EE has been available in the Messenger app as an optional feature called “Secret Conversations” since 2016 but Meta says it now enables it by default for all users as an additional layer of security.
“The extra layer of security provided by end-to-end encryption means that the content of your messages and calls with friends and family are protected from the moment they leave your device to the moment they reach the receiver’s device” – Meta
The company further explains that “nobody, including Meta, can see what’s sent or said, unless you choose to report a message to us.”
In a separate post with additional details about the underlying technology of the implemented E2EE mechanism, Meta explains that communications and media exchanged through Messenger will be stored in encrypted form on Meta’s servers to maintain availability across all user devices.
For this purpose, Meta’s engineers created a new encrypted storage and on-demand cyphertext retrieval system named Labyrinth, with details avaialble in this whitepaper.
The new E2EE mechanism introduced to Messenger is based on the open-source Signal protocol, according to the Messenger End-to-End-Encryption Overview paper.
Finally, Meta says E2EE in group messaging on the Messenger app is currently being tested and is scheduled for future releases.
Another feature announced in Meta’s E2EE update is the ability to edit sent messages. The action is possible within 15 minutes from the moment it was sent.
Additionally, the company also introduced “disappearing messages,” which last for 24 hours after being sent.