Facebook is taking a very interesting approach to making conversations on its Messenger secret, incorporating a number of great features:
– End-to-end encryption: which ensures that the conversation is encrypted from user to user, using keys that are only available on users’ devices, because of which even Facebook will not be able to read the messages. This feature was rolled out earlier this year by Whatsapp, and based on the messenger Signal. Facebook is working Open Whisper Systems, the company behind Signal, for enabling this. Secret Conversations uses a different transport protocol, specialised on-device storage and separate back-end infrastructure. On-device encryption ensures that messages stored permanently on a particular device are only accessible while a user is authenticated to Facebook.
– Secret conversations will be optional: This is a feature that is similar to the Telegram messenger, which allows users to start a separate encrypted chat. Facebook says that the optional feature is to allow people to switch devices for non-secret messages.
– Timer setting: Users can select, via a timer, how long each message remains visible within a conversation. The time-limitation on messages is similar to Snapchat. Since messages are stored on the device, both devices automatically hide messages that specify a timeout, once the message timeout has elapsed. Messages are currently deleted immediately after expiration. After abuse reporting is allowed, an additional time-out will be introduced.
– Single device limitation: Secret conversations can only be read on one device of the persons that a particular user is communicating with. At any point a user may choose a new device for Secret Conversations. In that case, existing messages and keys are not transferred to the new device. Facebook responds with a message-bounced error to any future messages sent to the old device.
– No GIFs, videos, payments in secret conversations: Many regular messenger features will not be available to users who are using secret messenger for their communications. Stickers may be possible: they’re sent as encrypted messages. Unless the sticker file is available on the user devices, both the sender and the receiver submit the sticker identifier to Facebook and download the corresponding sticker file.
– Users will get alerts if someone tries to hack: Attempts to obtain message plaintext or falsify messages by Facebook or network providers result in explicit warnings to the user.
– Metadata: the conversation metadata (delivery and read receipts) do not contain message plaintext and are not end-to-end encrypted.
– Abuse: A participant in a secret conversation may voluntarily notify Facebook of abusive content. According to Facebook: “The ability to report abuse does not represent a relaxation of the end-to-end encryption guarantees of Secret Conversations. Facebook will never have access to plaintext messages unless one participant in a secret conversation voluntarily reports the conversation. To report abuse, the user has to submit the message to Facebook in plaintext format, along with the reporting tag and time-stamp.
1. These are all welcome moves: Facebook doesn’t have a great track record when it comes to privacy, namely because its business model depends on learning more and more information about users, and sharing of private information publicly. Given that context, this move to make messenger conversations private is welcome.
This move is also likely to have been influenced by how others are adopting privacy: especially Whatsapp.
2. This will lead to more security challenges in India: Government departments in India increasingly want access to messaging and calling services, as is evidenced by the remarkably poor Encryption policy from the government last year, the push for licensing of messaging and calling apps last year (which appears to be continuing this year), and the demand for data localization.
3. Impact on the business: The move to make secret conversations optional is an interesting one: Messages on Facebook messenger may at times also impact contextualization of advertising and the news-feed for Facebook. Had messenger been made entirely private and end-to-end encrypted, it may have ended up completely removing one source of context for Facebook. The other thing to consider is the impact on bots: which Facebook is making massive push for, and may be linked to future monetization.
4. Will lead to further challenges for end to end encryption for India: Sudhir Yadav has been to court once, challenging End to End Encryption, and asking for a ban on messenger apps that allow End to End encryption and don’t give the private keys to the government. Yadav had told MediaNama that he’s going to make another representation to the government, before going to the Supreme Court again.