Facebook Experiments With End To End Encryption In Messenger
from the good-to-see dept
This has been rumored before, and perhaps isn't a huge surprise due to Whatsapp's use of end to end encryption, but Facebook has launched a trial of end to end encryption in Facebook messenger, under a program it's calling "Secret Conversations" (which also allows for expiring conversations).It’s encrypted messages, end-to-end, so that in theory no one—not a snoop on your local network, not an FBI agent with a warrant, not even Facebook itself—can intercept them. For now, the feature will be available only to a small percentage of users for testing; everyone with Facebook Messenger gets it later this summer or in early fall.What's good to see is that Facebook is directly admitting that offering end to end encryption is a necessary feature if you're in the messaging business today.
“It’s table stakes in the industry now for messaging apps to offer this to people,” says Messenger product manager Tony Leach. “We wanted to make sure we’re doing what we can to make messaging private and secure.”This is a good sign. For years, tech companies more or less pooh-poohed requests for encryption, basically suggesting it was only tinfoil hat wearing paranoids who really wanted such things. But now they're definitely coming around (something you can almost certainly thank Ed Snowden for inspiring). And, not surprisingly, Facebook is using the Signal protocol, which is quickly becoming the de facto standard for end to end encrypted messaging. It's open source, well-known and well-tested, which doesn't mean it's perfect (nothing is!), but it's at least not going to have massively obvious encryption errors that pop up when people try to roll out their own.
Some security folks have been complaining, though, that Facebook decided to make this "opt-in" rather than default. This same complaint cropped up recently when Google announced that end to end encryption would be an "option" on its new Allo messaging app. Some security folks argue -- perhaps reasonably -- that being optional rather than default almost certainly means that it won't get enough usage, and some users may be fooled into thinking messages are encrypted when they are not.
Facebook's Chief Security Officer, Alex Stamos (who knows his shit on these things) took to Twitter (not Facebook?) to explain why its optional, and makes a fairly compelling set of arguments (which also suggest that there's a chance that end to end encryption will eventually move towards default). A big part of it is that because of the way end to end encryption works (mainly the need to store your key on your local device) that makes it quite difficult to deploy on a system, like Facebook Messenger, that people use from a variety of interfaces. Moxie Marlinspike, the driving force behind Signal has already pointed out that Signal protocol does support multi-device, so hopefully Facebook will figure it out eventually. But in the short term, it would definitely change the way people use Messenger, and it's at least somewhat understandable that Facebook would be moderately cautious in deploying a change like this that would end up removing some features, and potentially confusing/upsetting many users of the service. Over time, hopefully, end to end encryption can be simplified and rolled out further.
As some cryptogrphers have noted, this is a good start for a company with hundreds of millions of users on an existing platform in moving them towards encryption. A ground up solution probably should have end to end enabled by default, but for a massive platform making the shift, this is a good start and a good move to protect our privacy and security.
Anyway, anyone have the count down clock running on how long until someone from the FBI or Congress whines about Facebook doing this?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, end to end encryption, messenger, signal protocol
Companies: facebook
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Under Supervision
[ link to this | view in thread ]
Re: Re:
It does not matter how secure the encryption is if you cannot confirm by some reliable means whose keys you are actually using. As ever convenience is the enemy of security.
[ link to this | view in thread ]
Re: Re: Re:
PKE has mechanisms to handle that.
"Similarly, if some server outside your control is storing the keys you use, how do you know that you are always getting the key of the person you are communicating with."
In a true end-to-end crypto system, no server outside your control is storing your private key.
[ link to this | view in thread ]
Key echange is the hard part
Indeed, this is the hardest part in creating usable cryptography. And there are always trade-offs.
At one side there is the pre-exchanged keys. It's secure and private but doesn't scale.
Then came the CA's. They attest which key belongs to whom. This is reasonble secure but leaks metadata, lacks deniability. And there is the issue of: who does this identity belong to?
Now we have Facebook, Apple, Google et al tying keys to phone numbers. Again, leaks metadata and lacks deniability.
Now the question is: can they replace one key for another without detection?
And there is my eccentric authentication, a different way to exchange public keys and identities online. Check out eccentric-authentication.org.
[ link to this | view in thread ]
[ link to this | view in thread ]