Tech. Science. Culture.
We may earn a commission from links on this page

Meta Begins Default End-to-End Encryption Tests on Facebook Messenger

The company has reportedly said the privacy boost is unrelated to a widely publicized Nebraska abortion case, but the timing is certainly interesting.

We may earn a commission from links on this page.
A taste of what Meta’s new E2E default encryption test looks like for those in the trial group.
A taste of what Meta’s new E2E default encryption test looks like for those in the trial group.
Image: Meta

Meta’s expanding end-to-end encryption on its Messenger platform. The company is now testing the privacy feature as the default setting for certain chats, as announced in a Thursday press release. E2E encryption is the gold standard for online data privacy. With E2E, messages can theoretically only be viewed by the sender and intended recipient(s)—even Meta shouldn’t be able to see the content of chats sent with this level of encryption.

Though the company first introduced E2E encryption as an option in 2016, this is the platform’s first major step towards actually making the privacy setting the default—something that’s critical for users’ true online security.

Previously, Meta has indicated that default E2E is the ultimate goal for Facebook and beyond, yet the timing of today’s announcement is hard to ignore. It comes in the immediate aftermath of news that Meta shared Messenger chats with police in a criminal case concerning a 17-year-old’s abortion.

Advertisement

The Nebraska teenager and her mother are facing multiple felony charges after allegedly using medication to induce an abortion after 20-weeks, which is illegal in the state. A significant part of the case against the two are Messenger chats that Meta handed over to Nebraska police in compliance with a search warrant, which seem to discuss the mother and daughters’ plans for medication abortion and disposing of evidence.

The company faced public backlash over the news, and has responded by denying it knew the case was about abortion. But if those messages had been encrypted from the start, neither the company nor the police would’ve easily been able to read them.

Advertisement

Meta did not immediately respond to Gizmodo’s request for comment, but a company spokesperson, Alex Dziedzan told Wired that, “This is not a response to any law enforcement requests.” He further added, “we’ve had this date in the diary for months, but the short notice is because Messenger product teams have been finalizing the tests that are going live. These tests will start [Thursday]. We want people to hear about these tests from us before they see changes in the app.”

The Test Specifics

Currently, during testing, E2E is only the default “between some people”. Which means, if you’re in the test group, only some of your most frequent conversations will convert to default encryption. In their statement, Meta clarified that message histories will still be viewable, and that users will still be able to report messages to the platform if they are in violation of Meta policies.

Advertisement

Along with default E2E, the company announced a few other encryption-related tests and updates. Meta said it’s also testing a “secure storage feature” for backing up encrypted messages, and allowing those message histories to be transferred between devices. “As with end-to-end encrypted chats, secure storage means that we won’t have access to your messages, unless you choose to report them to us,” the company wrote.

Further changes include the end of “vanish mode” in Messenger, an encryption verification feature, and an expansion of opt-in E2E encryption on Instagram. Meta is also moving to bring more features to its encrypted messaging, and said that deleted messages will soon sync across platforms, that it will test the ability to unsend messages, and that the company is planning to make accessing E2E encrypted calls through Messenger easier.

Advertisement

Taken together, the changes are a big move for user security on Meta’s platforms. But remember that tech companies’ privacy promises aren’t always what they seem, and there’s the perennial risk the government could get in the way.