Messenger will begin to offer an end-to-end encryption feature to a limited test group of users today. It’s a security option that’s been a long time coming for Facebook, which has considered making end-to-end encryption available for several months. The so-called “secret conversations” debuted today will be only visible to the sender and the reader, which means Facebook can’t enable some of the chatbot and payment features that are normally a part of the Messenger experience. However, end-to-end encryption boxes out law enforcement and even Facebook itself from reading users’ chats, ensuring that their conversations remain private.
Messenger has also taken steps to make sure that chats remain secure, even if a user’s device gets lost or stolen. In secret conversations, Messenger will allow users to set an expiration date for a message so that it won’t be visible in the conversation forever. Once the time runs out, the message will vanish from the devices of all users in the conversation. Facebook released technical details about its implementation of secret conversations in a white paper (PDF).
Secret conversation mode will only be available on iOS and Android, not in Messenger.com, Facebook chat, or the desktop Messenger app — at least for now. Facebook’s vice president of messaging products David Marcus told TechCrunch that the addition of end-to-end encryption is intended to help Messenger become everyone’s go-to app.
“We wanted to make Messenger your primary messaging platform, and while we currently were already using a lot of security to ensure that your messages are safe and confidential, we felt that we needed to go one more extra step with this new mode,” Marcus explained. The combination of end-to-end encryption and a message countdown clock “will truly empower people to have any type of conversation they want to on Messenger,” he added.
Secret conversations will bring stronger security to some of Messenger’s nearly 1 billion users — but only if they turn it on.
Like Google’s chat app Allo, end-to-end encryption will not be enabled by default in Messenger, and that decision may draw criticism from the security community. When Google announced that Allo would only offer end-to-end encryption as an opt-in feature, Edward Snowden tweeted that it was “unsafe” and one of Google’s own security engineers wrote in a blog post he would push for end-to-end encryption to become the default (he later edited out that portion of the post).