Your Facebook messages are finally as secure as WhatsApp, but not everyone's pleased with this update

Messenger will encrypt all of your texts, photos, and video by default – exactly like WhatsApp – in a move that has sparked a clash with the UK Government and police

META PRESS OFFICE
Aaron Brown

By Aaron Brown


Published: 11/12/2023

- 15:18

End-to-end encryption is slowly rolling-out to millions of Messenger users worldwide four years after Facebook announced the feature was on the way

  • Encryption blocks Facebook from reading the content of your messages
  • Only you and the recipient will be able to read texts, view photos and videos
  • Same protections already exist in WhatsApp, iMessage, and Signal
  • But UK Government says encryption makes tackling child abuse tougher

Everything you send in a Facebook message will be encrypted before it leaves your phone – keep it safe from interception and automatic scans by Facebook to improve its advertising business.

It’s a bold move that puts the social network at loggerheads with key players in the UK Government. But it’s also long overdue, with Meta, the parent company of Facebook, WhatsApp and Instagram, pledging to automatically encrypt all messages sent within Messenger as far back as 2019.


Although Facebook users could use end-to-end encryption since 2016, until now, it’s always been entirely optional. Known as Secret Conversations, these encrypted chats functioned as a standalone thread of messages and didn’t include any of your messaging history.

If you didn't make a conscious choice to send a new message in the Secret Conversations window, then your text, photos, videos or documents would be sent unencrypted.

With the rollout of end-to-end encryption by default, Meta will no longer be able to view the contents of anything you send or receive inside Messenger. Meta can no longer scan messages, photos or videos to improve its targeted advertising.

two screenshots side by side showing the notification for Messenger users when encryption is enabled

Messenger is slowly rolling out end-to-end encryption now, but you'll only know that it's active on your phone when you spot the above pop-up in your chats

META PRESS OFFICE

The only way that Meta will be aware of what's happening in your online communications is if you or a recipient chooses to report a specific message to the company.

What is end-to-end encryption?

In a nutshell, messages sent without encryption are like postcards — third-parties can snoop on the contents of the message as it's sent from one person to another. End-to-end encryption puts a stop to that by scrambling the contents of the message before they leave your device.

Only you and the recipient can decode the message as your devices swap a unique key at the start of the conversation. That's the reason you'll sometimes see a message saying that a contact's "security code" has changed in WhatsApp, it's usually because they've reinstalled WhatsApp on a new phone, so those all-important decryption keys need to be updated.

In other words, with end-to-end encryption that metaphorical postcard is locking in an attaché case — nobody en-route as it's being delivered to the recipient can read what's inside.

You won’t need to do anything to take advantage of these security improvements.

Overnight, everything will be secured with end-to-end encryption. Meta says the functionality will only be available in one-on-one chats for now, so group conversations will remain unencrypted.

While there’s no update to download, Meta has warned that it could take some time for end-to-end encryption to be rolled out to the more than one billion users on the platform.

When the update lands on your device, you’ll be asked to set up a recovery method to restore your messages once the transition to encryption is completed.

Announcing the security overhaul, Head of Messenger Loredana Crisan penned a blog post, writing: “The extra layer of security provided by end-to-end encryption means that the content of your messages and calls with friends and family are protected from the moment they leave your device to the moment they reach the receiver’s device.

"This means that nobody, including Meta, can see what’s sent or said, unless you choose to report a message to us.”

End-to-end encryption is already enabled by default in WhatsApp, which is also owned and operated by Meta. WhatsApp is the most popular chat application on the planet with over 2 billion users.

Apple also relies on end-to-end encryption to secure texts, photos and videos sent via its iMessage service – a decision that’s triggered clashes with the UK and US governments about creating a so-called “backdoor” into its encryption to enable law enforcement to read messages.

And now the decision to enable end-to-end encryption by default has pitted Meta against the UK Government too. Several prominent Government officials and police have criticised the change to Messenger over claims that it will make it harder to detect child sexual abuse on the platform.

Home Secretary James Cleverly said: “This Government supports strong encryption, but this cannot come at the cost of public security, especially the safety of our children.

“Law enforcement, charities and our close international partners all agree: these plans to roll out end-to-end encryption without appropriate safety measures will empower child sex abusers and hamper the ability of the police and National Crime Agency to bring offenders to justice.

“I am incredibly disappointed Meta has not listened – especially when we have worked together to make great progress in tackling other online harms, including signing our Online Fraud Charter.

“We have been clear that there is no contradiction between child safety and privacy, this need not be an either/or. We know that end-to-end encryption can be implemented responsibly in a way that is consistent with public safety.

“We’ll continue to work closely with Meta to keep children safe online, but we must be honest that in our view, this is a significant step back.”

John Carr, who is secretary of a coalition of UK children’s charities tasked with dealing with internet safety, called the move “utterly unconscionable”.

NSPCC chief executive Sir Peter Wanless said: “By starting to roll out end-to-end encryption on their services, Meta is choosing to turn a blind eye to crimes against children we know to be proliferating on their platforms. Where is their duty of care to children in taking this step?

“Without telling us how they will spot such activity in future, we can only conclude they are happy to allow groomers to exploit young people at will on their services, instead of enabling abusers to be spotted and punished.”

However, a number of organisations have praised the move towards encryption. Non-profit the Electronic Frontier Foundation (EFF), which describes its mission as "defending civil liberties in the digital world”, shared the following statement about the decision: “While there remain some privacy concerns around backups and metadata, we applaud this decision.

“It will bring strong encryption to over one billion people, protecting them from dragnet surveillance of the contents of their Facebook messages.”

“Strong default encryption, sooner, might have prevented a woman in Nebraska from being prosecuted for an abortion based primarily on evidence from her Facebook messages. This update couldn’t have come at a more important time.

"This introduction of end-to-end encryption on Messenger means that the two most popular messaging platforms in the world, both owned by Meta, will now include strong encryption by default.”

Alongside encryption, Meta also announced that it would add a number of new features, including the ability to edit messages for up to 15 minutes after they have been sent.

Additional Reporting By Josie Clarke, PA Consumer Affairs Correspondent

You may like