Meta to roll out end-to-end encryption for Messenger by the end of 2023


PARIS, FRANCE - FEBRUARY 03: In this photo illustration, The logos of applications, WhatsApp, Messenger, Instagram and facebook belonging to the company Meta are displayed on the screen of an iPhone in front of a Meta logo on February 03, 2022 in Paris, France. Share prices for Facebook's parent company, Meta, slumped in after-hours trading after the company reported that social network's daily active users declined to 1.929 billion in Q4 of 2021 from 1.930 billion in the previous quarter. Facebook is losing users for the first time in its history, Mark Zuckerberg's company has seen its profits decline, and the transition to the metaverse promises to be chaotic. (Photo illustration by Chesnot/Getty Images)

Chesnot/Getty Images

Meta announced the official expansion of its end-to-end encryption (E2EE) testing for Messenger chats, which is starting this week. The plan is to implement default E2EE as a new security measure for all Messenger users by the end of 2023. 

Millions of users can now access Messenger’s stronger encryption standard as part of the current testing phase, which will continue to increase gradually before the full release. 

Also: Ransomware attacks broke records in July, mainly driven by this one group

The process has taken longer than Meta originally envisioned as different challenges arose. However, the company used what it learned from the process of previously upgrading Messenger and from WhatsApp’s E2EE implementation of operating at a large scale. These lessons all pointed to one thing: The new system should be scalable and reliable while remaining lightweight and simple. 

Meta began working on adding E2EE for Messenger in 2019 when it assigned a team to take charge of the endeavor. The operation quickly proved to be more challenging than originally envisioned, as it originally relied on servers to process messages between users. To achieve E2EE, this had to change.

“We would have to rewrite almost the entire messaging and calling code base from scratch,” Timothy Buck, product manager for Messenger, explained in a post. “With E2EE, we couldn’t rely on servers to process and validate message content. We needed to redesign the entire system so that it would work without Meta’s servers seeing the message content.”

Also: The best VPN services right now: Expert tested and reviewed

Over 100 features had to be reworked to become client-centric with E2EE, like generating rich previews of YouTube links, which is now done on a user’s device before encrypting and sending, all while keeping Messenger working normally. This adds privacy while maintaining a stable user experience. 

“As we continue to increase the scale of our tests, and prepare to roll out the upgraded service, people will need to update their app to a recent build to access default E2EE,” Buck added. “This is why it will take longer than we first anticipated to transition all messages to E2EE. However, as people update their app to the latest version of Messenger, we will be able to upgrade those conversations with the additional privacy and security of E2EE.”

Source link