End-to-end encryption: How important is it?
Facebook Messenger is one of the most popular messaging apps in the world. It has more than a billion monthly active users and over 100 million daily active users. Yet, unlike WhatsApp, which encrypts all messages by default, Facebook Messenger doesn’t. The lack of end-to-end encryption on Facebook Messenger has lead to calls for a mass exodus from the popular platform.
Gail Kent, Facebook's policy director for Messenger, shared a blog post in April outlining the company's plans to improve the security of its messaging apps following the surge in private messaging during the COVID-19 pandemic. Kent explained how the rise in messaging meant more people were concerned about the privacy and security of what they were sending.
Facebook has pledged to make end-to-end encryption (E2EE) the default across all of its messaging services – though has told users not to expect it on Facebook Messenger or Instagram Direct until 2022 ‘at the earliest’.
What is end-to-end encryption?
End-to-end encryption is the act of applying encryption to messages, and it ensures that your data is encrypted until it reaches an intended recipient. The message travels all the way from the sender to the recipient in encrypted form.
For example, if a chat app offers end-to-end encryption, only you and the person you’re chatting with will be able to read the contents of your messages. If you have a conversation over a messaging app that isn’t end-to-end encrypted, like Facebook Messenger, know that the company sitting in the middle of the conversation can see the contents of your communications.
Privacy is extremely important, and perhaps even more so over the past year with more and more people using online services to communicate, that is why more people are switching to messaging services where they know their messages will be encrypted.
Private messaging traditionally involves copies of your chat sessions to be saved on the company servers, which could be exposed and published online by a successful hack attack. Encrypted instant messaging ensures privacy and security by making sure that only the person you are sending your messages to can actually read them.
Cyber Magazine has looked at some alternatives that do feature end-to-end encryption.
WhatsApp is one of the most commonly used instant messaging services, with a global user base of more than two billion. They included end-to-end encryption in their platform in 2016. They explain that all their messages are secured with a lock, and only the recipient and sender have the special key needed to unlock and read them. For added protection, every message sent has its own unique lock and key.
Signal is an end-to-end encrypted communications app, available for mobile and desktop, and currently has over 40 million global users. Users can send texts or make phone or video calls without outsiders, or the platform itself, seeing the content of those messages. It offers end-to-end encryption to all its users by default. Group conversations are also end-to-end encrypted with Signal.
Telegram only end-to-end encrypts one-on-one “secret chats,” and you have to manually set it that way. Because of the end-to-end encryption, secret chats don’t sync between the Telegram app on multiple devices. A secret chat on one device stays on that device. So if you start a secret chat on your phone, you can’t continue that same secret chat on a tablet or computer. Telegram offers huge group chats with up to 200,000 people in a channel, however, these can’t be encrypted.
It is clear that people are concerned about privacy and it is becoming more important to protect personal information. When you allow the data transmitter (the messaging service provider in this case) to decrypt your messages, you’re leaving a potential security hole that could cause problems if the server is compromised, hacked, or surveilled. If you want your data to be protected and private, make sure you check what platforms you are using and all the privacy information / settings provided.