Meta Platforms has said end-to-end encryption for personal chats on its flagship Facebook and Messenger applications is now activated by default, boosting privacy and security on two of the biggest social media platforms in the world.
The move offers better privacy control to users. Combined, Facebook and Messenger have more than four billion users (3.03 billion and 1.04 billion, respectively), according to Statista data.
“We take our responsibility to protect your messages seriously and we’re thrilled that after years of investment and testing, we’re able to launch a safer, more secure and private service,” Loredana Crisan, head of Messenger, wrote in a blog post on Thursday.
She also said the upgrades to Messenger are the “biggest set of improvements” since the app was launched in 2011.
What does end-to-end encryption mean?
End-to-end encryption is, in simplest terms, a system in which only those communicating with each other can see the messages being sent. For example, if you're sending messages to your mother, then only the two of you can see those messages.
E2EE, as it is also referred to, uses an algorithm that transforms standard text characters into an unreadable format. If you've explored folders on iPhone backups, then you have an idea what this looks like.
It uses encryption keys to scramble data so that only authorised users can read it.
The origins of E2EE stretch back to the 1970s, but it gained attention with the emergence of WhatsApp, which touted the key privacy feature. In 2014, Meta, then known as Facebook, bought WhatsApp for $19 billion.
Why is E2EE important?
The most obvious reason is that it guarantees the security and privacy of content being shared between users.
But this isn't only limited to regular users: businesses can also largely benefit from E2EE, as it can protect sensitive data and information, such as financial and legal documents.
“Failure to secure private data could result in damages to enterprise businesses and their customers,” according to IBM.
The global average cost for a data breach in 2022 was $4.35 million, up from $4.24 million the previous year, according to the latest edition of IBM's Cost of a Data Breach report.
Why did Messenger not have E2EE until now?
Messenger had encryption in place from 2016, but it was an opt-in feature, meaning users had to manually activate it through settings. Voice and video calls have been encrypted since 2019.
The company had previously planned to make encryption a default feature in 2022, but delayed it amid warnings from child safety campaigners that it might prevent Meta from detecting child abuse on the platform.
California-based Meta took its time “to get this right”, having needed to “rebuild Messenger features from the ground up”, Ms Crisan said.
“Our engineers, cryptographers, designers, policy experts and product managers have worked tirelessly,” she said.
What else did Meta launch?
Aside from E2EE to boost security and privacy, Meta has also introduced upgrades to boost engagement.
Users can now edit messages for up to 15 minutes after they've been sent. If you want to report abuse on an edited message, you can still file a report to Meta as they will be able to see the previous versions of the edited message.
Meta has also said disappearing messages, similar to those popularised by Snapchat, now last for 24 hours after being sent. The interface for this has also been updated, which will “help people be confident that their messages stay secure and won’t stick around forever”.
Additionally, the company updated its read receipt controls, letting users decide if they want others to see when they have read messages.
More controls have been added for photos and videos, including upgrading image quality.
Voice messages, meanwhile, can now be played at speeds of 1.5x or 2x, and users can continue listening to a message from where they left off or when navigating away from the chat or app.