For that reason we recommend that anyone concerned with their privacy or security consider their options carefully when choosing a secure messenger. None of that will change with the introduction of default encryption. By design, Meta has access to a lot of unencrypted metadata, such as who sends messages to whom, when those messages were sent, and data about you, your account, and your social contacts. There are still significant concerns about metadata in Messenger. Choosing the right secure messenger for your use case The 6-digit PIN provides a bit more security than the cloud back-up option, but also at the cost of usability for users who might not be able to remember a pin. If you back up keys to a third-party, those keys are available to that service provider and could be retrieved by law enforcement with a warrant, unless that cloud account is also encrypted. If you elect to use encrypted backups, you can set a 6-digit PIN to secure your private key, or back up your private keys up to cloud storage such as iCloud or Google Cloud. Deciding between this tradeoff is another factor you should weigh when choosing how to use secure messengers that give you the option. If an app is forward-secret, then you could delete all your messages and hand someone else your phone and they would not be able to recover them. Enabling encrypted backups (necessarily) breaks forward secrecy, in exchange for usability. Meta is also rolling out an end-to-end encrypted backup system for Messenger, which they call Labyrinth.Įncrypted backups means your backed-up messages will be encrypted on Facebook servers, and won’t be readable without your private key. WhatsApp, Meta’s other messaging service, only provided the option for end-to-end encrypted backups just a few years ago. From an encryption standpoint, how backups are handled can break certain guarantees of end-to-end encryption. In this case, the encrypted backup options provided by Meta are the biggest detail: in addressing backups, how do they balance security with usability and availability?īackups are important for users who expect to log into their account from any device and retrieve their message history by default. When it comes to building secure messengers, or in this case, porting a billion users onto secure messaging, the details are the most important part. The technology behind Messenger’s end-to-end encryption will continue to be a slightly modified version of the Signal protocol (the same as Whatsapp). Backing up securely: the devil is in the (Labyrinthian) details Choosing between these options is important for your privacy and security model, and we encourage users to think about what they expect from their secure messenger. Users will also have many more options for messaging security and privacy, including how to back-up their encrypted messages safely, turning off “read receipts,” and enabling “disappearing” messages. Regardless, this rollout is a huge win for user privacy across the world. This introduction of end-to-end encryption on Messenger means that the two most popular messaging platforms in the world, both owned by Meta, will now include strong encryption by default.įor now this change will only apply to one-to-one chats and voice calls, and will be rolled out to all users over the next few months, with default encryption of group messages and Instagram messages to come later. This update couldn’t have come at a more important time. Strong default encryption, sooner, might have prevented a woman in Nebraska from being prosecuted for an abortion based primarily on evidence from her Facebook messages. With authoritarianism on the rise around the world, encryption is more important with each passing day. Governments are continuing to attack encryption with laws designed to weaken it. It will bring strong encryption to over one billion people, protecting them from dragnet surveillance of the contents of their Facebook messages. While there remain some privacy concerns around backups and metadata, we applaud this decision. Yesterday Meta announced that they have begun rolling out default end-to-end encryption for one-to-one messages and voice calls on Messenger and Facebook.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |