Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy & Compliance

Meta Makes End-to-End Encryption a Default on Facebook Messenger

End-to-End encryption in Facebook Messenger means that no one other than the sender and the recipient — not even Meta — can decipher people’s messages.

Meta's "Pay for Privacy"

Meta is rolling out end-to-end encryption for calls and messages across its Facebook and Messenger platforms, the company announced Thursday.

Such encryption means that no one other than the sender and the recipient — not even Meta — can decipher people’s messages. Encrypted chats, first introduced as an optional feature in Messenger in 2016, will now be the standard for all users going forward, according to Messenger head Loredana Crisan.

“This has taken years to deliver because we’ve taken our time to get this right,” Crisan wrote in a blog post. “Our engineers, cryptographers, designers, policy experts and product managers have worked tirelessly to rebuild Messenger features from the ground up.”

Meta CEO Mark Zuckerberg promised, back in 2019, to bring end-to-end encryption to its platforms after the social media company suffered a string of high profile scandals, notably when Cambridge Analytica accessed user data on Facebook. Privacy advocates again shined a spotlight on Meta after Nebraska investigators reviewed private Facebook messages while investigating an abortion that violated a state 20-week ban.

Meta, whose WhatsApp platform already encrypts messages, said the feature can help keep users safe from hackers, fraudsters and criminals.

Meanwhile, encryption critics, law enforcement and even a Meta report released in 2022 note the risks of enhanced encryption, including users who could abuse the privacy feature to sexually exploit children, facilitate human trafficking and spread hate speech.

“What will Meta’s bosses say to children who have suffered sexual abuse, whose trauma will be compounded by their decision not to preserve their privacy? How will they justify turning a blind eye to this illegal and harmful content being spread via their platforms?” said Internet Watch Foundation chief executive Susie Hargreaves. “The company has a strong track record in detecting large amounts of child sexual abuse material before it appears on its platforms. We urge Meta to continue this vital protection.”

Advertisement. Scroll to continue reading.

The new features will be available immediately, but Crisan wrote that it would take some time for the privacy feature to be rolled out to all of its users.

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...