Today, Facebook announced a widely-rumored new feature on Messenger was going into testing. Called “Secret Conversations,” it’s supposed to allow you to keep some conversations private. But it may not be as secure, or as useful, as it seems.
What Are ‘Secret Conversations?’
On a technical level, the feature is really about end-to-end encryption, which has been in the news lately thanks to Apple and the FBI warring over whether or not law enforcement should be issued special tools to crack iPhones with. Sometimes abbreviated as E2EE, the system exchanges “keys” between users, so only they can read the message. Not even Facebook itself would be able to read your messages with this system in place.
E2EE is fairly commonplace in government communications and even in consumer applications. If you’ve used iMessage or WhatsApp — the latter of which is owned by Facebook — you’ve been using E2EE without even realizing it. E2EE is particularly useful when you’re sharing personal information with one party, like your credit card number or Social Security number, or if you’re sharing other personal data, like health information with your doctor.
The system is popular among privacy advocates because it’s difficult to decode the messages without a key. It can be done, but it’s time and resource intensive, and the kind of privacy threats we usually face are lazy criminals, not dedicated government spies. And if that weren’t enough, Facebook is also testing a timer that destroys the message after a certain point. It sounds, on paper at least, like the ideal solution for protecting your privacy on Facebook. But the way Facebook is implementing the feature is angering privacy advocates and others.
How Is Facebook Implementing End-To-End Encryption?
There are a few minor things that might annoy people, like the fact that Secret Conversations has no rich image support, so you’ll have to send silly GIFs less securely. Oddly, you also can’t send payments over the system, which would seem to be a natural way to use the service to protect user information. Facebook has also refused to allow group conversations to use E2EE, a strange choice that can at least be justified by the fact that the more copies of the key there are, the easier it is to crack.
The two most glaring problems, though, are the roadblocks Facebook has put up to using the feature. First of all, Secret Conversations won’t carry over between the devices you use Facebook Messenger on. If you start one on your phone, you can’t pick it up on your tablet. Facebook plays this off as a security measure, but it’s a problem easily solved by letting users accept their messages on Facebook’s mobile sites, and it would rather force you to download an app to read your messages.
The second issue is that you have to choose to have your messages encrypted in the first place. End-to-end encryption isn’t automatically enabled, and users will have to opt in for the service every time they send a message. So far, there doesn’t appear to be a “global” option for all your messages. Not coincidentally, Facebook is reading the messages you send and even has an AI to try and anticipate your needs on the system, neither of which would function with E2EE being fully enabled.
What Does It Mean For You?
For the day-to-day user, if you want end-to-end encryption on your messages, you’ll need to use WhatsApp, ironically another a product owned by Facebook. But the inconvenience is more than a minor annoyance for people who prefer to text their doctor or their accountant. By implementing such a feature, and doing so only begrudgingly, Facebook is making it very clear to users that they only value privacy until it inconveniences the bottom line. And that’s something to consider in areas well beyond just who might be reading your dinner plans.