JB Header
Facebook messenger introduces end-to-end encryption with Mission Impossible-styled self-destructing messages
Facebook is coming out with a new 'secret conversations' feature for Messenger which will allow its users to send messages which are secured by end-to-end encryption. Just like the movie Mission Impossible, these secret messages can optionally be timed to disappear (or self-destruct) after a preset time interval!
Facebook's disappearing secret conversations
In a recent announcement done on its blog, Facebook has announced a soon to be released end-to-end encryption feature in its popular Messenger platform. This feature has been named as Secret Conversations by Facebook. Currently in its beta, this secret conversations are available to select Messenger users to try out.

Facebook Messenger is a popular messaging service with more than 900 million active users. With the addition of end-to-end message encryption capabilities, Facebook aims to encourage communications which require higher levels of security, such as financial or health information, to start moving to Messenger. End-to-end encryption effectively mitigates any potential risks around data breaches.

That said, however, the secret conversations feature does come at the cost of usability. For those among Messenger's users who have conversations across channels, web and mobile, the end-to-end encryption feature will not work. The reason being, such security is possible only when two specific devices enter into such a secret conversation. The communication between these two devices will then be secured using this feature. So, if you initiated a secret conversation on your laptop and then want to continue the same secret conversation on your mobile, then you can't!
Facebook has added the capability of self-destructing or self-deleting the messages sent in a secret conversation after a preset interval of time. This feature is quite similar to the disappearing images feature of Snapchat.

An important characteristic of secret conversations is that this security feature is optional to use. So, unless a user opts for it, he will continue to communicate as he does today.

Many security analysts have raised their doubts at the optional nature of the end-toe-end encryption feature. The problem they cite is that the users of the services may inadvertently end up communicating insecurely even when they intend to go secure! This then goes against the basic intent with which this feature has been introduced.

Facebook's end-to-end encryption is in line with similar security standards introduced on WhatsApp, which is also owned by Facebook, in April 2016. In WhatsApp, however, end-to-end encryption is enabled by default and users see a message telling them that their communication is secured!

Facebook, on its part, defends the optional nature of secret conversations by citing its users need to communicate across channels.

I believe it is good business sense to not disrupt its existing 'casual' non-secure conversations which are accessible across channels. Not overloading Facebook's infrastructure with the overhead of end-to-end encryption makes sense for particular categories of users such as -
  • Business users using it for team or customer communications might prefer accessing Messenger via their laptops when on their desks and using mobile app when on the move.
  • Users, such as teenagers, indulging in casual conversations might prefer mobile access to Messenger but move to their laptops when they want to transfer a big file.
In both of these cases, continuing with the existing security levels works out quite well while still providing the fluidity of access across channels. Facebook's end-to-end encryption is based on the Signal Protocol developed by Open Whisper Communications. WhatsApp's end-to-end encryption is based on the same Protocol.

End-to-end encryption is a good step by Facebook in the right direction. How it overcomes the challenge of providing end-to-end encryption while still allowing continuing of communications across channels is what will define the eventual acceptance of secret conversations feature for security-sensitive and business-critical communication usage.