End-to-End Encryption on Facebook Messenger Enables Conversation to remain Private

You can start using end-to-end encryption (E2EE) on Messenger as safeguarding your privacy online has been a subject of interest for a while now, events in the news.

For instance, the chat history Facebook recently turned over to police — have obtained it front and center. But how do you defend your privacy while staying in touch with friends and relatives?

While several messaging apps boast increased privacy features, sometimes you can’t persuade the people you want to keep in touch with to use them. What is your alternative? What, for example, if they insist on chatting with Facebook Messenger?

End-to-end encryption means that nobody — even Facebook’s company Meta — should be able to read what is in your chat. In short, this is accomplished by each party’s account being assigned a unique key; only the version with that key can unlock the message. Currently, Meta has E2EE available on its Messenger platform but only on a per-chat basis. The company has announced its intention to turn on E2EE by default soon. In the meantime, if you’re about to embark on a Messenger conversation that you want to keep private, here’s how to turn it on. (The process is generally the same for Android devices and iPhones.)

BEGIN AN ENCRYPTED CHAT

  • In your Messenger mobile app, select Chats in the bottom menu.
  • Tap on the Edit pen icon in the upper right.
  • Toggle on the lock icon in the top right.
  • Select the name of the person you want to chat with. (Note: according to Meta, there are some accounts you can’t use with E2EE, such as businesses and budgets of public figures.)
  • New encrypted message
  • The lock toggle on top indicates this is an encrypted conversation.

 Information page in Messenger

  • You can also enable E2EE on the info page by tapping on Go to the secret conversation.
  • If you’re already chatting with the person and decide you want to allow E2EE, you can also do that.
  • In the top right of the conversation, tap the information (looks like an “i”) icon.
  • Tap Go to the secret conversation.

VANISH MODE AND DISAPPEARING CONVERSATIONS

You can also go into Vanish mode from that information page, which will cause the conversation to vanish when you close the chat.

  • On the information page, tap Vanish mode.
  • Toggle Vanish mode on.

You can also decide when a message will vanish from five seconds to a day. It is called a disappearing (rather than a vanishing) message. To create one:

  • Click on the title of the person you’re texting with while in the encrypted conversation.
  • You’ll be brought to the settings page for secret talks. Tap on Disappearing messages.
  • Tap on the time limit you want.
  • Setup page for encrypted chat
  • In the chat, tap on the person’s name to access this setup page.

In Disappearing messages, you can decide how long the news should last. One thing to be aware of is that an encrypted conversation can only be between the people in that conversation and the devices they are using. If you start an encrypted conversation on one mobile device, you can’t just move to another device and continue it; you have to sign in to the Messenger app on the other device and manually add it to the conversation. (The other participants will be notified that a new device was added.)

In addition, you can take part in encrypted chats on the web using the Messenger app on Chrome, Safari, and Firefox. (In Firefox, ironically, the private mode must be disabled.)

End-to-end encryption (E2EE) is a communication strategy where only the communicating users can read the notes. In principle, it prevents potential eavesdroppers. However, it includes telecom providers, malicious actors, Internet providers, and even the communication service provider – from being competent to access the cryptographic keys required to decrypt the conversation.

End-to-end encryption is planned to prevent data from being read or secretly modified other than by the actual sender and recipient(s). The sender encrypts the messages, but the third party does not have the means to decrypt them and stores them encrypted. The recipients retrieve the encrypted data and interpret it themselves.

Because no third parties can decipher the information being stored or communicated, companies that provide end-to-end encryption cannot hand over texts of their customers’ messages to the authorities.

In 2022, the government body responsible for enforcing online data standards, the UK’s Information Commissioner’s Office, stated that opposition to E2EE was misinformed. The debate is too unbalanced, with too little focus on advantages, since E2EE “helped keep children safe online” and law enforcement key to stored data on servers was “not the only way” to find abusers.

In many messaging systems, including email and chat networks, messages pass through intermediaries and are stored by a third party, from which the recipient retrieves them. Even if the messages are encrypted, they are only encrypted ‘in transit and are thus available by the service provider, however of whether server-side disk encryption is used. Server-side disk encryption prevents unauthorized users from viewing this information. However, it does not control the company from viewing the report, as they have the key and can decrypt this data.

It allows the third party to provide search and other features or to scan for illegal and unacceptable content. However, it means they can be read and misused by anyone accessing the stored messages on the third-party system, whether by design or a backdoor. It can be seen as a concern in many cases where privacy is paramount, like businesses whose prestige depends on their ability to protect third-party data, negotiations, and communications. In addition, it is essential to risk targeted ‘hacking’ or surveillance, where sensitive subjects such as health and information about minors are concerned.

It is noteworthy to remark that E2EE alone does not guarantee privacy or security. For instance, data may be kept unencrypted on the user’s device or be accessible through their app if their login is compromised.