Once again, Meta has confirmed its intentions to introduce default end-to-end encryption (E2EE) for one-on-one chats among friends and family on Messenger, aiming to implement this feature by the year’s end.
As part of this effort, the social media giant revealed that it has begun enhancing the chats of “millions more users” starting from August 22, 2023. This action comes exactly seven months after the gradual expansion of the E2EE feature began in January 2023.
These changes align with CEO Mark Zuckerberg’s vision of prioritizing privacy in social networking, a direction he announced in 2019. However, the journey has encountered notable technical challenges, causing a one-year delay in the initial plans.
“During the last couple of years, my primary focus has been to comprehend and tackle the most significant challenges that Facebook is currently grappling with. This involves taking stances on crucial matters that pertain to the internet’s future.”
“In this communication, I will lay out our vision and core principles for constructing a messaging and social networking platform that prioritizes privacy. There’s a substantial amount of work ahead, and our commitment is unwavering to engage transparently and seek insights from experts spanning different sectors as we forge ahead with this endeavor..”
What else does Meta believe?
In cybersecurity, Messenger product manager Timothy Buck explained that “Messenger and Instagram DMs were initially designed to operate via servers. He highlighted that Meta’s servers acted as intermediaries between message senders and recipients, termed as clients.”
However, the integration of an encryption layer prompted a complete redesign of the system. This revamp ensured that servers couldn’t process or authenticate message content, all while maintaining timely message delivery.
Change in security infrastructure
To support E2EE, Meta established a fresh infrastructure consisting of Hardware Security Modules (HSM). These modules maintain encryption while allowing users to access their message history with added security measures such as a PIN.
What is HSM? A Hardware Security Module (HSM) is a specialized physical device designed to provide a high level of security for sensitive data and cryptographic operations. It is essentially a hardware-based security solution that protects and manages digital keys, encryption, and decryption processes. HSMs are used to secure many sensitive operations, such as generating encryption keys, encrypting data, and performing digital signatures.
Source: Schematic diagram of a hardware safety module (HSM).
There is some more to know…
Meta also emphasized that it rebuilt more than 100 features within Messenger, including functionalities like sharing links to external platforms such as YouTube, all without compromising encryption safeguards.
In the previous setup without E2EE,
- the server directly fetched information from YouTube to display a preview image of the video to the viewer.
- Messenger app now retrieves this data from the service and generates a preview. This preview is then encrypted as a complete package and transmitted to the recipient.
“As we continue to expand the scope of our tests and prepare for the enhanced service launch, users will need to update their app to a recent version to access default E2EE,” Buck said.
“This is why the transition to E2EE for all messages will take longer than our initial projections.”
Setting new standards for better privacy
Meta has been a frequent target of GDPR penalties, including fines for forcing people to accept personalized ads and for a data leak.
With this shaky reputation among many, Meta has managed to do something that’s commendable. To stick to one’s mission for acquiring goals is what is required and makes companies great!
Anas Hasan
August 24, 2023
3 years ago
