The Messenger app can already encrypt your messages so no one can read them in transit, but soon, Facebook will also allow you to encrypt your stored message history to prevent anyone, including law enforcement, from coming after your data through a back door. This may lead to Facebook Messenger becoming one of the most secure messaging platforms. The trouble is, nobody trusts Facebook. “I don’t think people have issues with the security features of Facebook itself, but rather what they do with our data,” Andreas Grant, a network security engineer at Networks Hardware, told Lifewire via email. “Ever since the Facebook–Cambridge Analytica data scandal and how they handled the manipulation of election campaigns, it is difficult for people to think of Facebook as a ‘secure’ platform. We can’t blame people either as they are not quite transparent about their handling of data.”

Encryption Confusion

There are several parts of a message conversation that can be encrypted. The first is the conversation itself, as you and your contacts send messages to each other. This is known as End-to-End Encryption or E2EE, and it’s what stops people from snooping on your chats. Your messages are locked before sending, then unlocked by the recipient. But there’s another part. Sometimes, your messages are stored on a server somewhere. Usually, they are still encrypted, but the vendor may have a key.  Take iMessage, for example. If you use iMessage in the Cloud, you can read your messages in the browser. And if you add a new device to your account, all your old messages can be downloaded to that new device. Further, your iMessages are stored as a part of your iCloud backup. These backups can be accessed by Apple and are the one way that law enforcement, or other interested parties, can get access to your message history.  “This explanation seemed off to me, because while iMessage data is end-to-end encrypted in transmission and not stored by Apple as a part of the transmission process, it’s not actually encrypted on the device itself,” says veteran Apple journalist Jason Snell on his Six Colors blog. “Which is why iCloud backups, which are unencrypted, can contain the entire contents of iMessage conversations.” The news is that Facebook will now encrypt online storage for your messages, too. And it’s also testing the enabling of E2EE by default—right now, you have to switch it on yourself, which is a big security hole.

Trust Issue

Facebook isn’t interested in what you write about in your messages. Or rather, it probably is, but even without peeking at the message content, there’s plenty of valuable metadata to be gathered. Metadata is stuff like when you send messages, who you send them to, and so on. For example, if you send a lot of messages from the same two locations every day, then Facebook knows where you live and work. It also knows who you send messages to at these times, which, combined with the metadata of all other users, makes for a massive, intricate social web of personal and professional connections. Facebook also knows what devices you’re using and, of course, your movements, since your app usage can be mapped and plotted. It’s as if Facebook had a secret agent following all its users around, noting where they go and who they talk to. The agent might not be able to hear some of your conversations, but they can hear the ones on regular, non-private Facebook, and infer relationships from there.  This is presumably why Facebook is interested in making the content of your messages as secure as possible. It doesn’t need it, so it can use it as a way to entice people to Messenger.  This is good news, and puts pressure on Apple to at least match the on-server encryption from Facebook. There seems to be an arms race developing to keep your messages secret.  If you really, really want your messages to be private and safe, though, you should use Signal, which gets around the pesky problem of giving government agencies access to your messages by never storing them in the first place. You will, of course, have to get your friends and family to use Signal, too, but if you value your privacy, then it may be worth the effort.