Last spring WhatsApp pushed out code adding a new layer of security to a billion users' apps, creating the largest end-to-end encrypted messaging network in history. Now WhatsApp's parent company Facebook has finally given people who use its other massively popular chat app the chance to catch up.
A Facebook spokesperson tells WIRED the company just finished rolling out "Secret Conversations" to all 900 million Facebook Messenger users in the past few weeks. The opt-in feature allows users to encrypt their messages so that no one can read them except the two people on either end of a conversation—not even Facebook or law enforcement or intelligence agencies. "Your messages are already secure, but Secret Conversations are encrypted from one device to another," states a description in the app when users initiate their first encrypted conversation.
While the company's software updates for iOS and Android haven't explicitly mentioned the encryption feature, anyone who updates their Messenger app will now find the "secret" option on the top right of the "new message" screen. The feature also allows senders to choose a Snapchat-style expiration time for messages, ranging from five seconds to one day. Only users who have updated the app can send or receive encrypted, time-sensitive messages, so be sure to update now.
Secret Conversations uses the Signal encryption system, which has a glowing reputation in the security community. It was developed by the nonprofit Open Whisper Systems, which first implemented the encryption layer in its own Signal app before partnering with other companies to include the protocol. Facebook first announced the new security mechanism and tested it with beta users in July. Google's recently launched Allo messenger also includes the encryption option.
Facebook Messenger's new layer of encryption has to be enabled manually for every conversation, rather than being switched on by default, as it is in the Signal app or in WhatsApp. That decision may be in part a compromise designed to help Facebook avoid legal and political difficulties; WhatsApp's default encryption, for instance, has already put its parent company in an uncomfortable spot at least once, when Brazilian authorities arrested a Facebook executive in the country for failing to help police decrypt WhatsApp messages sent by criminal suspects in a drug trafficking case. But the opt-in move has also drawn the scorn of privacy advocates, like this tweet from ACLU technologist Chris Soghoian when Facebook announced Secret Conversations:
Opt-in encryption favors educated users who have the time to learn about obscure security settings. Not cool Facebook.
— Christopher Soghoian (@csoghoian) July 8, 2016
Opt-in or not, Facebook's new feature brings strong, dead-simple encryption to hundreds of millions more users. In combination with end-to-end encryption's spread to other ultra-popular messaging services, foiling surveillance has never been easier.