Why do security specialists not fully trust a well-known company and how can it improve the situation?
Owned by the IT giant Meta communication platform Messenger (formerly Facebook Messenger, which recently surpassed a billion users, finally implemented end-to-end email encryption (E2EE) by default in early December. Previously, this feature was already available in Messenger, but only as a separate option. Now it will be mandatory for all private messages.
End-to-end encryption by default is not something fundamentally new and has long been supported by many instant messengers, including WhatsApp and Signal. However, even data privacy experts and activists who are critical of Meta's past practices view this move as positive.
"I think this is a rare case where Meta has done something that I totally agree with and that I think is entirely positive for the whole world," said Cooper Quintin of the Electronic Frontier Foundation.
To encrypt correspondence in Messenger, as well as in WhatsApp, the implementation of the open Signal protocol is used. This cryptographic method was originally created for the Signal application of the same name. In addition to Messenger and WhatsApp, it is also used by Skype, Android Messages and a number of other popular messengers.
Cryptographers have tested the Signal protocol in action and, in general, highly appreciate its capabilities. "This is what everyone does, and for good reason," says Martin Albrecht, professor of cybersecurity at King's College London. "This is a good protocol."
The main difference between Messenger and its competitors is its own Labyrinth protocol, which is used for storing and backing up encrypted messages. Ideally, according to Albrecht, Meta could provide access to independent cryptographers to verify the implementation of encryption in Messenger. This would allow you to either confirm the security of the protocol, or detect potential vulnerabilities in it. However, Meta has not yet taken such a step, even for WhatsApp, despite the calls of experts.
Doubts about the security of the proprietary Meta protocol are also caused by the fact that over the years it has developed a reputation as a company that actively collects user data for its advertising business. Moreover, last year Meta was even fined $1.3 billion by EU regulators for illegally transferring the personal data of European Facebook users to the United States.
Despite this, in its public statements, Meta positions encryption as a way to protect the privacy of its users ' correspondence. In particular, the company claims that thanks to encryption, neither Meta itself nor the authorities will be able to access the content of private messages.
Well, ordinary users can only accept the position voiced by the company, but it would be nice if in the future it revised its principles and made internal processes more open and transparent.
Owned by the IT giant Meta communication platform Messenger (formerly Facebook Messenger, which recently surpassed a billion users, finally implemented end-to-end email encryption (E2EE) by default in early December. Previously, this feature was already available in Messenger, but only as a separate option. Now it will be mandatory for all private messages.
End-to-end encryption by default is not something fundamentally new and has long been supported by many instant messengers, including WhatsApp and Signal. However, even data privacy experts and activists who are critical of Meta's past practices view this move as positive.
"I think this is a rare case where Meta has done something that I totally agree with and that I think is entirely positive for the whole world," said Cooper Quintin of the Electronic Frontier Foundation.
To encrypt correspondence in Messenger, as well as in WhatsApp, the implementation of the open Signal protocol is used. This cryptographic method was originally created for the Signal application of the same name. In addition to Messenger and WhatsApp, it is also used by Skype, Android Messages and a number of other popular messengers.
Cryptographers have tested the Signal protocol in action and, in general, highly appreciate its capabilities. "This is what everyone does, and for good reason," says Martin Albrecht, professor of cybersecurity at King's College London. "This is a good protocol."
The main difference between Messenger and its competitors is its own Labyrinth protocol, which is used for storing and backing up encrypted messages. Ideally, according to Albrecht, Meta could provide access to independent cryptographers to verify the implementation of encryption in Messenger. This would allow you to either confirm the security of the protocol, or detect potential vulnerabilities in it. However, Meta has not yet taken such a step, even for WhatsApp, despite the calls of experts.
Doubts about the security of the proprietary Meta protocol are also caused by the fact that over the years it has developed a reputation as a company that actively collects user data for its advertising business. Moreover, last year Meta was even fined $1.3 billion by EU regulators for illegally transferring the personal data of European Facebook users to the United States.
Despite this, in its public statements, Meta positions encryption as a way to protect the privacy of its users ' correspondence. In particular, the company claims that thanks to encryption, neither Meta itself nor the authorities will be able to access the content of private messages.
Well, ordinary users can only accept the position voiced by the company, but it would be nice if in the future it revised its principles and made internal processes more open and transparent.
