end-to-end encryption becoming the standard in messaging apps

Started by Darren Dirt, July 11, 2016, 10:45:32 AM

Previous topic - Next topic

Darren Dirt

https://www.wired.com/2016/07/secret-conversations-end-end-encryption-facebook-messenger-arrived/

Quote
On Friday, Facebook plans to roll out a beta version of a new feature it calls "secret conversations." It's encrypted messages, end-to-end, so that in theory no one -- not a snoop on your local network, not an FBI agent with a warrant, not even Facebook itself -- can intercept them. For now, the feature will be available only to a small percentage of users for testing; everyone with Facebook Messenger gets it later this summer or in early fall.

Though Facebook-owned WhatsApp rolled out full end-to-end encryption to its billion-plus users in April, this is the social media giant's first step toward bringing a core part of its main product in line with the encryption trend. Apple has used a form of end-to-end encryption in iMessage for years; Viber added the protection to its 700 million users' messages just weeks after WhatsApp, and Google announced in May that its new messaging app Allo would offer end-to-end encryption as an option.

Facebook's secret conversations will use a protocol called Signal, created by the non-profit Open Whisper Systems. It's well-known and well-tested, already used in WhatsApp, Allo, and Signal's standalone app. Open Whisper Systems' founder, the hacker and cryptographer Moxie Marlinspike, calls Facebook's implementation "reasonably done," adding that other major services may soon roll out his group's crypto standard.

One key difference between Facebook's approach and WhatsApp or Apple is the issue of opt-in encryption versus default. Facebook encrypts messages only when users choose to turn on secret conversations manually. The other two companies automatically encrypt every message, despite complaints from law enforcement agencies that the feature hampers surveillance capabilities.

The sheer size of Facebook Messenger's network means even a limited encryption offering could have a serious privacy impact. "This is just a huge number. It brings access to encrypted messaging to nearly a billion more people," says Matt Green, a Johns Hopkins computer scientist who reviewed Facebook's encryption as an outside consultant.


( Nice to see lotsa big names in the tech world waking up to personal privacy being an issue [that might win them PR brownie points] but critics are pointing out "You support encryption? Turn it on by default, or don't bother playing." )

_____________________

Strive for progress. Not perfection.
_____________________

Mr. Analog

Now that a lot of big business sees the need for secure communication there is a land rush for it and for companies that use things like Facebook's messenger for business purposes (yeah I know) they need to be "trusted".

Finally people see the need for secure / closed-loop communication that isn't strictly about DMCA (years too late)
By Grabthar's Hammer