Facebook Messenger To Get End-To-End Encryption 99
Reader wiredmikey writes: Facebook announced Friday it would roll out optional "end to end encryption" for its Messenger application, following a trend aimed at stronger security and protection against snooping. The new feature will be known as "secret conversations" which can be read only by the sender and recipient. Facebook shared technical details about its implementation of the security in a technical white paper (PDF). Facebook earlier this year began implementing this end-to-end encryption on its WhatsApp messaging service.ZDNet's Zack Whittaker, however, warns about a catch in Facebook's effort. He writes: But already the company has faced some criticism for not encrypting messages by default, instead making the service opt-in, like Apple's iMessage, or even Facebook's other chat app, WhatsApp, which recently switched on default end-to-end encryption earlier this year. Cryptographer and Johns Hopkins professor Matthew Green, who reviewed an early version of the system, said in a tweet that though you "have to turn on encryption per thread," he added that providing encryption to almost a billion people makes it hard to "put that genie back in the bottle."
To my knowledge messenger unlike whatsapp (Score:3, Insightful)
Keeps a copy on fb servers. So this change is cosmetic
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
...Presumably Facebook will follow basic crypto protocol if they're at all serious about end-to-end encryption.
And there-in lies the conundrum, sadly. One can only hope...though I've also not read the provided whitepaper which probably answers this for us so...
Re: (Score:2)
Re: (Score:2)
If someone gets a hold of your private key (physical phone), they can access all the historical conversation data if they can mandate Facebook to hand it over. This is probably not a concern for most of its users, though, and a capability only few government agencies would have. But even this threat is mostly thwarted if your phone is properly encrypted.
Re: (Score:2)
Re: (Score:2)
Ah, that changes things, and an interesting detail too.
Re: (Score:2)
Re: (Score:2)
Remember, Facebook owns Whatsapp.....
Re: (Score:2)
Re: (Score:1)
Copies...of encrypted data? Why would they want to keep that? It would be no use to them.
Re: (Score:3)
Re: (Score:3)
My guess: advertising.
Facebook probably mines the unencrypted messages to help form an "advertising profile" for you so they can better target ads at you when you're on Facebook.
Re: (Score:2)
More provably than probably. For awhile, anytime you mentioned a company's name in a private message (like "man it's hot out today, just drank 3 Cokes after cutting the grass"), Facebook would automatically like that company's profile page on your behalf. They were sued over this practice.
Oh thank god (Score:1)
FB has upgraded service to use the Little Orphan Annie secret decoder ring.
Re: (Score:3)
...said the AC.
Re: (Score:3)
Why do we need encryption to keep secrets? The Bible teaches us that evil is done in the shadows and in darkness, but bringing it can't operate in the open when light is shined upon it.
- Pastor Mitch
Ok .. whats your full name, DOB, address, SSN and bank account details?
Shine some light on them and you can be sure nothing bad will happen.
Re:Why use we keep secrets? (Score:4, Insightful)
Do you close the door to the bathroom stall when you take a dump?
Do you have passwords on any of your accounts?
Do you make your SS or CC numbers known to the world?
Privacy is a protection.
Re: (Score:2)
Next, there is no 'god', but of course no two people will ever agree on that point, so I'll let it go for now.
Now, if this 'Pastor Mitch' character really believes this crap, how about he posts his credit card numbers, bank account numbers, PIN numbers drivers license and social security numbers, and all his other identity-related information on
This would imply (Score:4, Funny)
This would imply that there is information of value being exchanged on Facebook; a proposition I find difficult to believe.
Re:This would imply (Score:4, Insightful)
If only important messages were encrypted, every bad person would instantly know which ones he should decrypt.
Re:This would imply (Score:5, Insightful)
You are absolutely right. What you put on Facebook is of no value whatsoever. You have nothing to regret giving it to us. We just like collecting meaningless chatter and none of our client advertisers have the slightest interest in it. Nothing to worry your little heads over, nothing to see here.
- Mark Zuckerberg
Re: (Score:2)
You are absolutely right. What you put on Facebook is of no value whatsoever. You have nothing to regret giving it to us. We just like collecting meaningless chatter and none of our client advertisers have the slightest interest in it.
- Mark Zuckerberg
I rest my case.
Re: (Score:2)
Actually, this move makes sense considering Facebook is currently trying to get people to use Messenger to interact with other parts of their life including _banking_:
http://www.theverge.com/2016/7... [theverge.com]
Re: (Score:3)
Actually, this move makes sense considering Facebook is currently trying to get people to use Messenger to interact with other parts of their life including _banking_:
Lol, if I had a facebook page, the last thing I'd ever do is let it "interact" with my bank account in any way, shape, or form.
Re: (Score:2)
Completely agree! But they're trying to push it for some odd reason...
Re: (Score:2)
Completely agree! But they're trying to push it for some odd reason...
Ye$, and I can't po$$ibly imagine what that rea$on could be.
Re: (Score:2)
This would imply that there is information of value being exchanged on Facebook; a proposition I find difficult to believe.
You nailed it.
Re: (Score:1)
Actually it's that crappy App they pulled out of their existing App which I refuse to install because it insists on permissions to rifle through everything on your phone and upload it to Facebook.
Re: (Score:2)
It's a good thing you can disable those [imgur.com].
Re: (Score:2)
...that crappy App that Facebook pulled out of their existing App and which I refuse to install because I shouldn't need a separate app or still another chat client.
In other news, when did people become so lazy that everyone uses chat because clicking on an email app is just too big a hassle?
I'm pretty sure you can use the FB messenger app without having a FB account now. They want you to use it as a standard SMS and phone callinging app. This is why it's a standalone app.
Re: (Score:2)
Translation: (Score:2)
"Only *we* get to keep all that sweet, sweet, saleable data on you, dammit!"
Re:Translation: (Score:4, Informative)
Re: (Score:2)
Pretty sure they stretched the definition to allow themselves a view into that conversation...
Re: (Score:3)
Re:Translation: (Score:4, Informative)
No they haven't, read the description of their implementation.
No thanks, I would rather read their actual implementation (ie open source). The only way you can even begin to trust such a communications system is if it is open source and you can build the client from the provided source. Insert oblig reference to Ken Thompson's "Reflections on Trusting Trust" here [cmu.edu]. At any rate, the description of the implementation is not the implementation itself.
Re: (Score:2)
End-to-end specifically means that Facebook can't read it, if it is implemented as they say.
Lol, yes, if it's "as they say", and goodness gracious, Facebook would never tell a fib, not with hundreds of millions of dollars of ad revenue at stake!
Re: (Score:2)
Re: (Score:2)
If they did lie, someone would figure it out eventually and it would be devastating in terms of PR.
You mean just like all the other times that Facebook has been caught lying and was exposed, and basically nothing happened? Because they've weathered PR storms that would wash away some of the smaller continents, and yet they're still around.
-
It's not worth it for them. Just like researchers have torn apart iMessage and know exactly how it works, the same will happen to this.
Oh, trust me, hundreds of million of dollars in ad revenue is "worth it" for them. It's been worth it for them in the past. They'll just chalk it up to some sort of "technical glitch" or "misconfiguration" or some other such bullshit (just like they always do) and noth
Re: (Score:2)
Re: (Score:2)
Do you think they will get hundreds of millions of dollars in ad revenue from mining your instant messages, compared with what they already get mining your profile, news feed, likes, etc.?
I think it's all part of the big picture, and if they can make an extra nickel by sending you messages about things relevant to your personal conversations, you bet I think they would.
A better question is this: if they think they could make money by mining you your instant messages, why wouldn't they?
Re: (Score:2)
How can you have an encrypted message on the desktop web chat without Facebook having the encryption key and defeating the whole point?
Re: (Score:2)
Re: (Score:2)
That seems to be of limited utility if you don't have access to your phone.
Re:Breaks reading messages on phone and desktop (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
That's cute that some people believe that a service that makes money from harvesting your information keeps your data private. That's very cute.
It's adorably naive. It makes me want to print out cryptizard's post and put it in a pink frame with lots of little hearts and kittens and stuff.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Zack mistyped iMessage & WhatsApp auto-encrypt (Score:3)
Why should I trust it? (Score:2)
I might use your channel, but I'll do my own end-to-end encryption over it, thank you.
Re: (Score:3)
Even if you rolled your own e2e encryption, you still have to trust hundreds or even thousands of strangers who built the hardware or are somewhere in the distribution chain.
In addition, you would also need to get the other side of the conversation to use your encryption scheme which implies, among other things, sending them a key.
It is really impossible to "trust no one"
Re: (Score:3)
You could definitely hand-build a small computer (think Raspberry PI) that is offline that you input the encrypted stream into (either via a camera that looks at your monitor or audio from your speakers or other means) that has a small printout on it that shows the decrypted conversation and allows you to answer back...
There would definitely still be thousands of people involved in making the chips you select... but it would be pretty incredibly difficult to get a backdoor into that system!
Re: (Score:2)
This is why you use endpoint encryption like an OpenPGP utility (gpg, openpgp, apg, Symantec's SED, etc.) Then, the transport encryption doesn't matter as much. Ideally, the computer with the keys is offline and some means like a SD card is used to transfer data back and forth.
At the minimum, having endpoint encryption separate means that a bad guy has to compromise two completely different utilities that function in completely different ways.
This isn't a 100% secure method, as OpenPGP doesn't offer PFS,
Re: (Score:2)
A keylogger on the system will bypass any amount of encryption.
So, again, you need to trust that the chip maker(s), operating system vendor and app creators to not do anything bad.
On the software side, open source helps (in theory) because you can personally audit the code. However, in practice, nobody audits the code.
Still, that leaves the hardware manufacturers as well as all of the people the hardware passes by. This includes shipping companies and even retailers.
Sort of an unrelated story but a friend o
Re: (Score:2)
The key is narrowing the avenues of attack. An offline laptop that is used with a SD card narrows down the avenues of attack to Stuxnet/black bag attacks, especially if the RF antenna is physically removed. Yes, someone can hit my computer with a keylogger, but that is a direct attack. Someone cornholing an app that does its own encryption and compromising it is a lot easier and done on a far wider scale than someone who is able to attack a program that only runs on endpoints as well as the transport sys
Re: (Score:3)
You don't even remotely need to trust the hardware you use as much as you'd have to trust Facebook in this scenario. They have FULL control over your message. You are using their channel AND their encryption. You can at no point verify that they do not decrypt the message, you can at no point verify that they do not alter the message and you will only be able to discover after the fact whether they actually delivered your message (if your partner does not reply or replies in a way that is inconsistent with
Biggest technical flaw: MITM checks are manual? (Score:2)
>> For every secret conversation Messenger exposes in its interface both participants' identity keys (i.e. IKpk). Users may optionally verify
Re: (Score:2)
Re: (Score:3)
SSL et al don't verify the ID of the server/client. They ask a certificate authority (CA) to verify those IDs. That's why those protocols are vulnerable to MitM attack due to a bad or compromised certificate authority (which for example is exactly what Lenovo did - inserting their own CA into the list of trusted CAs).
You can think of CAs as a repos
So it can drain even more battery? (Score:2)
More bloat! (Score:2)
How many more hundred megabytes will this feature add?
Honestly, I've stopped using messenger cause it's the single most inefficient POS I've seen in ages. People used to complain that Microsoft Office was bloated. How about a simple mobile messenger application that consumes hundreds of megabytes?
I'm still having trouble understanding the level of incompetence required to do that to a simple messaging application.
The most laughable thing of all is that Facebook actually wants people to trust them with fin
Re: (Score:2)
You don't have to use the FB messenger client software.
FB is one of the few remaining messaging platforms that allows 3rd party integration.
I have been running Trillian for years and I used to have MSN, Yahoo, AIM, Google and FB accounts in it.
The only 2 that are left that still allow this are FB and Google. (Yahoo is going away in August).
I will continue to use Trillian until 0 clients are left.
Re: (Score:2)
Except that Facebook has already discontinued XMPP integration. It was discontinued in... April I think? I'm not sure what's happened since then however. There was a whole lot of complaining about Facebook stopping working, and then trillian started working again, so I'm thinking Trillian has cheated somehow to get around Facebook discontinuing XMPP. Probably interpreting facebook's webclient or something.
I've been using Trillian for years too. Even had a Pro subscription at one point, but it really fe
Re: (Score:2)
I fail to see how any 'ecryption' matters when Facebook is spying on everything you do, both on an off Facebook.
If it is Facebook (singular) you are in a better perhaps more secure space.
Unencrypted anyone near or far that can tap into the stream could read it.
Even if FB archived messages and kept them behind a "legal" wall there
should be an audit trail to show abuse when abuse happened.
I fear the naive structures put in place today by honest well intentioned
individuals. Should that individual retire, change companies or be promoted
there is no mechanism to guarantee another honest replacement.
To pick on one chain o
Re: (Score:2)
Requires trusting Facebook (Score:2)
End-to-end means user-to-user. Even Facebook will not be able to read the messages.
In principle yes but do you really trust Facebook? Seems like a HUGE opportunity for man in the middle attacks here. Unless you control the encryption keys you really have no assurance that it will be secure and doing encryption and key exchange properly is actually pretty darn hard to do right.
Re: (Score:2)
The implementation is what matters (Score:2)
You don't have to trust them. They publish the protocol, people will audit it.
How do you propose to audit the implementation of the protocol? It's kind of like how it doesn't matter who votes - what matters is who counts the votes. I don't really see any way I could realistically trust Facebook to be a trusted intermediary. It doesn't matter what the protocol is if we can't be certain they are following it.
Re: (Score:2)
They don't enable it by default because... (Score:2)
They don't enable it by default because it absolves them of legal responsibility where the users are not legally allowed to turn it on, and do so anyway.
Per thread encryption (Score:2)
If the user really will have to enable encryption per thread, that will be a very useful flag to anybody who cares that the conversation is worth decrypting.
Trust Facebook? (Score:2)
Facebook announced Friday it would roll out optional "end to end encryption" for its Messenger application, following a trend aimed at stronger security and protection against snooping. The new feature will be known as "secret conversations" which can be read only by the sender and recipient.
That's great except that I don't actually trust Facebook so I'm not sure what this would get me. How can I be sure the message remained secure?
Nope (Score:2)
Sorry, I don't believe Facebook will store it encrypted and have no backdoors. And with closed-source apps and mysterious back-end stuff, who will ever know for sure, regardless of what they might claim.