Facebook Messenger To Get End-To-End Encryption

Reader wiredmikey writes: Facebook announced Friday it would roll out optional "end to end encryption" for its Messenger application, following a trend aimed at stronger security and protection against snooping. The new feature will be known as "secret conversations" which can be read only by the sender and recipient. Facebook shared technical details about its implementation of the security in a technical white paper (PDF). Facebook earlier this year began implementing this end-to-end encryption on its WhatsApp messaging service.ZDNet's Zack Whittaker, however, warns about a catch in Facebook's effort. He writes: But already the company has faced some criticism for not encrypting messages by default, instead making the service opt-in, like Apple's iMessage, or even Facebook's other chat app, WhatsApp, which recently switched on default end-to-end encryption earlier this year. Cryptographer and Johns Hopkins professor Matthew Green, who reviewed an early version of the system, said in a tweet that though you "have to turn on encryption per thread," he added that providing encryption to almost a billion people makes it hard to "put that genie back in the bottle."

To my knowledge messenger unlike whatsapp

[MarkH]

Keeps a copy on fb servers. So this change is cosmetic

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[cmseagle]

Diffie-Hellman key exchange. [wikipedia.org] Exchanging keys over a public channel is a solvable problem. Presumably Facebook will follow basic crypto protocol if they're at all serious about end-to-end encryption.

Re:

[x_t0ken_407]

...Presumably Facebook will follow basic crypto protocol if they're at all serious about end-to-end encryption.

And there-in lies the conundrum, sadly. One can only hope...though I've also not read the provided whitepaper which probably answers this for us so...

Re:

[cryptizard]

It's called key exchange. https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[Sax Russell 5449D29A]

If someone gets a hold of your private key (physical phone), they can access all the historical conversation data if they can mandate Facebook to hand it over. This is probably not a concern for most of its users, though, and a capability only few government agencies would have. But even this threat is mostly thwarted if your phone is properly encrypted.

Re:

[cryptizard]

This is actually not strictly true. Their protocol will likely be based on WhatsApp (since they developed that as well), and it currently uses rotating keys for each conversation and key exchange that provides perfect forward secrecy. If you delete the conversation from your phone it cannot be recovered even if someone recorded it over the wire and later obtains your master private key.

Re:

[Sax Russell 5449D29A]

Ah, that changes things, and an interesting detail too.

Re:

[DogDude]

... and what evidence do you have that "whatsapp" doesn't keep a copy on their servers? Who pays "whatsapp" for whatever services they provide? I'm guessing it's not the people writing the messages.

Re:

[Krojack]

Remember, Facebook owns Whatsapp.....

Re:

[DogDude]

Oh, I didn't know that. I'd be willing to bet a large amount of money that there are certainly copies saved by them, then.

Re:

[Threni]

Copies...of encrypted data? Why would they want to keep that? It would be no use to them.

Re:

[bytestorm]

It breaks fewer people's shit at once if there's a bug they didn't catch. It's like beta testing a new feature with a small group before deploying it to everyone. It's prudent.

Re:

[friedmud]

My guess: advertising.

Facebook probably mines the unencrypted messages to help form an "advertising profile" for you so they can better target ads at you when you're on Facebook.

Re:

[ShaunC]

More provably than probably. For awhile, anytime you mentioned a company's name in a private message (like "man it's hot out today, just drank 3 Cokes after cutting the grass"), Facebook would automatically like that company's profile page on your behalf. They were sued over this practice.

Oh thank god

[Anonymous Coward]

FB has upgraded service to use the Little Orphan Annie secret decoder ring.

Re:

[Opportunist]

...said the AC.

Re:

[OzPeter]

Why do we need encryption to keep secrets? The Bible teaches us that evil is done in the shadows and in darkness, but bringing it can't operate in the open when light is shined upon it.

- Pastor Mitch

Ok .. whats your full name, DOB, address, SSN and bank account details?

Shine some light on them and you can be sure nothing bad will happen.

Re:Why use we keep secrets?

[The-Ixian]

Do you close the door to the bathroom stall when you take a dump?

Do you have passwords on any of your accounts?

Do you make your SS or CC numbers known to the world?

Privacy is a protection.

Re:

[kheldan]

I'm going to give the AC in this case the benefit of the doubt, and assume he's posting this ironically or sarcastically and actually doesn't believe that drivel.

Next, there is no 'god', but of course no two people will ever agree on that point, so I'll let it go for now.

Now, if this 'Pastor Mitch' character really believes this crap, how about he posts his credit card numbers, bank account numbers, PIN numbers drivers license and social security numbers, and all his other identity-related information on

This would imply

[JustAnotherOldGuy]

This would imply that there is information of value being exchanged on Facebook; a proposition I find difficult to believe.

Re:This would imply

[Opportunist]

If only important messages were encrypted, every bad person would instantly know which ones he should decrypt.

Re:This would imply

[gsslay]

You are absolutely right. What you put on Facebook is of no value whatsoever. You have nothing to regret giving it to us. We just like collecting meaningless chatter and none of our client advertisers have the slightest interest in it. Nothing to worry your little heads over, nothing to see here.

- Mark Zuckerberg

Re:

[JustAnotherOldGuy]

You are absolutely right. What you put on Facebook is of no value whatsoever. You have nothing to regret giving it to us. We just like collecting meaningless chatter and none of our client advertisers have the slightest interest in it.
- Mark Zuckerberg

I rest my case.

Re:

[friedmud]

Actually, this move makes sense considering Facebook is currently trying to get people to use Messenger to interact with other parts of their life including _banking_:

http://www.theverge.com/2016/7... [theverge.com]

Re:

[JustAnotherOldGuy]

Actually, this move makes sense considering Facebook is currently trying to get people to use Messenger to interact with other parts of their life including _banking_:

Lol, if I had a facebook page, the last thing I'd ever do is let it "interact" with my bank account in any way, shape, or form.

Re:

[friedmud]

Completely agree! But they're trying to push it for some odd reason...

Re:

[JustAnotherOldGuy]

Completely agree! But they're trying to push it for some odd reason...

Ye$, and I can't po$$ibly imagine what that rea$on could be.

Re:

[Sir_Eptishous]

This would imply that there is information of value being exchanged on Facebook; a proposition I find difficult to believe.

You nailed it.

Re:

[gsslay]

Actually it's that crappy App they pulled out of their existing App which I refuse to install because it insists on permissions to rifle through everything on your phone and upload it to Facebook.

Re:

[Krojack]

It's a good thing you can disable those [imgur.com].

Re:

[Krojack]

...that crappy App that Facebook pulled out of their existing App and which I refuse to install because I shouldn't need a separate app or still another chat client.

In other news, when did people become so lazy that everyone uses chat because clicking on an email app is just too big a hassle?

I'm pretty sure you can use the FB messenger app without having a FB account now. They want you to use it as a standard SMS and phone callinging app. This is why it's a standalone app.

Re:

[negRo_slim]

You can get Swipe on Android and it restores the FB+Messaging by repacking the webpage version of Facebook into something nice for use on mobile. You might have to fiddle with an option in the settings and the author feels that eventually there will be no more workarounds for FB+Messaging functionality but so far it's a great piece of software if you need to access your messages from a phone.

Translation:

[Penguinisto]

"Only *we* get to keep all that sweet, sweet, saleable data on you, dammit!"

Re:Translation:

[cryptizard]

End-to-end specifically means that Facebook can't read it, if it is implemented as they say. The ends in question are both users.

Re:

[Penguinisto]

Pretty sure they stretched the definition to allow themselves a view into that conversation...

Re:

[cryptizard]

No they haven't, read the description of their implementation.

Re:Translation:

[Fnord666]

No they haven't, read the description of their implementation.

No thanks, I would rather read their actual implementation (ie open source). The only way you can even begin to trust such a communications system is if it is open source and you can build the client from the provided source. Insert oblig reference to Ken Thompson's "Reflections on Trusting Trust" here [cmu.edu]. At any rate, the description of the implementation is not the implementation itself.

Re:

[JustAnotherOldGuy]

End-to-end specifically means that Facebook can't read it, if it is implemented as they say.

Lol, yes, if it's "as they say", and goodness gracious, Facebook would never tell a fib, not with hundreds of millions of dollars of ad revenue at stake!

Re:

[cryptizard]

If they did lie, someone would figure it out eventually and it would be devastating in terms of PR. It's not worth it for them. Just like researchers have torn apart iMessage and know exactly how it works, the same will happen to this.

Re:

[JustAnotherOldGuy]

If they did lie, someone would figure it out eventually and it would be devastating in terms of PR.

You mean just like all the other times that Facebook has been caught lying and was exposed, and basically nothing happened? Because they've weathered PR storms that would wash away some of the smaller continents, and yet they're still around.

-

It's not worth it for them. Just like researchers have torn apart iMessage and know exactly how it works, the same will happen to this.

Oh, trust me, hundreds of million of dollars in ad revenue is "worth it" for them. It's been worth it for them in the past. They'll just chalk it up to some sort of "technical glitch" or "misconfiguration" or some other such bullshit (just like they always do) and noth

Re:

[cryptizard]

Do you think they will get hundreds of millions of dollars in ad revenue from mining your instant messages, compared with what they already get mining your profile, news feed, likes, etc.? Unlikely. I think they probably would get very little money from your messages and so they decided to add this encryption as a feature to entice people to use their platform.

Re:

[JustAnotherOldGuy]

Do you think they will get hundreds of millions of dollars in ad revenue from mining your instant messages, compared with what they already get mining your profile, news feed, likes, etc.?

I think it's all part of the big picture, and if they can make an extra nickel by sending you messages about things relevant to your personal conversations, you bet I think they would.

A better question is this: if they think they could make money by mining you your instant messages, why wouldn't they?

Re:

[amRadioHed]

How can you have an encrypted message on the desktop web chat without Facebook having the encryption key and defeating the whole point?

Re:

[cryptizard]

The same way WhatsApp currently does it, your phone has the key and the web app creates an encrypted communication channel between your phone and browser. The phone is actually sending and receiving the messages, then forwarding them to your browser.

Re:

[amRadioHed]

That seems to be of limited utility if you don't have access to your phone.

Re:Breaks reading messages on phone and desktop

[cryptizard]

That's true, but you do need some "anchor" device for this to work or else there is nothing to bind together the many browser you may have across many devices. Without of course just giving Facebook the key like you said. In practice, most people have the phone's on and connected to cellular internet most of the time. I have used WhatsApp a lot and it really isn't an issue.

Re:

[cryptizard]

It is pretty easy to make a protocol that is tamper evident, and it has already been done with other messaging platforms. https://www.whatsapp.com/faq/e... [whatsapp.com]

Re:

[DogDude]

That's cute that some people believe that a service that makes money from harvesting your information keeps your data private. That's very cute.

Re:

[JustAnotherOldGuy]

That's cute that some people believe that a service that makes money from harvesting your information keeps your data private. That's very cute.

It's adorably naive. It makes me want to print out cryptizard's post and put it in a pink frame with lots of little hearts and kittens and stuff.

Re:

[cryptizard]

You don't have to trust anything, it is cryptographically verifiable. But whatever, just keep posting your memes. Very constructive to the conversation.

Re:

[DogDude]

I'm not a cryptographer, so I just have to use common sense. Common sense says that for-profit companies exist to generate income.

Re:

[cryptizard]

Sure but that is not mutually exclusive with providing an end-to-end encrypted messaging service. Do you really think they are mining your instant messages for data anyway? They get what they want from your profile/news feed. It was an easy place they could provide security to entice people to use their platform, without losing them anything.

Zack mistyped iMessage & WhatsApp auto-encrypt

[sasparillascott]

Just to point out, Zack Whittacker who wrote the ZDNet article mis-typed, as iMessage and WhatsApp are encrypted by default. His following sentence appears to show he actually meant they were automatically encrypted. The opt-in encryption that Facebook and Google are providing will also be the preferred option of the govts / 3 letter agencies that want to keep everything for future use. Its crazy to have Facebook's app on your smartphone anyways...and tracking bracelet with a microphone and camera.

Why should I trust it?

[Opportunist]

I might use your channel, but I'll do my own end-to-end encryption over it, thank you.

Re:

[The-Ixian]

Even if you rolled your own e2e encryption, you still have to trust hundreds or even thousands of strangers who built the hardware or are somewhere in the distribution chain.

In addition, you would also need to get the other side of the conversation to use your encryption scheme which implies, among other things, sending them a key.

It is really impossible to "trust no one"

Re:

[friedmud]

You could definitely hand-build a small computer (think Raspberry PI) that is offline that you input the encrypted stream into (either via a camera that looks at your monitor or audio from your speakers or other means) that has a small printout on it that shows the decrypted conversation and allows you to answer back...

There would definitely still be thousands of people involved in making the chips you select... but it would be pretty incredibly difficult to get a backdoor into that system!

Re:

[mlts]

This is why you use endpoint encryption like an OpenPGP utility (gpg, openpgp, apg, Symantec's SED, etc.) Then, the transport encryption doesn't matter as much. Ideally, the computer with the keys is offline and some means like a SD card is used to transfer data back and forth.

At the minimum, having endpoint encryption separate means that a bad guy has to compromise two completely different utilities that function in completely different ways.

This isn't a 100% secure method, as OpenPGP doesn't offer PFS,

Re:

[The-Ixian]

A keylogger on the system will bypass any amount of encryption.

So, again, you need to trust that the chip maker(s), operating system vendor and app creators to not do anything bad.

On the software side, open source helps (in theory) because you can personally audit the code. However, in practice, nobody audits the code.

Still, that leaves the hardware manufacturers as well as all of the people the hardware passes by. This includes shipping companies and even retailers.

Sort of an unrelated story but a friend o

Re:

[mlts]

The key is narrowing the avenues of attack. An offline laptop that is used with a SD card narrows down the avenues of attack to Stuxnet/black bag attacks, especially if the RF antenna is physically removed. Yes, someone can hit my computer with a keylogger, but that is a direct attack. Someone cornholing an app that does its own encryption and compromising it is a lot easier and done on a far wider scale than someone who is able to attack a program that only runs on endpoints as well as the transport sys

Re:

[Opportunist]

You don't even remotely need to trust the hardware you use as much as you'd have to trust Facebook in this scenario. They have FULL control over your message. You are using their channel AND their encryption. You can at no point verify that they do not decrypt the message, you can at no point verify that they do not alter the message and you will only be able to discover after the fact whether they actually delivered your message (if your partner does not reply or replies in a way that is inconsistent with

Biggest technical flaw: MITM checks are manual?

[xxxJonBoyxxx]

The biggest technical flaw I think I see is that man-in-the-middle attacks can occur unless both sides manually check a 256-bit hex value - probably above the technical capabilities of most users. (This is unlike SSL/TLS/HTTPS where clients usually automatically verify the ID of the server, and servers often automatically verify the ID of the client.) From TFA:

>> For every secret conversation Messenger exposes in its interface both participants' identity keys (i.e. IKpk). Users may optionally verify

Re:

[cryptizard]

The difference is that your average Facebook user doesn't have a TLS certificate signed by a trusted CA. Without PKI infrastructure, which frankly would not work in this scenario, manual verification is the best you can do. The point of this type of system is that you don't need every user to do the check, you only need a few people to do it to keep them honest. If anyone catches a MitM attack, even once, it will be a huge PR nightmare for Facebook.

Re:

[Solandri]

(This is unlike SSL/TLS/HTTPS where clients usually automatically verify the ID of the server, and servers often automatically verify the ID of the client.)

SSL et al don't verify the ID of the server/client. They ask a certificate authority (CA) to verify those IDs. That's why those protocols are vulnerable to MitM attack due to a bad or compromised certificate authority (which for example is exactly what Lenovo did - inserting their own CA into the list of trusted CAs).

You can think of CAs as a repos

So it can drain even more battery?

[xfizik]

Good try FB, but no, thank you. Maybe if you convinced smartphone makers to use bigger batterries, I'd think about, but not the way things work right now.

More bloat!

[ilsaloving]

How many more hundred megabytes will this feature add?

Honestly, I've stopped using messenger cause it's the single most inefficient POS I've seen in ages. People used to complain that Microsoft Office was bloated. How about a simple mobile messenger application that consumes hundreds of megabytes?
I'm still having trouble understanding the level of incompetence required to do that to a simple messaging application.

The most laughable thing of all is that Facebook actually wants people to trust them with fin

Re:

[The-Ixian]

You don't have to use the FB messenger client software.

FB is one of the few remaining messaging platforms that allows 3rd party integration.

I have been running Trillian for years and I used to have MSN, Yahoo, AIM, Google and FB accounts in it.

The only 2 that are left that still allow this are FB and Google. (Yahoo is going away in August).

I will continue to use Trillian until 0 clients are left.

Re:

[ilsaloving]

Except that Facebook has already discontinued XMPP integration. It was discontinued in... April I think? I'm not sure what's happened since then however. There was a whole lot of complaining about Facebook stopping working, and then trillian started working again, so I'm thinking Trillian has cheated somehow to get around Facebook discontinuing XMPP. Probably interpreting facebook's webclient or something.

I've been using Trillian for years too. Even had a Pro subscription at one point, but it really fe

Re:

[niftymitch]

I fail to see how any 'ecryption' matters when Facebook is spying on everything you do, both on an off Facebook.

If it is Facebook (singular) you are in a better perhaps more secure space.
Unencrypted anyone near or far that can tap into the stream could read it.

Even if FB archived messages and kept them behind a "legal" wall there
should be an audit trail to show abuse when abuse happened.

I fear the naive structures put in place today by honest well intentioned
individuals. Should that individual retire, change companies or be promoted
there is no mechanism to guarantee another honest replacement.

To pick on one chain o

Re:

[cryptizard]

End-to-end means user-to-user. Even Facebook will not be able to read the messages.

Requires trusting Facebook

[sjbe]

End-to-end means user-to-user. Even Facebook will not be able to read the messages.

In principle yes but do you really trust Facebook? Seems like a HUGE opportunity for man in the middle attacks here. Unless you control the encryption keys you really have no assurance that it will be secure and doing encryption and key exchange properly is actually pretty darn hard to do right.

Re:

[cryptizard]

You don't have to trust them. They publish the protocol, people will audit it. There is a specific mechanism for verifying session keys to be sure that no MitM attacks are happening.

The implementation is what matters

[sjbe]

You don't have to trust them. They publish the protocol, people will audit it.

How do you propose to audit the implementation of the protocol? It's kind of like how it doesn't matter who votes - what matters is who counts the votes. I don't really see any way I could realistically trust Facebook to be a trusted intermediary. It doesn't matter what the protocol is if we can't be certain they are following it.

Re:

[cryptizard]

You can be sure that researchers will poke, prod and decompile the Facebook app searching for implementation mistakes. You don't have to trust Facebook.

They don't enable it by default because...

[tlambert]

They don't enable it by default because it absolves them of legal responsibility where the users are not legally allowed to turn it on, and do so anyway.

Per thread encryption

[bagofbeans]

If the user really will have to enable encryption per thread, that will be a very useful flag to anybody who cares that the conversation is worth decrypting.

Trust Facebook?

[sjbe]

Facebook announced Friday it would roll out optional "end to end encryption" for its Messenger application, following a trend aimed at stronger security and protection against snooping. The new feature will be known as "secret conversations" which can be read only by the sender and recipient.

That's great except that I don't actually trust Facebook so I'm not sure what this would get me. How can I be sure the message remained secure?

Nope

[markdavis]

Sorry, I don't believe Facebook will store it encrypted and have no backdoors. And with closed-source apps and mysterious back-end stuff, who will ever know for sure, regardless of what they might claim.