In an effort led by CEO Mark Zuckerberg, Facebook has plans to rearchitect WhatsApp, Instagram direct messages, and Facebook Messenger so that messages can travel across any of the platforms. The New York Times first reported the move Friday, noting also that Zuckerberg wants the initiative to "incorporate end-to-end encryption." Melding those infrastructures would be a massive task regardless, but designing the scheme to universally preserve end-to-end encryptionin a way that users understandposes a whole additional set of critical challenges.
As things stand now, WhatsApp chats are end-to-end encrypted by default, while Facebook Messenger only offers the feature if you turn on "Secret Conversations." Instagram does not currently offer any form of end-to-end encryption for its chats. WhatsApp's move to add default encryption for all users was a watershed moment in 2016, bringing the protection to a billion people by flipping one switch.
Facebook is still in the early planning stages of homogenizing its messaging platforms, a move that could increase the ease and number of secured chats online by a staggering order of magnitude. But cryptographers and privacy advocates have already raised a number of obvious hurdles the company faces in doing so. End-to-end encrypted chat protocols ensure that data is only decrypted and intelligible on the devices of the sender and recipient. At least, that's the idea. In practice, it can be difficult to use the protection effectively if it's enabled for some chats and not for others and can turn on and off within a chat at different times. In attempting to unify its chat services, Facebook will need to find a way to help users easily understand and control end-to-end encryption as the ecosystem becomes more porous.
"The big problem I see is that only WhatsApp has default end-to-end encryption," says Matthew Green, a cryptographer at Johns Hopkins. "So if the goal is to allow cross-app traffic, and its not required to be encrypted, then what happens? There are a whole range of outcomes here."
WhatsApp users, for example, can assume that all of their chats are end-to-end encrypted, but what will happen in Facebook's newly homogenized platform if an Instagram user messages a WhatsApp user? It's unclear what sort of defaults Facebook will impose, and how it will let users know whether their chats are encrypted.
Facebook can also glean more data from unencrypted chats and introduce monetizable experiences like bots into them. The company has had a notoriously hard time earning revenue off of WhatsApp's 1.5 billion users, in part because of end-to-end encryption.
"We want to build the best messaging experiences we can; and people want messaging to be fast, simple, reliable and private," a Facebook spokesperson said in a statement on Friday. "We're working on making more of our messaging products end-to-end encrypted and considering ways to make it easier to reach friends and family across networks. As you would expect, there is a lot of discussion and debate as we begin the long process of figuring out all the details of how this will work."
Facebook emphasizes that this gradual process will allow it to work out all the kinks before debuting a monolithic chat structure. But encryption's not the only area of concern. Privacy advocates are concerned about the potential creation of a unified identity for people across all three services, so that messages go to the right place. Such a setup could be convenient in many ways, but it could also have complicated ramifications.
In 2016, WhatsApp started sharing user phone numbers and other analytics with Facebook, perforating what had previously been a red line between the two services. WhatsApp still lets users make an account with only a phone number, while Facebook requires your legal name under its controversial "real name" policy. The company maintains this rule to prevent confusion and fraud, but its rigidity has caused problems for users who have other safety and security reasons for avoiding their legal or given name, such as being transgender.
"If the goal is to allow cross-app traffic, and its not required to be encrypted, then what happens?"
Matthew Green, Johns Hopkins University
In a Wall Street Journal opinion piece on Thursday evening, Zuckerberg wrote that, "Theres no question that we collect some information for adsbut that information is generally important for security and operating our services as well." An indelible identity across Facebook's brands could have security benefits like enabling stronger anti-fraud protections. But it could also unlock an even richer and more nuanced user data trove for Facebook to mine, and potentially make it harder to use one or more of the services without tying those profiles to a central identity.
"The obvious identity issue is usernames. I'm one thing on Facebook and another on Instagram," says Jim Fenton, an independent identity privacy and security consultant. "In some ways, having the three linked more closely together would be good because it would make it more transparent that they are connected. But there are some Instagram and WhatsApp users who don't want to use Facebook. This might be seen as a way to try to push more people in."
Such a change to how chat works on the three brands isn't just a potentially massive shift for usersit also seems to have stirred deep controversy within Facebook itself, and may have contributed to the departure last year of WhatsApp cofounders Jan Koum and Brian Acton.
End-to-end encryption is also difficult to implement correctly, because any oversight or bug can undermine the whole scheme. For example, both WhatsApp and Facebook Messenger currently use the open-source Signal protocol (used in the Signal encrypted messaging app), but the implementations are different, because one service has the encryption on by default and the other doesn't. Melding these different approaches could create opportunities for error.
"Theres a world where Facebook Messenger and Instagram get upgraded to the default encryption of WhatsApp, but that probably isn't happening," Johns Hopkins' Green says. "Its too technically challenging and would cost Facebook access to lots of data."
And while end-to-end encryption can't solve every privacy issue for everyone all the time anyway, it's harder to know how to take advantage of it safely when a service doesn't offer it consistently, and creates potential privacy issues when it centralizes identities.
"I think they can work this out," Fenton says. "The bigger problem in my opinion is user confusion."
See the original post:
The Pitfalls of Facebook Merging Messenger, Instagram, and ...
- The Best Encryption Software for 2019 | PCMag.com - October 21st, 2019
- What is data encryption? - October 19th, 2019
- USB Enforced Encryption - Endpoint Protector - October 19th, 2019
- Authenticated encryption - Crypto++ Wiki - October 19th, 2019
- Tinder's Lack of Encryption Lets Strangers Spy on Your ... - October 19th, 2019
- 'Without Encryption, We Will Lose All Privacy': Snowden ... - October 18th, 2019
- Security pros reiterate warning against encryption backdoors - October 18th, 2019
- Encryption - servicepro.wiki - October 18th, 2019
- Mozy Encryption - October 18th, 2019
- Optical Encryption Market Size, Share, Trends and Forecast ... - October 18th, 2019
- MySQL Enterprise Transparent Data Encryption (TDE) - October 18th, 2019
- What is Encryption? - Definition from WhatIs.com - October 17th, 2019
- How to Set Up BitLocker Encryption on Windows - October 2nd, 2019
- Encryption: What It Is, and How It Works for You | Tom's Guide - October 2nd, 2019
- Security Encryption Systems | HowStuffWorks - October 2nd, 2019
- What is The Difference Between Hashing and Encrypting - October 2nd, 2019
- How Encryption Works | HowStuffWorks - September 5th, 2019
- encryption - How secure is AES-256? - Cryptography Stack ... - June 2nd, 2019
- The World's Email Encryption Software Relies on One Guy, Who ... - May 5th, 2019
- Encryption breakthrough could keep prying eyes away from your ... - May 5th, 2019
- What Is Data Encryption? Definition, Best Practices & More ... - May 1st, 2019
- IronClad Encryption Partners with Data443 Risk Mitigation ... - April 30th, 2019
- What Is Encryption? An Overview of Modern Encryption ... - April 30th, 2019
- Symmetric vs. Asymmetric Encryption What are differences? - April 29th, 2019
- Difference Between Hashing and Encryption - ssl2buy.com - April 29th, 2019
- What is Advanced Encryption Standard (AES)? - Definition ... - April 29th, 2019
- How to Encrypt Your Wireless Network - Lifewire - April 29th, 2019
- After Paris, Encryption Will Be a Key Issue in the 2016 ... - April 22nd, 2019
- Email encryption - Wikipedia - April 8th, 2019
- What is Encryption, and Why Are People Afraid of It? - April 8th, 2019
- Data encryption | cryptology | Britannica.com - April 8th, 2019
- How to Enable Full-Disk Encryption on Windows 10 - April 1st, 2019
- After Paris, Encryption Will Be a Key Issue in the 2016 Race - March 27th, 2019
- Does Encryption Really Help ISIS? Heres What You Need to ... - March 27th, 2019
- AES and RSA Encryption Explained - March 27th, 2019
- Encryption: What it is and why its important - Norton - March 23rd, 2019
- Email encryption in transit - Gmail Help - March 21st, 2019
- Authenticated encryption - Wikipedia - March 19th, 2019
- Email Encryption Options for MDaemon Email Server - March 14th, 2019
- How to Encrypt Files on Windows - Tutorial - Toms Guide - March 6th, 2019
- Encryption, Key Management - bank information security - March 5th, 2019
- Which Types of Encryption are Most Secure? - February 7th, 2019
- JSON Object Signing and Encryption (JOSE) - February 4th, 2019
- What Is Encryption, and How Does It Work? - January 26th, 2019
- Encryption: Avoiding the Pitfalls That Can Lead to Breaches - January 14th, 2019
- Encryption | Information Technology Services - December 31st, 2018
- Encryption - Investopedia - December 16th, 2018
- How to Protect Data at Rest with Amazon EC2 Instance Store ... - December 9th, 2018
- Next Generation Encryption - blogs.cisco.com - December 4th, 2018
- 3 Different Data Encryption Methods - DataShield blog - November 22nd, 2018
- Security and encryption | Documentation | Turtl - November 18th, 2018
- Encryption | General Data Protection Regulation (GDPR) - November 16th, 2018
- Using Encryption and Authentication Correctly (for PHP ... - November 13th, 2018
- Encryption | SANS Security Awareness - November 9th, 2018
- Types of Encryption | Office of Information Technology - November 5th, 2018
- Use Your own Encryption Keys with S3s Server-Side ... - October 29th, 2018
- What is Tokenization vs Encryption - Benefits & Uses Cases ... - October 12th, 2018
- Device Encryption | it.ucsf.edu - October 12th, 2018
- 5 Common Encryption Algorithms and the Unbreakables of the Future - September 15th, 2018
- Top 5 best encryption software tools of 2018 | TechRadar - August 26th, 2018
- New EBS Encryption for Additional Data Protection | AWS ... - August 22nd, 2018
- Best Encryption Software 2018 - Encrypt Files on Windows PCs - August 20th, 2018
- Download BestCrypt Volume Encryption 3.78.05 / 4.01.09 Beta - July 26th, 2018
- End-to-end encryption - Wikipedia - July 24th, 2018
- Download Symantec Encryption Desktop 10.4.0 Build 1100 - July 15th, 2018
- HTTPS - Wikipedia - July 10th, 2018
- AES encryption - June 20th, 2018
- Encrypt email messages - Outlook - June 20th, 2018
- Download Sophos Free Encryption 184.108.40.206 - softpedia.com - June 19th, 2018
- Does Skype use encryption? | Skype Support - June 16th, 2018
- Encryption- Computer & Information Security - Information ... - May 25th, 2018
- Enable BitLocker on USB Flash Drives to Protect Data - May 25th, 2018
- Transparent Data Encryption (TDE) - msdn.microsoft.com - April 12th, 2018
- Encryption Software Market - Global Forecast to 2022 - March 24th, 2018
- What AES Encryption Is And How It's Used To Secure File Transfers - March 24th, 2018
- Encryption vs. Cryptography - What is the Difference? - March 24th, 2018
- Energy-efficient encryption for the internet of things | MIT News - February 16th, 2018
- The Best Encryption Software - TopTenReviews - February 16th, 2018
- File-Based Encryption | Android Open Source Project - February 7th, 2018
- Beyond Encryption | Secure Enterprise email using existing ... - February 1st, 2018